Hello,
I would like to ask , how to Create graylog 3 as a SOC and SIEM , to analyse log From Fortinet ?
thank you ,
Louis
Hello,
I would like to ask , how to Create graylog 3 as a SOC and SIEM , to analyse log From Fortinet ?
thank you ,
Louis
thanks , but it doesn’t correspond what I’m asking for , graylog 3 analyse firewall , how to make it ?
thank you
That’s extremely open-ended.
I’ve built some great dashboards for Fortinet Fortigates and other devices.
What are you trying to do and where are you getting stuck?
I m trying to make a SIEM on graylog 3 to analyze fortigate log , and to detect and predict viruses
SIEM is not a ‘right-click, install’ solution regardless of what any vendor will tell you (any vendor I’ve come across so far, which is a big number).
Graylog is a centralized log management product.
I would start with sending logs from the Fortigate. From memory, using CLI its something like:
config log syslod setting
set status enable
set service "GRAYLOG_IP"
end
Then gather another log source (your router, or DNS from PacketBeat) on your (presumably) windows workstations. Perform actions such as renaming all the fields with a username to username
and all of the source IP addresses to source_ip
. Start building dashboards and seeing what else you want/need to see.
We can’t tell you how to build a SOC or even turn your open source log management server into a SIEM. That is up to you - however, I’ll gladly charge consulting rates to build you a gorgeous SOC and SIEM in your environment.
Remember - we don’t know if you’re running a point-of-sale iPad in used comic book store or if you’re the founder of a startup running thousands of microservices. So ‘How do I build a SIEM / SOC’ is waaayyyy too little information.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.