In today's enterprise environment, rapid identification and response to real threats across the entire infrastructure is crucial. Fortinet's FortiAnalyzer offers the functionality and scalability required to meet the demands of a security operations center (SOC). With enhanced Fabric capabilities, FortiAnalyzer can globally scale both log ingestion rates and disk capacity to accommodate any logging or alerting needs, supporting complete multi-tenancy on a global scale.

Fortinet's FortiAnalyzer addresses the ongoing need for ingesting third-party syslog data by parsing and normalizing it into FortiAnalyzer's SIEM database, where it can perform its standard functions such as event handling, alerting, and reporting. This track will teach participants how FortiAnalyzer correlates Fortinet Fabric logs with normalized syslog data using event correlation handlers.

FortiAnalyzer introduces new SOC features aimed at streamlining detection, correlation, investigation, and remediation processes. Participants will learn to leverage the Incident component of FortiAnalyzer, enabling them to manually or automatically raise incidents from detected events. Incident management can be initiated from the FortiAnalyzer SOC dashboard, with on-demand threat indicator enrichment configured via playbooks. Containment can be propagated through playbook connectors, and threat data can be pushed to a threat feed hosted on Fortinet's central management platform, FortiManager. FortiGates can then automatically block newly detected threat indicators identified by FortiAnalyzer. The integration and efficiency of these SOC correlations and remediations are particularly valuable when scaled across numerous devices.