Fortinet FortiAnalyzer 1000F Appliance
Security-Driven Analytics & Log Management
Sorry, this product is no longer available, please contact us for a replacement.
Overview:
FortiAnalyzer provides deep insights into advanced threats through Single-Pane Orchestration, Automation & Response for your entire attack surface to reduce risks and improve your organization’s overall security.
Integrated with Fortinet’s Security Fabric, FortiAnalyzer simplifies the complexity of analyzing and monitoring new and emerging technologies that have expanded the attack surface, and delivers end-to-end visibility, helping you identify and eliminate threats.
Advanced Threat Detection & Correlation allows Security & Network teams to immediately identify and respond to network security threats across the infrastructure.
Automated Workflows & Compliance Reporting provides customizable dashboards, reports and advanced workflow handlers for both Security & Network teams to accelerate workflows & assist with regulation and compliance audits.
Scalable Log Management collects logs from FortiGate, FortiClient, FortiManager, FortiSandbox, FortiMail, FortiWeb, FortiAuthenticator, Generic syslog and others. Deploy as an individual unit or optimized for a specific operation and scale storage based on retention requirements.
Key Features
End-to-end visibility
- Event correlation, threat detection and Indicator of Compromise (IOC) service reduce time-to-detect and identity threats
Fortinet Security Fabric integration
- Correlates with logs from FortiClient, FortiSandbox, FortiWeb, and FortiMail for deeper visibility and critical network insights
Enterprise-grade high availability
- Automatically back-up FortiAnalyzer DB’s (up to 4 node cluster) that can be geographically dispersed for disaster recovery
Security automation
- Reduce complexity and leverage automation via REST API, scripts, connectors, and automation stitches to expedite security response
Multi-tenancy and administrative domains (ADOMs)
- Separate customer data and manage domains leveraging ADOMs to be compliant and operationally effective
Flexible deployment options & archival storage
- Supports deployment of appliance, VM, hosted or cloud. Use AWS, Azure or Google to archive logs as a secondary storage
Features:
Security Operations Center (SOC)
FortiAnalyzer’s SOC management center helps secure your overall network by providing actionable views of log and threat data. Protect your network, web sites, applications, databases, servers and data centers, and other technologies, with centralized monitoring, awareness of the threats, events and network activity, using predefined and customized dashboards delivered through a single-pane-of-glass interface for easy integration into your Security Fabric.
Incident Detection & Response
FortiAnalyzer’s Automated Incident Response capability improves Management & Analytics with a focus on event management and identification of compromised endpoints. Improved default and custom event handlers can be used to detect malicious and suspicious activities on the spot. Integration of events with the FOS automation framework for automated actions such as endpoint quarantine or blacklist IPs. Incident detection and tracking, as well as evidence collection and analysis, are streamlined through integration with ITSM platforms, helping to bridge gaps in your Security Operations Center and reinforce your Security Posture.
Event handlers enable quick detection, automated correlation and connected remediation with incident management to simplify log analysis and threat identification across your Fortinet Security Fabric. Create event handlers for FortiGate, FortiCarrier, FortiCache, FortiMail, FortiManager, FortiWeb, FortiSandbox devices, and syslog servers. Define what messages to extract from logs and display in events and send alerts for event handlers via email address, webhook, SNMP community, or syslog server.
Indicators of Compromise
The Indicators of Compromise (IOC) summary shows end users with suspicious web usage compromises. It provides information such as end users’ IP addresses, hostname, group, OS, overall threat rating, a Map View, and a number of threats that you can drill down to view the details. Analysts can re-scan historical logs for threat hunting, and identify threats based on new intelligence. To generate the Indicators of Compromise, FortiAnalyzer checks web filter, DNS and traffic logs of each end-user against its threat database. When a threat match is found, a threat score is given to the end-user. FortiAnalyzer aggregates the threat scores of an end-user and gives its verdict of the end user’s overall Indicators of Compromise. The Indicators of Compromise summary is produced through logs from the FortiGate devices and FortiAnalyzer subscription to FortiGuard to keep its local threat database synced with the FortiGuard threat database.
Reports
FortiAnalyzer provides 39+ built-in templates that are ready to use, with sample reports to help identify the right report for you. You can generate custom data reports from logs by using the Reports feature. Run reports on-demand or on a schedule with automated email notifications, uploads and an easy to manage calendar view. Create custom reports with the 300+ built-in charts and datasets ready for creating your custom reports, with flexible report formats include PDF, HTML, CSV, and XML.
Log Forwarding for Third-Party Integration
You can forward logs from a FortiAnalyzer unit to another FortiAnalyzer unit, a syslog server, or a Common Event Format (CEF) server. The client is the FortiAnalyzer unit that forwards logs to another device. The server is the FortiAnalyzer unit, syslog server, or CEF server that receives the logs. In addition to forwarding logs to another unit or server, the client retains a local copy of the logs. The local copy of the logs is subject to the data policy settings for archived logs. Logs are forwarded in real-time or near real-time as they are received. Forwarded content files include: DLP files, antivirus quarantine files, and IPS packet captures.
Analyzer-Collector Mode
You can deploy in Analyzer mode and Collector mode on different FortiAnalyzer units and make the units work together to improve the overall performance of log receiving, analysis, and reporting. When FortiAnalyzer is in Collector mode, its primary task is forwarding logs of the connected devices to an Analyzer and archiving the logs. The Analyzer offloads the log-receiving task to the Collector so that the Analyzer can focus on data analysis and report generation. This maximizes the Collector’s log receiving performance.
Multi-Tenancy with Flexible Quota Management
Time-based archive/analytic log data policy per Administrative Domain (ADOM), automated quota management based on the defined policy, and trending graphs to guide policy configuration and usage monitoring.
Specifications:
FortiAnalyzer 200F | FortiAnalyzer 300F | FortiAnalyzer 400E | FortiAnalyzer 800F | FortiAnalyzer 1000F | FortiAnalyzer 3500G | |
---|---|---|---|---|---|---|
Capacity and Performance | ||||||
GB/Day of Logs | 100 | 150 | 200 | 300 | 660 | 5,000 |
Analytic Sustained Rate (logs/sec)* | 3,000 | 4,500 | 6,000 | 8,250 | 20,000 | 60,000 |
Collector Sustained Rate (logs/sec)* | 4,500 | 6,750 | 9,000 | 12,000 | 30,000 | 90,000 |
Devices/VDOMs (Maximum) | 150 | 180 | 200 | 800 | 2000 | 10,000 |
Max Number of Days Analytics** | 40 | 28 | 30 | 30 | 34 | 38 |
Options Supported | ||||||
FortiGuard Indicator of Compromise (IOC) | Yes | Yes | Yes | Yes | Yes | Yes |
Hardware Specifications | ||||||
Form Factor | 1 RU Rackmount | 1 RU Rackmount | 1 RU Rackmount | 1 RU Rackmount | 2 RU Rackmount | 4 RU Rackmount |
Total Interfaces | 2xRJ45 GE | 2xRJ45 GE, 2xSFP | 4x GE | 4 x GE, 2x SFP | 2x 10GbE RJ45, 2x 10GbE SFP+ | 2 x GbE RJ45, 2x SFP28 |
Storage Capacity | 4 TB (1 x 4 TB) | 8 TB (2 x 4 TB) | 12 TB (4x 3 TB) | 16 TB (4x 4 TB) | 32 TB (8x 4 TB) | 96 TB (24x 4 TB) |
Usable Storage (After RAID) | 4TB | 4TB | 6TB | 8TB | 24 | 80 |
Removable Hard Drives | No | No | Yes | Yes | Yes | Yes |
RAID Levels Supported | N/A | RAID 0/1 | RAID 0/1/5/10 | RAID 0/1/5/10 | RAID 0/1/5/6/10/50/60 | RAID 0/1/5/6/10/50/60 |
RAID Type | N/A | Software | Software | Hardware / Hot Swappable | Hardware / Hot Swappable | Hardware / Hot Swappable |
Default RAID Level | N/A | 1 | 10 | 10 | 50 | 50 |
Redundant Hot Swap Power Supplies | No | No | No | Yes | Yes | Yes |
Dimensions | ||||||
Height x Width x Length (inches) | 1.75 x 17.0 x 15.0 | 1.75 x 17.0 x 15.0 | 1.7 x 17.2 x 19.8 | 1.75 x 17.44 x 22.16 | 3.5 x 17.2 x 25.6 | 7.0 x 17.2 x 26.0 |
Height x Width x Length (cm) | 4.4 x 43.2 x 38.1 | 4.4 x 43.2 x 38.0 | 4.3 x 43.7 x 50.3 | 4.4 x 44.3 x 56.3 | 8.9 x 43.7 x 65.0 | 17.8 x 43.7 x 66.0 |
Weight | 17.1 lbs (7.8 kg) | 18.9 lbs (8.6 kg) | 31 lbs (14.1 kg) | 28.6 lbs (13.0 kg) | 34 lbs (15.42 kg) | 90.75 lbs (41.2 kg) |
Environment | ||||||
AC Power Supply | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz | 100–240V AC, 60–50 Hz |
Power Consumption (Max / Average) | 49 W / 114W | 65W / 130W | 93 W / 133W | 108W / 186W | 192.5W / 275W | 629.5W / 677.3W |
Heat Dissipation | 390 BTU/h | 445 BTU/h | 456 BTU/h | 634 BTU/h | 920 BTU/h | 2345.07 BTU/h |
Operating Temperature | 32 - 104° F (0 - 40° C) | 32 - 104° F (0 - 40° C) | 41–95°F (5–35°C) | 32 - 104° F (0 - 40° C) | 50–95°F (10 – 35°C) | 41–95°F (5–35°C) |
Storage Temperature | 95 - 158° F (-35 - 70° C) | 95 - 158° F (-35 - 70° C) | -40–140°F (-40–60°C) | 95 - 158° F (-35 - 70° C) | -40–140°F (-40–60°C) | -40–140°F (-40–60°C) |
Humidity | 20 to 90% non-condensing | 20 to 90% non-condensing | 8–90% non-condensing | 20 to 90% non-condensing | 8–90% non-condensing | 8–90% non-condensing |
Operating Altitude | Up to 7,400 ft (2,250 m) | Up to 7,400 ft (2,250 m) | Up to 9,842 ft (3,000 m) | Up to 7,400 ft (2,250 m) | Up to 7,400 ft (2,250 m) | Up to 7,400 ft (2,250 m) |
Compliance | ||||||
Safety Certifications | FCC Part 15 Class A, C-Tick, VCCI, CE, UL/cUL, CB |
* Sustained Rate - maximum constant log message rate that the FAZ platform can maintain for minimum 48 hours without SQL database and system performance degradation.
**is the max number of days if receiving logs continuously at the sustained analytics log rate. This number can increase if the average log rate is lower.
Documentation:
Download the Fortinet FortiAnalyzer Series Datasheet (PDF).
Pricing Notes:
- All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
- Hardware plus 24x7 FortiCare and FortiAnalyzer Enterprise Protection
Hardware Unit, 24x7 Comprehensive Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades, Enterprise Services Bundle (Indicators of Compromise Service and SOC Subscription license) plus term of contract - Enterprise Protection (24x7 FortiCare plus Indicators of Compromise Service and SOC Subscription license)
24x7 Comprehensive Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades, Enterprise Services Bundle (Indicators of Compromise Service and SOC Subscription license) - 24x7 FortiCare Contract
24x7 Comprehensive Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades/li> - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.