Centralized NOC/SOC visibility for the attack surface
The FortiSOC view helps teams in the security operations center (SOC) and network operations center (NOC) protect networks with access to real-time log and threat data in the form of actionable views with deep drill-down capabilities, notifications and reports and predefined or customized dashboards for single-pane visibility and awareness. Analysts can utilize FortiAnalyzer workflow automation for simplified orchestration of security operations, management of threats and vulnerabilities and responding to security incidents or investigate proactively by looking for anomalies and threats in SIEM normalized logs in the Threat Hunting view.
Event management
FortiAnalyzer's Event Manager enables security teams to monitor and manage alerts and events from logs. Events are processed and correlated in an easily readable format that analysts can understand for immediate response. Analysts can use the Event Monitor for investigative searches into alert, and use the predefined or custom event handlers for NOC and SOC, with customizable filters to generate real-time notifications for around-the-clock monitoring, including handlers for SD-WAN, VPN SSL, wireless, network operations, FortiClient and more.
Incident management
The Incidents component in FortiSOC enables security operations teams to manage incident handling and life cycle with incidents created from events to show affected assets, endpoints and users. Analysts can assign incidents, view and drill down on event details, incident timelines, add analysis comments, attach reports and artifacts and review playbook execution details for complete audit history.
Playbook automation
FortiAnalyzer Playbooks boost an organization's security teams abilities to simplify investigation efforts through automated incident response, freeing up resources and allowing analysts to focus on more critical tasks.
Assets and Identity
FortiAnalyzer's Fabric View with Asset and Identity monitoring provides full SOC visibility of users and devices, including analytics of the attack surface and enables analysts to view and manage detailed UEBA information collected from logs and fabric devices, with filters and custom views for refining results.
Analytics and reporting
Security teams are empowered with FortiAnalyzer's automation driven analytics and reports providing full visibility of network devices, systems and users.
Deploying FortiAnalyzer
FortiAnalyzer plays a pivotal role in Fortinet's Security Fabric and can be deployed in a variety of configurations to support the needs of any organization for analytics, backups, disaster recovery and storage, availability and redundancy as well as log collection and log forwarding for high-volume networks with sizeable generation of event logs.
FortiAnalyzer High Availability (HA)
FortiAnalyzer HA provides real-time redundancy to protect organizations by ensuring continuous operational availability. In the event that the primary (active) FortiAnalyzer fails, a secondary (passive) FortiAnalyzer will immediately take over, providing log and data reliability and eliminating the risk of having a single point of failure.
Multi-tenancy with flexible quota management
FortiAnalyzer provides the ability to manage multiple subaccounts with each account having its own administrators and users. The time-based archive/analytic log data policy, per Administrative Domain (ADOM), allows automated quota management based on the defined policy, with trending graphs to guide policy configuration and usage monitoring.
Analyzer-Collector mode
FortiAnalyzer provides two operation modes: Analyzer and Collector. In Collector mode, the primary task is forwarding logs of the connected devices to an Analyzer and archiving the logs. This configuration greatly benefits organizations with increasing log rates, as the resource intensive log-receiving task is off-loaded to the Collector so that the Analyzer can focus on generating analytics and reports.
