FortiSIEM: API Devices not showning in CMDB

adem_netsys · ‎12-21-2023

Hi,

I added a device to SIEM with API, I get the logs, but this device does not appear on cmdb. Is there any way to see this? If an analyst does not know about this addition, how can realise it?

Secusaurus · ‎12-21-2023

Hi adem_netsys,

Every device that sends logs to the FSM should appear in some way in the CMDB. Especially when you add it manually, you add a device explicitly to the CMDB as this is (besides STM, probably) the only place where devices are listed.

This is either a bug (--> contact TAC) or you've some kind of filter in your view. Perhaps it's just in another organization than the one you are looking at at the moment (e.g. the collector or ip range is configured to a distinct organization).

Do you have a little bit more context to the situation: API call, kind of device, kind of logs, FSM version?

Adding a device to the CMDB should generate a lot of FSM-internal logs which you can build a report on. On the other hand, you can use one of the pre-configured CMDB-reports for device overviews. Having one of these e.g. sent periodically to the team should do the job.

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

FSM_FTNT · ‎12-22-2023

Hi Adem

What version of FSM are you running?

FSM 7.0.0 adds the API discovered Devices to the CMDB https://docs.fortinet.com/document/fortisiem/7.0.0/release-notes/276875/whats-new-in-7-0-0#Miscella

FortiSIEM: API Devices not showning in CMDB

Nominate a Forum Post for Knowledge Article Creation