FortiSIEM Data Update Subscription Service

Data Update Subscription Service

FortiSIEM is constantly developing support for additional IT infrastructure devices. By subscribing to the FortiSIEM Data Update Service, you can receive updates when support for new devices becomes available, rather than waiting for it to be included in a formal release. In addition to devices you can also receive new rules, reports, parser updates etc.

Data Update Overview

Configuring Data Update

Data Update Overview

FortiSIEM data update subscription service updates your FortiSIEM deployment with the latest device support related data as it becomes available, rather than having to wait for it to be included in a formal release.

The following items can be included in an update

New event attribute

New event types

New device type

New parsers or modifications for existing parsers

Performance monitoring templates for new devices or modified ones for existing devices

New rules or modifications for existing rules

New reports or modifications for existing reports – both CMDB report and event based reports

New groups or modifications for existing groups for Event Types, Rules, Reports, Device Groups, Application Groups Code to handle new devices

 

 

Configuring Data Update

Provide a brief (two to three sentence) description of the task or the context for the task.

Prerequisites

Procedure

Configure Data Update Server Setting

Check Available Data Updates

Apply Data Update on Supervisor

Apply Data Update on Collectors

Check whether Data Update Installed Successfully

Prerequisites

Contact FortiSIEM support and make sure that your license includes Data Update Service

Make sure you have Data Update URL – this is typically https://images.FortiSIEM.net/upgrade/ds – contact FortiSIEM to make sure that this information has not changed

Make sure you have license credentials

Procedure

Configure Data Update Server Setting

  1. Log on to FortiSIEM Supervisor with Administrator credentials
  2. Go to Admin > General Settings > System
  3. Configure Data Update Server Setting
    1. Enter Data Update URL (see prerequisites)
    2. Enter Server Username and Server Password – these are the license credentials
    3. Specify Notify Email (optional) – you will receive email when new data updates are available d. Click Save

Check Available Data Updates

  1. Log on to FortiSIEM Supervisor with Administrator credentials
  2. Go to Admin > Data Update
  3. Click Refresh
    1. Available data updates are shown on left
    2. Click a version on the left and the contents for that version is shown on the right
  4. Check the current data version from Admin > Cloud Health > Data Update Version. The number after 3rd decimal is the data version. For example 4.4.1.38 means data version is 38.
  5. Note the data version you would like to upgrade to.

Apply Data Update on Supervisor

  1. SSH to FortiSIEM Supervisor as root
  2. Go to /pbin
  3. Download the data version by running ./phdownloaddata and specify the data version you would like to upgrade to
  4. Install the data version by running ./phinstalldata

Apply Data Update on Collectors

  1. Log on to FortiSIEM Supervisor with Administrator credentials
  2. Go to Admin > Collector Health
    1. Select a Collector
    2. Click Download Data Update – this downloads the data files to the collector
    3. Click Install Data Update – this installs the data files on the collector
    4. Repeat for all collectors

Check whether Data Update Installed Successfully

  1. Log on to FortiSIEM Supervisor with Administrator credentials
  2. Check Admin > Cloud Health > Data Update Version
  3. Check Admin > Collector Health > Data Update Version

 

 

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.