Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
idabouzi
Staff
Staff

Created on ‎02-28-2025 08:06 AM

Article Id 379599

Troubleshooting Tip: How to check a device can be monitored

Description This article provides some commands to check if a device can be monitored by FortiSIEM.
Scope FortiSIEM.
Solution

In order to check a device can be monitored:

  • For Windows devices, run the checkWMIMonitorability script depending on where the host is being discovered (Collector or Supervisor):

 

/opt/phoenix/bin/checkWMIMonitorability <host_ip> <domain> <user> <pwd> <output_file>

 

Example:


/opt/phoenix/bin/checkWmiMonitorability 19.16.41.14 GROUPWORK user1 Password /tmp/WMIoutput.txt

Then check the output file /tmp/WMIoutput.txt

 

  • For devices using SNMP, use the snmpwalk command and check the response:

 

SNMPv2
snmpwalk -v 2c -c <community string> <ip> < output_file>

 

SNMPv3

snmpwalk -v 3 -u <snmpv3user> -l authpriv <IP> -a MD5 -A <snmpv3md5password> -x DES -X <snmpv3despassword>

 
75
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.