DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Administration Guide
Setting up FortiAnalyzer
Connecting to the GUI
FortiAnalyzer Setup wizard
Activating VM licenses
Security considerations
Restricting GUI access by trusted host
Trusted platform module support
Self-encrypting drives
Other security considerations
GUI overview
Panes
Color themes
Switching between ADOMs
Using the right-click menu
Using the CLI console
Avatars
Using the Process Monitor
Showing and hiding passwords
Google Map integration
Target audience and access level
Initial setup
FortiManager features
Next steps
Restarting and shutting down
FortiAnalyzer Key Concepts
Operation modes
Analyzer mode
Collector mode
Analyzer and Collector feature comparison
Analyzer–Collector collaboration
FortiAnalyzer Fabric
Administrative domains
Logs
Log storage
SQL database
Analytics and Archive logs
Data policy and automatic deletion
Disk utilization for Archive and Analytic logs
FortiView dashboard
Dashboards
Customizing the status dashboard
System Information widget
Changing the host name
Configuring the system time
Updating the system firmware
Firmware maturity levels
Backing up the system
Restoring the configuration
Migrating the configuration
Configuring the operation mode
System Resources widget
License Information widget
Registering with FortiCloud
Enabling remote access from FortiCloud
Activating add-on licenses
Migrating FortiAnalyzer-VM licenses
Unit Operation widget
Alert Messages Console widget
Log Receive Monitor widget
Insert Rate vs Receive Rate widget
Log Insert Lag Time widget
Receive Rate vs Forwarding Rate widget
Disk I/O widget
Device widgets
Restart, shut down, or reset FortiAnalyzer
IOT dashboard
Email metrics dashboard
SOC dashboard
Device Manager
ADOMs
FortiClient EMS devices
Unauthorized devices
Using FortiManager to manage FortiAnalyzer devices
Adding devices
Adding devices using the wizard
Authorizing devices
Hiding unauthorized devices
Adding an HA cluster
Adding a FortiGate using Security Fabric authorization
Managing devices
Using the toolbar
Editing device information
Displaying historical average log rates
Connecting to an authorized device GUI
Setting values for required meta fields
Device groups
Adding device groups
Managing device groups
FortiView
FortiView
How ADOMs affect FortiView
Logs used for FortiView
FortiView dashboards
Using FortiView
Viewing FortiView dashboards
Filtering FortiView
Creating custom views for FortiView
Viewing related logs
Exporting filtered summaries
Monitoring resource usage of devices
Long-lived session handling
Viewing Indicators of Compromise
Understanding IOC entries
Working with IOC information
Managing an IOC rescan policy
Indicators of Compromise
Examples of using FortiView
Finding application and user information
Analyzing and reporting on network traffic
Finding FortiGate C&C detection logs
Monitors
FortiView monitors
Threats
Indicator of Compromise
FortiSandbox Detections
Local Threat Research
Global Threat Research
Threat (FortiClient)
Data Loss Prevention
Traffic
Applications & Websites
ZTNA
VPN
Traffic Shaping Monitor
Endpoints
Endpoints (FortiClient)
Traffic (FortiDDOS)
Traffic (FortiFirewall)
Applications & Websites (FortiClient)
VPN (FortiFirewall)
FortiClient Software Inventory
FortiMail
FortiProxy
Secure SD-WAN Monitor
SD-WAN Summary
WiFi
IoT
Fabric State of Security
Local System Performance
Using the monitors dashboard
Customizing the monitors dashboard
Creating custom widgets
Enabling and disabling FortiView
Log View and Log Quota Management
Types of logs collected for each device
Log messages
Viewing the log message list of a specific log type
Viewing message details
Customizing displayed columns
Customizing default columns
Filtering messages
Threat Hunting
Monitoring all types of security and event logs from FortiGate devices
Viewing historical and real-time logs
Viewing raw and formatted logs
Custom views
Downloading log messages
Creating charts with Chart Builder
User and endpoint ID log fields
Log groups
Log browse
Importing a log file
Downloading a log file
Deleting log files
Log and file storage
Disk space allocation
Log and file workflow
Automatic deletion
Logs for deleted devices
Log storage information
Storage information
Configuring log storage policy
Configuring log rate receiving limits
Fabric View
Asset Identity Center
Asset Summary
Identity Summary
Asset List
Identity List
OT View
Configuring endpoint and end user data sources
Subnets
Creating a subnet list
Creating a subnet group
Assigning subnet filters to event handlers
Fortinet Security Fabric
Adding a Security Fabric group
Displaying Security Fabric topology
Security Fabric traffic log to UTM log correlation
Security Fabric ADOMs
Enabling SAML authentication in a Security Fabric
Incidents & Events
Incidents
Raising an incident
Managing incidents
Analyzing an incident
Configuring incident settings
Adding reports to an incident
MITRE ATT&CK®
Event Monitor
All Events
Default event views
Filtering events
Viewing event details
Acknowledging events
Assigning events
Managing default views
Creating custom views
Understanding event statuses
Event handlers
Predefined event handlers
Predefined correlation handlers
Creating a custom event handler
Creating a custom correlation handler
Using the Automation Stitch for event handlers
Using the Generic Text Filter
Managing event handlers
Enabling event handlers
Cloning event handlers
Resetting predefined event handlers to factory defaults
Importing and exporting event handlers
Creating data selectors
Creating notification profiles
Indicators
Managing indicators
Indicator enrichment
Automation
Active connectors
Configuring connectors for automation
Security Fabric connectors
ITSM connectors
Playbooks
Playbook templates
Playbook triggers and tasks
Configuring tasks using variables
Importing and exporting playbooks
Playbook Monitor
Outbreak Alerts
SIEM log parsers
FortiAnalyzer Security Automation Service
Security Automation Service objects
FortiAI
Enabling administrator access to FortiAI
Using FortiAI
FortiAI data privacy
FortiAI tokens
FortiAI example tasks
Reports
How ADOMs affect reports
Predefined reports, templates, charts, and macros
Logs used for reports
How charts and macros extract data from logs
How auto-cache works
Generating reports
Report guidance
Viewing completed reports
Enabling auto-cache
Grouping reports
Retrieving report diagnostic logs
Auto-Generated Reports
Scheduling reports
Creating reports
Creating reports from report templates
Creating reports by cloning and editing
Creating reports without using a template
Reports Settings tab
Customizing report cover pages
Reports Editor tab
Filtering report output
Managing reports
Organizing reports into folders
Importing and exporting reports
Report template library
Creating report templates
Viewing sample reports for predefined report templates
Managing report templates
List of report templates
Using the Template - Shadow IT Report
Chart library
Creating charts
Managing charts
Macro library
Creating macros
Managing macros
Datasets
Creating datasets
Viewing the SQL query of an existing dataset
SQL query functions
Managing datasets
Aliases and metadata tables
Output profiles
Creating output profiles
Managing output profiles
Report languages
Exporting and modifying a language
Importing a language
Deleting a language
Report calendar
Viewing all scheduled reports
Managing report schedules
System Settings
Logging Topology
Network
Configuring network interfaces
Disabling ports
Changing administrative access
Static routes
Packet capture
Aggregate links
VLAN interfaces
SNMP
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
SNMP MIBs
SNMP traps
Fortinet & FortiAnalyzer MIB fields
RAID Management
Supported RAID levels
Configuring the RAID level
Monitoring RAID status
Swapping hard disks
Adding hard disks
Administrative Domains (ADOMs)
Root ADOM
Default device type ADOMs
Organizing devices into ADOMs
FortiClient support and ADOMs
Enabling and disabling the ADOM feature
ADOM device modes
Managing ADOMs
Creating ADOMs
Assigning devices to an ADOM
Assigning administrators to an ADOM
Editing an ADOM
Deleting ADOMs
Fabric Management
Creating or editing storage connectors
Certificates
Local certificates
CA certificates
Certificate revocation lists
Log Forwarding
Modes
Configuring log forwarding
Output profiles
Managing log forwarding
Log forwarding buffer
Log Fetching
Fetching profiles
Fetch requests
Synchronizing devices and ADOMs
Request processing
Fetch monitoring
Event Log
Event log filtering
Task Monitor
Mail Server
Syslog Server
Send local logs to syslog server
Meta Fields
Device logs
Configuring rolling and uploading of logs using the GUI
Configuring rolling and uploading of logs using the CLI
Upload logs to cloud storage
File Management
Miscellaneous Settings
FortiGuard
Subscribing FortiAnalyzer to FortiGuard
Licensing in an air-gap environment
Enabling updates through a web proxy
Administrators
Trusted hosts
Monitoring administrators
Disconnecting administrators
Managing administrator accounts
Creating administrators
Editing administrators
Deleting administrators
Override administrator attributes from profiles
Administrator profiles
Permissions
Privacy Masking
Creating administrator profiles
Creating administrator profiles for incident & event management
Editing administrator profiles
Cloning administrator profiles
Deleting administrator profiles
Authentication
Public Key Infrastructure
Managing remote authentication servers
Editing remote authentication servers
Deleting remote authentication servers
LDAP servers
RADIUS servers
TACACS+ servers
Remote authentication server groups
SAML admin authentication
FortiCloud SSO admin authentication
Global administration settings
Password policy
Password lockout and retry attempts
GUI language
Idle timeout
Security Fabric authorization information for FortiOS
Control administrative access with a local-in policy
Multi-factor authentication
Multi-factor authentication with FortiAuthenticator
Configuring FortiAuthenticator
Configuring FortiAnalyzer
Multi-factor authentication with FortiToken Cloud
High Availability
Configuring HA options
Log synchronization
Configuration synchronization
Geo-redundant HA
Monitoring HA status
If the primary unit fails
Load balancing
Upgrading the FortiAnalyzer firmware for an operating cluster
Collectors and Analyzers
Configuring the Collector
Configuring the Analyzer
Fetching logs from the Collector to the Analyzer
Management Extensions
FortiSIEM MEA
FortiSOAR MEA
Enabling management extension applications
CLI for management extensions
Accessing management extension logs
Checking for new versions and upgrading
Appendix A - Supported RFC Notes
Appendix B - Log Integrity and Secure Log Transfer
Maximum TLS/SSL version compatibility
Appendix C - FortiAnalyzer Ansible Collection documentation
Appendix D - FortiAI token entitlements for FortiAnalyzer
Change Log
Home
FortiAnalyzer 7.6.1
Administration Guide
7.6.1
7.6.1
7.6.0
7.4.5
7.4.4
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.13
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.0
4.2.0
4.1.0
4.0.0
Macro library
Macro library
Use the Macro library to create, edit, and manage your macros.
Previous
Next
Macro library
Macro library
Use the Macro library to create, edit, and manage your macros.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Setting up FortiAnalyzer
Connecting to the GUI
FortiAnalyzer Setup wizard
Activating VM licenses
Security considerations
Restricting GUI access by trusted host
Trusted platform module support
Self-encrypting drives
Other security considerations
GUI overview
Panes
Color themes
Switching between ADOMs
Using the right-click menu
Using the CLI console
Avatars
Using the Process Monitor
Showing and hiding passwords
Google Map integration
Target audience and access level
Initial setup
FortiManager features
Next steps
Restarting and shutting down
FortiAnalyzer Key Concepts
Operation modes
Analyzer mode
Collector mode
Analyzer and Collector feature comparison
Analyzer–Collector collaboration
FortiAnalyzer Fabric
Administrative domains
Logs
Log storage
SQL database
Analytics and Archive logs
Data policy and automatic deletion
Disk utilization for Archive and Analytic logs
FortiView dashboard
Dashboards
Customizing the status dashboard
System Information widget
Changing the host name
Configuring the system time
Updating the system firmware
Firmware maturity levels
Backing up the system
Restoring the configuration
Migrating the configuration
Configuring the operation mode
System Resources widget
License Information widget
Registering with FortiCloud
Enabling remote access from FortiCloud
Activating add-on licenses
Migrating FortiAnalyzer-VM licenses
Unit Operation widget
Alert Messages Console widget
Log Receive Monitor widget
Insert Rate vs Receive Rate widget
Log Insert Lag Time widget
Receive Rate vs Forwarding Rate widget
Disk I/O widget
Device widgets
Restart, shut down, or reset FortiAnalyzer
IOT dashboard
Email metrics dashboard
SOC dashboard
Device Manager
ADOMs
FortiClient EMS devices
Unauthorized devices
Using FortiManager to manage FortiAnalyzer devices
Adding devices
Adding devices using the wizard
Authorizing devices
Hiding unauthorized devices
Adding an HA cluster
Adding a FortiGate using Security Fabric authorization
Managing devices
Using the toolbar
Editing device information
Displaying historical average log rates
Connecting to an authorized device GUI
Setting values for required meta fields
Device groups
Adding device groups
Managing device groups
FortiView
FortiView
How ADOMs affect FortiView
Logs used for FortiView
FortiView dashboards
Using FortiView
Viewing FortiView dashboards
Filtering FortiView
Creating custom views for FortiView
Viewing related logs
Exporting filtered summaries
Monitoring resource usage of devices
Long-lived session handling
Viewing Indicators of Compromise
Understanding IOC entries
Working with IOC information
Managing an IOC rescan policy
Indicators of Compromise
Examples of using FortiView
Finding application and user information
Analyzing and reporting on network traffic
Finding FortiGate C&C detection logs
Monitors
FortiView monitors
Threats
Indicator of Compromise
FortiSandbox Detections
Local Threat Research
Global Threat Research
Threat (FortiClient)
Data Loss Prevention
Traffic
Applications & Websites
ZTNA
VPN
Traffic Shaping Monitor
Endpoints
Endpoints (FortiClient)
Traffic (FortiDDOS)
Traffic (FortiFirewall)
Applications & Websites (FortiClient)
VPN (FortiFirewall)
FortiClient Software Inventory
FortiMail
FortiProxy
Secure SD-WAN Monitor
SD-WAN Summary
WiFi
IoT
Fabric State of Security
Local System Performance
Using the monitors dashboard
Customizing the monitors dashboard
Creating custom widgets
Enabling and disabling FortiView
Log View and Log Quota Management
Types of logs collected for each device
Log messages
Viewing the log message list of a specific log type
Viewing message details
Customizing displayed columns
Customizing default columns
Filtering messages
Threat Hunting
Monitoring all types of security and event logs from FortiGate devices
Viewing historical and real-time logs
Viewing raw and formatted logs
Custom views
Downloading log messages
Creating charts with Chart Builder
User and endpoint ID log fields
Log groups
Log browse
Importing a log file
Downloading a log file
Deleting log files
Log and file storage
Disk space allocation
Log and file workflow
Automatic deletion
Logs for deleted devices
Log storage information
Storage information
Configuring log storage policy
Configuring log rate receiving limits
Fabric View
Asset Identity Center
Asset Summary
Identity Summary
Asset List
Identity List
OT View
Configuring endpoint and end user data sources
Subnets
Creating a subnet list
Creating a subnet group
Assigning subnet filters to event handlers
Fortinet Security Fabric
Adding a Security Fabric group
Displaying Security Fabric topology
Security Fabric traffic log to UTM log correlation
Security Fabric ADOMs
Enabling SAML authentication in a Security Fabric
Incidents & Events
Incidents
Raising an incident
Managing incidents
Analyzing an incident
Configuring incident settings
Adding reports to an incident
MITRE ATT&CK®
Event Monitor
All Events
Default event views
Filtering events
Viewing event details
Acknowledging events
Assigning events
Managing default views
Creating custom views
Understanding event statuses
Event handlers
Predefined event handlers
Predefined correlation handlers
Creating a custom event handler
Creating a custom correlation handler
Using the Automation Stitch for event handlers
Using the Generic Text Filter
Managing event handlers
Enabling event handlers
Cloning event handlers
Resetting predefined event handlers to factory defaults
Importing and exporting event handlers
Creating data selectors
Creating notification profiles
Indicators
Managing indicators
Indicator enrichment
Automation
Active connectors
Configuring connectors for automation
Security Fabric connectors
ITSM connectors
Playbooks
Playbook templates
Playbook triggers and tasks
Configuring tasks using variables
Importing and exporting playbooks
Playbook Monitor
Outbreak Alerts
SIEM log parsers
FortiAnalyzer Security Automation Service
Security Automation Service objects
FortiAI
Enabling administrator access to FortiAI
Using FortiAI
FortiAI data privacy
FortiAI tokens
FortiAI example tasks
Reports
How ADOMs affect reports
Predefined reports, templates, charts, and macros
Logs used for reports
How charts and macros extract data from logs
How auto-cache works
Generating reports
Report guidance
Viewing completed reports
Enabling auto-cache
Grouping reports
Retrieving report diagnostic logs
Auto-Generated Reports
Scheduling reports
Creating reports
Creating reports from report templates
Creating reports by cloning and editing
Creating reports without using a template
Reports Settings tab
Customizing report cover pages
Reports Editor tab
Filtering report output
Managing reports
Organizing reports into folders
Importing and exporting reports
Report template library
Creating report templates
Viewing sample reports for predefined report templates
Managing report templates
List of report templates
Using the Template - Shadow IT Report
Chart library
Creating charts
Managing charts
Macro library
Creating macros
Managing macros
Datasets
Creating datasets
Viewing the SQL query of an existing dataset
SQL query functions
Managing datasets
Aliases and metadata tables
Output profiles
Creating output profiles
Managing output profiles
Report languages
Exporting and modifying a language
Importing a language
Deleting a language
Report calendar
Viewing all scheduled reports
Managing report schedules
System Settings
Logging Topology
Network
Configuring network interfaces
Disabling ports
Changing administrative access
Static routes
Packet capture
Aggregate links
VLAN interfaces
SNMP
SNMP agent
SNMP v1/v2c communities
SNMP v3 users
SNMP MIBs
SNMP traps
Fortinet & FortiAnalyzer MIB fields
RAID Management
Supported RAID levels
Configuring the RAID level
Monitoring RAID status
Swapping hard disks
Adding hard disks
Administrative Domains (ADOMs)
Root ADOM
Default device type ADOMs
Organizing devices into ADOMs
FortiClient support and ADOMs
Enabling and disabling the ADOM feature
ADOM device modes
Managing ADOMs
Creating ADOMs
Assigning devices to an ADOM
Assigning administrators to an ADOM
Editing an ADOM
Deleting ADOMs
Fabric Management
Creating or editing storage connectors
Certificates
Local certificates
CA certificates
Certificate revocation lists
Log Forwarding
Modes
Configuring log forwarding
Output profiles
Managing log forwarding
Log forwarding buffer
Log Fetching
Fetching profiles
Fetch requests
Synchronizing devices and ADOMs
Request processing
Fetch monitoring
Event Log
Event log filtering
Task Monitor
Mail Server
Syslog Server
Send local logs to syslog server
Meta Fields
Device logs
Configuring rolling and uploading of logs using the GUI
Configuring rolling and uploading of logs using the CLI
Upload logs to cloud storage
File Management
Miscellaneous Settings
FortiGuard
Subscribing FortiAnalyzer to FortiGuard
Licensing in an air-gap environment
Enabling updates through a web proxy
Administrators
Trusted hosts
Monitoring administrators
Disconnecting administrators
Managing administrator accounts
Creating administrators
Editing administrators
Deleting administrators
Override administrator attributes from profiles
Administrator profiles
Permissions
Privacy Masking
Creating administrator profiles
Creating administrator profiles for incident & event management
Editing administrator profiles
Cloning administrator profiles
Deleting administrator profiles
Authentication
Public Key Infrastructure
Managing remote authentication servers
Editing remote authentication servers
Deleting remote authentication servers
LDAP servers
RADIUS servers
TACACS+ servers
Remote authentication server groups
SAML admin authentication
FortiCloud SSO admin authentication
Global administration settings
Password policy
Password lockout and retry attempts
GUI language
Idle timeout
Security Fabric authorization information for FortiOS
Control administrative access with a local-in policy
Multi-factor authentication
Multi-factor authentication with FortiAuthenticator
Configuring FortiAuthenticator
Configuring FortiAnalyzer
Multi-factor authentication with FortiToken Cloud
High Availability
Configuring HA options
Log synchronization
Configuration synchronization
Geo-redundant HA
Monitoring HA status
If the primary unit fails
Load balancing
Upgrading the FortiAnalyzer firmware for an operating cluster
Collectors and Analyzers
Configuring the Collector
Configuring the Analyzer
Fetching logs from the Collector to the Analyzer
Management Extensions
FortiSIEM MEA
FortiSOAR MEA
Enabling management extension applications
CLI for management extensions
Accessing management extension logs
Checking for new versions and upgrading
Appendix A - Supported RFC Notes
Appendix B - Log Integrity and Secure Log Transfer
Maximum TLS/SSL version compatibility
Appendix C - FortiAnalyzer Ansible Collection documentation
Appendix D - FortiAI token entitlements for FortiAnalyzer
Change Log