FortiAnalyzer Fabric roles

FortiAnalyzer Fabric includes two operation modes, including supervisor and member.

Supervisors acts as the root device in the FortiAnalyzer Fabric. SOC administrators can use the supervisor to view member devices and their ADOMs and authorized logging devices, as well as incidents and events created on members.
Members are devices in the FortiAnalyzer Fabric that send information to the supervisor for centralized viewing. When configured as a member, FortiAnalyzer devices continue to have access to the FortiAnalyzer features identified in the FortiAnalyzer Administration Guide. Incidents and events are created or raised from each member.

Logging devices cannot be registered to the Fabric supervisor and they will not be visible in Device Manager, Log View, or Reports. The Fabric supervisor is for centralized viewing of information from the Fabric members only.

FortiAnalyzer Fabric roles

FortiAnalyzer Fabric includes two operation modes, including supervisor and member.

Supervisors acts as the root device in the FortiAnalyzer Fabric. SOC administrators can use the supervisor to view member devices and their ADOMs and authorized logging devices, as well as incidents and events created on members.

Members are devices in the FortiAnalyzer Fabric that send information to the supervisor for centralized viewing. When configured as a member, FortiAnalyzer devices continue to have access to the FortiAnalyzer features identified in the FortiAnalyzer Administration Guide. Incidents and events are created or raised from each member.

FortiAnalyzer Fabric Deployment Guide

FortiAnalyzer Fabric roles

FortiAnalyzer Fabric roles

FortiAnalyzer Fabric roles