In today's enterprise environment, the ability to quickly identify and respond to real threats at scale is crucial. Fortinet's FortiAnalyzer offers the functionality and capacity to meet the demands of a security operations center (SOC). With its enhanced Fabric capabilities, FortiAnalyzer can globally scale log ingestion rates and disk capacity, supporting complete multi-tenancy.

FortiAnalyzer addresses the need for ingesting third-party syslog data by parsing and normalizing it into its SIEM database, where it performs event handling, alerting, and reporting. This track will teach participants how FortiAnalyzer correlates Fortinet Fabric logs with normalized syslog data using event correlation handlers.

FortiAnalyzer introduces new SOC features aimed at streamlining detection, correlation, investigation, and remediation processes. Participants will learn to leverage the Incident component, enabling them to manually or automatically raise incidents from detected events. Incident management can be initiated from the SOC dashboard, with threat indicator enrichment configured via playbooks. Containment can be propagated through playbook connectors, and threat data can be pushed to FortiManager. FortiGates can then automatically block newly detected threat indicators. The integration and efficiency of these SOC correlations and remediations are particularly valuable when scaled across numerous devices.