Integration of Fortinet with ManageEngine Log360

Integration type: Log management

ManageEngine Log360's integration with Fortinet enhances your security infrastructure by continuously monitoring and reporting all events generated by Fortinet firewalls. This setup enhances threat detection by utilizing advanced algorithms to analyze firewall logs in conjunction with other data and identify complex threats such as coordinated attacks or advanced persistent threats.

With this integration, you can:

• Correlate firewall logs with data from other security tools and systems, enhancing the detection of complex threats. For example, simultaneous alerts from a firewall and an antivirus system about a single device can indicate a potential breach. This triggers a coordinated response.
• Streamline compliance by automating the generation of audit trails required for regulations like GDPR, HIPAA, or PCI DSS.
• Improve forensic capabilities by providing detailed insights into the origin and impact of security incidents.

How the integration works

How to enable

To configure the syslog service in your Fortinet devices, follow the steps below.

• Login to the Fortinet device as an administrator.
• Define the syslog servers. It can be defined in two different ways:
  • Using GUI: Follow the steps in this link.
  • CLI commands:
• Use the following CLI Commands to send Fortinet logs to the EventLog Analyzer server
  • config system locallog syslogd setting
  • set severity debug
  • set facility local7
  • set status enable
  • set syslog-name <syslog server name set in above step> end
• Severity and Facility can be changed as per the requirements.

Top benefits of this integration

• Continuous monitoring: Log360 collects logs continuously from Fortinet firewalls. These logs include details about network traffic, intrusion attempts, malware detection, and other security events. By aggregating and analyzing this data in real time, the solution provides a comprehensive view of network activity and security status, allowing organizations to detect and react to anomalies as they occur.
• Event correlation: Log360 can correlate firewall logs with data from other security tools and systems, enhancing the detection of complex threats. For example, simultaneous alerts from a firewall and an antivirus system about a single device can indicate a potential breach, triggering a coordinated response.
• Real-time alerts: The real-time processing capabilities of Log360 ensure that any unusual activity or identified threat is immediately flagged. This prompt alerting mechanism enables quicker response times, potentially stopping threats before they can cause significant damage. You can set up alerts to monitor specific events on Fortinet devices, such as denied connections, failed logons, system shutdowns, modified policies, and VPN logouts.
• Automated response mechanisms: Upon detecting a threat, a SIEM solution like Log360 integrated with Fortinet firewalls can automate response actions. These actions could include blocking traffic from a suspicious IP address, isolating affected network segments, or triggering scripts that implement specific security protocols. This automation reduces the window of opportunity for attackers and lessens the burden on security teams.
• Enhanced reporting and compliance: Log360 generates detailed reports based on the data collected from Fortinet firewalls. These reports are crucial for compliance with security standards and regulations, providing proof of due diligence and the effective management of data protection measures. Regular reports also help in auditing security policies and procedures, ensuring they remain effective under changing conditions.
• Forensic analysis: In the event of a security incident, the detailed logs collected and preserved by Log360 from Fortinet firewalls serve as valuable forensic evidence. Analysts can use this data to trace the steps of an attacker, understand the methods used, and identify the scope of the impact. This analysis is crucial for preventing future incidents, refining security strategies, and fulfilling legal and regulatory requirements after an attack.

About Fortinet

Fortinet is a leading provider of broad, integrated, and automated cybersecurity solutions. They offer a single platform for comprehensive security across the entire digital infrastructure, from endpoints, data centers, and cloud environments to emerging mobile devices.