FortiGate Out-of-the-box Response Integration

FortiGate Out-of-the-box Response Integration

The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint Detection and Response (EDR); incident response systems; and more.
To get started with the Lumu Defender API, consult our get started documentation.
This article shows how to create an external block list using FortiGate by Fortinet to generate automatic block lists with the adversaries found by Lumu in your infrastructure.

Requirements

  1. FortiGate by Fortinet version 6.2 or higher.
  2. A Lumu Defender subscription
Out-of-the-box Integrations are part of Lumu Defender. This tier was built to help organizations orchestrate and automate defense against confirmed compromise instances. This tier allows the integration of Lumu’s real-time analysis into your security stack to mitigate and remediate compromise incidents quickly and precisely. To know more about Illumination options, visit our site.

Add Integration

1. Log in to your Lumu account through the Lumu Portal and navigate to the integrations screen. 

Integrations screen Figure 1 - Integration Screen

2. Locate the FortiGate integration in the available apps area and click to add, then click to view details.
3. Familiarize yourself with the integration details available in the app description and click the button below to activate the integration.

Activate the integration Figure 2 - Activate the integration.

4. To generate the integration URL, add a description and select the threat types you want to include in the list.

generate the integration URL Figure 3 - Generate the integration URL.

Once you create the integration, you will be provided with the Integration URL:

Provided Integration URL Figure 4 - Provided Integration URL.
Deleting an integration will cause URLs to be removed. This action cannot be undone. To reintegrate you will have to generate the URLs again and update your FortiGate configuration.

Set Up FortiGate

Now that you have the integration URL, it’s necessary to configure your instance of FortiGate. For this, make sure you allow the use of External Connectors modules. After activating the module, you will see an option that will allow you to create a Threat Feed, select "Fortiguard Category".       

reate a Threat Feed Figure 5 - Create a Threat Feed.

Under Connector Settings, add the URL provided by Lumu as the “URL of the external resource.” Then, configure the refresh interval of the connector. This interval must be entered as a value in minutes. Lumu advises to set this value as 360 minutes (6 hours).

Add the URL provided by Lumu Figure 6 - Add the URL provided by Lumu.

Once you have created the list, the next step is to include it in a policy. These can be found under the Firewall Policies and Proxy Policies options. 
Bear in mind that the configuration of the policy is highly dependent on your environment’s characteristics and must be done according to your business needs. For more information on how to carry out this procedure, please refer to FortiGate’s official documentation.


        • Related Articles

        • CrowdStrike Falcon Out-of-the-box Response Integration

          The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint ...
        • Crowdstrike Custom Response Integration with Lumu Defender API

          Before going through this article, check our Out-of-the-box App Integrations category. This is the recommended way to integrate the components of your cybersecurity stack with Lumu. If the product you are looking to integrate is there, it is advised ...
        • Juniper SRX Firewall Out-of-the-box Response Integration

          The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM); Security Orchestration, Automation, and Response (SOAR); Endpoint ...
        • Defender API

          Some enterprises may already be using diverse defense solutions such as Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR) technologies, etc. Lumu provides an easy-to-use and comprehensive API ...
        • Check Point Next Generation Firewall (NGFW) Out-of-the-box Response Integration

          The Lumu Defender API offers a framework to help you leverage Lumu’s integrations with your existing cybersecurity stack, including Security Information and Event Management (SIEM), Security Orchestration, Automation, and Response (SOAR), Endpoint ...