Skip to main content

Fortinet FortiSIEM

FortiSIEM delivers powerful security information and event management (SIEM) with user and entity behavior analytics (UEBA). It is designed to be the backbone of your security operations team, delivering capabilities ranging from automatically building your inventory of assets to applying cutting edge behavioral analytics to rapidly detect and respond to threats. FortiSIEM is the industry’s only security operations platform with a fully inbuilt configuration management database (CMDB).

To learn more about FortiSIEM, see the documentation.

Prerequisites

Permissions

  • "Organization Admin" role in MD.ECO

Configuration steps

Creating a new user in the CMDB

  • To Create a new User, access the CMDB tab.
  • Go to Users -> Ungrouped and click on the "new" button.
FortiSIEM - Creating User
  • Fill the form as follow and check the "System admin" box. This will open a new dialog where you can set the user's password
  • Assign the role to the user by selecting the previously created role.
    *The username and the password will be used as credentials by the connector.
FortiSIEM - Creating UserFortiSIEM - Creating User

Create a FortiSIEM secret in MD.ECO

Secret Expiration

  • Set the day when the secret will become expired.

Domain

  • If the version of your FortiSIEM is an "Enterprise deployments", set the domain field to "Super"
  • If the version of your FortiSIEM is a "Service Provider deployments", set the domain field to the domain of the organization from which you want the incidents to be ingested. You could also set the domain to "Super", but it will ingested all the incidents of each organization defined in FortiSIEM.

Username

  • Set the username of the user created previously

Password

  • Set the password of the user created previously
ORG Console - Secrets - Create