Discovering Devices
Prerequisites
- Make sure you have configured the Discovery Settings for your deployment
- Set up the Access Credentials for your devices so FortiSIEM can communicate with them
Procedure
After you have set up the access protocols for your devices as described in Setting Access Credentials for Device Discovery, you are ready to discover devices in your IT infrastructure.
-
Log in to your Supervisor node.
Discovering Devices for Multi-Tenant Deployments
If you have a Service Provider FortiSIEM deployment that uses Collectors and you and want to discover devices for a specific organization, rather than the Global organization, log into your Supervisor node as an admin user for that organization. See Discovery for Multi-Tenant Deployments for more information about how discovery works for Service Provider deployments with and without Collectors.
- Go to Admin > Setup Wizard > Discovery.
- Click Add.
You can also schedule single or recurring discovery processes as described in Scheduling a Discovery. - In the Range Definition dialog, set the options for this discovery.
See Discovery Range Definition Options for more information about the options available in this dialog. - Click OK.
Your range definition will be added to the list. - Select your range definition, and then click Discover.
A discovery dialog will show you the progress of your discovery. For long-running discoveries, you can use the Run in Background option. -
When discovery completes, the results will be displayed in the dialog. Click Errors to view any errors.
Possible Causes of Discovery Errors
If there are errors during the discovery process, the Errors screen will inform you of their severity, impact, and potential resolution. Some possible reasons for errors include:
- A device is not online or not reachable via ping. FortiSIEM will attempt to ping devices before initiating a full discovery to save time.
- A device is not responding to SNMP or WMI requests, or there is a firewall blocking these requests from FortiSIEM
- The SNMP/WMI credentials are incorrect
- WMI may not have been set up correctly on the server. See the appropriate topic in FortiSIEM 4.9.0 External Systems Configuration Guide for how to configure WMI for your device.
Approving Newly Discovered Devices
If you selected Approved Devices Only for the discovery setting Allow Incident Firing On, as described in Discovery Settings, then you will need to approve your newly discovered devices before incidents will be triggered for those devices. See Approving Newly Discovered Devices for more information.