Fortinet FortiAnalyzer

Fortinet FortiAnalyzer is a log aggregation and analytics platform that centralizes logs from FortiGate firewalls and other Fortinet devices across a customer environment. Connecting FortiAnalyzer forwards aggregated FortiGate firewall and threat syslog to Radiant Security in a single stream, with optional device-level filtering applied at the FortiAnalyzer. Radiant uses the syslog data to triage firewall and threat alerts in context, giving analysts faster verdicts on whether observed traffic reflects a real compromise or routine network activity.

FortiAnalyzer can forward logs to Radiant Security in two ways:

• Through the Radiant Agent (recommended). Forward to a Radiant Agent deployed in your environment.

• Direct to Radiant Security. Forward over TLS to the Radiant syslog cluster. Use only when a Radiant Agent is not available.

Prerequisites

• Admin access to FortiAnalyzer

• For the Radiant Agent path: a deployed Radiant Agent reachable from FortiAnalyzer

• For the direct path: network egress from FortiAnalyzer to cluster.syslog.radiantsecurity.ai on TCP port 6514

Add the data connector in Radiant Security

1. Log in to Radiant Security.

2. From the navigation menu, click Settings > Data Connectors, then click + Add Connector.

3. Search for and select Radiant Agent, then click Data Feeds.

4. Under Select your data feeds, select Fortinet Fortigate v7, then click Credentials.

5. Under Credential Name, enter an identifiable name for the Radiant Agent integration (e.g., Radiant Agent integration). To reuse an existing Radiant Agent credential, select it from the drop-down menu.

6. Click Add Connector.

Configure FortiAnalyzer log forwarding through the Radiant Agent

Before starting, confirm the IP address of the Radiant Agent and the port configured to receive FortiAnalyzer data. If you do not know the port, contact your Customer Success representative. For Fortinet's reference, see Log forwarding.

1. Log in to the FortiAnalyzer Console.

2. Go to System Settings > Log Forwarding.

3. On the toolbar, click Create New.

4. Configure the following settings:

   • Name: RadiantSecurity_Connector

   • Status: ON

   • Remote Server Type: Syslog

   • Server FQDN/IP: the IP address of the Radiant Agent

   • Syslog Server Port: the port configured on the Radiant Agent to receive FortiAnalyzer data

   • Reliable Connection: ON

5. (Optional) Under Device Filters, select the FortiGate devices whose logs should be forwarded to Radiant. If no devices are selected, logs from every connected FortiGate are forwarded.

6. Set Log Filters to ON, set Log messages that match to Any of the Following Conditions, then add these filters:

   • Log Type Equal To Traffic

   • Log Type Equal To Event

   • Log Type Equal To UTM

1. Click OK to save your changes.

Configure FortiAnalyzer log forwarding directly to Radiant Security

Use this path only when a Radiant Agent is not available. For Fortinet's reference, see Log forwarding.

1. Log in to the FortiAnalyzer Console.

2. Go to System Settings > Log Forwarding.

3. On the toolbar, click Create New.

4. Configure the following settings:

   • Name: RadiantSecurity_Connector

   • Status: ON

   • Remote Server Type: Syslog

   • Server FQDN/IP: cluster.syslog.radiantsecurity.ai

   • Syslog Server Port: 6514

   • Reliable Connection: ON

5. (Optional) Under Device Filters, select the FortiGate devices whose logs should be forwarded to Radiant. If no devices are selected, logs from every connected FortiGate are forwarded.

6. Set Log Filters to ON, set Log messages that match to Any of the Following Conditions, then add these filters:

   • Log Type Equal To Traffic

   • Log Type Equal To Event

   • Log Type Equal To UTM

7. Click OK to save your changes.

Verify ingestion

After FortiAnalyzer begins forwarding, confirm alerts and events are reaching Radiant.

1. In Radiant, navigate to Log Management.

2. Filter by rs_connectorType:"fortigate".

3. Confirm recent alerts and events appear.