Data Update Subscription Service
FortiSIEM is constantly developing support for additional IT infrastructure devices. By subscribing to the FortiSIEM Data Update Service, you can receive updates when support for new devices becomes available, rather than waiting for it to be included in a formal release. In addition to devices you can also receive new rules, reports, parser updates etc.
Data Update Overview
Configuring Data Update
Data Update Overview
FortiSIEM data update subscription service updates your FortiSIEM deployment with the latest device support related data as it becomes available, rather than having to wait for it to be included in a formal release.
The following items can be included in an update
New event attribute
New event types
New device type
New parsers or modifications for existing parsers
Performance monitoring templates for new devices or modified ones for existing devices
New rules or modifications for existing rules
New reports or modifications for existing reports – both CMDB report and event based reports
New groups or modifications for existing groups for Event Types, Rules, Reports, Device Groups, Application Groups Code to handle new devices
Configuring Data Update
Provide a brief (two to three sentence) description of the task or the context for the task.
Prerequisites
Procedure
Configure Data Update Server Setting
Check Available Data Updates
Apply Data Update on Supervisor
Apply Data Update on Collectors
Check whether Data Update Installed Successfully
Prerequisites
Contact FortiSIEM support and make sure that your license includes Data Update Service
Make sure you have Data Update URL – this is typically https://images.FortiSIEM.net/upgrade/ds – contact FortiSIEM to make sure that this information has not changed
Make sure you have license credentials
Procedure
Configure Data Update Server Setting
- Log on to FortiSIEM Supervisor with Administrator credentials
- Go to Admin > General Settings > System
- Configure Data Update Server Setting
- Enter Data Update URL (see prerequisites)
- Enter Server Username and Server Password – these are the license credentials
- Specify Notify Email (optional) – you will receive email when new data updates are available d. Click Save
Check Available Data Updates
- Log on to FortiSIEM Supervisor with Administrator credentials
- Go to Admin > Data Update
- Click Refresh
- Available data updates are shown on left
- Click a version on the left and the contents for that version is shown on the right
- Check the current data version from Admin > Cloud Health > Data Update Version. The number after 3rd decimal is the data version. For example 4.4.1.38 means data version is 38.
- Note the data version you would like to upgrade to.
Apply Data Update on Supervisor
- SSH to FortiSIEM Supervisor as root
- Go to /pbin
- Download the data version by running ./phdownloaddata and specify the data version you would like to upgrade to
- Install the data version by running ./phinstalldata
Apply Data Update on Collectors
- Log on to FortiSIEM Supervisor with Administrator credentials
- Go to Admin > Collector Health
- Select a Collector
- Click Download Data Update – this downloads the data files to the collector
- Click Install Data Update – this installs the data files on the collector
- Repeat for all collectors
Check whether Data Update Installed Successfully
- Log on to FortiSIEM Supervisor with Administrator credentials
- Check Admin > Cloud Health > Data Update Version
- Check Admin > Collector Health > Data Update Version