Users
The CMDB Users page contains information about users of your system. For more information about adding users, see Adding a Single User.
Users
The CMDB Users page contains information about users of your system. For more information about adding users, see Adding a Single User.
The CMDB User Agent page lists common and uncommon user agents in HTTP communications. The traditional use case for a user agent is to detect browser types so the server can return an optimized page. However, user agents are often misused by malware, and are used to communicate the identity of the client to the BotNet controller over HTTP(S). FortiSIEM monitors HTTP(S) logs and the system rule Blacklist User Agent Match uses regular expression matching to detect blacklisted user agents.
Adding User Agents
The CMDB Protocols page lists the protocols used by applications and devices to communicate with the FortiSIEM virtual appliance.
Adding a Protocol
The CMDB Networks page lists the defined networks in your IT infrastructure
Adding a New Network
The CMDB Event Types page lists the types of events that are collected for supported devices.
Adding a New Event Type
You would typically add devices to the CMDB through the Discovering Infrastructure process. However, there may be situations in which you want to add devices to the CMDB manually. For example, you may not have access credentials for a device but still want to be able to include network information about it so that logs received by FortiSIEM can be parsed properly. These topics describe those situations and provide instructions for how to successfully add a device to the CMDB:
Adding Devices to the CMDB Outside of Discovery
Adding a Synthetic Monitoring Test to a Business Service
The CMDB Default Password page contains a list of default vendor credentials. These well-known credentials should never be used in production. During device discovery FortiSIEM checks if the device credentials are still set to default , and the system rule Default Password Detected by System triggers an incident if they are.
A sample raw event log for a default password incident:
<174>Oct 20 22:50:03 [PH_AUDIT_DEFAULT_PWD_MATCH]:[phEventCategory]=2,[appTransportProto]=SNMP,[reptModel]=
Adding a New Default Password
In the CMDB browser pane you will see several categories, or groups, for each type of CMDB object. For example, under Applications, you will see the groups Infrastructure App, User App, and Ungrouped, with additional subcategorization within each of those groups. You can create your own groupings and add CMDB objects to them.
The group containing all the CMDB objects of this type is selected by default.
Your new group, and the objects it contains, will be listed under that CMDB object type in the CMDB browser pane. You can add objects directly to the group by selecting it in the CMDB browser pane, and then following the process for adding a new object.