Security Fabric ADOM
In FortiAnalyzer 6.2, all Fortinet devices in a Security Fabric can be placed into the same ADOM. This allows for fast data processing and log correlation, and also enables combined results to be presented in Reports, SOC Views, Incidents/Events, and more.
Create a Fabric ADOM
To create a Fabric ADOM in FortiAnalyzer:
- In FortiAnalyzer, go to System Settings > All ADOMs.
- Select Create New.
- Configure the settings for the new ADOM and select Fabric as the type.
- Select OK to create the ADOM.
The Fabric ADOM is listed under the Security Fabric section of All ADOMs.
Fabric ADOM devices, views, events, and reports
- In Device Manager, you can view and add all Fortinet devices in the Security Fabric to the Fabric ADOM, including FortiGate, FortiSandbox, FortiMail, FortiDDoS, and FortiClient EMS.
- View collected device logs at Log View > Log Browse.
- In Log View, all device logs are displayed.
- FortiDDoS widgets are available in SOC Monitors through a Fabric ADOM.
- FortiClient EMS widgets are available in SOC Monitors through a Fabric ADOM.
Incidents & Events
- Predefined event handlers for FortiGate, FortiSandbox, FortiMail, and FortiWeb ADOMs can be viewed at Incidents & Events > Event Handler List.
- When creating a new event handler in a Fabric ADOM, you can specify different device types for each filter.
- Triggered events are displayed for all device types.
- View predefined reports for all device types in All Reports.
- View predefined templates for all device types in Templates.
- View predefined charts for all device types in Chart Library.
- View predefined datasets for all device types in Datasets.
- In a Fabric ADOM, you can insert charts from all device types into one report.
- Generated reports display data from all device types in a single report.
- All devices in the Fabric ADOM are listed in the report's device page.