Administration Guide

Setting up FortiAnalyzer
- Connecting to the GUI
  - FortiAnalyzer Setup wizard
  - Activating VM licenses
- Security considerations
- GUI overview
- Target audience and access level
- Initial setup
- FortiManager features
- Next steps
- Restarting and shutting down
FortiAnalyzer Key Concepts
- Operation modes
- Administrative domains
- Logs
- Log storage
- FortiView dashboard
Device Manager
- ADOMs
- FortiClient EMS devices
- Unauthorized devices
- Using FortiManager to manage FortiAnalyzer devices
- Adding devices
- Managing devices
- Device groups
  - Adding device groups
  - Managing device groups
FortiView
- FortiView
- Monitor
- Enabling and disabling FortiView
Log View and Log Quota Management
- Types of logs collected for each device
- Log messages
- Log groups
- Log browse
- Log and file storage
Fabric View
- Fabric Connectors
- Subnets
- Identity Center
  - Identity Center dashboard
- Asset Center
  - Asset Center dashboard
- Configuring endpoint and end user data sources
Fortinet Security Fabric
- Adding a Security Fabric group
- Displaying Security Fabric topology
- Security Fabric traffic log to UTM log correlation
- Security Fabric ADOMs
- Enabling SAML authentication in a Security Fabric
Incident and Event Management
- Event handlers
- Events
- Incidents
FortiSoC
- Viewing FortiSoC dashboards
- Configuring playbook automation
- Threat Hunting
- Outbreak Alerts
Reports
- How ADOMs affect reports
- Predefined reports, templates, charts, and macros
- Logs used for reports
- How charts and macros extract data from logs
- How auto-cache works
- Generating reports
- Creating reports
- Managing reports
  - Organizing reports into folders
  - Importing and exporting reports
- Report template library
- Chart library
  - Creating charts
  - Managing charts
- Macro library
  - Creating macros
  - Managing macros
- Datasets
- Output profiles
  - Creating output profiles
  - Managing output profiles
- Report languages
- Report calendar
  - Viewing all scheduled reports
  - Managing report schedules
FortiRecorder
- Configuring cameras in the Camera Manager
- Face Recognition
- Watching live and recorded video in the Monitor
- Enabling and disabling FortiRecorder
System Settings
- Dashboard
- Logging Topology
- Network
- RAID Management
- Administrative Domains (ADOMs)
- Certificates
- Log Forwarding
- Fetcher Management
- Event Log
  - Event log filtering
- Task Monitor
- SNMP
- Mail Server
- Syslog Server
  - Send local logs to syslog server
- Meta Fields
- Device logs
- File Management
- Advanced Settings
- FortiGuard
- Restart, shut down, or reset FortiAnalyzer
Administrators
- Trusted hosts
- Monitoring administrators
- Disconnecting administrators
- Managing administrator accounts
- Administrator profiles
- Authentication
- Global administration settings
- Two-factor authentication
  - Two-factor authentication with FortiAuthenticator
    - Configuring FortiAuthenticator
    - Configuring FortiAnalyzer
  - Two-factor authentication with FortiToken Cloud
High Availability
- Configuring HA options
  - Log synchronization
  - Configuration synchronization
- Monitoring HA status
  - If the primary unit fails
- Load balancing
- Upgrading the FortiAnalyzer firmware for an operating cluster
Collectors and Analyzers
- Configuring the Collector
- Configuring the Analyzer
- Fetching logs from the Collector to the Analyzer
Management Extensions
- FortiSIEM MEA
- FortiSOAR MEA
- Enabling management extension applications
  - CLI for management extensions
- Accessing management extension logs
- Checking for new versions and upgrading
Appendix A - Supported RFC Notes
Appendix B - Log Integrity and Secure Log Transfer
- Maximum TLS/SSL version compatibility
Appendix C - FortiAnalyzer Ansible Collection documentation
Change Log

Home FortiAnalyzer 7.2.6 Administration Guide

7.2.6

Permissions

The below table lists the default permissions for the predefined administrator profiles.

When Read-Write is selected, the user can view and make changes to the FortiAnalyzer system. When Read-Only is selected, the user can only view information. When None is selected, the user can neither view or make changes to the FortiAnalyzer system.

Setting		Predefined Administrator Profile
Setting		Super User	Standard User	Restricted User
System Settings `system-setting`		Read-Write	None	None
Administrative Domain `adom-switch`		Read-Write	Read-Write	None
Device Manager `device-manager`		Read-Write	Read-Write	Read-Only
	Add/Delete/Edit Devices/Groups `device-op`	Read-Write	Read-Write	None
Log View/FortiView `log-viewer`		Read-Write	Read-Write	Read-Only
FortiSOC `event-management`		Read-Write	Read-Write	Read-Only
Create & Update Incidents `update-incidents`		Read-Write	Read-Write	None
Triage Event `triage-events`		Read-Write	Read-Write	None
Reports `report-viewer`		Read-Write	Read-Write	Read-Only
Run Report `run-report`		Read-Write	Read-Write	None
Fabric View `fabric-viewer`		Read-Write	Read-Write	Read-Only
CLI only settings
`device-wan-link-load-balance`		Read-Write	Read-Write	Read-Only
`device-ap`		Read-Write	Read-Write	Read-Only
`device-forticlient`		Read-Write	Read-Write	Read-Only
`device-fortiswitch`		Read-Write	Read-Write	Read-Only
`realtime-monitor`		Read-Write	Read-Write	Read-Only
`adom-lock`		Read-Write	Read-Write	Read-Only
`device-policy-package-lock`		Read-Write	Read-Write	Read-Only
`extension-access`		Read-Write	Read-Write	None
`fortirecorder-setting`		Read-Write	Read-Write	None
`execute-playbook`		Read-Write	Read-Write	None
`script-access`		Read-Write	Read-Write	None

For a description of each permission, see the FortiAnalyzer CLI Reference.

Permissions

The below table lists the default permissions for the predefined administrator profiles.

Setting		Predefined Administrator Profile
Setting		Super User	Standard User	Restricted User
System Settings `system-setting`		Read-Write	None	None
Administrative Domain `adom-switch`		Read-Write	Read-Write	None
Device Manager `device-manager`		Read-Write	Read-Write	Read-Only
	Add/Delete/Edit Devices/Groups `device-op`	Read-Write	Read-Write	None
Log View/FortiView `log-viewer`		Read-Write	Read-Write	Read-Only
FortiSOC `event-management`		Read-Write	Read-Write	Read-Only
Create & Update Incidents `update-incidents`		Read-Write	Read-Write	None
Triage Event `triage-events`		Read-Write	Read-Write	None
Reports `report-viewer`		Read-Write	Read-Write	Read-Only
Run Report `run-report`		Read-Write	Read-Write	None
Fabric View `fabric-viewer`		Read-Write	Read-Write	Read-Only
CLI only settings
`device-wan-link-load-balance`		Read-Write	Read-Write	Read-Only
`device-ap`		Read-Write	Read-Write	Read-Only
`device-forticlient`		Read-Write	Read-Write	Read-Only
`device-fortiswitch`		Read-Write	Read-Write	Read-Only
`realtime-monitor`		Read-Write	Read-Write	Read-Only
`adom-lock`		Read-Write	Read-Write	Read-Only
`device-policy-package-lock`		Read-Write	Read-Write	Read-Only
`extension-access`		Read-Write	Read-Write	None
`fortirecorder-setting`		Read-Write	Read-Write	None
`execute-playbook`		Read-Write	Read-Write	None
`script-access`		Read-Write	Read-Write	None

For a description of each permission, see the FortiAnalyzer CLI Reference.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Administration Guide

Permissions

Permissions

Permissions

Permissions