fortinet fortisiem and cyberark … · from the fortisiem gui go to admin > setup >...
TRANSCRIPT
2
DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION
FORTINET FORTISIEM AND CYBERARK INTEGRATION
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Deployment Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Architecture Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
FortiSIEM Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
3
DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION
OVERVIEW
Fortinet (NASDAQ: FTNT) is a global provider of high-performance network security and specialized security solutions that provide our customers with the power to protect and control their IT infrastructure. Our purpose-built, integrated security technologies, combined with our FortiGuard security intelligence services, provide the high performance and complete content protection our customers need to stay abreast of a constantly evolving threat landscape.
The Fortinet Security Fabric brings together all components in your network. It is Broad, Powerful and Automated. In addition to Fortinet products, the Security Fabric also integrates with 3rd Party partners to extend the power of the Security Fabric to other parts of an organization. For more information regarding our Security Fabric Partners, please refer to our Technology Alliances here: https://www.fortinet.com/partners/partnerships/alliance-partners.html
The Application Identity Manager™ (AIM), part of CyberArk’s Privileged Account Security solution, eliminates the need to store App2App passwords in applications, scripts or configuration files, and allows these highly-sensitive passwords to be centrally stored, logged and managed with CyberArk’s patented Vaulting Technology®. Using AIM, organizations can comply with internal and regulatory requirements for regularly replacing passwords and securely monitoring privileged access across all systems, databases and applications. AIM fully addresses the need to assure the highest availability for applications running the enterprise business, independent of network availability and with the highest performance.
To address the needs of large enterprises, AIM supports a variety of systems, applications, Application Servers, scripts, jobs and more. It provides simple and intuitive tools for eliminating hard coded passwords, as well as a structured framework for addressing the challenges of App2App projects based on CyberArk’s vast experience with large enterprise deployments.
DEPLOYMENT PREREQUISITES
1. Fortinet FortiSIEM version 4.6.1 or newer (tested with version 5.0.1)
2. CyberArk Application Identity Manager version 9.9.5 Credential Provider
ARCHITECTURE OVERVIEW
4
DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION
FORTISIEM CONFIGURATION – INSTALL CYBERARK CREDENTIAL PROVIDER
Install the redhat-lsb package on FortiSIEM before installing the Credential Provider.
Note: you may also be required to install Dependencies prior to redhat-lsb.
Download the Credential Provider Software from CyberArk. The installation files will look like this:
Create a new directory for the installation files.
Copy the following installation files to this directory:
CARKaim-9.50-<build number>.i386.rpm – The Linux installation packages
CreateCredFile – The CyberArk utility that creates credentials files
Vault.ini – The Vault parameter file
aimparms.sample – A sample of the parameter file used for installation
EULA – The Credential Provider end user license agreement.
icudt42b.dat – A file required to run the CreateCredFile utility
Open Vault.ini and enter the correct Address and Port, similar to the example below. Save the file when done.
5
DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION
Edit the aimparms.sample file as follows.
AcceptCyberArkEULA should be set to yes
Uncomment (remove the # symbol) from the beginning of the CreateVaultEnvironment line
LicensedProducts should be set to AIM
CredFilePath should be set to the full path of the admin.cf file (created in the next step)
VaultFilePath should be set to the full path of the Vault.ini file
Save the aimparms.sample file. It should look something like this:
Copy the aimparms.sample file to /var/tmp/aimparms:
6
DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION
Enter the following to specify the administrative user that will create the Vault environment during installation:
./CreateCredFile admin.cf Password
Enter the Username and Password when prompted.
Install the Credential Provider for RHELinux x64
FORTISIEM CONFIGURATION – DEVICE DISCOVERY EXAMPLE
From the FortiSIEM GUI go to Admin > Setup > Credentials and click New
7
DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION
Give it a Name. Select the Device Type from the drop-down menu, in this example a Windows Server. Set the Access Protocol to WMI.
For the Password config change from the default of Manual to CyberArk.
You must configure the App ID, Safe, Folder and Object specific to your CyberArk account. Note that the Object is referred to as a Name in CyberArk.
Click Save.
Test Credential Retrieval in Step 2 – First click New
8
DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION
Enter the Name, IP Address or IP Range of a device you want to test. In this example it’s a single IP address, 10.101.32.68.
For Credentials select the Name defined in the previous step.
Click Save.
Note: The username, password and type of device should already be configured in CyberArk.
Highlight the new entry and click Test > Test Connectivity.
Click Close.
Congratulations, you’re done!
DEPLOYMENT GUIDE: FORTINET FORTISIEM AND CYBERARK INTEGRATION
Copyright © 2018 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
GLOBAL HEADQUARTERSFortinet Inc.899 Kifer RoadSunnyvale, CA 94086United StatesTel: +1.408.235.7700www.fortinet.com/sales
EMEA SALES OFFICE905 rue Albert Einstein06560 ValbonneFranceTel: +33.4.8987.0500
APAC SALES OFFICE300 Beach Road 20-01The ConcourseSingapore 199555Tel: +65.6513.3730
LATIN AMERICA HEADQUARTERSSawgrass Lakes Center13450 W. Sunrise Blvd., Suite 430Sunrise, FL 33323Tel: +1.954.368.9990
July 30, 2018 8:20 AM
dg-fortinet-cyberark-integration
CONCLUSION
You are now ready to use the CyberArk Application Identity Manager with FortiSIEM. Use CyberArk to securely provide admin credentials when FortiSIEM is discovering network devices.
FortiSIEM User Guide: https://docs.fortinet.com/uploaded/files/4438/fortisiem-5-0-1-user-guide-html.pdf
FortiSIEM External Systems Configuration Guide: https://docs.fortinet.com/uploaded/files/4340/fortisiem-external-systems-configuration-guide.pdf
CyberArk Credential Provider and ASCP Implementation Guide:
https://support.cyberark.com/SFE/directaccess.ashx?pageid=downloadfile&Safe=CyberArk+Documentation&Folder=Root%5cPAS+and+S
IM%5cRelease-Specific%5cV9.9%5cPAS&Name=Credential+Provider+and+ASCP+Implementation+Guide.pdf