SIEM & UEBA

Expand all | Collapse all

Firewall Rules for SIEM Implementation

  • 1.  Firewall Rules for SIEM Implementation

    Posted Sep 30, 2019 11:42 PM
    Dear People,

    We need to exact URL/IP address what FortiSIEM get feeds from Outside (Internet our environment we cannot open full internet access to . We only allowed specific IP/URL.

    Note - The port definition sheet on external data source configuration is not clearly these details.


    Where can get these details any link/official


    Regards,
    Kalana


    ------------------------------
    kalana
    ------------------------------


  • 2.  RE: Firewall Rules for SIEM Implementation

    GROUP ADMIN
    Posted Oct 02, 2019 03:38 AM
    It depends on what services you are using.

    To access the OS repo:

    https://os-pkgs-cdn.fortisiem.fortinet.com/centos6/
    https://os-pkgs.fortisiem.fortinet.com/centos6/


    If you are using FortiGuard IOC feed with FSM you will need to allow access as well to:

    https://update.fortiguard.net
    https://fds1.fortinet.com

    Any other threat feeds configured or lookups, you will also need to allow access to them. For example Whois, VirusTotal, RiskIQ, etc.




  • 3.  RE: Firewall Rules for SIEM Implementation

    Posted Oct 02, 2019 08:40 AM
    Daniel,
    Thank you very much for your feedback.

    May I know what is the URL/IP for FortiSIEM License activation is


    Regards,
    Kalana


  • 4.  RE: Firewall Rules for SIEM Implementation

    GROUP ADMIN
    Posted Oct 02, 2019 08:42 AM
    Hi Kalana,

    This is a manual download of the license and then upload in the ForitSIEM GUI.

    Thanks

    Dan