Fortinet Fortigate - Learn more about collecting Fortinet Fortigate firewalls logs using a Syslog Collector applet and content pack integration in Cortex Cloud. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Runtime Security
Creation date
2024-12-24
Last date published
2026-06-16
Category
Administrator Guide
Abstract

Learn more about collecting Fortinet Fortigate firewalls logs using a Syslog Collector applet and content pack integration in Cortex Cloud.

You can configure collecting Fortinet Fortigate firewall logs using a Broker VM Syslog Collector applet or with a content pack integration:

Fortinet Fortigate vendor

Description

Syslog Collector applet overview

If you use Fortinet Fortigate firewalls, you can forward network connection logs to Cortex Cloud using the Broker VM Syslog Collector applet in a CEF format.

Link to Syslog Collector applet instructions

Ingest logs from Fortinet Fortigate firewalls

Links to content pack/integration details

  • The FortiManager content pack enables managing Fortinet devices through a single console central management system and provides data normalization for FortiManager event logs ingested via Syslog into Cortex Cloud. It contains the Fortinet FortiManager Modeling Rule, the Fortinet FortiManager Parsing Rule, and the FortiManager - Install Policy Package on Device playbook. It also includes the following integration:

    • FortiManager: Use this integration to manage Fortinet devices as a single console central management system. This integration enables executing the FortiManager - Install Policy Package on Device playbook, which installs a FortiManager firewall policy package on a given device.

  • The FortiGate content pack manages FortiGate firewalls, delivering convergence and deep security visibility across diverse network environments, and facilitating data normalization for ingested event logs. It contains the Fortinet FortiGate Modeling Rule, and the FortiGate Parsing Rule. It also includes the following integration:

    • FortiGate: Use this integration to manage Fortinet FortiGate firewall devices, leveraging the Fortinet FortiOS operating system to provide deep visibility and consistent security across environments like remote offices, campuses, and data centers. It includes commands for listing, creating, updating, moving, and deleting firewall policies, addresses (IPv4 and IPv6, including multicasts), and service groups, alongside functionalities like banning and unbanning IPs.