Software Inventory logging to FortiAnalyzer
FortiClient endpoints can now send Software Inventory logs to FortiAnalyzer for real time and historic logging and reporting.
FortiClient collects information on regular software installed on the endpoint and sends the information to EMS and FortiAnalyzer. FortiClient sends the Software Inventory information when it first registers to EMS and when it first sends data to FortiAnalyzer. If software changes occur on the endpoint, such as installing new software, updating existing software, or removing existing software, FortiClient sends an updated inventory to EMS and FortiAnalyzer.
This feature requires the following configuration:
- In EMS, enable Send Software Inventory on an endpoint profile.
- If needed, create a Fabric ADOM in FortiAnalyzer.
To configure the endpoint profile in EMS:
- In EMS, create a new endpoint profile or edit an existing profile.
- On the System Settings tab, enable Send Software Inventory.
- Save the profile.
- Ensure that the profile is used in the endpoint policy assigned to the desired group or OU.
To create a Fabric ADOM in FortiAnalyzer:
- In FortiAnalyzer, go to System Settings > All ADOMs.
- Click Create New.
- From the Type dropdown list, select Fabric.
- Click + Select Device.
- Add at least one FortiGate and the EMS server that the FortiClient endpoint is registered to.
- Configure other options as desired.
- Click OK.
- After creation, switch to the newly created ADOM. Go to SOC, then go to the Monitors tab. The FortiClient Software Inventory option is available in the left pane.
To view the results:
- In EMS, go to Software Inventory. You can view the Software Inventory by application or host.
- In FortiAnalyzer, in the Fabric ADOM created earlier, go to SOC > Monitors > FortiClient Software Inventory. You can view the data that endpoints sent to FortiAnalyzer.