FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff
Article Id 195012

Description

Summary of Article

This article is to explain the possibilities of why you may have the same devices show up in the CMDB twice for a single organization.

 

Check / Verify the Following

1 - If you've discovered the same device under another organization (including the super org) with 1 protocol and discovered the same device using another protocol in another organization.  If there are credentials that over lap in both organizations this will cause devices not to merge.  This is by design (Please reference Additional Information below).

Example would be (note any org can be the super org and it would act in the same manor):

Org 1 discovered 192.168.1.5 (windows) with WMI

Org 2 discovered 192.168.1.5 (EXACTLY the same windows device) with SNMP

 

2 - Check if you have Virtual IPs configured (Admin > General Settings > Discovery > Virtual IPs)

Virtual IP indication will tell AO not to merge devices together if they contain the same ip in another interface that it discovers.  This will make it so that we recognize that these two machines are different.  This is also one possibility that your devices did not merge

 

3 - Under the Super organization, check if you have the same IP range configured for the organization (Admin > Setup Wizard > Organizations > Include IP/IP Range)

This goes in hand with the 1st option, if you discovered the device in an organization, and discovered the same exact device in another org they both can show up as duplicates in the same organization, but because they show up in one org and not merged means that this column could have been configured to show all IPs within the indicated range to display within the cmdb in the same organization.  This can cause confusion depending on your infrastructure.  It's always best to leave that column blank.

 

Additional information

The above are some common pitfalls when you are trying to have devices merge together but they do not merge.  By AO's design, you cannot merge devices that are discovered from one organization to another organization.  This defeats the purpose of having organizations since they are suppose to be separated.  AO will believe that the devices are two unique devices based on the two organizations that it's separated in.

 

Version Application

ALL

 

Contributors