Create graylog 3 as a SOC and SIEM , to analyse log From Fortinet

Hello,

I would like to ask , how to Create graylog 3 as a SOC and SIEM , to analyse log From Fortinet ?

thank you ,
Louis

http://docs.graylog.org/en/3.0/pages/getting_started/collect.html

thanks , but it doesn’t correspond what I’m asking for , graylog 3 analyse firewall , how to make it ?

thank you

That’s extremely open-ended.
I’ve built some great dashboards for Fortinet Fortigates and other devices.

What are you trying to do and where are you getting stuck?

I m trying to make a SIEM on graylog 3 to analyze fortigate log , and to detect and predict viruses

SIEM is not a ‘right-click, install’ solution regardless of what any vendor will tell you (any vendor I’ve come across so far, which is a big number).

Graylog is a centralized log management product.

I would start with sending logs from the Fortigate. From memory, using CLI its something like:

config log syslod setting
set status enable
set service "GRAYLOG_IP"
end

Then gather another log source (your router, or DNS from PacketBeat) on your (presumably) windows workstations. Perform actions such as renaming all the fields with a username to username and all of the source IP addresses to source_ip. Start building dashboards and seeing what else you want/need to see.

We can’t tell you how to build a SOC or even turn your open source log management server into a SIEM. That is up to you - however, I’ll gladly charge consulting rates to build you a gorgeous SOC and SIEM in your environment. :slight_smile:

Remember - we don’t know if you’re running a point-of-sale iPad in used comic book store or if you’re the founder of a startup running thousands of microservices. So ‘How do I build a SIEM / SOC’ is waaayyyy too little information.

1 Like