Fortinet black logo

Frequently Asked Questions

Home SOCaaS Frequently Asked Questions

Service overview

Service overview

What is SOCaaS?

SOCaaS is a cloud-based Managed Security Monitoring Service that analyzes Fortinet customers' security events forwarded from their Fabric devices to SOCaaS cloud. The SOC team performs alert triage and escalates confirmed threats back to the customer. To learn more, please see SOCaaS.

What is the availability of this service?

The service runs on a 24x7x365 basis with security experts leading investigations and incident triage.

Where is the SOC team located?

Fortinet SOC is located in North America, EMEA, and APAC regions.

Where is the data center located for log collection?

Fortinet has data centers located in North America, EMEA, and APAC regions.

What are the technologies or tools that the SOC is based on?

FortiGuard threat intelligence and an industry leading SOAR platform.

What is the SOC's threat detection coverage?

SOC use cases coverage mapped to the cyber kill chain.

What is the daily log limit?

There is no daily log limit.

What is the log retention policy?

By default, logs are retained for 90 days.

How is SOCaaS different from FortiAnalyzer Cloud?

FortiAnalyzer Cloud is for customer self-managed logging and analytics.

SOCaaS is a managed service which can be enabled on the FortiAnalyzer Cloud instance for log monitoring, incident detection and escalation.

In which regions is SOCaaS available?

The service is available to all customers globally.

What types of SOCaaS deployments are supported?

There are two deployment options:

  • Option 1: Fabric device monitoring via customer's owned on-premises FortiAnalyzer.
  • Option 2: Fabric device monitoring via customer's FortiAnalyzer Cloud.

For additional information, see Supported Deployments.

What is the SLA?

The table below shows the time to notify escalation matrix for a confirmed incident, based on severity.

Previous
Next

Service overview

What is SOCaaS?

SOCaaS is a cloud-based Managed Security Monitoring Service that analyzes Fortinet customers' security events forwarded from their Fabric devices to SOCaaS cloud. The SOC team performs alert triage and escalates confirmed threats back to the customer. To learn more, please see SOCaaS.

What is the availability of this service?

The service runs on a 24x7x365 basis with security experts leading investigations and incident triage.

Where is the SOC team located?

Fortinet SOC is located in North America, EMEA, and APAC regions.

Where is the data center located for log collection?

Fortinet has data centers located in North America, EMEA, and APAC regions.

What are the technologies or tools that the SOC is based on?

FortiGuard threat intelligence and an industry leading SOAR platform.

What is the SOC's threat detection coverage?

SOC use cases coverage mapped to the cyber kill chain.

What is the daily log limit?

There is no daily log limit.

What is the log retention policy?

By default, logs are retained for 90 days.

How is SOCaaS different from FortiAnalyzer Cloud?

FortiAnalyzer Cloud is for customer self-managed logging and analytics.

SOCaaS is a managed service which can be enabled on the FortiAnalyzer Cloud instance for log monitoring, incident detection and escalation.

In which regions is SOCaaS available?

The service is available to all customers globally.

What types of SOCaaS deployments are supported?

There are two deployment options:

  • Option 1: Fabric device monitoring via customer's owned on-premises FortiAnalyzer.
  • Option 2: Fabric device monitoring via customer's FortiAnalyzer Cloud.

For additional information, see Supported Deployments.

What is the SLA?

The table below shows the time to notify escalation matrix for a confirmed incident, based on severity.

Previous
Next