Blumira’s modern SIEM platform integrates with Fortinet Fortigate Firewalls to detect cybersecurity threats and provide an automated response to remediate when a threat is detected.
When configured, the Blumira integration with Fortinet Fortigate Firewall will stream security event logs to the Blumira service for automated threat detection and actionable response.
When Blumira’s dynamic blocklist capabilities are configured with the Fortinet Fortigate Firewalls, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.
Learn more about enabling Blumira’s Dynamic Block Lists to block malicious source IP addresses and domains for automated threat response.
To configure Fortinet Fortigate Firewalls to send logs to Blumira’s sensor, you can either use the GUI, in Log & Report | Log Settings, or you can use the Fortigate Command Line Interface (CLI).
Log into the CLI and enter the following commands:
config log syslogd setting set facility user set port 514 set server [IP address of Blumira Sensor] set status enable set reliable disable end
You can configure Fortigate to send logs to up to four sensors. Just replace ‘syslogd’ with syslogd2, sylsogd3 or syslogd4 on the first line to configure each sensor.
Most FortiGate features are enabled for logging by default, but you can make sure the Traffic, Web and URL Filtering features are enabled for logging with the following commands:
config log syslogd filter set traffic enable set web enable set url-filter enable end
For more information on logging to a remote syslog server, please see Fortinet’s Logging and Reporting Guide.