Update to the gui sdn connector edit page that

  • No School
  • AA 1
  • MateProton6480
  • 79

This preview shows page 19 - 21 out of 79 pages.

Update to the GUI SDN connector edit page that supports allowing configuration of the following fields: l AWS access key ID l AWS secret access key l AWS region name l AWS VPC ID l Update Interval 3. Change to address edit page to allow configuration of the Filter field for Dynamic AWS address. 4. Update to the dynamic address monitor API to get resolved address list for dynamic AWS addresses. AWS GuardDuty integration AWS GuardDuty is a managed threat detection service that monitors malicious or unauthorized behaviors/activities related to AWS resources. GuardDuty provides visibility of logs called findings, and Fortinet provides a Lambda script that populates a list of malicious IP addresses then stores it in an S3 location. FortiGate can then be configured to point to the location as the external feed of threat vectors. To use this feature, you must subscribe to GuardDuty, CloudWatch, and S3. Fortinet-provided Lambda scripts are not supported within regular Fortinet technical support scope. For questions related to the scripts, contact [email protected] . GuardDuty findings give visibility on the following: l Severity: High/medium/low (associated with scores) l Where it occurred: Region, resource ID, account ID l When: Last seen date/time l Count l Detailed information can include: l Affected resource: type/instance ID/image ID/port/resource type/image description/launch time/tags/network interfaces (public IP, private IP, subnet ID, VPCID, security groups) l Action: type/connection direction l Actor l Additional information To configure the integration: l Subscribe and enable GuardDuty on AWS. When findings occur, they are pushed to CloudWatch. l CloudWatch events trigger the Lambda script for automated actions. 19 Virtual FortiOS for FortiOS 6.0.2 Fortinet Technologies Inc.
Image of page 19
Virtual FortiOS overview Other virtual FortiOS products l If one of the following criteria is met: l Connected direction is inbound, the finding contains an IPaddress, and the severity is greater than the minimum score (configurable) l Connected direction is unknown, the finding contains an IP address and matches certain known threat lists (such as ProofPoint) that GuardDuty identifies, and the severity is greater than the minimum score The IP address is considered black and is appended to a file located in the S3 bucket/directory. l FortiGate queries the file as the external source of blacklisted IP addresses. The following is an example configuration: The configuration can be done in the CLI as follows: config system external-resource edit "GuardDuty" set type address set resource "" next end You can then use the gathered IP addresses as criteria to protect the network. Azure HA support for Azure FortiOS supports the use of active/passive HA, similar to that for Amazon Web Services (AWS) in an Azure environment.
Image of page 20
Image of page 21

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture