Technical Note: How to capture and replay discovery results

Description

Solution

1. Re-discover the devices and note down the date and time.

2. Login into the supervisor and run the following commands:

#cd /data/cache/discoveryResults/cust-1/completed

#ll

 

The output should be a list of directories with all numbers as the names. 

 

3. Zip the directory with the most current timestamp that "lines up" with the date/time of step 1.

 

4. Either attach the file to a case for further investigation or upload it to Fortinet ftp site. The file should be small enough to attach to case.

 

5. Download and unzip the folder into /data/cache/discoveryResults/cust-1/new

 

6. FortiSIEM will read the file automatically and then replay it in the supervisor