- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiSIEM Database purpose
Hello Everyone,
hope all is well!
I am here as i am a little confused with the different types of the FSM database,
i totally understand that there are different types of database such as:
1- Event Database :- Store Security Events which comes from the data sources.
2- CMDB
3- SVN
4- Profile
I hope I can have more clarification about the three DBs (CMDB-SVN-Profile).
#FortiSIEM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Ali,
Your questions are covered in the NSE training for FortiSIEM (FCP):
Event Database: Stores the events in an organized way, including the raw logs.
CMDB (Configuration Management Database): Stores the configuration of your SIEM: The things that are listed in the tab "CMDB" as well as all custom rules, resources, configurations, credentials, parsers and all the settings you made
SVN (Subversion Database): Stores current and historical device CLI-based configs (e.g. firewalls, routers, switches) and installed software on servers
Profile: Stores baseline datasets (mostly "buckets") which is then used for anomaly detection
They are distinct databases because they need different types and speeds for accessing them. Also, if you only have a CMDB backup, for example, you can restore your SIEM to a running state without having to backup terabytes of data.
Best,
Christian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Ali,
Your questions are covered in the NSE training for FortiSIEM (FCP):
Event Database: Stores the events in an organized way, including the raw logs.
CMDB (Configuration Management Database): Stores the configuration of your SIEM: The things that are listed in the tab "CMDB" as well as all custom rules, resources, configurations, credentials, parsers and all the settings you made
SVN (Subversion Database): Stores current and historical device CLI-based configs (e.g. firewalls, routers, switches) and installed software on servers
Profile: Stores baseline datasets (mostly "buckets") which is then used for anomaly detection
They are distinct databases because they need different types and speeds for accessing them. Also, if you only have a CMDB backup, for example, you can restore your SIEM to a running state without having to backup terabytes of data.
Best,
Christian
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to add to Secusaurus, the event database that we generally recommend will be ClickHouse.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the detailed answer, it's really appreciated!
I want to summarize that
CMDB -> Store the FortiSIEM configuration itself which can help restore the appliance to the last state.
SVN -> Store the configuration of the Discovery devices (FW -Router - ...) to check configuration changes on the log sources.
profile -> help to identify the anomalies.
Thanks in advance!
![](/skins/images/314F488D15A2016126B094729A0E57E8/responsive_peak/images/icon_anonymous_message.png)