FortiSIEM Agent-less Target File Monitoring
Agent-less Target File Monitoring You can use target file monitoring to make sure that a specific file, for example a device configuration file, is always identical in content to a gold standard target...
View ArticleFortiSIEM Custom Configuration Change Monitoring
Custom Configuration Change Monitoring This features provides a way for collecting configuration files for any device and monitoring changes. Define a new vendor, model (Optional) If the device vendor...
View ArticleFortiSIEM Configuring Event Handling
Configuring Event Handling This section describes certain event handling operations that happen at the moment events are received in AccelOps. Event Dropping Event Forwarding Event Organization Mapping...
View ArticleFortiSIEM General System Administration
General System Administration Topics in this section contain information on monitoring the health of your FortiSIEM deployment, general system settings such as language, date format, and system logos,...
View ArticleFortiSIEM Working with the Configuration Management Database (CMDB)
Working with the Configuration Management Database (CMDB) The Configuration Management Database (CMDB) contains: Discovered information about your IT infrastructure such as devices, networks,...
View ArticleFortiSIEM Categorization of Devices and Applications
Categorization of Devices and Applications FortiSIEM uses four methods to identify and categorize devices and applications in the CMDB. From Discovery – Network Devices When FortiSIEM discovers a...
View ArticleFortiSIEM Overview of the CMDB User Interface
Overview of the CMDB User Interface While the Summary and Widget dashboard views of your IT infrastructure provide real-time monitoring and reporting on your IT infrastructure, the CMDB view provides...
View ArticleFortiSIEM Managing CMDB Objects
Managing CMDB Objects CMDB objects include discovered devices and their network relationships, as well as system objects like rules and events. You can find the full list of these objects in the Device...
View ArticleFortiSIEM CMDB Applications
Applications Applications in the CMDB are grouped at the highest level by Infrastructure and User apps, with further sub-categorization in each of those two categories. Adding an Application Log in to...
View ArticleFortiSIEM CMDB Malware Domains
Malware Domains The CMDB Malware Domains page lists domains that are known to generate spam, host botnets, create DDoS attacks, and generally contain malware. The three default groups included in your...
View ArticleFortiSIEM CMDB Malware IPs
Malware IPs The CMDB Malware IPs page lists IP addresses that are known to generate spam, host botnets, create DDoS attacks, and generally contain malware. The two default groups included in your...
View ArticleFortiSIEM CMDB Malware URLs
Malware URLs The CMDB Malware URLs page lists URLs that are known to host malware. The Threat Stream Malware URL group is included in your FortiSIEM deployment. Updating System-Defined Malware URL...
View ArticleFortiSIEM CMDB Country Groups
Country Groups The Country Groups page contains a list of all the country names in the FortiSIEM geolocation database. You can also create folders that represent different organizations of countries...
View ArticleFortiSIEM CMDB Creating CMDB Groups and Adding Objects to Them
Creating CMDB Groups and Adding Objects to Them In the CMDB browser pane you will see several categories, or groups, for each type of CMDB object. For example, under Applications, you will see the...
View ArticleFortiSIEM CMDB Default Passwords
Default Passwords The CMDB Default Password page contains a list of default vendor credentials. These well-known credentials should never be used in production. During device discovery FortiSIEM checks...
View ArticleFortiSIEM CMDB Devices
Devices You would typically add devices to the CMDB through the Discovering Infrastructure process. However, there may be situations in which you want to add devices to the CMDB manually. For example,...
View ArticleFortiSIEM CMDB Event Types
Event Types The CMDB Event Types page lists the types of events that are collected for supported devices. Adding a New Event Type Log in to your Supervisor node. Go to CMDB > Event Types. Select a...
View ArticleFortiSIEM CMDB Networks
Networks The CMDB Networks page lists the defined networks in your IT infrastructure Adding a New Network Log in to your Supervisor node. Go to CMDB > Networks. Create a new network group or select...
View ArticleFortiSIEM CMDB Protocols
Protocols The CMDB Protocols page lists the protocols used by applications and devices to communicate with the FortiSIEM virtual appliance. Adding a Protocol Log in to your Supervisor node. Go to CMDB...
View ArticleFortiSIEM CMDB User Agents
User Agents The CMDB User Agent page lists common and uncommon user agents in HTTP communications. The traditional use case for a user agent is to detect browser types so the server can return an...
View Article