FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Andy_G
Staff
Staff
Article Id 192225

Description

This article describes how to capture and replay discovery results in FortiSIEM.


Solution

Here is a step by step guide: 
 
1. Re-discover the devices and note down the date and time.

2. Login into the supervisor and run the following commands:

#cd /data/cache/discoveryResults/cust-1/completed
#ll
 
The output should be a list of directories with all numbers as the names. 
 
3. Zip the directory with the most current timestamp that "lines up" with the date/time of step 1.
 
4. Either attach the file to a case for further investigation or upload it to Fortinet ftp site. The file should be small enough to attach to case.
 
5. Download and unzip the folder into /data/cache/discoveryResults/cust-1/new
 
6. FortiSIEM will read the file automatically and then replay it in the supervisor

 
Contributors