fortiedr: improve syslog set-up documentation (elastic#4744)

Author: efd6

packages/fortinet_fortiedr/_dev/build/docs/README.md

@@ -4,7 +4,17 @@ This integration is for Fortinet FortiEDR logs sent in the syslog format.
 
 ## Configuration
 
-The Fortinet FortiEDR integration requires that the **Send Syslog Notification** opion be turned on in the FortiEDR Playbook policy that includes the devices that are to be monitored by the integration.
+The Fortinet FortiEDR integration requires that the **Send Syslog Notification** option be turned on in the FortiEDR Playbook policy that includes the devices that are to be monitored by the integration, and a syslog export must be defined.
+
+### Define syslog export
+
+1. In Fortinet console, navigate to Administration > Export Settings
+2. Fill in details for the target syslog server. See the Administration Guide [syslog](https://docs.fortinet.com/document/fortiedr/5.0.0/administration-guide/109591/syslog) documentation for details.
+
+### Set up syslog notifications
+
+1. Navigate to Security Settings > Playbooks.
+2. In notifications for the playbook being used, set appropriate Send Syslog Notification options for the events to be collected. See [Automated Incident Response - Playbooks Page](https://docs.fortinet.com/document/fortiedr/5.0.0/administration-guide/419440/automated-incident-response-playbooks-page).
 
 ### Log
 

packages/fortinet_fortiedr/changelog.yml

@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.2.0"
+  changes:
+    - description: Improve configuration documentation.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/4744
 - version: "1.1.0"
   changes:
     - description: Update package to ECS 8.5.0.

packages/fortinet_fortiedr/docs/README.md

@@ -4,7 +4,17 @@ This integration is for Fortinet FortiEDR logs sent in the syslog format.
 
 ## Configuration
 
-The Fortinet FortiEDR integration requires that the **Send Syslog Notification** opion be turned on in the FortiEDR Playbook policy that includes the devices that are to be monitored by the integration.
+The Fortinet FortiEDR integration requires that the **Send Syslog Notification** option be turned on in the FortiEDR Playbook policy that includes the devices that are to be monitored by the integration, and a syslog export must be defined.
+
+### Define syslog export
+
+1. In Fortinet console, navigate to Administration > Export Settings
+2. Fill in details for the target syslog server. See the Administration Guide [syslog](https://docs.fortinet.com/document/fortiedr/5.0.0/administration-guide/109591/syslog) documentation for details.
+
+### Set up syslog notifications
+
+1. Navigate to Security Settings > Playbooks.
+2. In notifications for the playbook being used, set appropriate Send Syslog Notification options for the events to be collected. See [Automated Incident Response - Playbooks Page](https://docs.fortinet.com/document/fortiedr/5.0.0/administration-guide/419440/automated-incident-response-playbooks-page).
 
 ### Log
 

packages/fortinet_fortiedr/manifest.yml

@@ -1,6 +1,6 @@
 name: fortinet_fortiedr
 title: Fortinet FortiEDR Logs
-version: "1.1.0"
+version: "1.2.0"
 release: ga
 description: Collect logs from Fortinet FortiEDR instances with Elastic Agent.
 type: integration