FortiAnalyzer is a powerful log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate, and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape. Integrated with the Fortinet Security Fabric, advanced threat detection capabilities, centralized security analytics, end-to-end security posture awareness and control, helps security teams identify and mitigate threats before a breach can occur.
Centralized NOC/SOC visibility for the attack surface
The FortiSOC view helps security and network operations teams protect network assets with correlated log and threat data and insights through actionable views with deep drill-down capabilities. Real-time notifications, reports, predefined or customized dashboards deliver single-pane visibility and actionable results. Utilize FortiAnalyzer workflow automation for simplified orchestration of security operations, management of threats, vulnerabilities, and incident response. Proactively investigate anomalies and threats through analysis of SIEM normalized logs in Threat Hunting view.
Event management
Security teams can monitor and manage alerts and event logs from Fortinet devices, with events processed and correlated in a format that analysts can easily understand. Investigate suspicious traffic patterns and search using filters in predefined or custom event handlers to generate real-time notifications and monitoring for NOC and SOC operations, SD-WAN, SSL VPN, wireless, Shadow IT, IPS, network recon, FortiClient, and more.
Incident management
The Incidents component in FortiSOC enables security operations teams to manage incident handling and life cycle with incidents created from events to show affected assets, endpoints, and users. Analysts can assign incidents, view and drill down on event details, incident timelines, add analysis comments, attach reports and artifacts, and review playbook execution details for complete audit history.
Playbook automation
FortiAnalyzer Playbooks boost an organization's security team abilities to simplify investigation efforts through automated incident response, freeing up resources and allowing analysts to focus on tasks that are more critical. Out-of-the-box playbook templates enable SOC analysts to quickly customize their use cases, including playbooks for investigation of compromised hosts, infections and critical incidents, data enrichment for Fabric view assets and identity views, blocking of malware, C and C IPs, and more. Security teams can define custom processes, edit playbooks and tasks in the visual playbook editor, utilize the playbook monitor to review task execution details, import or export playbooks, and use built-in connectors with OAuth2 authentication, allowing playbooks to interact with other Security Fabric devices like FortiOS and EMS. The connector health check provides an indicator for verifying that connectors are always up and working.