Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiSIEM Discussions
- Fortinet Community
- Community Groups
- FortiSIEM
- Discussions
- Seeking Guidance on Mapping Device Relationships i...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seeking Guidance on Mapping Device Relationships in FortiSIEM for Network Diagram
Hello FortiSIEM Community,
I’m managing a #FortiSIEM instance with a large number of diverse devices (e.g., firewalls, servers, switches) added for monitoring. To improve analysis and incident response, I want to create a network diagram that visually maps these devices and their relationships (e.g., traffic flows, dependencies).
Questions:
- Built-in Visualization Tools: Does FortiSIEM offer native features (like topology maps, CMDB views, or dashboards) to auto-generate such diagrams? If yes, how do I leverage them?
- Manual Relationship Mapping: If no built-in tools exist, what methods or data sources (e.g., CMDB entries, event logs, traffic patterns) can I use to quickly identify device relationships and dependencies? For example, specific reports, queries, or MITRE ATT&CK rule correlations?
Any examples, scripts, or step-by-step guides would be incredibly helpful! Thanks in advance for your expertise.
Solved! Go to Solution.
Labels:
- Labels:
-
FortiSIEM
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @acronymm,
FortiSIEM is not a network management tool. Therefore, visualization for traffic flow or device dependencies is not a core task here.
You can define all kind of relations in the CMDB (within a device or using the Applications & Business Services) which then can result in meaningful reports or can be used in search queries in Analytics view - but the output will always be tables.
As you mentioned the MITRE matrix: Have a look at the different incident views. There is a view that shows that correlation. However, from our experience, this is more a marketing view than something an Analyst would use in daily doing.
The connection between incidents, though, can be visualized. Use the "Investigation" view for that one. By clicking on one of the bubbles (either incident or asset), you can then uncover other relations which are pulled from this or other incidents. However, this view is not designed for showing non-incident-related information - so, if there is no incident connecting two assets, there will not be a connection between those.
Do you have an example on what you like to achieve?
Best,
Christian
FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @acronymm,
FortiSIEM is not a network management tool. Therefore, visualization for traffic flow or device dependencies is not a core task here.
You can define all kind of relations in the CMDB (within a device or using the Applications & Business Services) which then can result in meaningful reports or can be used in search queries in Analytics view - but the output will always be tables.
As you mentioned the MITRE matrix: Have a look at the different incident views. There is a view that shows that correlation. However, from our experience, this is more a marketing view than something an Analyst would use in daily doing.
The connection between incidents, though, can be visualized. Use the "Investigation" view for that one. By clicking on one of the bubbles (either incident or asset), you can then uncover other relations which are pulled from this or other incidents. However, this view is not designed for showing non-incident-related information - so, if there is no incident connecting two assets, there will not be a connection between those.
Do you have an example on what you like to achieve?
Best,
Christian
FCX #003451 | Fortinet Advanced Partner
FCX #003451 | Fortinet Advanced Partner
Announcements
Welcome to your new Fortinet Community!
You'll find your previous forum posts under "Forums"
Labels
-
FortiSIEM
167 -
Parsers
7 -
Rules
5 -
ClickHouse
4 -
fortisiem v7.2.0
4 -
FortiSIEM v6.x
4 -
integration
4 -
API
4 -
Agent Linux
3 -
database
3 -
Agent
3 -
FortiSIEM Cloud
3 -
Collector
3 -
External System Integration
3 -
FortiGate
3 -
watchlist
2 -
FortiAnalyzer
2 -
Collector Agent
2 -
Source Code
2 -
lookuptables
2 -
FortiSiem 7.1
2 -
Supervisor
2 -
SAML
2 -
CMDB
2 -
Analytics & Reporting
2 -
GUI
2 -
Incidents
2 -
Rocky Linux 8
1 -
eventdb
1 -
Impact
1 -
Redhat 8
1 -
OPManager
1 -
Oracle Linux 8
1 -
Alma Linux 8
1 -
"FortiSIEM Incidents"
1 -
lookups
1 -
o
1 -
CMMC
1 -
Audit
1 -
RBAC
1 -
User Control
1 -
Audit log
1 -
Reference Files
1 -
Hi
1 -
cisco wsa
1 -
Partnership Inquiry
1 -
Reference Material
1 -
FortiClient
1 -
FortiAuthenticator v5.5
1 -
FortiSIEM HW
1 -
upgrade
1 -
IPsec
1 -
Migration
1 -
External Connectors
1 -
LDAP
1 -
Report
1 -
Microsoft Office365
1 -
Azure
1 -
Cisco
1 -
discovery
1 -
Windows Defender
1 -
Report-Rules-Dashboards
1 -
Notifications
1 -
Expressions
1 -
Architecture
1 -
FortiSASE
1 -
Status
1 -
MySQL
1 -
Internet service database
1 -
Dashboard
1 -
Usage
1 -
Certificate
1 -
enrichement
1
Top Kudoed Authors
| User | Count |
|---|---|
| 72 | |
| 25 | |
| 15 | |
| 10 | |
| 10 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.