Fortinet: FortiGate
FortiGate Next Generation Firewalls (NGFWs) deliver industry-leading enterprise security for any edge at any scale with full visibility and threat protection. Organizations can weave security deep into the hybrid IT architecture and build security-driven networks to achieve ultra-fast security, end to end.
FortiGate datacenter threat visualizations in Splunk help you identify anomalous behavior and de-duplicate threat feed data to enable the fast creation and consolidation of analytics. Splunk ingests and maps security and traffic data collected from FortiGate physical and virtual appliances across domains. Log fields can be mapped from FortiGate appliances and interchanges into a common format. In the Common Information Model, FortiGate data is typically mapped to the Firewall data model.
Configuration
Guidance for onboarding data can be found in the Spunk Documentation:
- Getting Data In (Splunk Enterprise)
- Getting Data In (Splunk Cloud)
- Get data into Splunk Observability Cloud
Refer to the documentation, and note the following:
- Source type: fgt_log
- Add-on or app:
Application
When your Splunk deployment is ingesting Fortinet FortiGate data, you can use the data to achieve the following: