Fortinet black logo

User Guide

Home SOCaaS User Guide

Onboarding additional devices

Onboarding additional devices

After completing the initial SOCaaS onboarding, you can initiate new onboarding requests to add additional devices using the New Onboarding link on the SOCaaS welcome page. After a new onboarding request has been completed, you can track its status in Service Requests. See Service requests.

To begin a new onboarding request in SOCaaS:

  1. Go to the SOCaaS portal welcome page.

  2. In the Make New Service Request tile, click the Start New Onboarding button to launch the New Onboarding wizard.

  3. Complete the following onboarding steps in the wizard:

    1. Select the new Fabric device(s) to be onboarded. Only Fabric devices entitled to SOCaaS that are not yet onboarded are displayed. You can select multiple types of Fabric devices, for example a SASE entitled FortiClient EMS as well as FortiGate devices sending their logs to an on-premises FortiAnalyzer.

    2. (Optional) Enter the device information.

      HA Mode

      Enable this setting when onboarding a device that is part of an HA cluster, and specify the HA Primary Serial Number (SN) of the primary device. The primary device can be a new device or a device already onboarded to SOCaaS.
      Host Name Enter a host name for the device.
      Description Enter a description for the device.

      Location

      Select the device's location. Locations can be specified by city and country. This location is used to show the devices on the map in the SOCaaS portal.

    3. (Optional) Add monitoring subnets. You can define subnets to limit SOC monitoring by including or excluding specified subnets. By default, all subnets are monitored.

      Click Add to create a new monitoring subnet, and configure the following information:

      Type

      Select the type as either Include or Exclude.

      When set to Include, the subnet or IP range will be monitored. When set to Exclude, the subnet or IP range will not be monitored.
      Subnet Enter the subnet (CIDR) or IP range.
      Name A name is automatically created for the monitoring subnet, however, you can optionally replace it with a custom name.

    4. (Optional) Add a new contact for the onboarding device(s). Existing contacts, including the default contact, are automatically displayed and cannot be edited.

      Name Enter the contact's name.
      Emails Enter the contact's email(s). Multiple email addresses can be separated using a comma.
      Primary Phone Enter the contact's primary phone number including the country code and area code.

      Secondary Phone

      Enter the contact's secondary phone number including the country code and area code.

    5. (Optional) Add escalation paths.

      Escalation paths determine how security alerts are escalated by the SOC team to the contacts defined in the previous step. When no escalation paths are created, the default contact will be contacted.

      When multiple escalation paths are created, alerts are escalated to the first escalation path with matching criteria based on their order on the page from top to bottom. You can reorder escalation paths by dragging them to your desired placement in the table.

      To create new escalation paths, click Add and configure the following information:

      Name Enter the name of the escalation path.
      Primary Contact and Secondary Contact Select the Primary Contacts and Secondary Contacts that were configured in the previous step.
      Included Devices or Excluded Devices Optionally, specify which devices are included in this escalation path by selecting them in the Included Devices or Excluded Devices fields. By default, all devices are included.

      Included Subnets and/or Excluded Subnets

      Optionally, specify which subnets are included in this escalation path by selecting them in the Included Subnets or Excluded Subnets fields. By default, all subnets are included.

      You can create additional subnets to include or exclude in escalation paths by clicking the + Add button.

    6. On the Notes page, add the email address where you want to receive email notifications related to the onboarding process. You can include special requests and/or instructions for the SOCaaS team in the Notes textbox.

    7. Review the details in the Summary page.

      Once all fields are completed, you can review the summary of your changes before submitting the onboarding request. Click each tab to view the details you provided in the previous steps. Click Back to return to a previous step in the Wizard.

    8. After the New Onboarding wizard is complete, a new service request with the Device Onboarding type is created. You can view the status and request details by going to Service Requests in the SOCaaS portal. See Service requests.

Previous
Next

Onboarding additional devices

After completing the initial SOCaaS onboarding, you can initiate new onboarding requests to add additional devices using the New Onboarding link on the SOCaaS welcome page. After a new onboarding request has been completed, you can track its status in Service Requests. See Service requests.

To begin a new onboarding request in SOCaaS:

  1. Go to the SOCaaS portal welcome page.

  2. In the Make New Service Request tile, click the Start New Onboarding button to launch the New Onboarding wizard.

  3. Complete the following onboarding steps in the wizard:

    1. Select the new Fabric device(s) to be onboarded. Only Fabric devices entitled to SOCaaS that are not yet onboarded are displayed. You can select multiple types of Fabric devices, for example a SASE entitled FortiClient EMS as well as FortiGate devices sending their logs to an on-premises FortiAnalyzer.

    2. (Optional) Enter the device information.

      HA Mode

      Enable this setting when onboarding a device that is part of an HA cluster, and specify the HA Primary Serial Number (SN) of the primary device. The primary device can be a new device or a device already onboarded to SOCaaS.
      Host Name Enter a host name for the device.
      Description Enter a description for the device.

      Location

      Select the device's location. Locations can be specified by city and country. This location is used to show the devices on the map in the SOCaaS portal.

    3. (Optional) Add monitoring subnets. You can define subnets to limit SOC monitoring by including or excluding specified subnets. By default, all subnets are monitored.

      Click Add to create a new monitoring subnet, and configure the following information:

      Type

      Select the type as either Include or Exclude.

      When set to Include, the subnet or IP range will be monitored. When set to Exclude, the subnet or IP range will not be monitored.
      Subnet Enter the subnet (CIDR) or IP range.
      Name A name is automatically created for the monitoring subnet, however, you can optionally replace it with a custom name.

    4. (Optional) Add a new contact for the onboarding device(s). Existing contacts, including the default contact, are automatically displayed and cannot be edited.

      Name Enter the contact's name.
      Emails Enter the contact's email(s). Multiple email addresses can be separated using a comma.
      Primary Phone Enter the contact's primary phone number including the country code and area code.

      Secondary Phone

      Enter the contact's secondary phone number including the country code and area code.

    5. (Optional) Add escalation paths.

      Escalation paths determine how security alerts are escalated by the SOC team to the contacts defined in the previous step. When no escalation paths are created, the default contact will be contacted.

      When multiple escalation paths are created, alerts are escalated to the first escalation path with matching criteria based on their order on the page from top to bottom. You can reorder escalation paths by dragging them to your desired placement in the table.

      To create new escalation paths, click Add and configure the following information:

      Name Enter the name of the escalation path.
      Primary Contact and Secondary Contact Select the Primary Contacts and Secondary Contacts that were configured in the previous step.
      Included Devices or Excluded Devices Optionally, specify which devices are included in this escalation path by selecting them in the Included Devices or Excluded Devices fields. By default, all devices are included.

      Included Subnets and/or Excluded Subnets

      Optionally, specify which subnets are included in this escalation path by selecting them in the Included Subnets or Excluded Subnets fields. By default, all subnets are included.

      You can create additional subnets to include or exclude in escalation paths by clicking the + Add button.

    6. On the Notes page, add the email address where you want to receive email notifications related to the onboarding process. You can include special requests and/or instructions for the SOCaaS team in the Notes textbox.

    7. Review the details in the Summary page.

      Once all fields are completed, you can review the summary of your changes before submitting the onboarding request. Click each tab to view the details you provided in the previous steps. Click Back to return to a previous step in the Wizard.

    8. After the New Onboarding wizard is complete, a new service request with the Device Onboarding type is created. You can view the status and request details by going to Service Requests in the SOCaaS portal. See Service requests.

Previous
Next