Configuring Windows Agent
FortiSIEM Windows Agents provides a scalable way to collect rich log data from a large number of Windows servers. FortiSIEM Windows Agents are configured and monitored by a FortiSIEM Windows Agent Manager. The Agent Manager registers with FortiSIEM Supervisor node for license information. The following section describes how to configure FortiSIEM Windows Agent Manager in FortiSIEM.
This section provides the procedures to configure Windows Agent.
Adding Windows Agent
Follow the procedure below to add a Windows Agent:
- Go to ADMIN > Setup > Windows Agent tab.
- Click New.
- In the Windows Agent dialog box, enter the information below.
Settings Guidelines Agent Manager [Required] Name of the FortiSIEM Windows Agent Manager Basic Agents [Required] Number of Advanced Windows Agents. The sum of basic and Advanced windows agents over all the organizations must be less than the corresponding license. Advanced Agents Number of Advanced Windows Agents. The sum of Basic and Advanced Windows Agents over all Organizations must be less than the corresponding license. Start Date Start and end date for Windows Agent License validity End Date End date for Windows Agent License validity Event Upload FortiSIEM node to which Agents will upload events - Supervisor or Collector nodes - Click Save
Modifying Windows Agent
Follow the procedure below to modify a Windows Agent:
- Select the Windows Agent to modify from the list and click the required option.
Option Description Edit To edit any Windows Agent settings. Delete To delete any Windows Agent. - Click Save.
Searching
Follow the procedure below to search a Windows Agent:
- Enter the Windows Agent name in the search field.
If the Windows Agent is configured in FortiSIEM, it appears in the table.
Adjusting Columns
Follow the procedure below to adjust the Windows Agent table:
- Click Columns button and select the required columns to display:
- Agent Manager Name
- Organization
- Event Upload Destination
- Basic Agents
- Advanced Agents
- Registered
- Valid Time