OCI Firewall Traffic Logs to FortiSIEM

Tiger · ‎05-18-2024

Trying to understand how easy it is to push Oracle OCI firewall traffic logs to FortiSIEM? Can’t seem to find much on the subject, so wondered if there is anyone out there who may have already done this? Can’t see it being that difficult, but can’t find much about this anywhere?

Appreciate any insights here…

thanks!

premchanderr · ‎10-03-2024

HI @Tiger ,

Currently this product is not listed in supported devices:

https://docs.fortinet.com/document/fortisiem/7.2.3/external-systems-configuration-guide/780675/forti...

Refer a sample syslog parser and the below document can help you to build detailed parser:

https://help.fortinet.com/fsiem/7-0-3/Online-Help/HTML5_Help/Configuring_parsers.htm

Regards,
Prem Chander R

prakadesh · ‎11-18-2024

Hi @Tiger To forward OCI Firewall traffic logs to FortiSIEM, :

Enable Logging in OCI:
- Navigate to the OCI Console, enable the Logging Service, and locate the Service Logs section. Look for Network Firewall Logs and ensure logging is enabled.
- Refer to the OCI SIEM Integration Guide for additional details.
Forward Logs via Connector Hub:
- Use the Connector Hub to configure log forwarding from the Service Logs to the OCI Streaming Service.
FortiSIEM Integration:
- Integrate FortiSIEM with OCI Streaming using the following steps outlined in the Oracle Cloud Infrastructure | FortiSIEM 7.1.4 | Fortinet Document Library
Custom Parser:
- Since FortiSIEM doesn’t natively parse OCI Firewall logs, a custom parser is necessary. While the parser will process the logs, you must ensure the following:
  - Map Event Attributes: Map log fields to FortiSIEM attributes based on the log reference.
  - Custom Event Types: Modify the event type and add relevant mappings to align with your FortiSIEM rules and correlation.

OCI Firewall Traffic Logs to FortiSIEM

Nominate a Forum Post for Knowledge Article Creation