Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Vulnerabilities and software inventory data from EMS connector 6.4.2

This new feature helps FortiAnalyzer to get more information, vulnerabilities and software inventory, from the FortiClient EMS server directly.

To get endpoint data from an EMS connector:
  1. In Fabric View > Fabric Connectors, click Create New and select FortiClient EMS.
    Configure the connector details for FortiClient EMS and click OK.
  2. Go to FortiSoC > Automation > Playbook and create a new playbook.
    Administrators can use wildcards to get all endpoints registered on the EMS server and then create another task to update Fabric View > Assets.

  3. Run the playbook, then go to Fabric View > Assets. The retrieved endpoints in the EMS server are displayed.
To get vulnerability information from an EMS connector:
  1. With a configured FortiClient EMS connector, create a playbook with an action to Get Vulnerabilities.
  2. Run the playbook. In this example, the user selects a specific endpoint to get its vulnerabilities.
    Confirm that the playbook has run successfully in FortiSoC > Automation > Playbook Monitor.
  3. Go to Fabric View > Assets, and check the Vulnerabilities column. The number of Critical and High level vulnerabilities are displayed. Click on a number to view additional details. You can further drill-down on an individual vulnerability to see its details.
To get software information from an EMS connector:
  1. With a configured FortiClient EMS connector, create a playbook with an action to Get Software Inventory.
  2. Run the playbook. In this example, the admin selects a specific endpoint to get its software inventory.

    Confirm that the playbook has run successfully in FortiSoC > Automation > Playbook Monitor.
  3. Go to Fabric View > Assets, and check the Software column. Click on Details to display the software inventory retrieved from FortiClient EMS.

Vulnerabilities and software inventory data from EMS connector 6.4.2

This new feature helps FortiAnalyzer to get more information, vulnerabilities and software inventory, from the FortiClient EMS server directly.

To get endpoint data from an EMS connector:
  1. In Fabric View > Fabric Connectors, click Create New and select FortiClient EMS.
    Configure the connector details for FortiClient EMS and click OK.
  2. Go to FortiSoC > Automation > Playbook and create a new playbook.
    Administrators can use wildcards to get all endpoints registered on the EMS server and then create another task to update Fabric View > Assets.

  3. Run the playbook, then go to Fabric View > Assets. The retrieved endpoints in the EMS server are displayed.
To get vulnerability information from an EMS connector:
  1. With a configured FortiClient EMS connector, create a playbook with an action to Get Vulnerabilities.
  2. Run the playbook. In this example, the user selects a specific endpoint to get its vulnerabilities.
    Confirm that the playbook has run successfully in FortiSoC > Automation > Playbook Monitor.
  3. Go to Fabric View > Assets, and check the Vulnerabilities column. The number of Critical and High level vulnerabilities are displayed. Click on a number to view additional details. You can further drill-down on an individual vulnerability to see its details.
To get software information from an EMS connector:
  1. With a configured FortiClient EMS connector, create a playbook with an action to Get Software Inventory.
  2. Run the playbook. In this example, the admin selects a specific endpoint to get its software inventory.

    Confirm that the playbook has run successfully in FortiSoC > Automation > Playbook Monitor.
  3. Go to Fabric View > Assets, and check the Software column. Click on Details to display the software inventory retrieved from FortiClient EMS.