Fortinet Document Library

Version:


Table of Contents

More Links

Creating a Security Fabric ADOM

New Features

6.2.0
Download PDF
Copy Link

Security Fabric ADOM

In FortiAnalyzer 6.2, all Fortinet devices in a Security Fabric can be placed into the same ADOM. This allows for fast data processing and log correlation, and also enables combined results to be presented in Reports, SOC Views, Incidents/Events, and more.

Create a Fabric ADOM

To create a Fabric ADOM in FortiAnalyzer:
  1. In FortiAnalyzer, go to System SettingsAll ADOMs.
  2. Select Create New.
  3. Configure the settings for the new ADOM and select Fabric as the type.

  4. Select OK to create the ADOM.

    The Fabric ADOM is listed under the Security Fabric section of All ADOMs.

Fabric ADOM devices, views, events, and reports

Device Manager

  • In Device Manager, you can view and add all Fortinet devices in the Security Fabric to the Fabric ADOM, including FortiGate, FortiSandbox, FortiMail, FortiDDoS, and FortiClient EMS.

Log View

  • View collected device logs at Log ViewLog Browse.

  • In Log View, all device logs are displayed.

SOC

  • FortiDDoS widgets are available in SOC Monitors through a Fabric ADOM.

  • FortiClient EMS widgets are available in SOC Monitors through a Fabric ADOM.

Incidents & Events

  • Predefined event handlers for FortiGate, FortiSandbox, FortiMail, and FortiWeb ADOMs can be viewed at Incidents & EventsEvent Handler List.

  • When creating a new event handler in a Fabric ADOM, you can specify different device types for each filter.

  • Triggered events are displayed for all device types.

Reports

  • View predefined reports for all device types in All Reports.

  • View predefined templates for all device types in Templates.

  • View predefined charts for all device types in Chart Library.

  • View predefined datasets for all device types in Datasets.

  • In a Fabric ADOM, you can insert charts from all device types into one report.

  • Generated reports display data from all device types in a single report.

  • All devices in the Fabric ADOM are listed in the report's device page.

More Links

Security Fabric ADOM

In FortiAnalyzer 6.2, all Fortinet devices in a Security Fabric can be placed into the same ADOM. This allows for fast data processing and log correlation, and also enables combined results to be presented in Reports, SOC Views, Incidents/Events, and more.

Create a Fabric ADOM

To create a Fabric ADOM in FortiAnalyzer:
  1. In FortiAnalyzer, go to System SettingsAll ADOMs.
  2. Select Create New.
  3. Configure the settings for the new ADOM and select Fabric as the type.

  4. Select OK to create the ADOM.

    The Fabric ADOM is listed under the Security Fabric section of All ADOMs.

Fabric ADOM devices, views, events, and reports

Device Manager

  • In Device Manager, you can view and add all Fortinet devices in the Security Fabric to the Fabric ADOM, including FortiGate, FortiSandbox, FortiMail, FortiDDoS, and FortiClient EMS.

Log View

  • View collected device logs at Log ViewLog Browse.

  • In Log View, all device logs are displayed.

SOC

  • FortiDDoS widgets are available in SOC Monitors through a Fabric ADOM.

  • FortiClient EMS widgets are available in SOC Monitors through a Fabric ADOM.

Incidents & Events

  • Predefined event handlers for FortiGate, FortiSandbox, FortiMail, and FortiWeb ADOMs can be viewed at Incidents & EventsEvent Handler List.

  • When creating a new event handler in a Fabric ADOM, you can specify different device types for each filter.

  • Triggered events are displayed for all device types.

Reports

  • View predefined reports for all device types in All Reports.

  • View predefined templates for all device types in Templates.

  • View predefined charts for all device types in Chart Library.

  • View predefined datasets for all device types in Datasets.

  • In a Fabric ADOM, you can insert charts from all device types into one report.

  • Generated reports display data from all device types in a single report.

  • All devices in the Fabric ADOM are listed in the report's device page.