Update to the GUI SDN connector edit page that supports allowing configuration of the following fields:lAWS access key IDlAWS secret access keylAWS region namelAWS VPC IDlUpdate Interval3.Change to address edit page to allow configuration of theFilterfield for Dynamic AWS address.4.Update to the dynamic address monitor API to get resolved address list for dynamic AWS addresses.AWS GuardDuty integrationAWS GuardDuty is a managed threat detection service that monitors malicious or unauthorizedbehaviors/activities related to AWS resources. GuardDuty provides visibility of logs called findings, and Fortinetprovides a Lambda script that populates a list of malicious IP addresses then stores it in an S3 location. FortiGatecan then be configured to point to the location as the external feed of threat vectors.To use this feature, you must subscribe to GuardDuty, CloudWatch, and S3.Fortinet-provided Lambda scripts are not supported within regular Fortinet technicalsupport scope. For questions related to the scripts, contact[email protected].GuardDuty findings give visibility on the following:lSeverity:High/medium/low (associated with scores)lWhere it occurred:Region, resource ID, account IDlWhen:Last seen date/timelCountlDetailed information can include:lAffected resource:type/instance ID/image ID/port/resource type/image description/launchtime/tags/network interfaces (public IP, private IP, subnet ID, VPCID, security groups)lAction:type/connection directionlActorlAdditional informationTo configure the integration:lSubscribe and enable GuardDuty on AWS. When findings occur, they are pushed to CloudWatch.lCloudWatch events trigger the Lambda script for automated actions.19Virtual FortiOS for FortiOS 6.0.2Fortinet Technologies Inc.
Virtual FortiOS overviewOther virtual FortiOS productslIf one of the following criteria is met:lConnected direction is inbound, the finding contains an IPaddress, and the severity is greater than theminimum score (configurable)lConnected direction is unknown, the finding contains an IP address and matches certain known threat lists(such as ProofPoint) that GuardDuty identifies, and the severity is greater than the minimum scoreThe IP address is considered black and is appended to a file located in the S3 bucket/directory.lFortiGate queries the file as the external source of blacklisted IP addresses. The following is an exampleconfiguration:The configuration can be done in the CLI as follows:config system external-resourceedit "GuardDuty"set type addressset resource ""nextendYou can then use the gathered IP addresses as criteria to protect the network.AzureHA support for AzureFortiOS supports the use of active/passive HA, similar to that for Amazon Web Services (AWS) in an Azureenvironment.