- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortisem- Nozomi Guardian Integration
We have integrated 10 Nozomi network in 10 collectors .
we are successfully discovers the devices in fortisiem and we uploaded a test trace in Nozomi and we got the alert in fortisiem.
our environment is totally OT devices and we are not connected to internet totally isolated.
how can I get the logs of OT devices in Fortisiem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Shaheer256 ,
Two options to consider here, if the network is truly isolated and there is no way to get a connection the best you can do is upload the events to FortiSIEM manually,
1) https://help.fortinet.com/fsiem/7-2-0/Online-Help/HTML5_Help/Analyzing_custom_log_files.htm
If there is the possibility to allow outbound connection (only) to FortiSIEM from the OT network then you can consider the Collector Diode Configuration which was designed for this situations in mind
The diode collector has the following functionalities:
Ability to install without Internet connectivity
Ability to work without registering with Supervisor node
Ability to collect syslog, SNMP trap and Windows log via WMI/OMI protocol using local configuration
Ability to send events to another Collector or Worker via UDP/514 using syslog protocol
A diode collector only requires a strictly one-way communication from itself to another Collector or Worker. There is one deployment mode:
Diode Collector - Worker
The regular Collector can send events to Worker via HTTPS.
Regards,
S