SIEM & UEBA

Dear People,

We need to exact URL/IP address what FortiSIEM get feeds from Outside (Internet our environment we cannot open full internet access to . We only allowed specific IP/URL.

Note - The port definition sheet on external data source configuration is not clearly these details.


Where can get these details any link/official


Regards,
Kalana


------------------------------
kalana
------------------------------

It depends on what services you are using.

To access the OS repo:

https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/
https://os-pkgs.fortisiem.fortinet.com/centos6/


If you are using FortiGuard IOC feed with FSM you will need to allow access as well to:

https://update.fortiguard.net
https://fds1.fortinet.com

Any other threat feeds configured or lookups, you will also need to allow access to them. For example Whois, VirusTotal, RiskIQ, etc.

Original Message:
Sent: 10-01-2019 02:42
From: Kalana Chandrasiri
Subject: Firewall Rules for SIEM Implementation

Dear People,

We need to exact URL/IP address what FortiSIEM get feeds from Outside (Internet our environment we cannot open full internet access to . We only allowed specific IP/URL.

Note - The port definition sheet on external data source configuration is not clearly these details.


Where can get these details any link/official


Regards,
Kalana


------------------------------
kalana
------------------------------

Daniel,
Thank you very much for your feedback.

May I know what is the URL/IP for FortiSIEM License activation is


Regards,
Kalana
Original Message:
Sent: 10-02-2019 06:38
From: Daniel Hanman
Subject: Firewall Rules for SIEM Implementation

It depends on what services you are using.

To access the OS repo:

https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/
https://os-pkgs.fortisiem.fortinet.com/centos6/


If you are using FortiGuard IOC feed with FSM you will need to allow access as well to:

https://update.fortiguard.net
https://fds1.fortinet.com

Any other threat feeds configured or lookups, you will also need to allow access to them. For example Whois, VirusTotal, RiskIQ, etc.

Original Message:
Sent: 10-01-2019 02:42
From: Kalana Chandrasiri
Subject: Firewall Rules for SIEM Implementation

Dear People,

We need to exact URL/IP address what FortiSIEM get feeds from Outside (Internet our environment we cannot open full internet access to . We only allowed specific IP/URL.

Note - The port definition sheet on external data source configuration is not clearly these details.


Where can get these details any link/official


Regards,
Kalana


------------------------------
kalana
------------------------------

Hi Kalana,

This is a manual download of the license and then upload in the ForitSIEM GUI.

Thanks

Dan
Original Message:
Sent: 10-02-2019 11:40
From: Kalana Chandrasiri
Subject: Firewall Rules for SIEM Implementation

Daniel,
Thank you very much for your feedback.

May I know what is the URL/IP for FortiSIEM License activation is


Regards,
Kalana
Original Message:
Sent: 10-02-2019 06:38
From: Daniel Hanman
Subject: Firewall Rules for SIEM Implementation

It depends on what services you are using.

To access the OS repo:

https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/
https://os-pkgs.fortisiem.fortinet.com/centos6/


If you are using FortiGuard IOC feed with FSM you will need to allow access as well to:

https://update.fortiguard.net
https://fds1.fortinet.com

Any other threat feeds configured or lookups, you will also need to allow access to them. For example Whois, VirusTotal, RiskIQ, etc.

Original Message:
Sent: 10-01-2019 02:42
From: Kalana Chandrasiri
Subject: Firewall Rules for SIEM Implementation

Dear People,

We need to exact URL/IP address what FortiSIEM get feeds from Outside (Internet our environment we cannot open full internet access to . We only allowed specific IP/URL.

Note - The port definition sheet on external data source configuration is not clearly these details.


Where can get these details any link/official


Regards,
Kalana


------------------------------
kalana
------------------------------