|Description||This article describes how FortiMonitor handles the incidents created via SNMP traps.|
SNMP stands for Simple Network Management Protocol and is used to monitor and manage network devices. It is one of the common protocols used for network management. It generally uses UDP (User Datagram Protocol) and works on port number 161/162.
- SNMP traps: These are used for alerting messages and are sent out from the SNMP trap-enabled network device to the collector (in FortiMonitor it would be Onsight).
SNMP traps are asynchronous, unpacked messages which are used to notify the Onsight which is why it's very important to understand how SNMP traps incidents are handled by FortiMonitor.
- SNMP trap incident handling: FortiMonitor supports SNMP traps provided the traps are configured on the network device and the OID has been added under the network device instance page.
When an incident is created via an SNMP trap it will be considered a regular incident by FortiMonitor and it will show up at the Instance level as well on the incident hub page.
However, as SNMP traps are unidirectional and asynchronous in nature, there are two ways to mark the incident as resolved:
1) If FortiMonitor does not see any duplicate trap message from the network device it would be auto-closing the incident after 60 minutes.
2) The incident can be marked as resolved manually by the administrator.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.