SIEM & UEBA

Expand all | Collapse all

FortiSIEM - AWS Integration

  • 1.  FortiSIEM - AWS Integration

    Posted 28 days ago
    Hi All,

    I would like to clarify few things regarding FortSIEM integration with AWS Environment.


    • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
    • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
      • Whether is it using Kinesis Data Streams/Data Firehose
      • Does it collect these streams to a S3 bucket
      • What type of log sources supported via Kinesis
    • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
    • I just saw an guide on VPC Flows
    Can anyone provide an insight? Thanks.

    ------------------------------
    Cheers,
    Isuru
    ------------------------------


  • 2.  RE: FortiSIEM - AWS Integration

    GROUP ADMIN
    Posted 10 days ago
    Hi Isuru,

    • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
      • It collects the EC2 Metrics. If there is something else you need, let us know.
    • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
      • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.

    Thanks

    Dan


    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------



  • 3.  RE: FortiSIEM - AWS Integration

    Posted 4 days ago
    Hi Dan,

    Thanks for the response, but my concerns are,

    • It collects the EC2 Metrics. If there is something else you need, let us know.
      • What about other metrics ?
      • Does FortiSIEM only support EC2 metrics?

    • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.
      • What if we store the kinesis streams to a S3 bucket ?
      • Will the provided integration be able to pull those streams ?


    ------------------------------
    Cheers,
    Isuru
    ------------------------------