I have FortiSIEM, FortiSOAR and CheckPoint firewall. Connected FortiSIEM and CheckPoint firewall with FortiSOAR through connector. Now can anyone please guide me that how can I take action from SOAR.
For example:
SIEM detects a brute force attempt. SOAR ingest data from SIEM. Now I want soar to take action against the attacker through checkpoint firewall. eg: block IP/block url.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
You can refer below article:-
FortiEDR is a good choice for endpoint protection. FortiSOAR is really great product, but a big company play, or if you have the staff, SOC as a service play, not really suitable for smaller businesses due to cost and up front complexity (someone has to configure it, and maintain it). Consider who will be feeding and taking care of this before positioning. FortiAnalyzer SOCaaS might be a better play.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.