Skip to content
Find out how we support MDR.

Fortinet FortiAnalyzer

API

Fortinet FortiAnalyzer reports on network traffic, user authentication, web usage, threats, and more.

You can integrate it with Sophos Central so that it sends reports to Sophos for analysis.

This is an API-based integration. You'll need details of a FortiAnalyzer administrator's username, password, and administrative domain, as well as the FortiAnalyzer base URL.

The key steps are as follows:

  • Create an administrator in FortiAnalyzer.
  • Get the base URL for FortiAnalyzer.
  • Add an integration in Sophos Central.

Warning

Your FortiAnalyzer base URL must have a publicly resolvable DNS name, or the API can't work.

You can't use a self-signed certificate with this API either.

Create a FortiAnalyzer administrator

To create an administrator, do as follows:

  1. In FortiAnalyzer, go to System Settings > Admin > Administrators.

  2. Create an administrator with JSON API Read access. For details, see Creating administrators.

    Keep a note of the username, password, and administrative domain. You need them when you add the integration.

Get the FortiAnalyzer base URL

  1. Check the FortiAnalyzer base URL that Sophos Central should connect to.

    The base URL format is as follows: faz.organisationname.com.

    Copy the base URL. You need it when you add the integration.

Add an integration

To integrate FortiAnalyzer with Sophos Central, do as follows:

  1. In Sophos Central, go to Threat Analysis Center and click Integrations.
  2. Click FortiAnalyzer.

    If you've already set up integrations of this type, you see them here.

  3. In Integrations, click Add integration.

    Note

    If this is the first integration you've added, we'll ask for details about your internal domains and IPs. See My domains and IPs.

  4. In Integration steps, you configure an API to collect data from FortiAnalyzer:

    1. Enter the Integration name and Integration description.
    2. Enter the Authentication details from FortiAnalyzer: Administrative domain, username, password, and base URL.
  5. Click Save

We create the integration and it appears in your list.

If your integration shows as Connected, your data should appear in the Sophos Data Lake after validation.