Fortinet black logo

New Features

Security Fabric ADOM

Copy Link
Copy Doc ID bc40d227-4cc1-11e9-94bf-00505692583a:387560
Download PDF

Security Fabric ADOM

In FortiAnalyzer 6.2, all Fortinet devices in a Security Fabric can be placed into the same ADOM. This allows for fast data processing and log correlation, and also enables combined results to be presented in Reports, SOC Views, Incidents/Events, and more.

Create a Fabric ADOM

To create a Fabric ADOM in FortiAnalyzer:
  1. In FortiAnalyzer, go to System Settings > All ADOMs.
  2. Select Create New.
  3. Configure the settings for the new ADOM and select Fabric as the type.

  4. Select OK to create the ADOM.

    The Fabric ADOM is listed under the Security Fabric section of All ADOMs.

Fabric ADOM devices, views, events, and reports

Device Manager

  • In Device Manager, you can view and add all Fortinet devices in the Security Fabric to the Fabric ADOM, including FortiGate, FortiSandbox, FortiMail, FortiDDoS, and FortiClient EMS.

Log View

  • View collected device logs at Log View > Log Browse.

  • In Log View, all device logs are displayed.

SOC

  • FortiDDoS widgets are available in SOC Monitors through a Fabric ADOM.

  • FortiClient EMS widgets are available in SOC Monitors through a Fabric ADOM.

Incidents & Events

  • Predefined event handlers for FortiGate, FortiSandbox, FortiMail, and FortiWeb ADOMs can be viewed at Incidents & Events > Event Handler List.

  • When creating a new event handler in a Fabric ADOM, you can specify different device types for each filter.

  • Triggered events are displayed for all device types.

Reports

  • View predefined reports for all device types in All Reports.

  • View predefined templates for all device types in Templates.

  • View predefined charts for all device types in Chart Library.

  • View predefined datasets for all device types in Datasets.

  • In a Fabric ADOM, you can insert charts from all device types into one report.

  • Generated reports display data from all device types in a single report.

  • All devices in the Fabric ADOM are listed in the report's device page.

Security Fabric ADOM

In FortiAnalyzer 6.2, all Fortinet devices in a Security Fabric can be placed into the same ADOM. This allows for fast data processing and log correlation, and also enables combined results to be presented in Reports, SOC Views, Incidents/Events, and more.

Create a Fabric ADOM

To create a Fabric ADOM in FortiAnalyzer:
  1. In FortiAnalyzer, go to System Settings > All ADOMs.
  2. Select Create New.
  3. Configure the settings for the new ADOM and select Fabric as the type.

  4. Select OK to create the ADOM.

    The Fabric ADOM is listed under the Security Fabric section of All ADOMs.

Fabric ADOM devices, views, events, and reports

Device Manager

  • In Device Manager, you can view and add all Fortinet devices in the Security Fabric to the Fabric ADOM, including FortiGate, FortiSandbox, FortiMail, FortiDDoS, and FortiClient EMS.

Log View

  • View collected device logs at Log View > Log Browse.

  • In Log View, all device logs are displayed.

SOC

  • FortiDDoS widgets are available in SOC Monitors through a Fabric ADOM.

  • FortiClient EMS widgets are available in SOC Monitors through a Fabric ADOM.

Incidents & Events

  • Predefined event handlers for FortiGate, FortiSandbox, FortiMail, and FortiWeb ADOMs can be viewed at Incidents & Events > Event Handler List.

  • When creating a new event handler in a Fabric ADOM, you can specify different device types for each filter.

  • Triggered events are displayed for all device types.

Reports

  • View predefined reports for all device types in All Reports.

  • View predefined templates for all device types in Templates.

  • View predefined charts for all device types in Chart Library.

  • View predefined datasets for all device types in Datasets.

  • In a Fabric ADOM, you can insert charts from all device types into one report.

  • Generated reports display data from all device types in a single report.

  • All devices in the Fabric ADOM are listed in the report's device page.