Setting Credentials

FortiSIEM communicates with various systems to collect operating system/hardware/software information, logs, and performance metrics. This section provides the procedures to set up a device credential and associate them to an IP or IP range.

Creating a credential

Follow the procedure below to create a login credential:

  1. Go to ADMIN > Setup > Credentials tab.
  2. Under Step 1: Enter Credentials section, click New.
  3. In the Credential Definition dialog box, enter the information below.

    SettingsGuidelines
    Name[Required] Name of the credential that will be used for reference purpose.
    Device TypeType of device from the drop-down.
    Access Protocol Type of access protocol from the drop-down. Note that this list depends on the selected device type.
    PortTCP/UDP Port number for communicating to the device for the access protocol.
    Password configChoose Manual or CyberArk.
    - Manual: The credentials will be defined and stored in FortiSIEM. See the table below for the corresponding device type configuration settings.
    - CyberArk: FortiSIEM will get credentials from CyberArk password Vault. See the table below for the configuration settings.
  4. Enter the options in the remaining fields that appear based on the Device Type selection.
  5. Click Save.

Associating a credential to IP ranges or hosts

The association is on a per-Collector basis.

  1. Under Step 2: Enter IP Range to Credential Associations section, click New.
  2. In the Device Credential Mapping Definition dialog box, enter the information below.

    SettingsGuidelines
    IP/Host Name[Required] Host name, IP address or IP range to associate with a credential. Allowed IP range syntax is single IP, single range, single CIDR or a list separated by comma – e.g. 10.1.1.1, 10.1.1.2,20.1.1.0/24, 30.1.1.1-30.1.1.10. Host names are only allowed for a specific set of credentials see below.
    CredentialsSelect one or more credentials by name. Use + to add more.
  3. Click Save.

Testing credentials for correctness

  1. Select an association.
  2. Click Test after choosing:
    • Test Connectivity – the device will be pinged first and then the credential will be attempted. This shortens the test connectivity process in case the device with specified IP is not present or reachable.
    • Test Connectivity without Ping – the credential will be attempted without pinging first.
  3. Check the test connectivity result in the pop up display.

Modifying device credentials

Follow the procedure below to modify device credentials:

  1. Select an association from the list and click the required option.
    • Edit - to modify any credential settings.
    • Delete - to delete a credential.
    • Clone - to duplicate a credential.
  2. Click Save.

Modifying a credential association

Follow the procedure below to modify a credential association:

  1. Select the credential association from the list and click the required option under Step 2: Enter IP Range to Credential Associations:
    • Edit - to edit an associated IP/IP range
    • Delete - to delete any association
  2. Click Save.

Credentials based on Access Protocol

The following tables provide information the Manual Password Configuration settings.

Credentials for Alert Logic IPS

    Settings Description
    Name Enter a name for the credential.
    Device Type Alert Logic IPS
    Access Protocol ALERTLOGIC_API_v3
    Pull Interval 5 minutes
    API Key API Key for device access
    Confirm API Key Confirm API Key for device access
    Description Description about the device

Credentials for Amazon AWS CloudTrail

    Settings Description
    Name Enter a name for the credential.
    Device Type Amazon AWS CloudTrail
    Access Protocol AWS_CLOUDTRAIL
    Region Region where you created the trail
    Bucket The name of the S3 bucket you created (s3aocloudtrail)
    SQS Queue URL ARN of your queue without the http:// prefix
    Access Key ID Access key for your AWS instance
    Secret Key Secret key for your AWS instance
    Confirm Secret Key Confirm the Secret key for your AWS instance
    Description Description about the device

Credentials for Amazon AWS CloudWatch

    Settings Description
    Name Enter a name for the credential.
    Device Type Amazon AWS CloudWatch
    Access Protocol AWS CloudWatch
    Region [Required] Region in which your AWS instance is located
    AWS Account The name of the S3 bucket you created (s3aocloudtrail)
    Log Group Name Log Group Name
    Log Stream Name Log Stream Name
    Access Key ID [Required] Access key for your AWS instance
    Secret Key [Required] Secret key for your AWS instance
    Confirm Secret Key [Required] Confirm the Secret key for your AWS instance
    Description Description about the device

Credentials for Amazon AWS EC2

    Settings Description
    Name Enter a name for the credential.
    Device Type Amazon AWS EC2
    Access Protocol AWS SDK
    Region [Required] Region in which your AWS instance is located
    Access Key ID [Required] Access key for your AWS instance
    Secret Key [Required] Secret key for your AWS instance
    Confirm Secret Key [Required] Confirm the Secret key for your AWS instance
    Description Description about the device

Credentials for Microsoft Azure Compute

    Settings Description
    Name Enter a name for the credential.
    Device Type Microsoft Azure Compute
    Access Protocol Azure Certificate
    Pull Interval 5 minutes
    Subscription ID Subscription ID of the device
    Certificate File Click Upload to select and import the Certificate file.
    To create a Certificate file for communicating to Azure Management Server:
    1. Create a Pem file:
      openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout azure-cert.pem -out azure-cert.pem
    2. Create the cert file:
      openssl x509 -outform der -in azure-cert.pem -out azure-cert.cer
    3. Login to the Azure portal, upload the .cer to the Settings > Management Certificates section.
    Description Description about the device

Credentials for Box.com

    Settings Description
    Name Enter a name for the credential., for example, BOX.
    Device Type Box.com Box
    Access Protocol BOX API
    File Type Select the file type as file or folder from the drop-down.
    File/Directory Path Path to the file or directory you want to monitor
    Box.com Account Email address for your Box.com account
    Description Description about the device

Credentials for Cisco ACI

    Settings Description
    Name Enter a name for the credential.
    Device Type CISCO CISCO ACI
    Access Protocol Cisco APIC API
    Pull Interval 5 minutes
    Port 443
    User Name User name for device access
    Password Password for the various REST APIs
    Confirm Password Confirm the password entered above
    Description Password for the various REST APIs

Credentials for Cisco IPS

    Settings Description
    Name Enter a name for the credential.
    Device Type Cisco IPS
    Access Protocol Cisco SDEE
    Pull Interval 5 minutes
    Port 443
    User Name User name for device access
    Password Password for your device access
    Confirm Password Confirm the Password for your device access
    Description Description about the device

Credentials for Checkpoint SmartCenter

    Settings Description
    Name Enter a name for the credential.
    Device Type Checkpoint SmartCenter
    Access Protocol Checkpoint SSLCA
    SmartCenter IP SmartCenter IP
    Checkpoint LEA Port Port used by LEA on your server
    Client SIC DN number of your FortiSIEM application
    Server SIC DN number of your server
    CPMI Port Port used by CPMI on your server
    Activation Key Password used in creating your application
    Confirm Activation Key Confirm the Activation key.
    Description Description about the device

Credentials for Cisco FireAMP

    Settings Description
    Name Enter a name for the credential.
    Device Type Cisco FireAMP
    Access Protocol eStreamer SDK
    Pull Interval 3 minutes
    Port 8302
    Password Password for your device access
    Confirm Password Confirm the Password for your device access
    Certificate File Click Upload to select and import the Certificate file.
    Description Description about the device

Credentials for Cisco FireAMP Cloud

    Settings Description
    Name Enter a name for the credential.
    Device Type Cisco FireAMP Cloud
    Access Protocol FireAMP Cloud API
    Pull Interval 5 minutes
    Timeout 30 seconds
    Client ID Client ID for device access
    Client Secret Secret code for device access
    Confirm Client Secret Confirm the Secret code for device access
    Description Description about the device

Credentials for GitHub.com GitHub

    Settings Description
    Name Enter a name for the credential.
    Device Type GitHub.com GitHub
    Access Protocol GitHub API
    Pull Interval 5 minutes
    Account Name Account name for device access
    Account Password Password for device access
    Confirm Account Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Google Google Apps

    Settings Description
    Name Enter a name for the credential.
    Device Type Google Google Apps
    Access Protocol Google Apps Admin SDK
    Pull Interval 5 minutes
    Account Name Google account name
    Service Account Key Click Upload and Browse the JSON credential file to Upload to FortiSIEM.
    Description Description about the device

Credentials for Microsoft SQL Server

    Settings Description
    Name Enter the name of the database instance you're creating the credential for
    Device Type Microsoft SQL Server
    Access Protocol JDBC
    Authentication - SQL Server Authentication
    - Windows Authentication
    Used for - Audit
    - Performance Monitoring
    - Synthetic Transaction Monitoring
    - Snort Audit
    - Performance
    Pull Interval 5 min
    Port 1433
    Database Name database_name
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device
    The fields below are available if you select 'Audit' under 'Used for'.
    Maximum Records 1000
    Logon Event Table PH_Events.dbo.LogonEvents
    DDL Event Table PH_Events.dbo.DDLEvents

Credentials for Apache Apache Tomcat

    Settings Description
    Name Enter a name for the credential.
    Device Type Apache Apache Tomcat
    Access Protocol JMX
    Pull Interval 5 minutes
    Port 0
    Access Key ID Access key for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Novell Netware

    Settings Description
    Name Enter a name for the credential.
    Device Type Novell Netware
    Access Protocol - LDAP
    - LDAP Start TLS
    - LDAPS
    Used for - Open LDAP
    - Microsoft Active Directory
    Server Port - 389 for LDAP and LDAP Start TLS
    - 636 for LDAPS
    Base DN Specify the root of the LDAP tree as the Base DN.
    For example: dc=companyABC,dc=com
    User Name For user discoveries from an OpenLDAP directory, specify the full DN as the user name. For example: uid=jdoe,ou=hr,ou=unit,dc=companyABC,dc=com
    For Microsoft Active Directory, the user name can be just the login name.
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device
    NetBIOS/Domain Setting specific to Microsoft Active Directory

Credentials for Microsoft Windows Server 2012 R2

    Settings Description
    Name Enter a name for the credential.
    Device Type Microsoft Windows Server 2012 R2
    Access Protocol - LDAP
    - LDAPS
    - LDAP Start TLS
    - WMI
    - SSH
    - TELNET
    Used for - Open LDAP
    - Microsoft Active Directory
    Server Port - 389 for LDAP and LDAP Start TLS
    - 636 for LDAPS
    Base DN Specify the root of the LDAP tree as the Base DN. For example: dc=companyABC,dc=com
    Pull Interval - 1 minute for WMI
    Port - 23 for TELNET
    Timeout 30 seconds
    User Name For user discoveries from an OpenLDAP directory, specify the full DN as the user name. For example: uid=jdoe,ou=hr,ou=unit,dc=companyABC,dc=com
    For Microsoft Active Directory, the user name can be just the login name.
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Super Password Password of Super
    Confirm Super Password Confirm Super password
    Description Description about the device

Credentials for EMC VNX

    Settings Description
    Name Enter a name for the credential.
    Device Type EMC VNX
    Access Protocol Navisec CLI
    Use LDAP Enable if you want to use LDAP.
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Tenable Nessus6 Security Scanner

    Settings Description
    Name Enter a name for the credential.
    Device Type Tenable Nessus6 Security Scanner
    Access Protocol Nessus6 API
    Pull Interval 60 minutes
    Port 8834
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Tenable Nessus Security Scanner

    Settings Description
    Name Enter a name for the credential.
    Device Type Tenable Nessus Security Scanner
    Access Protocol Nessus API
    Pull Interval 60 minutes
    Port 8834
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Rapid7 NeXpose Security Scanner

    Settings Description
    Name Enter a name for the credential.
    Device Type Rapid7 NeXpose Security Scanner
    Access Protocol Rapid7 NeXpose API
    Pull Interval 60 minutes
    Port 3780
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for OKTA.com OKTA

    Settings Description
    Name Enter a name for the credential.
    Device Type OKTA.com OKTA
    Access Protocol OKTA API
    Pull Interval 5 minutes
    Domain Domain name
    Security Token Security token for access
    Confirm Security Token Confirm the Security token for access
    Description Description about the device

Credentials for NetApp DataONTAP

    Settings Description
    Name Enter a name for the credential.
    Device Type NetApp DataONTAP
    Access Protocol NetApp ONTAPI
    Transport - HTTP
    - HTTPS
    Pull Interval 5 minutes
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Qualys QualysGuard Scanner

    Settings Description
    Name Enter a name for the credential.
    Device Type Qualys QualysGuard Scanner
    Access Protocol Qualys API
    Pull Interval 60 minutes
    Port 443
    User Name A user who has access to the vulnerability scanner over the API.
    Password Password associated with the user
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Green League RSAS

    Settings Description
    Name Enter a name for the credential.
    Device Type Green League RSAS
    Access Protocol RSAS API
    Pull Interval 5 minutes
    Domain Domain
    User Name User name for device access
    Password Password associated with the user
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Salesforce Salesforce Audit

    Settings Description
    Name Enter a name for the credential.
    Device Type Salesforce Salesforce Audit
    Access Protocol Salesforce API
    Pull Interval 5 minutes
    Timeout 30 seconds
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Security Token Security token
    Description Description about the device

Credentials for Cisco ASA

    Settings Description
    Name Enter a name for the credential.
    Device Type Cisco ASA
    Access Protocol - SSH
    - TELNET
    Port - 22 for SSH
    - 23 for TELNET
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Super Password Super password
    Confirm Super Password Confirm Super password
    Description Description about the device

Credentials for CISCO UCS

    Settings Description
    Name Enter a name for the credential.
    Device Type CISCO UCS
    Access Protocol UCS API
    Port 5988
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for VMware ESX Server

    Settings Description
    Name Enter a name for the credential.
    Device Type VMware ESX Server
    Access Protocol VM SDK
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for Green League WVSS

    Settings Description
    Name Enter a name for the credential.
    Device Type Green League WVSS
    Access Protocol WVSS API
    Pull Interval 60 minutes
    Domain Domain name
    User Name User name for device access
    Password Password for device access
    Confirm Password Confirm the password associated with the user name
    Description Description about the device

Credentials for YXLink Vuln Scanner

    Settings Description
    Name Enter a name for the credential.
    Device Type YXLink Vuln Scanner
    Access Protocol YX API
    Pull Interval 60 minutes
    Port 0
    Domain Domain name
    Description Description about the device

CyberArc Password Configuration

    Settings Description
    App ID Application ID
    Safe Safe value
    Folder Folder location
    Object Object name
    User Name User name
    Platform (Policy ID) Policy ID
    Database Database name
    Description Description or comments about the credentials