Help
FortiSIEM Discussions
KalanaChandrasiri
New Contributor

Created on ‎09-30-2019 11:42 PM

Firewall Rules for SIEM Implementation

Dear People,

We need to exact URL/IP address what FortiSIEM get feeds from Outside (Internet our environment we cannot open full internet access to . We only allowed specific IP/URL.

Note - The port definition sheet on external data source configuration is not clearly these details.


Where can get these details any link/official


Regards,
Kalana


------------------------------
kalana
------------------------------
329
0 Kudos
3 REPLIES 3
DanielHanman
Staff
Staff

Created on ‎10-02-2019 03:38 AM

It depends on what services you are using.

To access the OS repo:

https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/
https://os-pkgs.fortisiem.fortinet.com/centos6/


If you are using FortiGuard IOC feed with FSM you will need to allow access as well to:

https://update.fortiguard.net
https://fds1.fortinet.com

Any other threat feeds configured or lookups, you will also need to allow access to them. For example Whois, VirusTotal, RiskIQ, etc.

-------------------------------------------
Original Message:
Sent: 10-01-2019 02:42
From: Kalana Chandrasiri
Subject: Firewall Rules for SIEM Implementation

Dear People,

We need to exact URL/IP address what FortiSIEM get feeds from Outside (Internet our environment we cannot open full internet access to . We only allowed specific IP/URL.

Note - The port definition sheet on external data source configuration is not clearly these details.


Where can get these details any link/official


Regards,
Kalana


------------------------------
kalana
------------------------------
329
0 Kudos
KalanaChandrasiri
New Contributor
In response to DanielHanman

Created on ‎10-02-2019 08:40 AM

Daniel,
Thank you very much for your feedback.

May I know what is the URL/IP for FortiSIEM License activation is


Regards,
Kalana-------------------------------------------
Original Message:
Sent: 10-02-2019 06:38
From: Daniel Hanman
Subject: Firewall Rules for SIEM Implementation

It depends on what services you are using.

To access the OS repo:

https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/
https://os-pkgs.fortisiem.fortinet.com/centos6/


If you are using FortiGuard IOC feed with FSM you will need to allow access as well to:

https://update.fortiguard.net
https://fds1.fortinet.com

Any other threat feeds configured or lookups, you will also need to allow access to them. For example Whois, VirusTotal, RiskIQ, etc.


Original Message:
Sent: 10-01-2019 02:42
From: Kalana Chandrasiri
Subject: Firewall Rules for SIEM Implementation

Dear People,

We need to exact URL/IP address what FortiSIEM get feeds from Outside (Internet our environment we cannot open full internet access to . We only allowed specific IP/URL.

Note - The port definition sheet on external data source configuration is not clearly these details.


Where can get these details any link/official


Regards,
Kalana


------------------------------
kalana
------------------------------
329
0 Kudos
DanielHanman
Staff
Staff
In response to KalanaChandrasiri

Created on ‎10-02-2019 08:42 AM

Hi Kalana,

This is a manual download of the license and then upload in the ForitSIEM GUI.

Thanks

Dan-------------------------------------------
Original Message:
Sent: 10-02-2019 11:40
From: Kalana Chandrasiri
Subject: Firewall Rules for SIEM Implementation

Daniel,
Thank you very much for your feedback.

May I know what is the URL/IP for FortiSIEM License activation is


Regards,
Kalana
Original Message:
Sent: 10-02-2019 06:38
From: Daniel Hanman
Subject: Firewall Rules for SIEM Implementation

It depends on what services you are using.

To access the OS repo:

https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/
https://os-pkgs.fortisiem.fortinet.com/centos6/


If you are using FortiGuard IOC feed with FSM you will need to allow access as well to:

https://update.fortiguard.net
https://fds1.fortinet.com

Any other threat feeds configured or lookups, you will also need to allow access to them. For example Whois, VirusTotal, RiskIQ, etc.


Original Message:
Sent: 10-01-2019 02:42
From: Kalana Chandrasiri
Subject: Firewall Rules for SIEM Implementation

Dear People,

We need to exact URL/IP address what FortiSIEM get feeds from Outside (Internet our environment we cannot open full internet access to . We only allowed specific IP/URL.

Note - The port definition sheet on external data source configuration is not clearly these details.


Where can get these details any link/official


Regards,
Kalana


------------------------------
kalana
------------------------------
329
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.