Forti Analyzer Connector

1. Fortu Analyzer Connector Configuration in XDR

1. Log in to the XDR platform.
2. Navigate to Connectors > Ingestion.
3. Select Event Connector and click Configure.
4. Enter the Collector ID and Password.
5. Click Validate and Save.

2. System Requirements

✅ Prerequisites:

• A system with a Static IP address.
• Docker Engine installed. Download from:
  https://docs.docker.com/get-docker

Start the Docker service:

systemctl start docker

Identify and note your system’s IP address.

3. Firewall Port Configuration

For Linux/macOS:

firewall-cmd --permanent --add-port=514/udp
firewall-cmd --reload

For Windows (PowerShell as Administrator):

New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Inbound -Protocol UDP -LocalPort 514 -Action Allow
New-NetFirewallRule -DisplayName "Allow UDP Port 514" -Direction Outbound -Protocol UDP -LocalPort 514 -Action Allow

4. Docker Setup for Event Collector

Download the Docker image using the following URL (replace placeholders):

https://connectors-xdr.seqrite.com/connectors/collector/download?collectorId=<COLLECTOR_ID>&password=<COLLECTOR_PASSWORD>&tid=<TENANT_ID>

Load the image:

docker load --input <path_to/hhcollector-1.0.0.tar>

Run the collector:

docker run -p 514:514/udp \
  --env COLLECTOR_ID=<COLLECTOR_ID> \
  --env TID=<TENANT_ID> \
  hhcollector

5. FortiAnalyzer & FortiGate Configuration

On FortiGate Firewall:

1. Go to Logs & Report > Log Settings.

2. Under Global Settings, enable:

   • Address Logging
   • Event Logging
   • Local Traffic Logging
   • Syslog Logging
3. Enter the IP address of the FortiAnalyzer.
4. Click Apply.

On FortiAnalyzer Interface:

1. Go to Device Manager > Add Device.

2. Enter:

   • Name
   • FortiGate Serial Number
3. Click Next, then Finish.

Log Forwarding Configuration:

1. Go to System Settings > Advanced > Log Forwarding.
2. Under Syslog Server, click Add.

3. Set:

   • IP Address: Event Collector machine IP
   • Port: 514 (UDP)
4. Save and apply the configuration.