Configuring Windows Agent

FortiSIEM Windows Agents provides a scalable way to collect rich log data from a large number of Windows servers. FortiSIEM Windows Agents are configured and monitored by a FortiSIEM Windows Agent Manager. The Agent Manager registers with FortiSIEM Supervisor node for license information. The following section describes how to configure FortiSIEM Windows Agent Manager in FortiSIEM.

This section provides the procedures to configure Windows Agent.

Adding Windows Agent

Follow the procedure below to add a Windows Agent:

  1. Go to ADMIN > Setup > Windows Agent tab.
  2. Click New
  3. In the Windows Agent dialog box, enter the information below.

    SettingsGuidelines
    Agent Manager [Required] Name of the FortiSIEM Windows Agent Manager
    Basic Agents[Required] Number of Advanced Windows Agents. The sum of basic and Advanced windows agents over all the organizations must be less than the corresponding license.
    Advanced AgentsNumber of Advanced Windows Agents. The sum of Basic and Advanced Windows Agents over all Organizations must be less than the corresponding license.
    Start DateStart and end date for Windows Agent License validity
    End DateEnd date for Windows Agent License validity
    Event UploadFortiSIEM node to which Agents will upload events - Supervisor or Collector nodes
  4. Click Save

Modifying Windows Agent

Follow the procedure below to modify a Windows Agent:

  1. Select the Windows Agent to modify from the list and click the required option.

    OptionDescription
    EditTo edit any Windows Agent settings.
    DeleteTo delete any Windows Agent.
  2. Click Save.

Searching

Follow the procedure below to search a Windows Agent:

  1. Enter the Windows Agent name in the search field.
    If the Windows Agent is configured in FortiSIEM, it appears in the table.

Adjusting Columns

Follow the procedure below to adjust the Windows Agent table:

  1. Click Columns button and select the required columns to display:
    • Agent Manager Name
    • Organization
    • Event Upload Destination
    • Basic Agents
    • Advanced Agents
    • Registered
    • Valid Time
    You can also use the Search field under Columns to enter any valid column name. Based on the selection, the table columns are automatically updated.