Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiAppSec Cloud User Guide

    Security Operations Center-as-a-Service (SOCaaS)

    Security Operations Center-as-a-Service (SOCaaS)

    This page outlines instructions for enabling SOCaaS for Gateways.

    For instructions on enabling SOCaaS for WAF applications, please refer to WAF Settings.

    Fortinet Security Operations Center-as-a-Service (SOCaaS) offers a cloud-based security monitoring service that analyzes security events generated from your FortiAppSec Cloud, performs alert triage, and escalates confirmed threat notifications. Its key services include:

    • Real-time web application and API security monitoring

    • Clear Call to Action on detected Web Attacks

    • Noise reduction of False Positives and Information alerts

    • Weekly FortiAppSec Cloud executive and threat protection report

    To allow the SOCaaS team to perform essential security operations, grant them access to retrieve attack logs from Threat Analytics on FortiCloud.

    Enable SOCaaS

    1. Navigate to Threat Analytics > Gateways.

    2. Click Enable SOCaaS for the desired device. This should open the SOCaaS portal.

    3. Onboard your device on the SOCaaS portal. For detailed instructions, please refer to the following article: Onboarding FortiWeb or FortiAppSec Cloud.

    After onboarding

    After you onboard your device through the SOCaaS portal, there is a short waiting period while configuration and service setup complete.

    The Gateways page displays the SOCaaS onboarding status.


    Once SOCaaS is ready for your device, hover over the SOCaaS status field to view the FortiAnalyzer server settings (address and port) that logs are forwarded to.

    Previous
    Next

    Security Operations Center-as-a-Service (SOCaaS)

    Security Operations Center-as-a-Service (SOCaaS)

    This page outlines instructions for enabling SOCaaS for Gateways.

    For instructions on enabling SOCaaS for WAF applications, please refer to WAF Settings.

    Fortinet Security Operations Center-as-a-Service (SOCaaS) offers a cloud-based security monitoring service that analyzes security events generated from your FortiAppSec Cloud, performs alert triage, and escalates confirmed threat notifications. Its key services include:

    • Real-time web application and API security monitoring

    • Clear Call to Action on detected Web Attacks

    • Noise reduction of False Positives and Information alerts

    • Weekly FortiAppSec Cloud executive and threat protection report

    To allow the SOCaaS team to perform essential security operations, grant them access to retrieve attack logs from Threat Analytics on FortiCloud.

    Enable SOCaaS

    1. Navigate to Threat Analytics > Gateways.

    2. Click Enable SOCaaS for the desired device. This should open the SOCaaS portal.

    3. Onboard your device on the SOCaaS portal. For detailed instructions, please refer to the following article: Onboarding FortiWeb or FortiAppSec Cloud.

    After onboarding

    After you onboard your device through the SOCaaS portal, there is a short waiting period while configuration and service setup complete.

    The Gateways page displays the SOCaaS onboarding status.


    Once SOCaaS is ready for your device, hover over the SOCaaS status field to view the FortiAnalyzer server settings (address and port) that logs are forwarded to.

    Previous
    Next