Skip to main content
OsamaFattoh
OsamaFattoh
Explorer II
May 3, 2026
Question

CMDB Device

  • May 3, 2026
  • 1 reply
  • 40 views

Hello, If there a device sending logs to FortiSIEM and got populated in the CMDB with certain name and IP, what will happen if the same device change the sending IP?
and what should I do in this case?

1 reply

Secusaurus
Secusaurus
Contributor III
May 4, 2026

Hi ​@OsamaFattoh,

 

If the device changes the IP, it will be recognized as a new device and pop up like so in the CMDB (and you probably will need to authorize this one as well).

If the device changes its names, it has no effect, as the CMDB is based on the IP addresses.

Only exception is a cloud service (like Entra ID connections), where the host name (FQDN) is the defining factor. That only works, if the parser for the first event of a changed IP address always re-directs to the correct device type (meaning: If you get “Unknown Events” from the cloud service, it will fall back to the default state and every time it changes its public IP, you will get a new device in the CMDB -- so you must have a working parser here).

 

So:

  • If you receive logs directly from endpoints: Make sure, you use DHCP reservations or proxy these logs
  • In IPv6 environments, make sure the device uses its static address to send the logs

 

Best,

Christian

NSE8 | Fortinet Advanced MSSP Partner
    Terms & ConditionsAccessibility statement