Help
FortiSIEM Discussions
IsuruTharanga
New Contributor

Created on ‎01-28-2021 04:06 AM

FortiSIEM - AWS Integration

Hi All,

I would like to clarify few things regarding FortSIEM integration with AWS Environment.


  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • Whether is it using Kinesis Data Streams/Data Firehose
    • Does it collect these streams to a S3 bucket
    • What type of log sources supported via Kinesis
  • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
  • I just saw an guide on VPC Flows
Can anyone provide an insight? Thanks.

------------------------------
Cheers,
Isuru
------------------------------
372
0 Kudos
4 REPLIES 4
DanielHanman
Staff
Staff

Created on ‎02-15-2021 02:58 AM

Hi Isuru,

  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
    • It collects the EC2 Metrics. If there is something else you need, let us know.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.

Thanks

Dan


------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Jan 28, 2021 04:06 AM
From: Isuru Tharanga
Subject: FortiSIEM - AWS Integration

Hi All,

I would like to clarify few things regarding FortSIEM integration with AWS Environment.


  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • Whether is it using Kinesis Data Streams/Data Firehose
    • Does it collect these streams to a S3 bucket
    • What type of log sources supported via Kinesis
  • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
  • I just saw an guide on VPC Flows
Can anyone provide an insight? Thanks.

------------------------------
Cheers,
Isuru
------------------------------
372
0 Kudos
IsuruTharanga
New Contributor
In response to DanielHanman

Created on ‎02-21-2021 09:00 AM

Hi Dan,

Thanks for the response, but my concerns are,

  • It collects the EC2 Metrics. If there is something else you need, let us know.
    • What about other metrics ?
    • Does FortiSIEM only support EC2 metrics?

  • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.
    • What if we store the kinesis streams to a S3 bucket ?
    • Will the provided integration be able to pull those streams ?


------------------------------
Cheers,
Isuru
------------------------------
-------------------------------------------
Original Message:
Sent: Feb 15, 2021 02:58 AM
From: Daniel Hanman
Subject: FortiSIEM - AWS Integration

Hi Isuru,

  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
    • It collects the EC2 Metrics. If there is something else you need, let us know.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.

Thanks

Dan


------------------------------
Daniel
FortiSIEM Product Manager
------------------------------

Original Message:
Sent: Jan 28, 2021 04:06 AM
From: Isuru Tharanga
Subject: FortiSIEM - AWS Integration

Hi All,

I would like to clarify few things regarding FortSIEM integration with AWS Environment.


  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • Whether is it using Kinesis Data Streams/Data Firehose
    • Does it collect these streams to a S3 bucket
    • What type of log sources supported via Kinesis
  • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
  • I just saw an guide on VPC Flows
Can anyone provide an insight? Thanks.

------------------------------
Cheers,
Isuru
------------------------------
372
0 Kudos
DusanTomic
Staff
Staff
In response to IsuruTharanga

Created on ‎03-23-2021 08:06 AM

Hi Isuru,

It supports RDS, EFS and EC2 metrics using the EC2 credential method.
Using Kinesis credential method it supports all services that can log to S3 using Kinesis. You'll need to create a credential per each Kinesis/S3 pair.
Using Cloudtrail it supports all services that log to S3 using cloudtrail. You also need to create a credential per each CloudTrail/SNS/S3 group.

You may run into the case of the parser being too generic for a specific service that you're logging, if that is the case then PM me and I'll enhance the parser for the service you need.

Kind Regards,

------------------------------
Dušan Tomić - Consulting Systems Engineer INTL
Fortinet
------------------------------
-------------------------------------------
Original Message:
Sent: Feb 21, 2021 09:00 AM
From: Isuru Tharanga
Subject: FortiSIEM - AWS Integration

Hi Dan,

Thanks for the response, but my concerns are,

  • It collects the EC2 Metrics. If there is something else you need, let us know.
    • What about other metrics ?
    • Does FortiSIEM only support EC2 metrics?

  • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.
    • What if we store the kinesis streams to a S3 bucket ?
    • Will the provided integration be able to pull those streams ?


------------------------------
Cheers,
Isuru
------------------------------

Original Message:
Sent: Feb 15, 2021 02:58 AM
From: Daniel Hanman
Subject: FortiSIEM - AWS Integration

Hi Isuru,

  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
    • It collects the EC2 Metrics. If there is something else you need, let us know.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.

Thanks

Dan


------------------------------
Daniel
FortiSIEM Product Manager

Original Message:
Sent: Jan 28, 2021 04:06 AM
From: Isuru Tharanga
Subject: FortiSIEM - AWS Integration

Hi All,

I would like to clarify few things regarding FortSIEM integration with AWS Environment.


  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • Whether is it using Kinesis Data Streams/Data Firehose
    • Does it collect these streams to a S3 bucket
    • What type of log sources supported via Kinesis
  • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
  • I just saw an guide on VPC Flows
Can anyone provide an insight? Thanks.

------------------------------
Cheers,
Isuru
------------------------------
372
0 Kudos
IsuruTharanga
New Contributor
In response to DusanTomic

Created on ‎03-25-2021 08:38 PM

Hi Dusan,

Thanks for the insight and support.

------------------------------
Cheers,
Isuru
------------------------------
-------------------------------------------
Original Message:
Sent: Mar 23, 2021 08:05 AM
From: Dusan Tomic
Subject: FortiSIEM - AWS Integration

Hi Isuru,

It supports RDS, EFS and EC2 metrics using the EC2 credential method.
Using Kinesis credential method it supports all services that can log to S3 using Kinesis. You'll need to create a credential per each Kinesis/S3 pair.
Using Cloudtrail it supports all services that log to S3 using cloudtrail. You also need to create a credential per each CloudTrail/SNS/S3 group.

You may run into the case of the parser being too generic for a specific service that you're logging, if that is the case then PM me and I'll enhance the parser for the service you need.

Kind Regards,

------------------------------
Dušan Tomić - Consulting Systems Engineer INTL
Fortinet
------------------------------

Original Message:
Sent: Feb 21, 2021 09:00 AM
From: Isuru Tharanga
Subject: FortiSIEM - AWS Integration

Hi Dan,

Thanks for the response, but my concerns are,

  • It collects the EC2 Metrics. If there is something else you need, let us know.
    • What about other metrics ?
    • Does FortiSIEM only support EC2 metrics?

  • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.
    • What if we store the kinesis streams to a S3 bucket ?
    • Will the provided integration be able to pull those streams ?


------------------------------
Cheers,
Isuru

Original Message:
Sent: Feb 15, 2021 02:58 AM
From: Daniel Hanman
Subject: FortiSIEM - AWS Integration

Hi Isuru,

  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
    • It collects the EC2 Metrics. If there is something else you need, let us know.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.

Thanks

Dan


------------------------------
Daniel
FortiSIEM Product Manager

Original Message:
Sent: Jan 28, 2021 04:06 AM
From: Isuru Tharanga
Subject: FortiSIEM - AWS Integration

Hi All,

I would like to clarify few things regarding FortSIEM integration with AWS Environment.


  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • Whether is it using Kinesis Data Streams/Data Firehose
    • Does it collect these streams to a S3 bucket
    • What type of log sources supported via Kinesis
  • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
  • I just saw an guide on VPC Flows
Can anyone provide an insight? Thanks.

------------------------------
Cheers,
Isuru
------------------------------
372
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.