Log correlation

Host name resolution

Log collection

Real-time forwarding

The disk quota for the FortiAnalyzer model

The disk quota for all devices in the ADOM

The disk quota for each device in the ADOM

The disk quota for the ADOM type

CPU resources are too high

Logs in that ADOM are being forwarded, in real-time, to another FortiAnalyzer device

The total disk space is insufficient and you need to add other disk

The ADOM disk quota is set too low, based on log rates

Allows you to manage the entire life cycle of a threat or breach.

Its use of the available disk space is capped at 50%.

It requires a licensed FortiSIEM supervisor.

It can be installed as a dedicated VM.

Centralized log repository

Cloud-based management

Reports

Virtual domains (VDOMs)

It can be edited and modified as required

It specifies the report layout which contains predefined texts, charts, and macros

It specifies report settings which contains time period, device selection, and schedule

It contains predefined data to generate mock reports

Generated reports

Device list

Authorized devices logs

System information

Management extensions do not require additional licenses.

Management extensions allow FortiAnalyzer to act as a ForbSIEM supervisor.

Management extensions require a dedicated VM for best performance.

Management extensions may require a minimum number of CPU cores to run.

Improve report completion time.

Conserve disk space on FortiAnalyzer by grouping multiple similar reports.

Reduce the number of hcache tables and improve auto-hcache completion time.

Provides a better summary of reports.

Output profiles

Report settings

Report scheduling

Custom datasets