marketplace
CDS FortiGate - User Audit
CDS FortiGate - Wireless Network and VPN
Overview
FortiGate provides a full range of threat protection capabilities, including firewall, intrusion prevention, antivirus, SSL inspection, and application control. FortiGate reduces complexity with automated visibility into applications, users, and networks, and provides security ratings to adopt security best practices.
This integration collects the following log types and subtypes:
| Type | Description | SubType |
|---|
| Traffic | Records traffic flow information such as an HTTP/HTTPS request and its response, if any | FORWARD, LOCAL |
| Event | Records system and administrative events | SYSTEM, USER, VPN, WIRELESS |
| UTM | Records UTM Events | IPS, WEB |
NOTE: Support for the metric has been discontinued and its related panels are now deprecated in integration v1.1.0 and above. We plan to completely remove the same in upcoming releases of the integration.
This integration includes the following Datadog Cloud SIEM detection rules for enhanced monitoring and security:
- FortiGate detected access to malicious or risky websites
- FortiGate activity detected from new or suspicious location
- FortiGate detected rogue access point
- Received FortiGate event with critical severity
- FortiGate observed frequent large amounts of data transferred to file-sharing sites
- FortiGate detected high number of blocked actions
- FortiGate observed multiple authentication failures
- FortiGate received multiple intrusion prevention events from a single source
- FortiGate observed unusual network traffic
Note: To use the out-of-the-box detection rules, the relevant integration must be installed in Datadog, and Cloud SIEM must be enabled.
Support
For support or feature requests, contact Crest Data through the following channels:
This application is made available through the Datadog Marketplace and is supported by a Datadog Technology Partner. To use it, purchase this application in the Marketplace.
