Fortinet FortiWeb Cloud WAF-as-a-Service connector
Solution: Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com/ |
| Categories | domains |
| Version | 3.0.3 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-05-23 |
| Solution Folder | Fortinet FortiWeb Cloud WAF-as-a-Service connector for Microsoft Sentinel |
| Marketplace | Azure Marketplace · Rating: ★★★★★ 5.0/5 (2 ratings) · Popularity: 🔵 Medium (61%) |
The Fortinet FortiWeb Cloud WAF-as-a-Service connector solution for Microsoft Sentinel provides an automated approach for SecOps analysts to remediate attacks at application level by blocking suspicious IP and URL and also empowers to gather threat intelligence data for malicious IP activity. By leveraging the FortiWeb API, the connector can automate these security operations, tasks using Microsoft Sentinel Playbooks which can dramatically reduce the window that attackers can take advantage of.
For questions about FortiWeb Cloud, please contact Fortinet at azuresales@fortinet.com.
- Fortinet FortiWeb Cloud WAF via AMA - This data connector helps in ingesting Fortinet FortiWeb Cloud WAF logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent here. Microsoft recommends using this Data Connector.
NOTE: Microsoft recommends installation of Fortinet FortiWeb Cloud WAF via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on Aug 31, 2024.. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost more details.
Contents
Data Connectors
This solution provides 1 data connector(s) (plus 1 discovered⚠️):
- [Deprecated] Fortinet FortiWeb Web Application Firewall via Legacy Agent ⚠️
- Fortinet FortiWeb Web Application Firewall via AMA
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
CommonSecurityLog |
Fortinet FortiWeb Web Application Firewall via AMA, [Deprecated] Fortinet FortiWeb Web Application Firewall via Legacy Agent | Analytics, Hunting, Workbooks |
Content Items
This solution includes 7 content item(s):
| Content Type | Count |
|---|---|
| Hunting Queries | 2 |
| Playbooks | 2 |
| Analytic Rules | 1 |
| Workbooks | 1 |
| Parsers | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Fortiweb - WAF Allowed threat | High | InitialAccess | CommonSecurityLog |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Fortiweb - Unexpected countries | InitialAccess | CommonSecurityLog |
| Fortiweb - identify owasp10 vulnerabilities | InitialAccess | CommonSecurityLog |
Workbooks
| Name | Tables Used |
|---|---|
| Fortiweb-workbook | CommonSecurityLog |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Block IP & URL on fortiweb cloud | This Playbook Provides the automation on blocking the suspicious/malicious IP and URL on fortiweb cl... | - |
| Fetch Threat Intel from fortiwebcloud | This playbook provides/updates the threat intel and essential details in comments section of trigger... | - |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| Fortiweb | - | CommonSecurityLog (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.3 | 10-12-2024 | Removed Deprecated Data Connectors |
| 3.0.2 | 30-04-2024 | Repackaged for parser issue fix on reinstall |
| 3.0.1 | 26-02-2024 | Addition of new Fortinet FortiWeb Cloud WAF AMA Data Connector |
| 3.0.0 | 11-07-2023 | Updated the title and the description of the solution |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊