Fortinet black logo

Administration Guide

Upgrading the Threat Hunting Repository

Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:729875
Download PDF

Upgrading the Threat Hunting Repository

To upgrade the Threat Hunting Repository:
  1. Launch the FortiEDR_RepositoryInstaller ISO file of the new Threat Hunting Repository version:
    1. From the VMRC menu, select Removable Device > CD/DVD drive 1 > Connect to Disk Image File (iso)....
      Note

      If an existing ISO is still connected, select Removable Device > CD/DVD drive 1 > Disconnect ISO path before connecting to the new ISO file

    2. Select the FortiEDR_RepositoryInstaller ISO file for the new version and click on Open.
      Tooltip

      Another option instead of the two steps described above is to upload the ISO from the VMWare datastore (this is possible if the ISO has already been uploaded there).

  2. Start an SSH session to the repository machine, log in with user rancher, and run the following command:
    sudo su -
    bash /k3os/system/install_edr2.sh

    Select update (2) to upgrade the Threat Hunting Repository.

    The node is being updated, which might take 8 to 10 minutes.

  3. Complete the FortiEDR Repository software upgrade by providing the following parameters:
    • When prompted for the FortiEDR Manager details, provide its IP and the credentials of one of the FortiEDR Console administrators that have RestAPI permissions.
    • When prompted for the primary DNS server address, provide the primary DNS server address for the Threat Hunting Repository.
    • When asked whether to set additional DNS servers, enter yes and provide an alternative DNS address for the Threat Hunting Repository if needed. Otherwise, enter no to proceed.
      Note

      Fortinet recommends that you set up one additional DNS server in case the primary DNS server fails.

    • Enter the Central Manager's root user password when prompted.

    • When asked if you have a dedicated Aggregator VM, enter yes if you installed the Aggregator on a separate VM than the Central Manager, and you will then be prompted to provide the Aggregator details. Otherwise, enter no to proceed.

  4. Wait for the configuration to complete.
  5. Repeat step 1-4 on each additional Threat Hunting Repository nodes you may have.
  6. Verify the upgrade is successful by opening the Central Manager and checking the version information under the INVENTORY > System Components > REPOSITORIES tab.

Upgrading the Threat Hunting Repository

To upgrade the Threat Hunting Repository:
  1. Launch the FortiEDR_RepositoryInstaller ISO file of the new Threat Hunting Repository version:
    1. From the VMRC menu, select Removable Device > CD/DVD drive 1 > Connect to Disk Image File (iso)....
      Note

      If an existing ISO is still connected, select Removable Device > CD/DVD drive 1 > Disconnect ISO path before connecting to the new ISO file

    2. Select the FortiEDR_RepositoryInstaller ISO file for the new version and click on Open.
      Tooltip

      Another option instead of the two steps described above is to upload the ISO from the VMWare datastore (this is possible if the ISO has already been uploaded there).

  2. Start an SSH session to the repository machine, log in with user rancher, and run the following command:
    sudo su -
    bash /k3os/system/install_edr2.sh

    Select update (2) to upgrade the Threat Hunting Repository.

    The node is being updated, which might take 8 to 10 minutes.

  3. Complete the FortiEDR Repository software upgrade by providing the following parameters:
    • When prompted for the FortiEDR Manager details, provide its IP and the credentials of one of the FortiEDR Console administrators that have RestAPI permissions.
    • When prompted for the primary DNS server address, provide the primary DNS server address for the Threat Hunting Repository.
    • When asked whether to set additional DNS servers, enter yes and provide an alternative DNS address for the Threat Hunting Repository if needed. Otherwise, enter no to proceed.
      Note

      Fortinet recommends that you set up one additional DNS server in case the primary DNS server fails.

    • Enter the Central Manager's root user password when prompted.

    • When asked if you have a dedicated Aggregator VM, enter yes if you installed the Aggregator on a separate VM than the Central Manager, and you will then be prompted to provide the Aggregator details. Otherwise, enter no to proceed.

  4. Wait for the configuration to complete.
  5. Repeat step 1-4 on each additional Threat Hunting Repository nodes you may have.
  6. Verify the upgrade is successful by opening the Central Manager and checking the version information under the INVENTORY > System Components > REPOSITORIES tab.