Fortinet black logo

User Guide

Home SOCaaS User Guide

Requirements

Requirements

The following items are required to use SOCaaS:

  • FortiCloud account to access the SOCaaS portal.

    Note

    When making changes to your FortiCare ID in FortiCloud, it is important to submit those changes in SOCaaS.

    Please notify the SOCaaS team of FortiCare ID changes by submitting a technical assistance Service Request including the new ID and any important changes to your account, as well as any changes to emails or other account contact information.

  • FortiGate has a valid FortiCloud SOCaaS subscription.

  • On-premise FortiAnalyzer or FortiAnalyzer Cloud is required to collect logs from customer devices. The customer will configure their FortiAnalyzer on-premise or FortiAnalyzer cloud to forward logs to the SOCaaS.

    Note

    A complimentary FortiAnalyzer Cloud instance is provided with the SOCaaS license and may be used if customer does not have a FortiAnalyzer on-premise or FortiAnalyzer Cloud instance.

    Customers may provision this instance on the region of your choice. You will then be required to forward the entitled device logs to the SOCaaS collection point in that same region.

  • FortiGate and FortiAnalyzer are on version 6.4.5 or later.

    Note

    FortiAnalyzer version 7.2.4/7.4.2 and later are recommended if you are configuring FQDN for log forwarding.

  • FortiGate is logging to an on-premise FortiAnalyzer device or FortiAnalyzer Cloud.

  • When adding FortiGates configured under a High Availability (HA) setup, each FortiGate in the HA cluster must have a subscription to SOCaaS to forward logs to the SOC FortiAnalyzer.

  • (Optional) An onboarded FortiClient EMS has a valid FortiClient Forensic Service license in order to view and submit forensic analysis requests.

You are required to filter all confidential and personal data from all logs sent to SOCaaS. Fortinet is not responsible for any customer logs that contain confidential or personal data.

Previous
Next

Requirements

The following items are required to use SOCaaS:

  • FortiCloud account to access the SOCaaS portal.

    Note

    When making changes to your FortiCare ID in FortiCloud, it is important to submit those changes in SOCaaS.

    Please notify the SOCaaS team of FortiCare ID changes by submitting a technical assistance Service Request including the new ID and any important changes to your account, as well as any changes to emails or other account contact information.

  • FortiGate has a valid FortiCloud SOCaaS subscription.

  • On-premise FortiAnalyzer or FortiAnalyzer Cloud is required to collect logs from customer devices. The customer will configure their FortiAnalyzer on-premise or FortiAnalyzer cloud to forward logs to the SOCaaS.

    Note

    A complimentary FortiAnalyzer Cloud instance is provided with the SOCaaS license and may be used if customer does not have a FortiAnalyzer on-premise or FortiAnalyzer Cloud instance.

    Customers may provision this instance on the region of your choice. You will then be required to forward the entitled device logs to the SOCaaS collection point in that same region.

  • FortiGate and FortiAnalyzer are on version 6.4.5 or later.

    Note

    FortiAnalyzer version 7.2.4/7.4.2 and later are recommended if you are configuring FQDN for log forwarding.

  • FortiGate is logging to an on-premise FortiAnalyzer device or FortiAnalyzer Cloud.

  • When adding FortiGates configured under a High Availability (HA) setup, each FortiGate in the HA cluster must have a subscription to SOCaaS to forward logs to the SOC FortiAnalyzer.

  • (Optional) An onboarded FortiClient EMS has a valid FortiClient Forensic Service license in order to view and submit forensic analysis requests.

You are required to filter all confidential and personal data from all logs sent to SOCaaS. Fortinet is not responsible for any customer logs that contain confidential or personal data.

Previous
Next