Download Fortinet FortiSIEM

Manuals Brands Fortinet Manuals Computer Hardware FortiSIEM 2000F Hardware configuration manual Contents Table of Contents Bookmarks Need help? Do you have a question about the FortiSIEM 2000F and is the answer not in the manual? Questions and answers Related Manuals for Fortinet FortiSIEM 2000F Summary of Contents for Fortinet FortiSIEM 2000F Page 1 FortiSIEM 2000F Hardware Configuration Guide... Page 2 FORTINET DOCUMENT LIBRARY FORTINET VIDEO GUIDE FORTINET BLOG CUSTOMER SERVICE & SUPPORT FORTIGATE COOKBOOK FORTINET TRAINING SERVICES FORTIGUARD CENTER FORTICAST END USER LICENSE AGREEMENT FORTINET PRIVACY POLICY FEEDBACK Email: techdocs@fortinet.com March 30, 2018 FortiSIEM 2000F Hardware Configuration Guide Revision 1... Page 3: Table Of Contents TABLE OF CONTENTS Appliance Setup Step 1: Rack mount the FSM-2000F appliance Step 2: Power On the FSM-2000F appliance Step 3: Verify System Information Step 4: Configure Network Step 5: Generate FortiSIEM FSM-2000F License Key file from FortiCare Step 6: Register FortiSIEM License Step 7: Accessing FortiSIEM UI Step 8: Using FortiSIEM Factory Reset... Page 4: Appliance Setup Appliance Setup Appliance Setup Follow the steps below to setup FSM-2000F appliance. Step 1: Rack mount the FSM-2000F appliance 1. Follow FortiSIEM 2000F QuickStart Guide here to mount FSM-2000F into rack. 2. Insert Hard Disks positions as shown below: 3. Connect FSM-2000F to the network by connecting an Ethernet cable to Port1. Page 5: Step 4: Configure Network Step 5 and select the License Type based on your deployment (note this choice can only be made once and is not reversible): Enterprise for single organizations Service Provider

For multiple organizations FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 6: Step 7: Accessing Fortisiem Ui 3. Login to FortiSIEM using the default user name, password, and organization: UserID : admin Password : admin*1 Cust/OrgID : super (if shown) Step 8: Using FortiSIEM Refer to FortiSIEM User Guide here for detailed information about using FortiSIEM. FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 7: Factory Reset 6. To configure network on FortiSIEM, stop FortiSIEM services by running sudo execute preparebox. This script will stop running FortiSIEM services and power offs the hardware. Follow the steps under to configure FSM-2000F. Appliance Setup FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 8: Upgrading Fortisiem Installation packages. 3. Upgrade to v4.10.0. 4. Apply FortiCare license. 5. Upgrade from v4.10.0 to v5.0.0. Refer to the section 'Upgrading a FortiSIEM Single Node Deployment' in the Upgrade Guide here. FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 9: Appliance Re-Image Quick Format : Enable 4. Copy the image file to USB drive. For example: FortiSIEM-VA-2000F-3500F-5.0.0.1201-hw.raw 5. Safely remove the USB drive from the desktop or laptop by unmounting it through the operating system. FortiSIEM - 2000F Hardware Configuration Guide Fortinet Technologies Inc. Page 10: Step 3: Prepare 2000F By Removing Fsm –h now 11. After shutdown, remove both USB drives from the FortiSIEM appliance. 12. Power on the FortiSIEM appliance. 13. Reinstall the FortiSIEM application (as in Factory Reset - step 2). FortiSIEM - 2000F Hardware Configuration

Provides granular (predefined and customizable) role-based data access and workflow to support privacy concerns.Advanced Analytics, along with solid out-of-the-box content and models, provides mature user behavior analytics (UBA) capabilities. This was the core of the UEBA product that Exabeam developed prior to entering the SIEM market.Customers offer good-to-high marks for Exabeam overall, with high marks for evaluation/contracting activities, and deployment and support services.Exabeam now provides its analytics solution in the cloud as a SaaS model. This hadn’t been available before 2019.To Take Under Advisement:Organizations with low-maturity investigation and response capabilities will be less likely to get the full benefit from advanced features for those activities and will need to use a service provider.Who uses it: mid- to large-size enterprisesHow it is deployed: subscription cloud serviceeWEEK score: 4.8/5.0FortinetValue proposition for potential buyers: End-user organizations and MSPs with investments in Fortinet network technologies should consider FortiSIEM. This solution provides core SIEM capabilities in addition to complementary features that include a built-in configuration management database (CMDB), FIM, and application and system performance monitoring. FortiSIEM’s solution is deployed via virtual appliances that can be installed on-premises in virtual environments or via IaaS platforms like AWS and Azure. The solution can be deployed as a single appliance or as individual, stand-alone components for scalability. Physical appliance options are also available. Licensing is primarily based on the number of data sources, events per second (EPS) and agents deployed.Version 5 delivered significant updates to FortiSIEM, including a productwide HTML5-based GUI, adoption of Elasticsearch for the event database, incident response enhancements that include automated response actions and workflows, and user risk scoring, among other enhancements. Fortinet now offers a physical appliance option in addition to its virtual appliances.Key values/differentiators:FortiSIEM offers functionality that appeals beyond conventional security operations (e.g., discovering assets, a built-in CMDB and asset context that appeals to teams beyond security operations).Enterprises where security operations and network operations are combined can leverage a common platform with native incident management features.The integration of FortiSIEM with the rest of the Fortinet portfolio through Fortinet Security Fabric may appeal to organizations leveraging a range of Fortinet products.FortiSIEM offers out-of-the-box features

1550991/phDataPurge Note: Fortinet recommends running these checks as needed in addition to using Admin > Health > Replication Health to ensure a healthy Disaster Recovery environment. Disaster Recovery Upgrade Steps To upgrade your FortiSIEMs in a Disaster Recovery environment, take the following steps. Upgrade the Primary Supervisor and Workers After the Primary is fully upgraded, upgrade the Secondary Supervisor and Workers. See Upgrade 6.x/7.x Single Node Deployment or Upgrade 6.x/7.x Cluster Deployment for more information. After Step 1, the Secondary Supervisor database schema is already upgraded. Step 2 simply upgrades the executables in Site 2. Upgrading with FortiSIEM Manager If you have FortiSIEM and FortiSIEM Manager deployed in your environment, then take the following steps. Upgrade the FortiSIEM Manager. After the FortiSIEM Manager is fully upgraded, then upgrade each FortiSIEM Cluster. Post Upgrade Health Check Note: If any of the checks fail, then the upgrade might have failed. In this case, contact Fortinet Support. Check Cloud health and Collector health from the FortiSIEM GUI: Check that the Redis passwords match on the Supervisor and Workers:Supervisor: run the command phLicenseTool --showRedisPasswordWorker: run the command grep -i auth /opt/node-rest-service/ecosystem.config.js Check that the database passwords match on the Supervisor and Workers:Supervisor: run the command phLicenseTool --showDatabasePasswordWorker: run the command phLicenseTool --showDatabasePassword Elasticsearch case: check the Elasticsearch health Check that events are received correctly:Search All Events in last 10 minutes and make sure there is data.Search for events from Collector and Agents and make sure there is data. Both old and new collectors and agents must work.Search for events using CMDB Groups (Windows, Linux, Firewalls, etc.) and make sure there is data. Make sure there are no SVN authentication errors in CMDB when you click any device name. Make sure recent Incidents and their triggering events are displayed. Check Worker for Collector Credentials by running the following command:cat /etc/httpd/accounts/passwdsThis validates that all workers contain collector credentials to log in and upload logs. Run the following script on the Supervisor. get-fsm-health.py --localYour output should appear similar to the example output in Post Upgrade Health Check get-fsm-health.py --local Example Output. Upgrade via Proxy During upgrade, the

Into security action. New network topology visualizations and enhanced interactive views for auditing, logging, and reporting enable IT teams to easily modify their networks in real-time.FortiOS 5.6 provides proactive security recommendations to help improve network effectiveness and compliance.As a foundational technology of the Fortinet Security Fabric, FortiOS 5.6 scales from IoT to the Cloud and across physical, virtual, and hybrid environments to segment and protect the entire attack surface of the largest, globally distributed enterprises.Security Operations Solutions Unifies Network and Security Operations Delivering End-to-End Security Fabric VisibilityThe Fortinet Security Operations Solution unifies network and security operations within the Fortinet Security Fabric to arm IT and security leaders with insights that maximize their technology infrastructure. Security Operations consists of FortiSIEM, FortiAnalyzer, and FortiManager solutions that can be deployed standalone or in conjunction to meet the unique needs of individual organizations.FortiSIEM is an all-in-one NOC and SOC solution that offers automatic security, visibility, performance, and availability monitoring in real-time. FortiSIEM is capable of compiling and correlating intelligence from the Fortinet Security Fabric plus data from thousands of additional IT assets including switches and servers, to desktops and IoT devices, all through a single pane of glass.FortiSIEM also supports external threat intelligence feeds and event logs to extend the advanced analytics and compliance capabilities of the Fortinet Security Fabric to every physical and virtual asset across an enterprises entire technology footprint.Supporting QuotesGartner“Intent-based networking adoption is being driven by digital business transformation's requirements to increase network agility while increasing reliability/availability. The increasing complexity of networks, combined with critical skills shortages in design/deploy/operate tasks, are increasing pressure on infrastructure and operations (I&O) leaders to find a better way to map the requirements of the business to infrastructure behavior in a timely, consistent and verifiable way.”1“Unlike any other approach, intent-based networking algorithmically proves the "correctness" of the configuration before deployment and continuously monitors the operation of the network. If it detects a condition that no longer satisfies the intent of the design, it alerts operations and, if possible, takes corrective action to re-establish the correctness.”1“Intent-based networking solutions promise to dramatically improve network design and operation. In today's enterprise networks, we are dependent on network architects' ability to understand the totality of the environment, and their ability to generate a design that meets the needs of the applications they support. However, as computing environments became larger, more complex and more dynamic, it became impossible for the architect to achieve more than an "informed best guess" of the required configuration — to verify or prove the correctness of the design/configuration — the intent. This leads to unplanned outages and sometimes long, difficult troubleshooting activities.”1AvailabilityFortiOS Release 5.6 will be available to download in the first quarter of 2017. Fortinet’s Security Operations Solution is available now. Please contact your authorized Fortinet distributor for additional details.Additional ResourcesPlease visit www.fortinet.com for more details about the Fortinet Security Fabric, FortiOS and Security Operations Solution.Follow Fortinet on Twitter and LinkedIn, and Facebook.Join the conversation on the Fortinet blog.Extending the Security Fabric: FortiOS 5.6 and

Upgrade Paths Please follow the proceeding upgrade paths to upgrade existing FortiSIEM installs to the latest 6.3.2 release. Important Notes Pre-Upgrade Checklist To perform an upgrade, the following prerequisites must be met. Carefully consider the known issues, if any, in the Release Notes. Make sure the Supervisor processes are all up. Make sure you can login to the FortiSIEM GUI and successfully discover your devices. Take a snapshot of the running FortiSIEM instance. If you running FortiSIEM versions 6.2.0 or earlier and using Elasticsearch, then navigate to ADMIN > Setup > Storage > Online > and perform a Test and Save after the upgrade. This step is not required while upgrading from versions 6.2.1 or later. Make sure the FortiSIEM license is not expired. Make sure the Supervisor, Workers and Collectors can connect to the Internet on port 443 to the CentOS OS repositories (os-pkgs-cdn.fortisiem.fortinet.com and os-pkgs.fortisiem.fortinet.com) hosted by Fortinet, to get the latest OS packages. Connectivity can be either directly or via a proxy. For proxy based upgrades, see Upgrade via Proxy. If Internet connectivity is not available, then follow the Offline Upgrade Guide. 6.2.0 to 6.3.2 Upgrade Notes This note applies only if you are upgrading from 6.2.0. Before upgrading Collectors to 6.3.2, you will need to copy the phcollectorimageinstaller.py file from the Supervisor to the Collectors. See steps 1-3 in Upgrade Collectors. 6.1.x to 6.3.2 Upgrade Notes These notes apply only if you are upgrading from 6.1.x to 6.3.2. The 6.3.2 upgrade will attempt to migrate existing SVN files (stored in /svn) from the old svn format to the new svn-lite format. During this process, it will first export /svn to /opt and then import them back to /svn in the new svn-lite format. If your /svn uses a large amount of disk space, and /opt does not have enough disk space left, then migration will fail. Fortinet recommends doing the following steps before upgrading: Check /svn usage Check if there is enough disk space left in /opt to accommodate /svn Expand /opt by the size of /svn Begin upgrade See Steps for Expanding /opt Disk for more information. If you are using AWS Elasticsearch, then after upgrading to 6.3.2, take the following steps: Go to ADMIN > Setup > Storage> Online. Select "ES-type" and re-enter the credential. General Upgrade Notes These notes apply to all upgrades in general. For the Supervisor and Worker, do not use the upgrade menu item in configFSM.sh to upgrade from 6.2.0 to 6.3.2. This is deprecated, so it will not work. Use the new method as instructed in this guide (See Upgrade Supervisor for the appropriate deployment under Upgrade Single Node Deployment or Upgrade Cluster Deployment). In 6.1.x releases, new 5.x collectors could not register to the Supervisor. This restriction has been removed in 6.2.x so long as the Supervisor is running in non-FIPS mode. However, 5.x collectors are not recommended since CentOS 6 has been declared End of Life. If you have more than 5 Workers, Fortinet recommends using at