Integrate fortigate with wazuh

5,120 views

Skip to first unread message

Javier Allende

unread,

Mar 7, 2019, 9:12:06 AM3/7/19

to Wazuh mailing list

Good Morning,

How can i add an a fortigate firewall with wazuh Server?

kindly regards

jm.mal...@wazuh.com

unread,

Mar 7, 2019, 12:36:33 PM3/7/19

to Wazuh mailing list

Hi Javier,

as far as we understand your question, you want to monitor events from a FortiGate firewall by using Wazuh. If not, please excuse us and re-formulate the question.

Wazuh offers the possibility of collecting or ingesting FortiGate events via remote syslog:

https://documentation.wazuh.com/current/user-manual/capabilities/log-data-collection/how-it-works.html?highlight=syslog

Sample configuration:

<ossec_config> 
 <remote>
 <connection>syslog</connection>
 <allowed-ips>192.168.2.0/24</allowed-ips> 
 </remote> 
<ossec_config>

The Wazuh manager has a default ruleset (rules and decoders) which is able to process alerts generated by the FortiGate devices (and very much other makers as well). It is currently compatible with versions 3, 4 and 5 of FortiOS.

https://github.com/wazuh/wazuh-ruleset/blob/master/decoders/0100-fortigate_decoders.xml

Please, follow the above and below instuctions to set it up and let us know if you have any problem:

https://wazuh.com/blog/monitoring-network-devices-wazuh-hids/

Regards,

Jose

Reply all

Reply to author

Forward

0 new messages