FortiSIEM CMDB Default Passwords

Leave a reply
Default Passwords

The CMDB Default Password page contains a list of default vendor credentials. These well-known credentials should never be used in production. During device discovery FortiSIEM checks if the device credentials are still set to default , and the system rule Default Password Detected by System triggers an incident if they are.

A sample raw event log for a default password incident:

 

<174>Oct 20 22:50:03 [PH_AUDIT_DEFAULT_PWD_MATCH]:[phEventCategory]=2,[appTransportProto]=SNMP,[reptModel]=

 

Adding a New Default Password

  1. Log in to your Supervisor node.
  2. Go to CMDB > Default Passwords.
  3. Select a group where you want to add the default password, or create a new one.
  4. Click New.
  5. Select the Vendor and Model of the device for which you want to enter a default password.
  6. Select the Access Protocol that is used to connect to the device.
  7. Enter the default User Name and Password for the device.

 

 

 

 

 

 

 

 

 

 

 

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.