FortiSIEM is a distributed system, meaning that raw events can come into either the Cloud backend (with FortiSIEM Cloud deployments and the Supernode resides in the Cloud) or collector nodes(when sending local raw events to collectors).

It is not mandatory to download the latest content packs to the local collectors, where content packs do not have any parsing logic applied to them, however, the best practice is to keep these as in line and updated as possible.

Updating content packs regularly helps protect organizations from new threats and allows new security event insights, and reporting capabilities, and improves the accuracy of event parsing. It is recommended that FortiSIEM content packs be synced and updated throughout the deployment.

To perform a Content update on FortiSIEM:

1. Login to FortiSIEM GUI.
2. Navigate to Admin -> Content Update page.
3. Select Check Now, this will check if there is a newer content version released and available.
4. Select Install and wait until the installer completes.