Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiEDR/XDR 6.2.0 Administration Guide
    6.2.0
    6.2.0
    6.0.0
    5.2.1
    5.2.0
    5.1.0
    5.0.0
    4.2.0
    4.1.1
    4.1.0

    Upgrading the Threat Hunting Repository

    Upgrading the Threat Hunting Repository

    Before you begin, ensure the CPU and memory of the repository are at least 1.5 times of the defined Threat Hunting specifications in Appendix C – ON PREMISE DEPLOYMENTS. You can reduce the CPU and memory back to the specifications once the upgrade is completed.

    To upgrade the Threat Hunting Repository:
    1. Launch the FortiEDR_RepositoryInstaller ISO file of the new Threat Hunting Repository version:
      1. From the VMRC menu, select Removable Device > CD/DVD drive 1 > Connect to Disk Image File (iso)....
        Note

        If an existing ISO is still connected, select Removable Device > CD/DVD drive 1 > Disconnect [ISO path] before connecting to the new ISO file.

      2. Select the FortiEDR_RepositoryInstaller ISO file for the new version and click on Open.
        Tooltip

        Another option instead of the two steps described above is to upload the ISO from the VMWare datastore (this is possible if the ISO has already been uploaded there).

    2. Start an SSH session to the repository machine, log in with user rancher, and run the following command:
      sudo su -
      bash /k3os/system/install_edr2.sh

      Select update (2) to upgrade the Threat Hunting Repository.

      The node is being updated, which might take 8 to 10 minutes.

    3. Complete the FortiEDR Repository software upgrade by providing the following parameters:
      • When prompted for the FortiEDR Manager details, provide its IP and the credentials of one of the FortiEDR Console administrators that have RestAPI permissions.
      • When prompted for the primary DNS server address, provide the primary DNS server address for the Threat Hunting Repository.
      • When asked whether to set additional DNS servers, enter yes and provide an alternative DNS address for the Threat Hunting Repository if needed. Otherwise, enter no to proceed.
        Note

        Fortinet recommends that you set up one additional DNS server in case the primary DNS server fails.

      • Enter the Central Manager's root user password when prompted.

      • When asked if you have a dedicated Aggregator VM, enter yes if you installed the Aggregator on a separate VM than the Central Manager, and you will then be prompted to provide the Aggregator details. Otherwise, enter no to proceed.

    4. Wait for the configuration to complete.
    5. Repeat step 1-4 on each additional Threat Hunting Repository nodes you may have.
    6. Verify the upgrade is successful by opening the Central Manager and checking the version information under the INVENTORY > System Components > REPOSITORIES tab.
    Previous
    Next

    Upgrading the Threat Hunting Repository

    Upgrading the Threat Hunting Repository

    Before you begin, ensure the CPU and memory of the repository are at least 1.5 times of the defined Threat Hunting specifications in Appendix C – ON PREMISE DEPLOYMENTS. You can reduce the CPU and memory back to the specifications once the upgrade is completed.

    To upgrade the Threat Hunting Repository:
    1. Launch the FortiEDR_RepositoryInstaller ISO file of the new Threat Hunting Repository version:
      1. From the VMRC menu, select Removable Device > CD/DVD drive 1 > Connect to Disk Image File (iso)....
        Note

        If an existing ISO is still connected, select Removable Device > CD/DVD drive 1 > Disconnect [ISO path] before connecting to the new ISO file.

      2. Select the FortiEDR_RepositoryInstaller ISO file for the new version and click on Open.
        Tooltip

        Another option instead of the two steps described above is to upload the ISO from the VMWare datastore (this is possible if the ISO has already been uploaded there).

    2. Start an SSH session to the repository machine, log in with user rancher, and run the following command:
      sudo su -
      bash /k3os/system/install_edr2.sh

      Select update (2) to upgrade the Threat Hunting Repository.

      The node is being updated, which might take 8 to 10 minutes.

    3. Complete the FortiEDR Repository software upgrade by providing the following parameters:
      • When prompted for the FortiEDR Manager details, provide its IP and the credentials of one of the FortiEDR Console administrators that have RestAPI permissions.
      • When prompted for the primary DNS server address, provide the primary DNS server address for the Threat Hunting Repository.
      • When asked whether to set additional DNS servers, enter yes and provide an alternative DNS address for the Threat Hunting Repository if needed. Otherwise, enter no to proceed.
        Note

        Fortinet recommends that you set up one additional DNS server in case the primary DNS server fails.

      • Enter the Central Manager's root user password when prompted.

      • When asked if you have a dedicated Aggregator VM, enter yes if you installed the Aggregator on a separate VM than the Central Manager, and you will then be prompted to provide the Aggregator details. Otherwise, enter no to proceed.

    4. Wait for the configuration to complete.
    5. Repeat step 1-4 on each additional Threat Hunting Repository nodes you may have.
    6. Verify the upgrade is successful by opening the Central Manager and checking the version information under the INVENTORY > System Components > REPOSITORIES tab.
    Previous
    Next