FortiManager can centrally update the SIEM and SOAR content package for FortiAnalyzer 7.4.3
FortiAnalyzer 7.4.3 and later can receive FortiAnalyzer Security Automation Service content pack updates from FortiManager acting as the FortiGuard Distribution Server (FDS). For more information about the Security Automation Service, see the FortiAnalyzer Administration Guide.
To receive content pack updates from FortiManager acting as FDS:
-
Configure FortiAnalyzer to override and use FortiManager as the FDS.
For example:FAZVM64 # show fmupdate server-override-status
config fmupdate server-override-status
set mode strict
end
FAZVM64 # show fmupdate fds-setting
config fmupdate fds-setting
config server-override
set status enable
config servlist
edit 1
set ip <IP address>
set port 8890
next
end
end
end
FortiAnalyzer is able to get the latest package updates from FortiManager which is connected to the public FDS server.FAZVM64 # diagnose fmupdate fds-getobject objid 00001000TIDB00100
'FGT' object version information
ObjectId Description Version Size Created Date Time
-------- ----------- ------- ---- -----------------
00001000TIDB00100 ThreatIntel DB 00000.02865 55 MB 24/03/27 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02866 55 MB 24/03/28 03:07 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02867 55 MB 24/03/29 03:09 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02868 55 MB 24/03/30 03:09 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02869 55 MB 24/03/31 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02870 55 MB 24/04/01 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02871 55 MB 24/04/02 03:09 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02872 55 MB 24/04/03 03:09 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02873 55 MB 24/04/04 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02874 55 MB 24/04/05 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02875 55 MB 24/04/06 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02876 56 MB 24/04/07 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02877 56 MB 24/04/08 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02878 56 MB 24/04/09 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02879 56 MB 24/04/10 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02880 56 MB 24/04/11 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02881 56 MB 24/04/12 03:09 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02882 56 MB 24/04/13 03:08 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02883 56 MB 24/04/14 03:14 ext_desc:ThreatIntel DB (5.6.0+)
00001000TIDB00100 ThreatIntel DB 00000.02884 56 MB 24/04/15 03:08 <latest> ext_desc:ThreatIntel DB (5.6.0+)
....
07000000FZCP00100 FAZ Content Pack 00002.00036 1 MB 24/01/23 17:45 ext_desc:FAZ Content Pack (6.4.6+)
07000000FZCP00100 FAZ Content Pack 00002.00037 1 MB 24/02/28 00:28 ext_desc:FAZ Content Pack (6.4.6+)
07000000FZCP00100 FAZ Content Pack 00002.00038 1 MB 24/03/26 23:38 ext_desc:FAZ Content Pack (6.4.6+)
07000000FZCP00100 FAZ Content Pack 00002.00040 1 MB 24/04/09 19:46 ext_desc:FAZ Content Pack (6.4.6+)
07000000FZCP00100 FAZ Content Pack 00002.00041 1 MB 24/04/12 23:28 ext_desc:FAZ Content Pack (6.4.6+)
07000000FZCP00100 FAZ Content Pack 00002.00043 1 MB 24/04/15 19:38 <latest> ext_desc:FAZ Content Pack (6.4.6+)
.....
07004000RHSP00100 FAZ RHSP Package 00024.02006 14 KB 24/02/29 23:30
07004000RHSP00100 FAZ RHSP Package 00024.03004 21 KB 24/03/29 02:10 <latest>