Setting Credentials

FortiSIEM communicates with various systems to collect operating system/hardware/software information, logs, and performance metrics. This section provides the procedures to set up a device credential and associate them to an IP or IP range.

Creating a credential

Follow the procedure below to create a login credential:

  1. Go to ADMIN > Setup > Credentials tab.
  2. Under Step 1: Enter Credentials section, click New.
  3. In the Credential Definition dialog box, enter the information below.

    SettingsGuidelines
    Name[Required] Name of the credential that will be used for reference purpose
    Device TypeType of device from the drop-down
    Access Protocol typeType of access protocol from the drop-down. Note that this list depends on the selected device type.
    PortTCP/UDP Port number for communicating to the device for the access protocol
    Password configChoose Manual or CyberArk.
    - Manual: The credentials will be defined and stored in FortiSIEM. See the table below for the corresponding device type configuration settings.
    - CyberArk: FortiSIEM will get credentials from CyberArk password Vault. See the table below for the configuration settings.
  4. Enter the options in the remaining fields that appear based on the Device Type selection.
  5. Click Save.

Associating a credential to IP ranges or hosts

The association is on a per-collector basis.

  1. Select a Collector.
  2. Under Step 2: Enter IP Range to Credential Associations section, click New.
  3. In the Device Credential Mapping Definition dialog box, enter the information below.

    SettingsGuidelines
    Name/IP/IP Range[Required] Host name, IP address or IP range to associate with a credential. Allowed IP range syntax is single IP, single range, single CIDR or a list separated by comma – e.g. 10.1.1.1, 10.1.1.2,20.1.1.0/24, 30.1.1.1-30.1.1.10. Host names are only allowed for a specific set of credentials see below.
    CredentialsSelect one or more credentials by name. Use + to add more credentials.
  4. Click Save.

Testing credentials for correctness

  1. Select a credential.
  2. Click Test after choosing:
    • Test Connectivity – the device will be pinged first and then the credential will be attempted. This shortens the test connectivity process in case the device with specified IP is not present or reachable.
    • Test Connectivity without Ping – the credential will be attempted without pinging first.
  3. Check the test connectivity result in the pop up display.

Modifying device credentials

Follow the procedure below to modify device credentials:

  1. Select the login credential from the list and click the required option.
    • Edit - to modify any credential settings.
    • Delete - to delete a credential.
    • Clone - to duplicate a credential.
  2. Click Save.

Modifying a credential association

Follow the procedure below to modify a credential association:

  1. Select the credential association from the list and click the required option under Step 2: Enter IP Range to Credential Associations:
    • Edit - to edit an associated IP/IP range
    • Delete - to delete any association
  2. Click Save.

Credentials based on Access Protocol

The following tables provides information the Manual Password Configuration settings.

Credentials for Alert Logic IPS

    Settings Description
    Name Enter a name for the device.
    Device Type Alert Logic IPS
    Access Protocol ALERTLOGIC_API_v3
    Pull Interval 5 minutes
    API Key API Key for device access
    Confirm API Key Confirm API Key for device access
    Description Description about the device

Credentials for Amazon AWS CloudTrail

    Settings Description
    Name Enter a name for the device.
    Device Type Amazon AWS CloudTrail
    Access Protocol AWS_CLOUDTRAIL
    Region Region where you created the trail
    Bucket The name of the S3 bucket you created (s3aocloudtrail)
    SQS Queue URL ARN of your queue without the http:// prefix
    Access Key ID Access key for your AWS instance
    Secret Key Secret key for your AWS instance
    Confirm Secret Key Confirm the Secret key for your AWS instance
    Description Description about the device

Credentials for Amazon AWS CloudWatch

    Settings Description
    Name Enter a name for the device.
    Device Type Amazon AWS CloudWatch
    Access Protocol AWS CloudWatch
    Region [Required] Region in which your AWS instance is located
    AWS Account The name of the S3 bucket you created (s3aocloudtrail)
    Log Group Name Log Group Name
    Log Stream Name Log Stream Name
    Access Key ID [Required] Access key for your AWS instance
    Secret Key [Required] Secret key for your AWS instance
    Confirm Secret Key [Required] Confirm the Secret key for your AWS instance
    Description Description about the device

Credentials for Amazon AWS EC2

    Settings Description
    Name Enter a name for the device.
    Device Type Amazon AWS EC2
    Access Protocol AWS SDK
    Region [Required] Region in which your AWS instance is located
    Access Key ID [Required] Access key for your AWS instance
    Secret Key [Required] Secret key for your AWS instance
    Confirm Secret Key [Required] Confirm the Secret key for your AWS instance
    Description Description about the device

Credentials for Microsoft Azure Compute

    Settings Description
    Name Enter a name for the device.
    Device Type Microsoft Azure Compute
    Access Protocol Azure Certificate
    Pull Interval 5 minutes
    Subscription ID Subscription ID of the device
    Certificate File Click Upload to select and import the Certificate file.
    To create a Certificate file for communicating to Azure Management Server:
    1. Create a Pem fil:
      openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout azure-cert.pem -out azure-cert.pem
    2. Create the cert file:
      openssl x509 -outform der -in azure-cert.pem -out azure-cert.cer
    3. Login to the Azure portal, upload the .cer to the Settings > Management Certificates section.
    Description Description about the device

Credentials for Box.com

    Settings Description
    Name Enter a name for the device, for example, BOX.
    Device Type Box.com Box
    Access Protocol BOX API
    File Type Select the file type as file or folder from the drop-down.
    File/Directory Path Path to the file or directory you want to monitor
    Box.com Account Email address for your Box.com account
    Description Description about the device

Credentials for Cisco ACI

    Settings Description
    Name Enter a name for the device.
    Device Type CISCO CISCO ACI
    Access Protocol Cisco APIC API
    Pull Interval 5 minutes
    Port 443
    Access Key ID Access key for the REST API
    Password Password for the various REST APIs
    Confirm Password Confirm the password entered above.
    Description Password for the various REST APIs

Credentials for Cisco IPS

    Settings Description
    Name Enter a name for the device.
    Device Type Cisco IPS
    Access Protocol Cisco SDEE
    Pull Interval 5 minutes
    Port 443
    Client ID Client ID for the device
    Password Password for your device access
    Confirm Password Confirm the Password for your device access
    Description Description about the device

Credentials for Checkpoint SmartCenter

    SettingsDescription
    NameEnter a name for the device.
    Device TypeCheckpoint SmartCenter
    Access ProtocolCheckpoint SSLCA
    SmartCenter IP SmartCenter IP
    Checkpoint LEA PortPort used by LEA on your server
    Client SICDN number of your FortiSIEM application
    Server SICDN number of your server
    CPMI PortPort used by CPMI on your server
    Activation KeyPassword used in creating your application
    Confirm Activation KeyConfirm the Activation key.
    DescriptionDescription about the device

Credentials for Cisco FireAMP

    SettingsDescription
    NameEnter a name for the device.
    Device TypeCisco FireAMP
    Access ProtocoleStreamer SDK
    Pull Interval 3 minutes
    Port8302
    PasswordPassword for your device access
    Confirm PasswordConfirm the Password for your device access
    Certificate FileClick Upload to select and import the Certificate file.
    DescriptionDescription about the device

Credentials for Cisco FireAMP Cloud

    Settings Description
    Name Enter a name for the device. FireAMP Cloud
    Device Type Cisco FireAMP Cloud
    Access Protocol FireAMP Cloud API
    Pull Interval 5 minutes
    Timeout 30 seconds
    Client ID Client ID for device access
    Client Secret Secret code for device access
    Confirm Client Secret Confirm the Secret code for device access
    Description Description about the device

Credentials for GitHub.com GitHub

    Settings Description
    Name Enter a name for the device.
    Device Type GitHub.com GitHub
    Access Protocol GitHub API
    Pull Interval 5 minutes
    Account Name Account name for device access
    Account Password Password for device access
    Confirm Account Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Google Google Apps

    Settings Description
    Name Enter a name for the device.
    Device Type Google Google Apps
    Access Protocol Google Apps Admin SDK
    Pull Interval 5 minutes
    User Name User name for device access
    Service Account Key Click Upload and Browse the JSON credential file to Upload to FortiSIEM.
    Description Description about the device

Credentials for Microsoft SQL Server

    Settings Description
    Name Enter the name of the database instance you're creating the credential for
    Device Type Microsoft SQL Server
    Access Protocol JDBC
    Authentication - SQL Server Authentication
    - Windows Authentication
    Used for - Audit
    - Performance Monitoring
    - Synthetic Transaction Monitoring
    - Snort Audit
    - Performance
    Pull Interval 5 min
    Port 1433
    Database Name database_name
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device
    The fields below are available if you select 'Audit' under 'Used for'.
    Maximum Records 1000
    Logon Event Table PH_Events.dbo.LogonEvents
    DDL Event Table PH_Events.dbo.DDLEvents

Credentials for Apache Apache Tomcat

    Settings Description
    Name Enter a name for the device.
    Device Type Apache Apache Tomcat
    Access Protocol JMX
    Pull Interval 5 minutes
    Port 0
    Access Key ID Access key for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Novell Netware

    Settings Description
    Name Enter a name for the device.
    Device Type Novell Netware
    Access Protocol - LDAP
    - LDAP Start TLS
    - LDAPS
    Used for - Open LDAP
    - Microsoft Active Directory
    Server Port - 389 for LDAP and LDAP Start TLS
    - 636 for LDAPS
    Base DN Specify the root of the LDAP tree as the Base DN.
    For example: dc=companyABC,dc=com
    User Name For user discoveries from an OpenLDAP directory, specify the full DN as the user name. For example: uid=jdoe,ou=hr,ou=unit,dc=companyABC,dc=com
    For Microsoft Active Directory, the user name can be just the login name.
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device
    NetBIOS/Domain  

Credentials for Microsoft Windows Server 2012 R2

    Settings Description
    Name Enter a name for the device.
    Device Type Microsoft Windows Server 2012 R2
    Access Protocol - LDAP
    - LDAPS
    - LDAP Start TLS
    - WMI
    - SSH
    - TELNET
    Used for - Open LDAP
    - Microsoft Active Directory
    Server Port - 389 for LDAP and LDAP Start TLS
    - 636 for LDAPS
    Base DN Specify the root of the LDAP tree as the Base DN. For example: dc=companyABC,dc=com
    Pull Interval - LDAP
    - LDAPS
    - LDAP Start TLS
    - 1 minute for WMI
    - SSH
    - TELNET
    Port - 23 for TELNET
    Timeout 30 seconds
    User Name For user discoveries from an OpenLDAP directory, specify the full DN as the user name. For example: uid=jdoe,ou=hr,ou=unit,dc=companyABC,dc=com
    For Microsoft Active Directory, the user name can be just the login name.
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Super Password Password of Super
    Confirm Super Password Confirm Super password
    Description Description about the device

Credentials for EMC VNX

    SettingsDescription
    NameEnter a name for the device.
    Device TypeEMC VNX
    Access ProtocolNavisec CLI
    Use LDAPEnable if you want to use LDAP.
    User NameUser name for device access
    PasswordPassword for device access
    Confirm PasswordConfirm the password associated with the user name
    DescriptionDescription about the device

Credentials for Tenable Nessus6 Security Scanner

    Settings Description
    Name Enter a name for the device.
    Device Type Tenable Nessus6 Security Scanner
    Access Protocol Nessus6 API
    Pull Interval 60 minutes
    Port 8834
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Tenable Nessus Security Scanner

    Settings Description
    Name Enter a name for the device.
    Device Type Tenable Nessus Security Scanner
    Access Protocol Nessus API
    Pull Interval 60 minutes
    Port 8834
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Rapid7 NeXpose Security Scanner

    Settings Description
    Name Enter a name for the device.
    Device Type Rapid7 NeXpose Security Scanner
    Access Protocol NeXpose API
    Pull Interval 60 minutes
    Port 3780
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for OKTA.com OKTA

    Settings Description
    Name Enter a name for the device.
    Device Type OKTA.com OKTA
    Access Protocol OKTA API
    Pull Interval 5 minutes
    Domain Domain name
    Security Token Security token for access
    Confirm Security Token Confirm the Security token for access
    Description Description about the device

Credentials for NetApp DataONTAP

    Settings Description
    Name Enter a name for the device.
    Device Type NetApp DataONTAP
    Access Protocol NetApp ONTAPI
    Transport - HTTP
    - HTTPS
    Pull Interval 5 minutes
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Qualys QualysGuard Scanner

    Settings Description
    Name Enter a name for the device.
    Device Type Qualys QualysGuard Scanner
    Access Protocol Qualys API
    Pull Interval 60 minutes
    Port 443
    User Name A user who has access to the vulnerability scanner over the API.
    Password Password associated with the user
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Green League RSAS

    Settings Description
    Name Enter a name for the device.
    Device Type Green League RSAS
    Access Protocol RSAS API
    Pull Interval 5 minutes
    Domain Domain
    User Name User name for device access
    Password Password associated with the user
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Salesforce Salesforce Audit

    Settings Description
    Name Enter a name for the device.
    Device Type Salesforce Salesforce Audit
    Access Protocol Salesforce API
    Pull Interval 5 minutes
    Timeout 30 seconds
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Security Token Security token
    Confirm Security Token Confirm the Security token
    Description Description about the device

Credentials for Cisco ASA

    Settings Description
    Name Enter a name for the device.
    Device Type Cisco ASA
    Access Protocol - SSH
    - TELNET
    Pull Interval 60 minutes
    Port - 22 for SSH
    - 23 for TELNET
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Super Password Super password
    Confirm Super Password Confirm Super password
    Description Description about the device

Credentials for CISCO UCS

    Settings Description
    Name Enter a name for the device.
    Device Type CISCO UCS
    Access Protocol UCS API
    Port 5988
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for VMware ESX Server

    Settings Description
    Name Enter a name for the device.
    Device Type VMware ESX Server
    Access Protocol VM SDK
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Green League WVSS

    Settings Description
    Name Enter a name for the device.
    Device Type Green League WVSS
    Access Protocol WVSS API
    Pull Interval 60 minutes
    Domain Domain name
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for YXLink Vuln Scanner

    Settings Description
    Name Enter a name for the device.
    Device Type YXLink Vuln Scanner
    Access Protocol YX API
    Pull Interval 60 minutes
    Port 0
    Domain Domain name
    Description Description about the device

CyberArc Password Configuration

    Settings Description
    App ID Application ID
    Safe Safe value
    Folder Folder location
    Object Object name
    User Name User name
    Platform (Policy ID) Policy ID
    Database Database name
    Description Description or comments about the credentials