Fortinet Security Orchestration, Automation, and Response Platform (FortiSOAR™) is a centralized hub for all of your security operations. Our platform provides customizable mechanisms for prevention, detection, and response that work across tools in your environment. The FortiSOAR MEA gets installed on FortiAnalyzer and allows you to manage your security operations using FortiAnalyzer and without the need of having a separate FortiSOAR instance.
When enabled, the FortiSOAR MEA gets installed on FortiAnalyzer. An MEA is a management extension application that is released and signed by Fortinet to run on FortiAnalyzer. An MEA is full-fledged running instance of product in form of a docker container, enabling you to use and monitor different solutions from Fortinet using a single pane of glass.
|From FortiAnalyzer version 7.0.0 onwards, there is a capping of 50% on RAM and CPU for MEAs. This means if FortiAnalyzer has 8 CPUs and 16 GB RAM, then only 4 CPUs and 8 GB RAM will be available to MEAs. Note that this 4 CPUs and 8 GB RAM will be used for all the MEAs, and not just for the FortiSOAR MEA. Therefore, users need to ensure that they provision FortiAnalyzer with sufficient resources to meet the minimum (default) FortiSOAR MEA configuration of 4 CPU cores and 8 GB RAM, which would mean that FortiAnalyzer should be deployed with a minimum of 8 CPUs and 16 GB RAM. However, to use FortiSOAR MEA at a production volume, you should provide the standard configuration of 8 CPUs and 32 GB RAM and depending on the number of running applications, the FortiAnalyzer resources should be increased. For example, if you are running only the FortiSOAR MEA at a production volume, i.e., at the standard configuration of 8 CPUs and 32 GB RAM on FortiAnalyzer, then ensure that the FortiAnalyzer has a minimum configuration of 16 CPUs and 64 GB RAM.|
You must also specify the ElasticSearch and Celeryd configuration follows, if your FortiSOAR MEA is running at a production volume of 8 CPUs and 32 GB RAM:
/etc/elasticsearch/jvm.options(within the FortiSOAR running container):
/etc/celeryd/celeryd.conf(within the FortiSOAR running container):