Hi Team,
Our team is on going refresh and new IP addressing scheme is being implemented.
We tried changing IP address of Firewall onboarded in FortiSIEM, but the SIEM is still detecting the old IP address.
We are thinking that new entry for new IP should be added in CMDB.
Question: How should fortiSIEM respond to IP address change of the onboarded device example. FireWall which is sending syslogs to the SIEM (i.e change IP from 172.x.x.x to 192.x.x.x)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
FortiSIEM merges CMDB Devices by IP only. We have found that IP is a reliable indicator for identifying if two devices are identical. There are some exceptions - e.g. Windows and Linux Agents that are merged by Host Name since the laptops may get new IP because of DHCP or VPN Logon.
In your case the solution is to manually the change the CMDB Device IP. Or (a) Delete the device from CMDB and (b) rediscover or send logs again.
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.