Configuring Windows Agent

FortiSIEM Windows Agents provides a scalable way to collect rich log data from a large number of Windows servers. FortiSIEM Windows Agents are configured and monitored by a FortiSIEM Windows Agent Manager. The Agent Manager registers with FortiSIEM Supervisor node for license information. The following section describes how to configure Windows Agent Manager in FortiSIEM.

This section provides the procedures to configure Windows Agent.

• Adding Windows Agent
• Modifying Windows Agent
  • Searching
  • Adjusting Columns

Adding Windows Agent

Follow the procedure below to add a Windows Agent:

1. Go to ADMIN > Setup > Windows Agent tab.
2. Click New. 
3. In the Windows Agent dialog box, enter the information below.
   
   

   Settings	Guidelines
   Agent Manager Name	[Required] Name of the FortiSIEM Windows Agent Manager
   Basic Agents	Number of Basic Windows Agents. The sum of basic and Advanced windows agents over all Organizations must be less than the corresponding license.
   Advanced Agents	Number of Advanced Windows Agents. The sum of Basic and Advanced Windows Agents over all Organizations must be less than the corresponding license.
   Start Date	Start and end date for Windows Agent License validity
   End Date	End date for Windows Agent License validity
   Event Upload	FortiSIEM node to which Agents will upload events - Supervisor or Collector nodes

4. Click Save

Modifying Windows Agent

Follow the procedure below to modify a Windows Agent:

1. Select the Windows Agent Manager to modify from the list and click the required option.
   
   

   Option	Description
   Edit	To edit any Windows Agent Manager settings.
   Delete	To delete any Windows Agent Manager.

2. Click Save.

Searching

Follow the procedure below to search a Windows Agent:

1. Enter the Windows Agent Manager name in the search field.
   If the Windows Agent Manager is configured in FortiSIEM, it appears in the table.

Adjusting Columns

Follow the procedure below to adjust the Windows Agent table:

1. Click Columns button and select the required columns to display:
   • Agent Manager Name - Name of the Windows Agent Manager
   • Organization - Organization for which this is applicable
   • Event Upload Destination - Location where the events are uploaded.
   • Basic Agents - number of Basic Agents
   • Advanced Agents - number of Advanced Agents
   • Registered - Agent Registration status
   • Valid Time - Validity time range

You can also use the Search field under Columns to enter any valid column name. Based on the selection, the table columns are automatically updated.