Hi,
I've been trying to learn the in's and outs of FA over the last 6 months and I have to say, either I'm still missing a lot or this is an underperforming device. We are on version 7.0 and I'm sure the fact that we do not use EMS or any other Forticlient tool (except VPN) probably adds to the issue. Honestly though, we did a POC with both the endpoint web filtering and the AV and it failed our requirements. We do use the web filtering on the Fortigate with a good degree of satisfaction.
Although the reports from FA seem pretty robust, its the real time analysis with threats, traffic, and other various widgets that are very lackluster in my opinion. if you click on Compromised Hosts for example, the initial data display is not helpful. You have to double click on every entry and wait >20 seconds to drill down to the next level. Looking at traffic data, threat scores seem to be of no benefit. Until update 7.0, we were able to forward these logs to graylog where we were able to do so much more with monitoring , but Fortinet, it seems has obfuscated the data more so since 7.0, you can't extrapolate meaningful information, so we are going to turn it off to save storage. We also seem to be overrunning our daily license for logs by a factor of 3. I've read behavior is undefined if that happens, but I also realize that just means QA did not test that.
I realize there is the FortiSoc section where I can build some playbooks based on events, etc and I'll try and expand on that, but if you could give me some links to some more advanced walk throughs, that would be helpful. I have reviewed the NSE 5 FortiAnalyzer 7 course. We want to be able to use the FortiAnalyzer like graylog for real time monitoring.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello miek,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hi Anthony,
I submitted my questions as a ticket and I was informed that we don't have a threat analysis license currently. I will be looking into that, however, I suspect that won't solve all my questions.
Thanks
Hello miek,
Sorry to hear about that!
I m sure that an answer will be available soon!
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1667 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.