Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.5.0 User Guide
    7.5.0
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    CMDB Groups

    CMDB Groups

    This setting allows you to write rules to add devices in CMDB Device Group and Business Service Groups of your choice. When a device is discovered, the policies defined here are applied and the device is assigned to the group(s) defined in the matching policies. This device grouping does not overwrite the CMDB Device group assigned during discovery. The grouping defined here is in addition to the discovery defined CMDB group.

    1. Go to Admin > Settings > Discovery > CMDB Groups tab.
    2. Click +.
    3. In the CMDB Group Definition dialog box, select or enter the following information:
      • Organization - the organization which this rule applies to
      • Vendor - the matching device vendor
      • Model - the matching device model
      • Host Name - matching device host name via regular expression match
      • IP Range - matching device access IP - format is single IP, IP range, CIDR
      • Custom Properties - see Grouping Devices by Custom Properties
      • Groups - specify the groups which the matching devices will be added to
      • Biz Services- specify the business services which the matching devices will be added to
    4. Click Save.
    5. Select the new CMDB group from the list and click Apply () icon.

    Conditions are matched in ANDed manner: Both the actions are taken, that is, if both a Group and a Business Service is specified, then the device will be added to both the specified Group and Business Service.

    To apply one or more CMDB Group policies:

    1. Select one or more policies and click Apply or click Apply All to apply all policies.
    2. Once a policy is saved, then next discovery will apply these policies. That means, discovered devices will belong to the groups and business services defined in the policies.

    Note: For all the above configurations, use the Edit () button to modify any setting or Delete () to remove any setting.

    Grouping Devices by Custom Properties

    FortiSIEM allows you to define device groups based on IP address, host name, or device type. You can also group devices based on custom properties. These steps assume that you have already defined the custom properties you are interested in. See Working with Custom Properties.

    To group devices by custom properties:

    1. In the CMDB Group Definition dialog box, click the edit icon next to Custom Properties.
    2. Click + to add a new group definition based on the custom property.
    3. Select a custom property from the Property drop-down list.
    4. Enter a Value for the property. You can add multiple values by clicking the + button.
    5. Click Save, then click Save again to return to the CMDB Group Definition dialog box.
    6. In the Add To section of the dialog box, select the group to which the CMDB Group will be added from the Groups drop-down list.
    Previous
    Next

    CMDB Groups

    CMDB Groups

    This setting allows you to write rules to add devices in CMDB Device Group and Business Service Groups of your choice. When a device is discovered, the policies defined here are applied and the device is assigned to the group(s) defined in the matching policies. This device grouping does not overwrite the CMDB Device group assigned during discovery. The grouping defined here is in addition to the discovery defined CMDB group.

    1. Go to Admin > Settings > Discovery > CMDB Groups tab.
    2. Click +.
    3. In the CMDB Group Definition dialog box, select or enter the following information:
      • Organization - the organization which this rule applies to
      • Vendor - the matching device vendor
      • Model - the matching device model
      • Host Name - matching device host name via regular expression match
      • IP Range - matching device access IP - format is single IP, IP range, CIDR
      • Custom Properties - see Grouping Devices by Custom Properties
      • Groups - specify the groups which the matching devices will be added to
      • Biz Services- specify the business services which the matching devices will be added to
    4. Click Save.
    5. Select the new CMDB group from the list and click Apply () icon.

    Conditions are matched in ANDed manner: Both the actions are taken, that is, if both a Group and a Business Service is specified, then the device will be added to both the specified Group and Business Service.

    To apply one or more CMDB Group policies:

    1. Select one or more policies and click Apply or click Apply All to apply all policies.
    2. Once a policy is saved, then next discovery will apply these policies. That means, discovered devices will belong to the groups and business services defined in the policies.

    Note: For all the above configurations, use the Edit () button to modify any setting or Delete () to remove any setting.

    Grouping Devices by Custom Properties

    FortiSIEM allows you to define device groups based on IP address, host name, or device type. You can also group devices based on custom properties. These steps assume that you have already defined the custom properties you are interested in. See Working with Custom Properties.

    To group devices by custom properties:

    1. In the CMDB Group Definition dialog box, click the edit icon next to Custom Properties.
    2. Click + to add a new group definition based on the custom property.
    3. Select a custom property from the Property drop-down list.
    4. Enter a Value for the property. You can add multiple values by clicking the + button.
    5. Click Save, then click Save again to return to the CMDB Group Definition dialog box.
    6. In the Add To section of the dialog box, select the group to which the CMDB Group will be added from the Groups drop-down list.
    Previous
    Next