Fortinet FortiEDR

Samurai [Local] Collector	Samurai [Cloud] Collector

This guide describes the steps required to configure Fortinet FortiEDR for telemetry data ingestion to the Samurai platform.

Follow the steps below:

1. From the FortiEDR Central Manager

Create a user with a REST API role
Additional information required

2. From the Samurai MDR portal

Complete the Fortinet FortiEDR Integration

Create a user with a REST API role

Follow the Fortinet documentation:

To add a user

When completing the steps use the following parameters:

Role: Read-Only
Advanced: Rest API (checked)
Two Factor Authentication: Ensure MFA is Disabled

Once you have created the user, you must use the credentials to login to the FortiEDR Central Manager and change the password before proceeding, this is due to Fortinet forcing a password reset upon first login.

Additional information required

You will also need to provide additional information to complete the integration. This includes:

Deployment URL: This is the URL utilized to access the FortiEDR Central Manager.
- Example: https://forticonnectemea14.fortiedr.com
Organization: This is the Organization name used when logging into the FortiEDR Central Manager

Complete the Fortinet FortiEDR Integration

Login to the Samurai MDR portal
Click Telemetry and select Integrations from the main menu
Select Create
Locate and click Fortinet FortiEDR
Click Next (we leverage a Samurai Cloud Collector)
Enter a Name of Integration
Enter a Description (Optional)
Enter your Deployment URL
Enter your Organization
Enter your Username
Enter your Password
Click Finish

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.