Configuring Security Lake

When creating FortiGate CNF instances in AWS, you can specify your existing AWS Security Lake as a log output destination.

FortiGate CNF does not create a Security Lake destination. You must create it and enable access using the CloudFormation template.

FortiGate CNF supports AWS Security Lake custom sources created in any FortiGate CNF supported regions.

In AWS Security Lake, create a custom data source using AWS Account ID from AWS Accounts in the FortiGate CNF console.

In OCSF Event class, select Network Activity.

In External ID, enter a custom number string.
When running the CloudFormation template, in Stack Details, set SecurityLakeCustomLogSourceName to Data source name from your Security Lake custom source.

When creating FortiGate CNF instances in AWS, you can specify your existing AWS Security Lake as a log output destination.

FortiGate CNF does not create a Security Lake destination. You must create it and enable access using the CloudFormation template.

FortiGate CNF supports AWS Security Lake custom sources created in any FortiGate CNF supported regions.

In AWS Security Lake, create a custom data source using AWS Account ID from AWS Accounts in the FortiGate CNF console.

In OCSF Event class, select Network Activity.

In External ID, enter a custom number string.
When running the CloudFormation template, in Stack Details, set SecurityLakeCustomLogSourceName to Data source name from your Security Lake custom source.