Fortinet FortiAnalyzer Centralized Logging/Reporting
Fortinet Inc. | 6.2.3Linux/Unix, Other 6.2.3 - 64-bit Amazon Machine Image (AMI)
External reviews
External reviews are not included in the AWS star rating for the product.
Excellent tool for SOC to do "Incident Detection and Response"
What do you like best about the product?
The FortiAnalyzer not only acts as Log Centralized Management but also can act as Incident Detection and Response. First, FortiAnalyzer can re-check logs sent from FortiGate with IoC database to detect anomaly or malicious connections; after that, we can use the automation feature in FortiGate to respond with IoC Scanning result from FortiAnalyzer (such as Block the Source IP of connection). Second, with the Alert feature from FortiAnalyzer, we can set up FortiAnalyzer to send an email alert or SMS to admin in the case of some security event/system event collected from the FortiGate (such as Email to Admin when FortiGate detect attack with Critical Severity).
What do you dislike about the product?
IoC feature from FortiAnalyzer has required a license, not a free feature.
What problems is the product solving and how is that benefiting you?
Automation response based on Security event/System Event
- Leave a Comment |
- Mark review as helpful
Centralized Log Management for Fortinet Firewall
What do you like best about the product?
Centralized Log Management for Fortinet Firewall (FortiGate) is the best feature. It helps the IT Team easy to manage Infrastructure having Multiple FortiGate devices.
With FortiAnalyzer, we can store logs of many FortiGate devices at FortiAnalyzer; and we have many advantages by doing this as below:
- Easy for debugging/troubleshooting: In the case of some issue related to multiple FortiGate devices, we can log-in to FortiAnalyzer to view logs of multiple FortiGate devices instead of log-in to multiple FortiGate devices to view logs.
- Provide overview statistics about Security Events at Entire Infrastructure: By collecting logs from Multiple FortiGate devices, we can view overall statistical information in FortiAnalyzer about Security Event (Web, Application, Threat, etc.).
With FortiAnalyzer, we can store logs of many FortiGate devices at FortiAnalyzer; and we have many advantages by doing this as below:
- Easy for debugging/troubleshooting: In the case of some issue related to multiple FortiGate devices, we can log-in to FortiAnalyzer to view logs of multiple FortiGate devices instead of log-in to multiple FortiGate devices to view logs.
- Provide overview statistics about Security Events at Entire Infrastructure: By collecting logs from Multiple FortiGate devices, we can view overall statistical information in FortiAnalyzer about Security Event (Web, Application, Threat, etc.).
What do you dislike about the product?
I do not have any dislike point for this product for now.
What problems is the product solving and how is that benefiting you?
Centralized Log Management of Multiple FortiGate devices.
Reduce time to debug network/security issues.
Reduce time to debug network/security issues.
An excellent application developed by fortinet to work in telemetry
What do you like best about the product?
Extremely efficient software, provides great insight into forti products. FAZ can be manages using CLI as well. Tabs like reports and SOC stands out as compared to other vendors in market. You can view traffic, websites and applications, VPNs all from single pane of glass. Built in mail server and have capability of building certificates as well.
You can test it in virtual environment as well, fortinet provides VMware compatible files for FAZ.
You can test it in virtual environment as well, fortinet provides VMware compatible files for FAZ.
What do you dislike about the product?
Nothing in particular.
Just the response time can be a litter bit better. And it should have option to inegrate with other vendors as well.
Just the response time can be a litter bit better. And it should have option to inegrate with other vendors as well.
What problems is the product solving and how is that benefiting you?
We have implemented this in our environment since we have started using EMS and FGT. It provides an excellent overview of security products running in environment from one management console. Options of creating multiple administrative domains to manage FAZ. It's a great subsitute to Forti Manager as well. If someone doesn't want to invest in telemety as a whole.
Runs really efficient in environment.
Runs really efficient in environment.
Recommendations to others considering the product:
If you are implementing telemetry in your environment, you have to make use of FortiAnalyzer or Forti Manager. Provides an extra layer of security and protection. Brings in ease of management of devices in telemetry. You dont have to buy separate SOC environment when you use FAZ. Prvovides and in built event manager as well. So many ways of saving cost and having an efficient security product.
Excellent for my home use
I have 20+ online devices at home behind FWF-60E-DSL. After 1year uptime, I can see interesting outside attacks, and sometimes misconfigured fortiswitch device, and application control and network stats. The subscription is only $10 to $15 per month but I wish it could be cheaper. Overall, happy with the setup and found it to be useful and no issues for v6.0.2-build0205 180813 (GA).
showing 11 - 14