Setting Credentials
FortiSIEM communicates with various systems to collect operating system/hardware/software information, logs, and performance metrics. This section provides the procedures to set up a device credential and associate them to an IP or IP range.
- Creating a credential
- Associating a credential to IP ranges or hosts
- Testing a credentials for correctness
- Modifying device credential
- Modifying a credential association
- Credentials based on Access Protocol
Creating a credential
Follow the procedure below to create a login credential:
- Go to ADMIN > Setup > Credentials tab.
- Under Step 1: Enter Credentials section, click New.
- In the Credential Definition dialog box, enter the information below.
Settings Guidelines Name [Required] Name of the credential that will be used for reference purpose. Device Type Type of device from the drop-down. Access Protocol Type of access protocol from the drop-down. Note that this list depends on the selected device type. Port TCP/UDP Port number for communicating to the device for the access protocol. Password config Choose Manual or CyberArk.
- Manual: The credentials will be defined and stored in FortiSIEM. See the table below for the corresponding device type configuration settings.
- CyberArk: FortiSIEM will get credentials from CyberArk password Vault. See the table below for the configuration settings. - Enter the options in the remaining fields that appear based on the Device Type selection.
- Click Save.
Associating a credential to IP ranges or hosts
The association is on a per-Collector basis.
- Under Step 2: Enter IP Range to Credential Associations section, click New.
- In the Device Credential Mapping Definition dialog box, enter the information below.
Settings Guidelines IP/Host Name [Required] Host name, IP address or IP range to associate with a credential. Allowed IP range syntax is single IP, single range, single CIDR or a list separated by comma – e.g. 10.1.1.1, 10.1.1.2,20.1.1.0/24, 30.1.1.1-30.1.1.10. Host names are only allowed for a specific set of credentials see below. Credentials Select one or more credentials by name. Use + to add more. - Click Save.
Testing credentials for correctness
- Select an association.
- Click Test after choosing:
- Test Connectivity – the device will be pinged first and then the credential will be attempted. This shortens the test connectivity process in case the device with specified IP is not present or reachable.
- Test Connectivity without Ping – the credential will be attempted without pinging first.
- Check the test connectivity result in the pop up display.
Modifying device credentials
Follow the procedure below to modify device credentials:
- Select an association from the list and click the required option.
- Edit - to modify any credential settings.
- Delete - to delete a credential.
- Clone - to duplicate a credential.
- Click Save.
Modifying a credential association
Follow the procedure below to modify a credential association:
- Select the credential association from the list and click the required option under Step 2: Enter IP Range to Credential Associations:
- Edit - to edit an associated IP/IP range
- Delete - to delete any association
- Click Save.
Credentials based on Access Protocol
The following tables provide information the Manual Password Configuration settings.
Credentials for Alert Logic IPS
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Alert Logic IPS |
Access Protocol | ALERTLOGIC_API_v3 |
Pull Interval | 5 minutes |
API Key | API Key for device access |
Confirm API Key | Confirm API Key for device access |
Description | Description about the device |
Credentials for Amazon AWS CloudTrail
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Amazon AWS CloudTrail |
Access Protocol | AWS_CLOUDTRAIL |
Region | Region where you created the trail |
Bucket | The name of the S3 bucket you created (s3aocloudtrail ) |
SQS Queue URL | ARN of your queue without the http:// prefix |
Access Key ID | Access key for your AWS instance |
Secret Key | Secret key for your AWS instance |
Confirm Secret Key | Confirm the Secret key for your AWS instance |
Description | Description about the device |
Credentials for Amazon AWS CloudWatch
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Amazon AWS CloudWatch |
Access Protocol | AWS CloudWatch |
Region | [Required] Region in which your AWS instance is located |
AWS Account | The name of the S3 bucket you created (s3aocloudtrail ) |
Log Group Name | Log Group Name |
Log Stream Name | Log Stream Name |
Access Key ID | [Required] Access key for your AWS instance |
Secret Key | [Required] Secret key for your AWS instance |
Confirm Secret Key | [Required] Confirm the Secret key for your AWS instance |
Description | Description about the device |
Credentials for Amazon AWS EC2
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Amazon AWS EC2 |
Access Protocol | AWS SDK |
Region | [Required] Region in which your AWS instance is located |
Access Key ID | [Required] Access key for your AWS instance |
Secret Key | [Required] Secret key for your AWS instance |
Confirm Secret Key | [Required] Confirm the Secret key for your AWS instance |
Description | Description about the device |
Credentials for Microsoft Azure Compute
- Create a Pem file:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout azure-cert.pem -out azure-cert.pem
- Create the cert file:
openssl x509 -outform der -in azure-cert.pem -out azure-cert.cer
- Login to the Azure portal, upload the
.cer
to the Settings > Management Certificates section.
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Microsoft Azure Compute |
Access Protocol | Azure Certificate |
Pull Interval | 5 minutes |
Subscription ID | Subscription ID of the device |
Certificate File | Click Upload to select and import the Certificate file.
To create a Certificate file for communicating to Azure Management Server: |
Description | Description about the device |
Credentials for Box.com
Settings | Description |
---|---|
Name | Enter a name for the credential., for example, BOX. |
Device Type | Box.com Box |
Access Protocol | BOX API |
File Type | Select the file type as file or folder from the drop-down. |
File/Directory Path | Path to the file or directory you want to monitor |
Box.com Account | Email address for your Box.com account |
Description | Description about the device |
Credentials for Cisco ACI
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | CISCO CISCO ACI |
Access Protocol | Cisco APIC API |
Pull Interval | 5 minutes |
Port | 443 |
User Name | User name for device access |
Password | Password for the various REST APIs |
Confirm Password | Confirm the password entered above |
Description | Password for the various REST APIs |
Credentials for Cisco IPS
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Cisco IPS |
Access Protocol | Cisco SDEE |
Pull Interval | 5 minutes |
Port | 443 |
User Name | User name for device access |
Password | Password for your device access |
Confirm Password | Confirm the Password for your device access |
Description | Description about the device |
Credentials for Checkpoint SmartCenter
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Checkpoint SmartCenter |
Access Protocol | Checkpoint SSLCA |
SmartCenter IP | SmartCenter IP |
Checkpoint LEA Port | Port used by LEA on your server |
Client SIC | DN number of your FortiSIEM application |
Server SIC | DN number of your server |
CPMI Port | Port used by CPMI on your server |
Activation Key | Password used in creating your application |
Confirm Activation Key | Confirm the Activation key. |
Description | Description about the device |
Credentials for Cisco FireAMP
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Cisco FireAMP |
Access Protocol | eStreamer SDK |
Pull Interval | 3 minutes |
Port | 8302 |
Password | Password for your device access |
Confirm Password | Confirm the Password for your device access |
Certificate File | Click Upload to select and import the Certificate file. |
Description | Description about the device |
Credentials for Cisco FireAMP Cloud
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Cisco FireAMP Cloud |
Access Protocol | FireAMP Cloud API |
Pull Interval | 5 minutes |
Timeout | 30 seconds |
Client ID | Client ID for device access |
Client Secret | Secret code for device access |
Confirm Client Secret | Confirm the Secret code for device access |
Description | Description about the device |
Credentials for GitHub.com GitHub
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | GitHub.com GitHub |
Access Protocol | GitHub API |
Pull Interval | 5 minutes |
Account Name | Account name for device access |
Account Password | Password for device access |
Confirm Account Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for Google Google Apps
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Google Google Apps |
Access Protocol | Google Apps Admin SDK |
Pull Interval | 5 minutes |
Account Name | Google account name |
Service Account Key | Click Upload and Browse the JSON credential file to Upload to FortiSIEM. |
Description | Description about the device |
Credentials for Microsoft SQL Server
Settings | Description |
---|---|
Name | Enter the name of the database instance you're creating the credential for |
Device Type | Microsoft SQL Server |
Access Protocol | JDBC |
Authentication | - SQL Server Authentication - Windows Authentication |
Used for | - Audit - Performance Monitoring - Synthetic Transaction Monitoring - Snort Audit - Performance |
Pull Interval | 5 min |
Port | 1433 |
Database Name | database_name |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
The fields below are available if you select 'Audit' under 'Used for'. | |
Maximum Records | 1000 |
Logon Event Table | PH_Events.dbo.LogonEvents |
DDL Event Table | PH_Events.dbo.DDLEvents |
Credentials for Apache Apache Tomcat
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Apache Apache Tomcat |
Access Protocol | JMX |
Pull Interval | 5 minutes |
Port | 0 |
Access Key ID | Access key for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for Novell Netware
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Novell Netware |
Access Protocol | - LDAP - LDAP Start TLS - LDAPS |
Used for | - Open LDAP - Microsoft Active Directory |
Server Port | - 389 for LDAP and LDAP Start TLS - 636 for LDAPS |
Base DN | Specify the root of the LDAP tree as the Base DN.
For example: dc=companyABC,dc=com |
User Name | For user discoveries from an OpenLDAP directory, specify the full DN as the user name. For example:
uid=jdoe,ou=hr,ou=unit,dc=companyABC,dc=com For Microsoft Active Directory, the user name can be just the login name. |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
NetBIOS/Domain | Setting specific to Microsoft Active Directory |
Credentials for Microsoft Windows Server 2012 R2
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Microsoft Windows Server 2012 R2 |
Access Protocol | - LDAP - LDAPS - LDAP Start TLS - WMI - SSH - TELNET |
Used for | - Open LDAP - Microsoft Active Directory |
Server Port | - 389 for LDAP and LDAP Start TLS - 636 for LDAPS |
Base DN | Specify the root of the LDAP tree as the Base DN. For example: dc=companyABC,dc=com |
Pull Interval | - 1 minute for WMI |
Port | - 23 for TELNET |
Timeout | 30 seconds |
User Name | For user discoveries from an OpenLDAP directory, specify the full DN as the user name. For example:
uid=jdoe,ou=hr,ou=unit,dc=companyABC,dc=com
For Microsoft Active Directory, the user name can be just the login name. |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Super Password | Password of Super |
Confirm Super Password | Confirm Super password |
Description | Description about the device |
Credentials for EMC VNX
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | EMC VNX |
Access Protocol | Navisec CLI |
Use LDAP | Enable if you want to use LDAP. |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for Tenable Nessus6 Security Scanner
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Tenable Nessus6 Security Scanner |
Access Protocol | Nessus6 API |
Pull Interval | 60 minutes |
Port | 8834 |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for Tenable Nessus Security Scanner
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Tenable Nessus Security Scanner |
Access Protocol | Nessus API |
Pull Interval | 60 minutes |
Port | 8834 |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for Rapid7 NeXpose Security Scanner
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Rapid7 NeXpose Security Scanner |
Access Protocol | Rapid7 NeXpose API |
Pull Interval | 60 minutes |
Port | 3780 |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for OKTA.com OKTA
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | OKTA.com OKTA |
Access Protocol | OKTA API |
Pull Interval | 5 minutes |
Domain | Domain name |
Security Token | Security token for access |
Confirm Security Token | Confirm the Security token for access |
Description | Description about the device |
Credentials for NetApp DataONTAP
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | NetApp DataONTAP |
Access Protocol | NetApp ONTAPI |
Transport | - HTTP - HTTPS |
Pull Interval | 5 minutes |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for Qualys QualysGuard Scanner
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Qualys QualysGuard Scanner |
Access Protocol | Qualys API |
Pull Interval | 60 minutes |
Port | 443 |
User Name | A user who has access to the vulnerability scanner over the API. |
Password | Password associated with the user |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for Green League RSAS
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Green League RSAS |
Access Protocol | RSAS API |
Pull Interval | 5 minutes |
Domain | Domain |
User Name | User name for device access |
Password | Password associated with the user |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for Salesforce Salesforce Audit
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Salesforce Salesforce Audit |
Access Protocol | Salesforce API |
Pull Interval | 5 minutes |
Timeout | 30 seconds |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Security Token | Security token |
Description | Description about the device |
Credentials for Cisco ASA
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Cisco ASA |
Access Protocol | - SSH - TELNET |
Port | - 22 for SSH - 23 for TELNET |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Super Password | Super password |
Confirm Super Password | Confirm Super password |
Description | Description about the device |
Credentials for CISCO UCS
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | CISCO UCS |
Access Protocol | UCS API |
Port | 5988 |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for VMware ESX Server
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | VMware ESX Server |
Access Protocol | VM SDK |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for Green League WVSS
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | Green League WVSS |
Access Protocol | WVSS API |
Pull Interval | 60 minutes |
Domain | Domain name |
User Name | User name for device access |
Password | Password for device access |
Confirm Password | Confirm the password associated with the user name |
Description | Description about the device |
Credentials for YXLink Vuln Scanner
Settings | Description |
---|---|
Name | Enter a name for the credential. |
Device Type | YXLink Vuln Scanner |
Access Protocol | YX API |
Pull Interval | 60 minutes |
Port | 0 |
Domain | Domain name |
Description | Description about the device |
CyberArc Password Configuration
Settings | Description |
---|---|
App ID | Application ID |
Safe | Safe value |
Folder | Folder location |
Object | Object name |
User Name | User name |
Platform (Policy ID) | Policy ID |
Database | Database name |
Description | Description or comments about the credentials |