Download Fortinet FortiSIEM

Manuals Brands Fortinet Manuals Computer Hardware FortiSIEM 2000F Hardware configuration manual Contents Table of Contents Bookmarks Need help? Do you have a question about the FortiSIEM 2000F and is the answer not in the manual? Questions and answers Related Manuals for Fortinet FortiSIEM 2000F Summary of Contents for Fortinet FortiSIEM 2000F Page 1 FortiSIEM 2000F Hardware Configuration Guide... Page 2 FORTINET DOCUMENT LIBRARY FORTINET VIDEO GUIDE FORTINET BLOG CUSTOMER SERVICE & SUPPORT FORTIGATE COOKBOOK FORTINET TRAINING SERVICES FORTIGUARD CENTER FORTICAST END USER LICENSE AGREEMENT FORTINET PRIVACY POLICY FEEDBACK Email: [email protected] March 30, 2018 FortiSIEM 2000F Hardware Configuration Guide Revision 1... Page 3: Table Of Contents TABLE OF CONTENTS Appliance Setup Step 1: Rack mount the FSM-2000F appliance Step 2: Power On the FSM-2000F appliance Step 3: Verify System Information Step 4: Configure Network Step 5: Generate FortiSIEM FSM-2000F License Key file from FortiCare Step 6: Register FortiSIEM License Step 7: Accessing FortiSIEM UI Step 8: Using FortiSIEM Factory Reset... Page 4: Appliance Setup Appliance Setup Appliance Setup Follow the steps below to setup FSM-2000F appliance. Step 1: Rack mount the FSM-2000F appliance 1. Follow FortiSIEM 2000F QuickStart Guide here to mount FSM-2000F into rack. 2. Insert Hard Disks positions as shown below: 3. Connect FSM-2000F to the network by connecting an Ethernet cable to Port1. Page 5: Step 4: Configure Network Step 5 and select the License Type based on your deployment (note this choice can only be made once and is not reversible): Enterprise for single organizations Service Provider

For multiple organizations FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 6: Step 7: Accessing Fortisiem Ui 3. Login to FortiSIEM using the default user name, password, and organization: UserID : admin Password : admin*1 Cust/OrgID : super (if shown) Step 8: Using FortiSIEM Refer to FortiSIEM User Guide here for detailed information about using FortiSIEM. FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 7: Factory Reset 6. To configure network on FortiSIEM, stop FortiSIEM services by running sudo execute preparebox. This script will stop running FortiSIEM services and power offs the hardware. Follow the steps under to configure FSM-2000F. Appliance Setup FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 8: Upgrading Fortisiem Installation packages. 3. Upgrade to v4.10.0. 4. Apply FortiCare license. 5. Upgrade from v4.10.0 to v5.0.0. Refer to the section 'Upgrading a FortiSIEM Single Node Deployment' in the Upgrade Guide here. FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 9: Appliance Re-Image Quick Format : Enable 4. Copy the image file to USB drive. For example: FortiSIEM-VA-2000F-3500F-5.0.0.1201-hw.raw 5. Safely remove the USB drive from the desktop or laptop by unmounting it through the operating system. FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 10: Step 3: Prepare 2000F By Removing Fsm –h now 11. After shutdown, remove both USB drives from the FortiSIEM appliance. 12. Power on the FortiSIEM appliance. 13. Reinstall the FortiSIEM application (as in Factory Reset - step 2). FortiSIEM - 2000F Hardware Configuration

Provides granular (predefined and customizable) role-based data access and workflow to support privacy concerns.Advanced Analytics, along with solid out-of-the-box content and models, provides mature user behavior analytics (UBA) capabilities. This was the core of the UEBA product that Exabeam developed prior to entering the SIEM market.Customers offer good-to-high marks for Exabeam overall, with high marks for evaluation/contracting activities, and deployment and support services.Exabeam now provides its analytics solution in the cloud as a SaaS model. This hadn’t been available before 2019.To Take Under Advisement:Organizations with low-maturity investigation and response capabilities will be less likely to get the full benefit from advanced features for those activities and will need to use a service provider.Who uses it: mid- to large-size enterprisesHow it is deployed: subscription cloud serviceeWEEK score: 4.8/5.0FortinetValue proposition for potential buyers: End-user organizations and MSPs with investments in Fortinet network technologies should consider FortiSIEM. This solution provides core SIEM capabilities in addition to complementary features that include a built-in configuration management database (CMDB), FIM, and application and system performance monitoring. FortiSIEM’s solution is deployed via virtual appliances that can be installed on-premises in virtual environments or via IaaS platforms like AWS and Azure. The solution can be deployed as a single appliance or as individual, stand-alone components for scalability. Physical appliance options are also available. Licensing is primarily based on the number of data sources, events per second (EPS) and agents deployed.Version 5 delivered significant updates to FortiSIEM, including a productwide HTML5-based GUI, adoption of Elasticsearch for the event database, incident response enhancements that include automated response actions and workflows, and user risk scoring, among other enhancements. Fortinet now offers a physical appliance option in addition to its virtual appliances.Key values/differentiators:FortiSIEM offers functionality that appeals beyond conventional security operations (e.g., discovering assets, a built-in CMDB and asset context that appeals to teams beyond security operations).Enterprises where security operations and network operations are combined can leverage a common platform with native incident management features.The integration of FortiSIEM with the rest of the Fortinet portfolio through Fortinet Security Fabric may appeal to organizations leveraging a range of Fortinet products.FortiSIEM offers out-of-the-box features

1550991/phDataPurge Note: Fortinet recommends running these checks as needed in addition to using Admin > Health > Replication Health to ensure a healthy Disaster Recovery environment. Disaster Recovery Upgrade Steps To upgrade your FortiSIEMs in a Disaster Recovery environment, take the following steps. Upgrade the Primary Supervisor and Workers After the Primary is fully upgraded, upgrade the Secondary Supervisor and Workers. See Upgrade 6.x/7.x Single Node Deployment or Upgrade 6.x/7.x Cluster Deployment for more information. After Step 1, the Secondary Supervisor database schema is already upgraded. Step 2 simply upgrades the executables in Site 2. Upgrading with FortiSIEM Manager If you have FortiSIEM and FortiSIEM Manager deployed in your environment, then take the following steps. Upgrade the FortiSIEM Manager. After the FortiSIEM Manager is fully upgraded, then upgrade each FortiSIEM Cluster. Post Upgrade Health Check Note: If any of the checks fail, then the upgrade might have failed. In this case, contact Fortinet Support. Check Cloud health and Collector health from the FortiSIEM GUI: Check that the Redis passwords match on the Supervisor and Workers:Supervisor: run the command phLicenseTool --showRedisPasswordWorker: run the command grep -i auth /opt/node-rest-service/ecosystem.config.js Check that the database passwords match on the Supervisor and Workers:Supervisor: run the command phLicenseTool --showDatabasePasswordWorker: run the command phLicenseTool --showDatabasePassword Elasticsearch case: check the Elasticsearch health Check that events are received correctly:Search All Events in last 10 minutes and make sure there is data.Search for events from Collector and Agents and make sure there is data. Both old and new collectors and agents must work.Search for events using CMDB Groups (Windows, Linux, Firewalls, etc.) and make sure there is data. Make sure there are no SVN authentication errors in CMDB when you click any device name. Make sure recent Incidents and their triggering events are displayed. Check Worker for Collector Credentials by running the following command:cat /etc/httpd/accounts/passwdsThis validates that all workers contain collector credentials to log in and upload logs. Run the following script on the Supervisor. get-fsm-health.py --localYour output should appear similar to the example output in Post Upgrade Health Check get-fsm-health.py --local Example Output. Upgrade via Proxy During upgrade, the