Fortinet black logo

New Features

Home FortiAnalyzer 6.4.0 New Features

Vulnerabilities and software inventory data from EMS connector 6.4.2

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 437aa0e1-63d2-11ea-9384-00505692583a:439594
Download PDF

Vulnerabilities and software inventory data from EMS connector 6.4.2

This new feature helps FortiAnalyzer to get more information, vulnerabilities and software inventory, from the FortiClient EMS server directly.

To get endpoint data from an EMS connector:
  1. In Fabric View > Fabric Connectors, click Create New and select FortiClient EMS.
    Configure the connector details for FortiClient EMS and click OK.
  2. Go to FortiSoC > Automation > Playbook and create a new playbook.
    Administrators can use wildcards to get all endpoints registered on the EMS server and then create another task to update Fabric View > Assets.

  3. Run the playbook, then go to Fabric View > Assets. The retrieved endpoints in the EMS server are displayed.
To get vulnerability information from an EMS connector:
  1. With a configured FortiClient EMS connector, create a playbook with an action to Get Vulnerabilities.
  2. Run the playbook. In this example, the user selects a specific endpoint to get its vulnerabilities.
    Confirm that the playbook has run successfully in FortiSoC > Automation > Playbook Monitor.
  3. Go to Fabric View > Assets, and check the Vulnerabilities column. The number of Critical and High level vulnerabilities are displayed. Click on a number to view additional details. You can further drill-down on an individual vulnerability to see its details.
To get software information from an EMS connector:
  1. With a configured FortiClient EMS connector, create a playbook with an action to Get Software Inventory.
  2. Run the playbook. In this example, the admin selects a specific endpoint to get its software inventory.

    Confirm that the playbook has run successfully in FortiSoC > Automation > Playbook Monitor.
  3. Go to Fabric View > Assets, and check the Software column. Click on Details to display the software inventory retrieved from FortiClient EMS.
Previous
Next

Vulnerabilities and software inventory data from EMS connector 6.4.2

This new feature helps FortiAnalyzer to get more information, vulnerabilities and software inventory, from the FortiClient EMS server directly.

To get endpoint data from an EMS connector:
  1. In Fabric View > Fabric Connectors, click Create New and select FortiClient EMS.
    Configure the connector details for FortiClient EMS and click OK.
  2. Go to FortiSoC > Automation > Playbook and create a new playbook.
    Administrators can use wildcards to get all endpoints registered on the EMS server and then create another task to update Fabric View > Assets.

  3. Run the playbook, then go to Fabric View > Assets. The retrieved endpoints in the EMS server are displayed.
To get vulnerability information from an EMS connector:
  1. With a configured FortiClient EMS connector, create a playbook with an action to Get Vulnerabilities.
  2. Run the playbook. In this example, the user selects a specific endpoint to get its vulnerabilities.
    Confirm that the playbook has run successfully in FortiSoC > Automation > Playbook Monitor.
  3. Go to Fabric View > Assets, and check the Vulnerabilities column. The number of Critical and High level vulnerabilities are displayed. Click on a number to view additional details. You can further drill-down on an individual vulnerability to see its details.
To get software information from an EMS connector:
  1. With a configured FortiClient EMS connector, create a playbook with an action to Get Software Inventory.
  2. Run the playbook. In this example, the admin selects a specific endpoint to get its software inventory.

    Confirm that the playbook has run successfully in FortiSoC > Automation > Playbook Monitor.
  3. Go to Fabric View > Assets, and check the Software column. Click on Details to display the software inventory retrieved from FortiClient EMS.
Previous
Next