FortiSIEM communicates with various systems to collect operating system/hardware/software information, logs, and performance metrics. This section provides the procedures to set up a device credential and associate them to an IP or IP range.
- Creating a Credential
- Associating a Credential to IP Ranges or Hosts
- Testing Credentials and API Event Collection
- Modifying Device Credential
- Modifying a Credential Association
- Credentials Based on Access Protocol
Creating a Credential
Complete these steps to create a login credential:
- Go to ADMIN > Setup > Credentials tab.
- Under Step 1: Enter Credentials section, click New.
- In the Access Method Definition dialog box, enter the information below.
Settings Guidelines Name [Required] Name of the credential that will be used for reference purpose. Device Type Type of device from the drop-down. Access Protocol Type of access protocol from the drop-down. Note that this list depends on the selected device type. Port TCP/UDP Port number for communicating to the device for the access protocol. Password config Choose Manual or CyberArk.
- Manual: The credentials will be defined and stored in FortiSIEM. See the table below for the corresponding device type configuration settings.
- CyberArk: FortiSIEM will get credentials from CyberArk password Vault. See "CyberArk Password Configuration" in the External Systems Configuration Guide for configuration settings.
- Enter the options in the remaining fields that appear based on the Device Type selection.
- Click Save.
Associating a Credential to IP Ranges or Hosts
The association is on a per-Collector basis.
- Under Step 2: Enter IP Range to Credential Associations section, click New.
- In the Device Credential Mapping Definition dialog box, enter the information below.
Settings Guidelines IP/Host Name [Required] Host name, IP address or IP range to associate with a credential. Allowed IP range syntax is single IP, single range, single CIDR or a list separated by comma – e.g. 10.1.1.1, 10.1.1.2,220.127.116.11/24, 18.104.22.168-22.214.171.124. Host names are only allowed for a specific set of credentials see below. Credentials Select one or more credentials by name. Use + to add more.
- Click Save.
Testing Credentials and API Event Collection
Credentials can be tested to ensure that they are working correctly and do not perform a full discovery, and therefore provide results more quickly.
Test Connectivity also has a special function for certain Device API integrations. Instead of performing separate Discovery to integrate FortiSIEM with a Device API, clicking Test Connectivity will test the credential and start collecting event from the API. The External System Configuration Guide details Device integrations that require only this step to collect events.
- Select an association.
- Click Test after choosing:
- Test Connectivity – the device will be pinged first and then the credential will be attempted. This shortens the test connectivity process in case the device with specified IP is not present or reachable.
- Test Connectivity without Ping – the credential will be attempted without pinging first.
- Check the test connectivity result in the pop up display.
Modifying Device Credentials
Complete these steps to modify device credentials:
- Select an association from the list and click the required option.
- Edit - to modify any credential settings.
- Delete - to delete a credential.
- Clone - to duplicate a credential.
- Click Save.
Modifying a Credential Association
Complete these steps to modify a credential association:
- Select the credential association from the list and click the required option under Step 2: Enter IP Range to Credential Associations:
- Edit - to edit an associated IP/IP range
- Delete - to delete any association
- Click Save.
Credentials Based on Access Protocol
For information on the credential configuration settings for selected devices, see the External Systems Configuration Guide.