GithubHelp home page GithubHelp logo

criblpacks / cribl-fortinet-fortigate-firewall Goto Github PK

View Code? Open in Web Editor NEW
2.0 3.0 0.0 24 KB

This pack is targeted for collections of Fortinet Fortigate firewall events

License: Apache License 2.0

firewall fortigate fortigate-firewall fortinet stream-processing observability

cribl-fortinet-fortigate-firewall's Introduction

FortiGate Firewall Pack

  • This pack is targeted for collections of Fortinet Fortigate firewall events
  • The FortiGate-traffic pipeline inside the pack includes Sample files for testing, Lookup Tables for Enrichment, and multiple examples of Dropping events
  • Furthermore, the pipeline show example of shaping the events into JSON before sending the event to the Analytics store
  • The pack 4 additional pipelines FortiGate-utm, FortiGate-event, FortiGate-dns, and FortiGate-anomaly are all similar to the FortiGate-traffic pipeline.

Important Information

FortiGate Log types details can be found here: https://docs.fortinet.com/document/fortigate/7.0.0/fortios-log-message-reference/160372/list-of-log-types-and-subtypes

What to Expect

  • Event Reduction: Expect 30% reduction in total size using Drop or Sampling functions.
  • Event Erichment: As you enable Lookkup Tables expect to see additional fields in the events.
  • Event Shaping: Expect the pack to shape the events into JSON format

Requirements

Before you begin, ensure that you have met the following requirements:

  1. Create a Route with with a filter for your Fortinet Fortigate events
  2. Select the CriblFortinetFortigateFirewall pack as the pipeline.

Release Notes

Version 0.5.0 - 2021-05-18

  • Fortinet Fortigate Firewall pack Initial release!
  • Support for Fortinet Fortigate Firewall events including the following 5 sourcetypes FortiGate-traffic, FortiGate-utm, FortiGate-event, FortiGate-dns, and FortiGate-anomaly

Contributing to the Pack

Discuss this pack on our Community Slack channel

Contact

The author of this pack is Raanan Dagan and can be contacted at [email protected].

License

This Pack uses the following license: Apache 2.0.

cribl-fortinet-fortigate-firewall's People

Contributors

nicktank avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar

cribl-fortinet-fortigate-firewall's Issues

Missing .cribl file?

Packs desire a .cribl file to upload, should this repo just be packaged in a .cribl zip, or?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.