Azure Sentinel Fortinet Connection
Hello everybody! As you know we had the chance to talk about Azure Sentinel before. In this article I want to take a look at the integration with agent, the most important one of the Azure Sentinel Data Connectors. As you might remember, we mentioned that we need to use the integration with agent in order for the Forti Firewall logs to be taken on Azure Sentinel.
We need a linux server on our existing Azure subscription for integration with agent on Azure Sentinel. Python should be installed on the server before setting up agent on the relevant server. I don’t want to lose time on the steps of creating linux server so I will assume that you have set up the linux server and connected with Putty. After we connect with Putty we can move on to the steps of installing python. After setting up the linux server and python, we can move on to the steps necessary for collecting logs in CEF Format.
Command We Need to Run on the Linux Server:
sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py de8f7beb-7100-4d76-a8e1-3d25537a985f dGVvuS4ixQxJhn+R9L0aKep4VpTXinjoBZwNWVqeitXNwYxW485TfZVNvsoVOe0o/mJOzSJ7ivSN0fY8GaTOzw==