Fortinet Document Library

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

FortiSOAR central logging 7.0.2

In FortiAnalyzer 7.0.2, FortiSOAR devices are recognized as Security Fabric devices by FortiAnalyzer and the device logs are now available from Log View under the FortiSOAR menu.

To view FortiSOAR logs:
  1. Before this enhancement, FortiAnalyzer recognized FortiSOAR as a Syslog device.
    In FortiAnalyzer 7.0.2, FortiAnalyzer recognizes FortiSOAR devices and lists unauthorized FortiSOAR devices in the Device Manager where they can be authorized on FortiAnalyzer.
  2. Once a FortiSOAR device is authorized on FortiAnalyzer, it is listed in the Device Manager with information including the device name, IP, platform, serial number, and more.
  3. In Log View, a new entry for FortiSOAR is added with different tabs and icons according to FortiSOAR device and log types. FortiSOAR device's logs are received by FortiAnalyzer and displayed in Log View.
  4. FortiAnalyzer also includes a SIEM parser for FortiSOAR devices which allows FortiAnalyzer to parse FortiSOAR logs into the SIEM database correctly.
  5. In Log View > Log Browse, FortiSOAR device logs are listed. You can download or import FortiSOAR logs.
  6. In FortiSoC > Handlers > Event Handler List, the FortiSOAR device and log subtypes are added. You can create an event handler for FortiSOAR devices with the Log Device Type set as FortiSOAR and the Log Type as Event Log (event).

    You can see newly triggered events by the custom event handler in FortiSoC > Event Monitor > All Events.
  7. In Reports > Report Definitions > Datasets, FortiSOAR log types can be selected as the log type for datasets. You can verify your dataset query by clicking the Test button in the right pane.

FortiSOAR central logging 7.0.2

In FortiAnalyzer 7.0.2, FortiSOAR devices are recognized as Security Fabric devices by FortiAnalyzer and the device logs are now available from Log View under the FortiSOAR menu.

To view FortiSOAR logs:
  1. Before this enhancement, FortiAnalyzer recognized FortiSOAR as a Syslog device.
    In FortiAnalyzer 7.0.2, FortiAnalyzer recognizes FortiSOAR devices and lists unauthorized FortiSOAR devices in the Device Manager where they can be authorized on FortiAnalyzer.
  2. Once a FortiSOAR device is authorized on FortiAnalyzer, it is listed in the Device Manager with information including the device name, IP, platform, serial number, and more.
  3. In Log View, a new entry for FortiSOAR is added with different tabs and icons according to FortiSOAR device and log types. FortiSOAR device's logs are received by FortiAnalyzer and displayed in Log View.
  4. FortiAnalyzer also includes a SIEM parser for FortiSOAR devices which allows FortiAnalyzer to parse FortiSOAR logs into the SIEM database correctly.
  5. In Log View > Log Browse, FortiSOAR device logs are listed. You can download or import FortiSOAR logs.
  6. In FortiSoC > Handlers > Event Handler List, the FortiSOAR device and log subtypes are added. You can create an event handler for FortiSOAR devices with the Log Device Type set as FortiSOAR and the Log Type as Event Log (event).

    You can see newly triggered events by the custom event handler in FortiSoC > Event Monitor > All Events.
  7. In Reports > Report Definitions > Datasets, FortiSOAR log types can be selected as the log type for datasets. You can verify your dataset query by clicking the Test button in the right pane.