Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[New Integration] Fortinet FortiProxy #9559

Closed
14 of 15 tasks
jamiehynds opened this issue Apr 10, 2024 · 3 comments · Fixed by #9846
Closed
14 of 15 tasks

[New Integration] Fortinet FortiProxy #9559

jamiehynds opened this issue Apr 10, 2024 · 3 comments · Fixed by #9846
Assignees
@taylor-swanson
Labels
New Integration Team:Security-Deployment and Devices Deployment and Devices Security team

Comments

@jamiehynds
Copy link

jamiehynds commented Apr 10, 2024
edited by taylor-swanson

Description

FortiProxy is a secure web gateway that protects employees. against internet-borne attacks by incorporating multiple. detection techniques such as web, video, and DNS filtering, data loss prevention, antivirus, intrusion prevention, and. Client Browser Isolation. Data sheet is available here.

Architecture

Syslog is supported and will be the easiest path to supporting the FortiProxy logs on our end. Fortinet provide a log reference will all available event types here. The three main log categories are traffic, security and system events. Ideally, our goal is to support all three categories with as many log types in each category as possible. For a breakdown of each category please see here.

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

  • Change follows the contributing guidelines
  • Supported versions of the monitoring target are documented
  • Supported operating systems are documented (if applicable)
  • Integration or System tests exist
  • Documentation exists
  • Fields follow ECS and naming conventions
  • At least a manual test with ES / Kibana / Agent has been performed.
  • Required Kibana version set to: ^8.12.2

New Package

  • Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

  • Dashboards exists
  • Screenshots added or updated
  • Datastream filters added to visualizations

Log dataset changes

  • Pipeline tests exist (if applicable)
  • Generated output for at least 1 log file exists
  • Sample event (sample_event.json) exists
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

@taylor-swanson taylor-swanson self-assigned this Apr 10, 2024
@taylor-swanson
Copy link
Contributor

@jamiehynds, do we have any raw syslog events we can look at? Mainly wondering what the syslog header portion of message is going to look like. The other Fortinet integrations vary on what the raw message look like.

The linked PDF for parsing the rest of the message is great, though!

@jamiehynds
Copy link
Author

@taylor-swanson unfortunately, I haven't been able to get sample data, however Fortinet has provided us with a license and we can spin up our own virtual appliance in order to generate data. I'll share the details with you offline.

@taylor-swanson taylor-swanson mentioned this issue May 13, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@taylor-swanson taylor-swanson

Labels
New Integration Team:Security-Deployment and Devices Deployment and Devices Security team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[fortinet_fortiproxy] Add Fortinet FortiProxy integration taylor-swanson/integrations
3 participants
@elasticmachine @jamiehynds @taylor-swanson