Configuring Security Lake
When creating FortiGate CNF instances in AWS, you can specify your existing AWS Security Lake as a log output destination.
FortiGate CNF does not create a Security Lake destination. You must create it and enable access using the CloudFormation template.
FortiGate CNF supports AWS Security Lake custom sources created in any FortiGate CNF supported regions. |
To connect FortiGate CNF to Security Lake:
-
In AWS Security Lake, create a custom data source using AWS Account ID from AWS Accounts in the FortiGate CNF console.
In OCSF Event class, select Network Activity.
In External ID, enter a custom number string.
-
When running the CloudFormation template, in Stack Details, set SecurityLakeCustomLogSourceName to Data source name from your Security Lake custom source.