Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSIEM Discussions
- Fortinet Community
- Community Groups
- FortiSIEM
- Discussions
- FortiSIEM Configuration Technical Tip
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiSIEM Configuration Technical Tip
Hello All,
I'm configuring FortiSIEM 7.3.0, but some of the use cases aren't clear to me, and I kindly request some advice about whether the following use cases are possible to configure and display on the FortiSIEM dashboard. if so, please give advice, or does it need some other solution to be integrated as a source?
Insider Threat & Lateral Movement | Enable detection of unusual user activity (e.g., access to sensitive data). |
|
Correlate logins from multiple locations within a short time frame. |
| |
Flag mass file downloads from internal systems. |
|
Vulnerability scan and\ assesment | Identify the Vulnerability of the assets |
|
Regularly Test Security Systems & Processes | Detect failed or overdue security scans. |
|
Alert on new vulnerabilities detected in PCI systems. |
|
Track & Monitor All Access to Network Resources & Cardholder Data | Enable File Integrity Monitoring (FIM) for critical cardholder files. |
|
Configure correlation rules for unauthorized database queries. |
| |
Generate reports for PCI audit trail compliance (log retention, event correlation). |
|
Restrict Physical Access to Cardholder Data | Detect unauthorized access attempts to secure locations (integrate physical security logs). |
|
Monitor logs from badge access control systems. |
|
Identify & Authenticate Access to System Components | Collect authentication logs from AD, RADIUS, and LDAP. |
Alert on multiple failed login attempts (brute force detection). | |
Monitor privileged user account logins outside business hours. |
Restrict Access to Cardholder Data on a Need-to-Know Basis | Monitor and log privileged account access to PCI environments. |
|
Detect excessive access attempts to cardholder data. |
| |
Generate reports on user access controls and permissions. |
|
Develop & Maintain Secure Systems & Applications | Monitor application logs (FortiWeb, web servers, payment apps) for vulnerabilities. |
|
Alert on SQL injection, XSS, and other application attacks. |
| |
Detect failed patch updates and outdated software versions. |
|
Protect Against Malware & Regularly Update Software | Configure alerts for failed antivirus updates. |
|
Detect unauthorized software installations on PCI systems. |
|
Encrypt Transmission of Cardholder Data Across Open Networks | Monitor SSL/TLS traffic to ensure encryption of cardholder data. |
|
Alert on unencrypted or weakly encrypted data transmissions. |
|
Protect Stored Cardholder Data | Enable encryption monitoring for stored cardholder data. |
|
Detect unauthorized access attempts to cardholder databases. |
| |
Generate reports on data access permissions and encryption status. |
|
Web Application Security | Enable correlation rules for FortiWeb WAF attack detections. |
|
Monitor failed authentication attempts on web portals. |
| |
Detect SQL injection, XSS, and other web attacks. |
|
Database Security Monitoring | Detect unauthorized database access attempts. |
|
Correlate database logs with application login failures. |
| |
Monitor unexpected SQL queries or bulk data extraction. |
|
Malware & Ransomware Detection | Enable real-time monitoring for suspicious file encryption activity. |
|
Set up alerts for connections to known malicious IPs. |
|
Yoseph Marie
Solved! Go to Solution.
Yoseph Marie
Labels:
- Labels:
-
FortiSIEM
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Yoseph ,
SIEM solutions in general rely on various log sources to correlate, analyze, enrich etc. data and provide meaningful insights and information. So the short answer to your question is yes, you really need to ingest the logs from all systems of interest into the FortiSIEM :)
Now to the point - I see PCI mentioned a few times in your table and I guess you are referring to PCI use cases that you need to cover.
In that case, FortiSIEM offers some nice reports and features out of the box. So to get you started you can check:
- Resources > Reports > Compliance > PCI - There you can see the already available reports, but most importantly there is a column called 'Data Source' with detailed information on what devices, applications, etc. are used as log sources to gather data for particular report. This will really give you an idea what you need.
- Admin > Settings > Compliance > PCI - Here you can see the already defined PCI Logging policies and create new ones etc.
- And finally, after you review, get familiar and configure what you need and want according to the above two bullets, you can then follow this nice guide: PCI Logging Status Dashboard to create fancy executive (and not only) dashboards for PCI related services.
Hope this helps.
Regards,
Lyuben
URLs point to web pages, not to people.
URLs point to web pages, not to people.
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Yoseph ,
SIEM solutions in general rely on various log sources to correlate, analyze, enrich etc. data and provide meaningful insights and information. So the short answer to your question is yes, you really need to ingest the logs from all systems of interest into the FortiSIEM :)
Now to the point - I see PCI mentioned a few times in your table and I guess you are referring to PCI use cases that you need to cover.
In that case, FortiSIEM offers some nice reports and features out of the box. So to get you started you can check:
- Resources > Reports > Compliance > PCI - There you can see the already available reports, but most importantly there is a column called 'Data Source' with detailed information on what devices, applications, etc. are used as log sources to gather data for particular report. This will really give you an idea what you need.
- Admin > Settings > Compliance > PCI - Here you can see the already defined PCI Logging policies and create new ones etc.
- And finally, after you review, get familiar and configure what you need and want according to the above two bullets, you can then follow this nice guide: PCI Logging Status Dashboard to create fancy executive (and not only) dashboards for PCI related services.
Hope this helps.
Regards,
Lyuben
URLs point to web pages, not to people.
URLs point to web pages, not to people.
Announcements
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
Labels
-
FortiSIEM
167 -
Parsers
7 -
Rules
5 -
ClickHouse
4 -
fortisiem v7.2.0
4 -
FortiSIEM v6.x
4 -
integration
4 -
API
4 -
Agent Linux
3 -
database
3 -
Agent
3 -
FortiSIEM Cloud
3 -
Collector
3 -
External System Integration
3 -
FortiGate
3 -
watchlist
2 -
FortiAnalyzer
2 -
Collector Agent
2 -
Source Code
2 -
lookuptables
2 -
FortiSiem 7.1
2 -
Supervisor
2 -
SAML
2 -
CMDB
2 -
Analytics & Reporting
2 -
GUI
2 -
Incidents
2 -
Rocky Linux 8
1 -
eventdb
1 -
Impact
1 -
Redhat 8
1 -
OPManager
1 -
Oracle Linux 8
1 -
Alma Linux 8
1 -
"FortiSIEM Incidents"
1 -
lookups
1 -
o
1 -
CMMC
1 -
Audit
1 -
RBAC
1 -
User Control
1 -
Audit log
1 -
Reference Files
1 -
Hi
1 -
cisco wsa
1 -
Partnership Inquiry
1 -
Reference Material
1 -
FortiClient
1 -
FortiAuthenticator v5.5
1 -
FortiSIEM HW
1 -
upgrade
1 -
IPsec
1 -
Migration
1 -
External Connectors
1 -
LDAP
1 -
Report
1 -
Microsoft Office365
1 -
Azure
1 -
Cisco
1 -
discovery
1 -
Windows Defender
1 -
Report-Rules-Dashboards
1 -
Notifications
1 -
Expressions
1 -
Architecture
1 -
FortiSASE
1 -
Status
1 -
MySQL
1 -
Internet service database
1 -
Dashboard
1 -
Usage
1 -
Certificate
1 -
enrichement
1
Top Kudoed Authors
| User | Count |
|---|---|
| 72 | |
| 25 | |
| 15 | |
| 10 | |
| 10 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.