Fortinet black logo

FortiNDR Cloud Add-on for Splunk

Home FortiNDR Cloud FortiNDR Cloud Add-on for Splunk

Overview

Overview

The FortiNDR Cloud App for Splunk allows administrators to incorporate the network telemetry data collected and analyzed by FortiNDR Cloud into their Splunk deployment.

This app uses REST APIs to poll FortiNDR Cloud to introduce detections events and entities into Splunk. Raw events can be retrieved from the AWS S3 Buckets to import specific network events and all the associated metadata into Splunk.

Only Observation and Suricata events are supported at this time.

After the initial import, the app will periodically poll FortiNDR Cloud at a specified interval for new match events to import. Enrichment and intelligence can also be imported for specified entities, such as Passive DNS records, and DHCP records.

Note

AWS access is required to poll raw events from AWS S3 Buckets.

See FortiNDR Cloud Events for information on how to configure a FortiNDR Cloud Events input.

Previous
Next

Overview

The FortiNDR Cloud App for Splunk allows administrators to incorporate the network telemetry data collected and analyzed by FortiNDR Cloud into their Splunk deployment.

This app uses REST APIs to poll FortiNDR Cloud to introduce detections events and entities into Splunk. Raw events can be retrieved from the AWS S3 Buckets to import specific network events and all the associated metadata into Splunk.

Only Observation and Suricata events are supported at this time.

After the initial import, the app will periodically poll FortiNDR Cloud at a specified interval for new match events to import. Enrichment and intelligence can also be imported for specified entities, such as Passive DNS records, and DHCP records.

Note

AWS access is required to poll raw events from AWS S3 Buckets.

See FortiNDR Cloud Events for information on how to configure a FortiNDR Cloud Events input.

Previous
Next