FortiSoC is a subscription service that enables playbook automation for security operations on FortiAnalyzer.
FortiAnalyzer's SIEM capabilities parse, normalize, and correlate logs from Fortinet products and the security event log of Windows and Linux hosts (with Fabric Agent integration). Parsing is predefined by FortiAnalyzer and does not require manual configuration by administrators. SIEM logs are displayed as Fabric logs in Log View. See Types of logs collected for each device.
FortiSoC provides incident management capabilities with playbook automation to accelerate incident response. When FortiAnalyzer has a valid subscription license, the FortiSoC module is activated and administrators are able access playbook automation features. Task automation can be configured by SOC analysts using playbooks which consist of a trigger and sequence of automated actions. Playbooks can be created from scratch or by using one of the predefined templates. Fabric connectors further enhance FortiSoC functionality by allowing playbooks to perform tasks using connected devices, including FortiOS and FortiClient EMS.
This section includes information on the following topics:
- Viewing FortiSoC dashboards
- Configuring playbook automation
For information about FortiSoC incidents and events, see Incident and Event Management.