Fortinet black logo

Administration Guide

FortiSoC

FortiSoC

FortiSoC is a subscription service that enables playbook automation for security operations on FortiAnalyzer.

FortiAnalyzer's SIEM capabilities parse, normalize, and correlate logs from Fortinet products and the security event log of Windows and Linux hosts (with Fabric Agent integration). Parsing is predefined by FortiAnalyzer and does not require manual configuration by administrators. SIEM logs are displayed as Fabric logs in Log View. See Types of logs collected for each device.

FortiSoC provides incident management capabilities with playbook automation to accelerate incident response. When FortiAnalyzer has a valid subscription license, the FortiSoC module is activated and administrators are able access playbook automation features. Task automation can be configured by SOC analysts using playbooks which consist of a trigger and sequence of automated actions. Playbooks can be created from scratch or by using one of the predefined templates. Fabric connectors further enhance FortiSoC functionality by allowing playbooks to perform tasks using connected devices, including FortiOS and FortiClient EMS.

This section includes information on the following topics:

Note

For information about FortiSoC incidents and events, see Incident and Event Management.

Related Videos

sidebar video

FortiAnalyzer SOAR 6.4 Overview

  • 1,895 views
  • 3 years ago

FortiSoC

FortiSoC is a subscription service that enables playbook automation for security operations on FortiAnalyzer.

FortiAnalyzer's SIEM capabilities parse, normalize, and correlate logs from Fortinet products and the security event log of Windows and Linux hosts (with Fabric Agent integration). Parsing is predefined by FortiAnalyzer and does not require manual configuration by administrators. SIEM logs are displayed as Fabric logs in Log View. See Types of logs collected for each device.

FortiSoC provides incident management capabilities with playbook automation to accelerate incident response. When FortiAnalyzer has a valid subscription license, the FortiSoC module is activated and administrators are able access playbook automation features. Task automation can be configured by SOC analysts using playbooks which consist of a trigger and sequence of automated actions. Playbooks can be created from scratch or by using one of the predefined templates. Fabric connectors further enhance FortiSoC functionality by allowing playbooks to perform tasks using connected devices, including FortiOS and FortiClient EMS.

This section includes information on the following topics:

Note

For information about FortiSoC incidents and events, see Incident and Event Management.