Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
miek
New Contributor

Fortianalyzer 7.0 What am I missing?

Hi,

I've been trying to learn the in's and outs of FA over the last 6 months and I have to say, either I'm still missing a lot or this is an underperforming device. We are on version 7.0 and I'm sure the fact that we do not use EMS or any other Forticlient tool (except VPN) probably adds to the issue. Honestly though, we did a POC with both the endpoint web filtering and the AV and it failed our requirements. We do use the web filtering on the Fortigate with a good degree of satisfaction.

 

Although the reports from FA seem pretty robust, its the real time analysis with threats, traffic, and other various widgets that are very lackluster in my opinion. if you click on Compromised Hosts for example, the initial data display is not helpful. You have to double click on every entry and wait >20 seconds to drill down to the next level. Looking at traffic data, threat scores seem to be of no benefit. Until update 7.0, we were able to forward these logs to graylog where we were able to do so much more with monitoring , but Fortinet, it seems has obfuscated the data more so since 7.0, you can't extrapolate meaningful information, so we are going to turn it off to save storage. We also seem to be overrunning our daily license for logs by a factor of 3. I've read behavior is undefined if that happens, but I also realize that just means QA did not test that.

 

I realize there is the FortiSoc section where I can build some playbooks based on events, etc and I'll try and expand on that, but if you could give me some links to some more advanced walk throughs, that would be helpful. I have reviewed the NSE 5 FortiAnalyzer 7  course. We want to be able to use the FortiAnalyzer like graylog for real time monitoring.

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello miek,

 

Thank you for using the Community Forum.

 

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
miek
New Contributor

Hi Anthony,

I submitted my questions as a ticket and I was informed that we don't have a threat analysis license currently. I will be looking into that, however, I suspect that won't solve all my questions. 

 

Thanks

Anthony_E
Community Manager
Community Manager

Hello miek,

 

Sorry to hear about that!

I m sure that an answer will be available soon!

 

Regards,

 

Anthony-Fortinet Community Team.
Top Kudoed Authors