Configure FortiEDR to send logs to Arctic Wolf

You can configure FortiEDR® to send the necessary logs to Arctic Wolf® for security monitoring.

Note:

Arctic Wolf only supports FortiEDR Cloud.

These resources are required:

  • Administrator access to the FortiEDR Central Manager

  • FortiEDR Central Manager timezone in IANA format, such as America/New_York.
    Tip: The timezone was configured during the FortiEDR cloud provisioning process, before integrating with Arctic Wolf. If you are unsure of your configured timezone, contact Fortinet support for assistance.

Create a REST API user account

  1. Sign in to the FortiEDR Central Manager as an administrator.

    Your FortiEDR Central Manager URL is in the format https://your_instance.fortiedr.com/.

  2. Click Administration.
  3. Click Users.
  4. Click + Add User and fill in the dialog:
    1. Set the username and a temporary password.
    2. In the Role menu, select Read-Only.
    3. In the Advanced section, select Rest API.
    4. Click Save.
    The REST API user account is created.
  5. Sign in to the FortiEDR Central Manager as the REST API user and change the password as prompted.
    Note: The REST API user must sign in to the FortiEDR Central Manager and change the temporary password for REST API calls to work.
  6. Record the REST API username and new password to provide to Arctic Wolf later.

Obtain the organization name

  1. Sign in to the FortiEDR Central Manager.
  2. If you have a:
    • Single tenant environment — Click Administration > Licensing and copy the Name value to provide to Arctic Wolf later.
    • Multi-tenant environment — Navigate to the Users page and copy the value from the Organization column associated with the newly created REST API user, to provide to Arctic Wolf later.

Provide FortiEDR credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Sensors.
  3. Click Add Account +.
  4. On the Add Account page, click FortiEDR.
  5. Configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • API Hostname — Enter your fully qualified domain name (FQDN) in the format https://your_instance.fortiedr.com.
      Tip:

      • You can also provide your FQDN in the legacy format https://your_instance.console.ensilo.com.

      • If necessary, request your FQDN from Fortinet support.

    • Organization — Enter the organization name from Obtain the organization name.
    • Username — Enter the username created in Create a REST API user account.
    • Password — Enter the password created in Create a REST API user account.
    • Timezone — Select the timezone that matches the configured timezone in your FortiEDR installation, in IANA format.
      CAUTION: Arctic Wolf applies time conversions based on the configured timezone. An incorrect timezone value can lead to inaccurate data interpretation or event correlation.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  6. Click Test and submit credentials.