Seqrite XDR

Fortigate Connector and Its response Connector

Print Friendly, PDF & Email
  • Configuration of FortiGate Event Downloader Connector.
  1. Under the connector, go to Ingestion.
  2. Select FortiGate Event Downloader Connector. Click on Configure.
  3. Select the Enable FortiGate Firewall Events? as Yes.
  4. Select the Validate and Save.
  5. Will receive the Token Copy and Save the token will be required in setting up an ES agent.
  • FortiGate Event Downloader Connector System Requirement.
  1. Linux or Mac machine with Static IP address allocation.
  2. Assign: RAM: 4 GB or more, CPU: 2 vCPUs or more, Disk: 100 GB or more.
  3. Curl installed.
  • FortiGate ES Agent Installation
  1. In the prepared, Linux or Mac machine, we are good to install the ES agent.
  2. Replace with the actual token you saved during connector configuration.
  3. Then run the command to install:
  4. sudo bash mkdir fortigate_es_agent cd fortigate_es_agent curl -L -O https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-8.17.9-linux-x86_64.tar.gz tar xzvf elastic-agent-8.17.9-linux-x86_64.tar.gz cd elastic-agent-8.17.9-linux-x86_64 sudo ./elastic-agent install --url=https://elk-next-fleet-1.seqrite.com:443 --insecure --enrollment-token=<Toekn>
  • FortiGate Firewall Configuration
  1. The FortiGate ES agent is up and running.
  2. Go to FortiGate firewall interface. Go to Logs & Report > Log Settings. Under Global Settings, Enable Address, Event Logging, Local trafic Logging, Syslog Logging. Enter the IP address of the Linux or Mac machine.
  3. Click on Apply.
  4. After performing all the above steps, alerts will begin to generate in the XDR portal automatically, indicating successful configuration.
  • FortiGate ES Agent Un-installation:
  1. After deleting the FortiGate Event Downloader connector configuration in the XDR portal, it is necessary to completely uninstall or remove the ES agent from the Linux or macOS system.
  2. Run the following command to Uninstall or remove the ES agent
sudo bash elastic-agent uninstall rm -rf elastic-agent-8.17.9-linux-x86_64 elastic-agent-8.17.9-linux-x86_64.tar.gz sudo rm -rf /opt/Elastic/Agent sudo rm -rf /etc/elastic-agent sudo rm -rf /var/lib/elastic-agent sudo rm -rf /var/log/elastic-agent Verify it's Gone ps aux | grep elastic-agent sudo systemctl status elastic-agent

Was this page helpful?
Yes No