Prerequisite configurations for SOCaaS
This document provides post-sales guidance to help customers review the configurations on their FortiGates for optimizing their SOC-as-a-Service (SOCaaS) subscription.
The following prerequisite configurations are detailed:
FortiGate configuration
On FortiGate:
- Verify the status of all FortiGuard Security Services on all of your FortiGate devices to be monitored, highlighted in the image below.
- The minimum requirement is the ATP bundle (IPS, Advanced Malware Protection)
- It is highly recommended to use the UTP bundle (ATP + Web Security, Antispam).
- For OT customers, you must add the OT Protocols Security Services (Industrial DB).
- Ensure you log the security events on your firewall policies and apply the security profiles according to your requirements.
- Confirm that the traffic generated by the sources hit the firewall policies (see the Bytes column).
- Confirm that the traffic generated by the sources hit the firewall policies (see the Bytes column).
- Verify if your FortiGate device is detecting and logging traffic.
- Validate if the Logging & Analysis fabric connector is configured in your FortiGate.
- Ensure that the FortiAnalyzer certificate is verified.
- If the FortiAnalyzer certificate is not verified, it will need to be accepted in order to connect and log in to the FortiAnalyzer.
- If the FortiAnalyzer certificate is not verified, it will need to be accepted in order to connect and log in to the FortiAnalyzer.
- Configure global event logging (this is optional but recommended).
FortiAnalyzer configuration
On FortiAnalyzer:
- Confirm if your FortiAnalyzer Cloud instance is logging all events and security logs.
- By expanding the device list, you can confirm that Traffic, Security, and Application logs are being received.
- In your FortiAnalyzer Log View, verify that the logs/log types that you have configured to forward from your FortiGate(s) are showing up.
- In your FortiAnalyzer Log View, verify that the logs/log types that you have configured to forward from your FortiGate(s) are showing up.
- Follow the SOCaaS Quick Start Guide to help with the remaining configuration steps, including registering SOCaaS and getting started.