Fortinet black logo

User Guide

Home SOCaaS User Guide

Forensic analysis

Forensic analysis

The forensic analysis feature in SOCaaS allows you to submit and view forensic analysis requests using the FortiClient Forensic Service. The FortiClient Forensic Service provides analysis to help endpoint customers respond to and recover from cyber incidents using forensic analysts from Fortinet's FortiGuard Labs. For more information, see the FortiClient Forensic Service data sheet.

In order to use forensic analysis, you must have the following:

  • A FortiClient EMS with the FortiClient Forensic Service license onboarded to SOCaaS.

  • Endpoint(s) with FortiClient managed by the onboarded FortiClient EMS.

You can initiate new forensic analysis requests when viewing SOCaaS alerts. See Request forensic analysis.

This topic includes information on the following information:

Previous
Next

Forensic analysis

The forensic analysis feature in SOCaaS allows you to submit and view forensic analysis requests using the FortiClient Forensic Service. The FortiClient Forensic Service provides analysis to help endpoint customers respond to and recover from cyber incidents using forensic analysts from Fortinet's FortiGuard Labs. For more information, see the FortiClient Forensic Service data sheet.

In order to use forensic analysis, you must have the following:

  • A FortiClient EMS with the FortiClient Forensic Service license onboarded to SOCaaS.

  • Endpoint(s) with FortiClient managed by the onboarded FortiClient EMS.

You can initiate new forensic analysis requests when viewing SOCaaS alerts. See Request forensic analysis.

This topic includes information on the following information:

Previous
Next