Integration process between Suricata and FortiGate

karimn · June 8, 2023, 6:54pm

Hello Team,

I am reaching out to seek your guidance and expertise regarding the configuration of Suricata and FortiGate Firewall integration. i’m currently working on enhancing our network security measures and would like to leverage Suricata’s capabilities to detect and prevent malicious activity.

Specifically, i’m interested in setting up Suricata to send alerts to our FortiGate Firewall, enabling it to automatically deny any identified malicious activity. By integrating these two powerful tools, we aim to enhance our network’s defense mechanisms and mitigate potential threats more effectively.

i’m are particularly interested in:

Guidance on the integration process between Suricata and FortiGate Firewall.
Configuration recommendations for Suricata to generate alerts for various types of malicious activity.
Advice on establishing rules and policies within the FortiGate Firewall to automatically deny flagged activities from Suricata.
Any potential challenges or considerations we should be aware of during the configuration process.

Regards,
Karim

Andreas_Herz · July 31, 2023, 8:25pm

I would recommend to first get familiar with what Suricata can do, what type of output it can generate. In the end you would have to write your own tool or ask Fortigate to find a way to feed in the JSON events into Fortigate.

Topic		Replies	Views
Suricata Network ids capture for Fortinet logs Help	10	3139	March 3, 2023
Suricata and pfsense integration Rules ips , pfsense , rules , suricata	4	11502	March 14, 2022
Config Question: Suricata as an IDS + source IP Blocking on VPS w/1 network interface Help	9	1814	February 14, 2022
Netflow as input for Suricata Help	4	2352	June 11, 2021
IPS mode alert action and FreeBSD packet filter integration Help ips , suricata	1	764	March 27, 2022

Integration process between Suricata and FortiGate

Related Topics