Fortiweb Elasticsearch Integration

Elasticsearch

Fortiweb is a kind of web application firewall that is produced by Fortinet company. Unlike Fortigate, Fortimail, Forticlient, Forti analyzer and other FortiOS based products. Unfortunately There is no effective integration package to Fortiweb in Elasticsearch 8.5 till now. we have tried on all Fortinet Integration Packages but only traffic logs was parsed by those and attack logs remain unknown , so the best practice is to set Fortiweb syslog configuration to send its logs to Elastic-search in CEF format and in other hand use CEF integration for parsing Fortiweb logs.

Snort vs Suricata

Snort
Comparing of Snort and Suricata is one of the more interesting topics in Cyber security. At a glance Suricata is more resource intensive than Snort.
It seems Snort 3.0 is an updated version of the Snort 2.X that results in better efficacy, performance, scalability, reusability and extensibility but in compare to Suricata, Suricata is Higher performant and resource consume less.
In other hand Snort rules and Snort Community & Blog are powerful than Suricata.