Setting Credentials

FortiSIEM communicates with various systems to collect operating system/hardware/software information, logs, and performance metrics. This section provides the procedures to set up a device credential and associate them to an IP or IP range. For information on generalized HTTPS based event collection, refer to "Generic Log API Poller (HTTPS Advanced) Integration" in the Appendix of the latest External Systems Configuration Guide.

Creating a Credential

Complete these steps to create a login credential:

  1. Go to ADMIN > Setup > Credentials tab.
  2. Under Step 1: Enter Credentials section, click New.
  3. In the Access Method Definition dialog box, enter the information below.

    SettingsGuidelines
    Name[Required] Name of the credential that will be used for reference purpose.
    Device TypeType of device from the drop-down.
    Access Protocol Type of access protocol from the drop-down. Note that this list depends on the selected device type.
    PortTCP/UDP Port number for communicating to the device for the access protocol.
    Password config

    Choose Manual, CyberArk SDK or CyberArk REST API.
    - Manual: The credentials will be defined and stored in FortiSIEM. See the External Systems Configuration Guide for the corresponding device type configuration settings.

    - CyberArk SDK: FortiSIEM will get credentials from CyberArk password Vault. See "CyberArk SDK Password Configuration" in the External Systems Configuration Guide for configuration settings.

    -CyberArk REST API: FortiSIEM will get credentials from CyberArk password Vault through REST API access. See "CyberArk REST API Password Configuration" in the External Systems Configuration Guide for configuration settings.

  4. Enter the options in the remaining fields that appear based on the Device Type selection.
  5. Click Save.

Associating a Credential to IP Ranges or Hosts

The association is on a per-Collector basis.

  1. Under Step 2: Enter IP Range to Credential Associations section, click New.
  2. In the Device Credential Mapping Definition dialog box, enter the information below.

    SettingsGuidelines
    IP/Host Name[Required] Host name, IP address or IP range to associate with a credential. Allowed IP range syntax is single IP, single range, single CIDR or a list separated by comma – e.g. 10.1.1.1, 10.1.1.2,20.1.1.0/24, 30.1.1.1-30.1.1.10. Host names are only allowed for a specific set of credentials see below.
    CredentialsSelect one or more credentials by name. Use + to add more.
  3. Click Save.

Testing Credentials and API Event Collection

Credentials can be tested to ensure that they are working correctly and do not perform a full discovery, and therefore provide results more quickly.

Test Connectivity also has a special function for certain Device API integrations. Instead of performing separate Discovery to integrate FortiSIEM with a Device API, clicking Test Connectivity will test the credential and start collecting event from the API. The External System Configuration Guide details Device integrations that require only this step to collect events.

note icon
  1. If the user assigns a Test Connectivity or Discovery task to a Collector, then the Collector performs those tasks. The Supervisor also assigns the performance monitoring task to the same Collector that performed discovery.

  2. For environments without Collector:

    1. Supervisor does discovery and Test Connectivity.

    2. Supervisor then assigns the performance monitoring tasks to the Active Workers in a weighted round robin fashion. Some jobs like vCenter monitoring has a higher weight than simple SNMP based CPU monitoring.

    3. Workers perform the performance monitoring tasks.

    4. If a Worker is removed, its performance monitoring jobs are redistributed to other Workers.

    5. If a Worker is added, new performance monitoring jobs are assigned to that Worker.

    6. If you disable and then enable performance monitoring jobs from the GUI, then a new global job distribution takes place.

  1. Select an association.
  2. Click Test after choosing:
    • Test Connectivity – the device will be pinged first and then the credential will be attempted. This shortens the test connectivity process in case the device with specified IP is not present or reachable.
    • Test Connectivity without Ping – the credential will be attempted without pinging first.
  3. Check the test connectivity result in the pop up display.

Modifying Device Credentials

Complete these steps to modify device credentials:

  1. Select an association from the list and click the required option.
    • Edit - to modify any credential settings.
    • Delete - to delete a credential.
    • Clone - to duplicate a credential.
  2. Click Save.

Modifying a Credential Association

Complete these steps to modify a credential association:

  1. Select the credential association from the list and click the required option under Step 2: Enter IP Range to Credential Associations:
    • Edit - to edit an associated IP/IP range
    • Delete - to delete any association
  2. Click Save.

Credentials Based on Access Protocol

For information on the credential configuration settings for selected devices, see the External Systems Configuration Guide.