FortiSIEM integrates with several AWS services (such as CloudTrail, Security Hub, and Kinesis) to collect and process security events. To ensure secure integration, it is recommended to assign least privilege IAM permissions.

Minimum IAM Permissions:

1. Amazon SQS (CloudTrail Integration):

FortiSIEM requires access to read CloudTrail notifications from SQS queues:

• sqs:ReceiveMessage
• sqs:DeleteMessage
• sqs:GetQueueAttributes
• sqs:ChangeMessageVisibility (optional, for handling long polls)

2. AWS Security Hub.

FortiSIEM ingests findings from Security Hub and may need to enable the following services:

• securityhub:*

3. AWS Kinesis Data Streams.

FortiSIEM ingests findings from Security Hub and may need to enable the following services:

• kinesis:DescribeStreamSummary
• kinesis:GetShardIterator
• kinesis:GetRecords
• kinesis:ListStreams

Related documents:

AWS Kinesis with FortiSIEM - FortiSIEM documentation 

Controlling access to Amazon Kinesis Data Streams resources using IAM - AWS documentation 

AWS Security Hub Permissions - AWS documentation