Fortisem- Nozomi Guardian Integration

Shaheer256 · ‎08-21-2024

We have integrated 10 Nozomi network in 10 collectors .

we are successfully discovers the devices in fortisiem and we uploaded a test trace in Nozomi and we got the alert in fortisiem.

our environment is totally OT devices and we are not connected to internet totally isolated.

how can I get the logs of OT devices in Fortisiem

sioannou · ‎08-22-2024

Hi @Shaheer256 ,

Two options to consider here, if the network is truly isolated and there is no way to get a connection the best you can do is upload the events to FortiSIEM manually,

1) https://help.fortinet.com/fsiem/7-2-0/Online-Help/HTML5_Help/Analyzing_custom_log_files.htm

2) https://help.fortinet.com/fsiem/7-2-0/Online-Help/HTML5_Help/configuring-local-syslog-file-ingestion...

If there is the possibility to allow outbound connection (only) to FortiSIEM from the OT network then you can consider the Collector Diode Configuration which was designed for this situations in mind

The diode collector has the following functionalities:

Ability to install without Internet connectivity
Ability to work without registering with Supervisor node
Ability to collect syslog, SNMP trap and Windows log via WMI/OMI protocol using local configuration
Ability to send events to another Collector or Worker via UDP/514 using syslog protocol

A diode collector only requires a strictly one-way communication from itself to another Collector or Worker. There is one deployment mode:

Diode Collector - Worker

The regular Collector can send events to Worker via HTTPS.

https://docs.fortinet.com/document/fortisiem/7.2.2/diode-collector-installation-guide/405342/diode-c...

Regards,

S

Fortisem- Nozomi Guardian Integration

Nominate a Forum Post for Knowledge Article Creation