Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
26 views2 pages

SIEM Integration

The document outlines a plan for deploying FortiSIEM, a scalable SIEM solution, including infrastructure setup, log collection, and integration with various sources. It details the configuration of a dedicated tenant, worker nodes, and log collectors, as well as the use of FortiSIEM's analytics features for event investigation and reporting. Additionally, it mentions the development of custom parsers and the importance of testing the system's functionality.

Uploaded by

Bryan Florenosos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
26 views2 pages

SIEM Integration

The document outlines a plan for deploying FortiSIEM, a scalable SIEM solution, including infrastructure setup, log collection, and integration with various sources. It details the configuration of a dedicated tenant, worker nodes, and log collectors, as well as the use of FortiSIEM's analytics features for event investigation and reporting. Additionally, it mentions the development of custom parsers and the importance of testing the system's functionality.

Uploaded by

Bryan Florenosos
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Writing parsers / custom rules

SIEM fit for purpose

Testing

PLAN
FortiSIEM - a highly scalable Security Information and Event Management (SIEM) solution
that provides real time infrastructure and user awareness for accurate threat detection,
analysis and reporting.
1. Infrastructure deployment
a. Configure Norgine tenant on Infosec partners MSSP
o Configure client dedicated segment in Infosec Partners SIEM
o Create access accounts for Infosec Partners operational personnel
and read access accounts as desired for client personnel
o Configure and populate CMDB to hold and monitor client assets
o Create test alerts and rules to test the functionality of the alerting and
correlation
b. Configure worker node in our MSSP SIEM Infrastructure
o Deploy remote worker collector node instances within the client environment
for local collection and processing of log data
c. Deploy log Collectors in defined regions. 5 collectors are currently planned to be
deployed in the following sites: Service Express DataCentre, Azure Europe West,
Azure Europe East, Harefield, Hengoed. The sites will act as logical hubs for
ingesting logs in the most optimal way to reduce bandwidth usage.
d. Log disk expansion, archiving set-up, back-up and recovery set-up for new tenant
2. Integration
a. Configure and assist with log ingestion from various sources such as, but not
limited to: Fortinet, Checkpoint, Cisco, Crowdstrike, Mimecast, Azure, O365, Meraki
switching and wireless.
1. Predefined alerts and reports set-up

FortiSIEM Analytics

One of the features that we utilise the most in FortiSIEM is the Analytics feature. Through
analytics, we can search for events depending on one or multiple attributes which help us in
investigating certain events, users, IP addresses as well as create reports, whenever
necessary.

Analytics can be divided into two main parts. That is the attribute search, where we can
search for events where certain attributes are matched, and the group by and aggregation
where we can specify which attributes from the search itself we want to be displayed, or we
can perform actions on the search results such as a count of all events matching specific
attributes.

2. 4. Custom parsers (Mimecast, and others, up to 5 custom parsers)


3. SIEM fit for purpose
4. Testing

You might also like