FortiSIEM Discovering Devices
Discovering Devices Prerequisites Make sure you have configured the Discovery Settings for your deployment Set up the Access Credentials for your devices so FortiSIEM can communicate with them...
View ArticleFortiSIEM Discovering Amazon Web Services (AWS) Infrastructure
Discovering Amazon Web Services (AWS) Infrastructure Discovering infrastructure in AWS follows the same basic process described in Setting Access Credentials for Device Discovery and Discovering...
View ArticleFortiSIEM Discovering Microsoft Azure Infrastructure
Discovering Microsoft Azure Infrastructure Discovering Microsoft Azure Cloud infrastructure follows the same basic process described in Setting Access Credentials for Device Discovery an d Discovering...
View ArticleFortiSIEM Approving Newly Discovered Devices
Approving Newly Discovered Devices When devices are discovered by FortiSIEM, monitoring of them begins automatically, and incidents for those devices will trigger automatically based on the rules...
View ArticleFortiSIEM Inspecting Event Pulling Methods for Devices
Inspecting Event Pulling Methods for Devices Once you have discovered and approved the devices in your IT infrastructure, you should verify that the FortiSIEM perfMonitor module is polling them over...
View ArticleFortiSIEM Inspecting Changes Since Last Discovery
Inspecting Changes Since Last Discovery After you run discovery for the first time, FortiSIEM keeps track of changes to your discovered devices during subsequent discovery runs, including new devices,...
View ArticleFortiSIEM Discovery Range Definition Options
Discovery Range Definition Options When you set the range definition for your discovery processes, several options are available for how you want the discovery process to run. Option Description...
View ArticleFortiSIEM Scheduling a Discovery
Scheduling a Discovery Discovery can be a long-running process when performed on a large network, or over a large IP range, and so you may want to schedule it to occur when there is less load on your...
View ArticleFortiSIEM Adding Devices to the CMDB Outside of Discovery
Adding Devices to the CMDB Outside of Discovery There are situations in which you may want to add devices to the Configuration Management Database (CMDB) outside of the discovery procedure. For...
View ArticleFortiSIEM Decommissioning a device
Decommissioning a device Decommissioning a device lets you re-assign the IP address to a new device but still keep the old device in CMDB for historical purposes. To decommission a device Go to CMDB...
View ArticleFortiSIEM Creating Dynamic CMDB Group Policies
Creating Dynamic CMDB Group Policies This setting allows you to write rules to put devices in CMDB Device Group and Business Service Groups of your choice. When a device is discovered, the policies...
View ArticleFortiSIEM Configuring Monitoring
Configuring Monitoring Once FortiSIEM discovers your devices, they will monitored continuously, and you can use the data collected to analyze the performance of your infrastructure. You can also...
View ArticleFortiSIEM Creating Business/IT Services
Creating Business/IT Services By defining an IT or Business Service, you can create a logical grouping of devices and IT components which can be monitored together. Log in to your Supervisor node. Go...
View ArticleFortiSIEM Data Update Subscription Service
Data Update Subscription Service FortiSIEM is constantly developing support for additional IT infrastructure devices. By subscribing to the FortiSIEM Data Update Service, you can receive updates when...
View ArticleFortiSIEM Creating Custom Parsers and Monitors for Devices
Creating Custom Parsers and Monitors for Devices Creating a custom parser for device logs involves writing an XML specification for the parser, and then using a test event to make sure the logs are...
View ArticleFortiSIEM Creating Event Attributes, Event Types, and Device Types
Creating Event Attributes, Event Types, and Device Types When you create a custom parser or monitor, you must also specify the device, application, event type, and event attribute to which it applies....
View ArticleFortiSIEM Custom Parsers
Custom Parsers To start creating a custom parser for device logs, you should begin by reviewing the Event Parser XML Specification. Writing the XML specification is the primary task in creating a...
View ArticleFortiSIEM Custom Performance Monitors
Custom Performance Monitors Creating a custom performance monitor involves creating a performance object that specifies the monitoring access protocol to use, maps event attributes available for that...
View ArticleFortiSIEM Custom Command Output Monitor
Custom Command Output Monitor You may already have commands or scripts for your devices that collect important metrics or perform some useful function. By creating a custom command output monitor, you...
View ArticleFortiSIEM Agent-less File-Integrity Monitoring
Agent-less File-Integrity Monitoring You can use file integrity monitoring to make sure that critical files and directories on servers are not modified. When you enable a file integrity monitor for a...
View Article