FortiAnalyzer

Version 5.4

QuickStart Guide
 REGISTER FOR SUPPORT

REGISTER YOUR FORTINET 登録のお願い

PRODUCT TO RECEIVE: 本日、
フォーティネット製品の登録をしてください。
• Technical Support 登録すると次のメリットがあります。
テクニカルサポート • 新機能の追加 • 新しい脅威
• New product features
への防御
• Protection from new threats

LA REISTRAZIONE TI 请马上注册
PERMETTE DI USUFRUIRE 您的飞塔产品
DI: 您在注册以后才能得到技术支持、新产品特
• Supporto Tecnico 点信息、最新威胁防护

D AY 1 : S E T U P
• Nuove funzionalita

• Proteezione dalle ultime minaccce

VOUS DEVEZ ENREGISTRER SUPPORT

LE PRODUIT POUR
http://forti.net/support • Configure network settings and admin account
RECEVOIR:
Toll free: 1 866 648 4638 • Set up FortiGate to send logs
• Support technique
Phone: 1 408 486 7899 • View logs from Log View
• Nouvelles fonctionnalitées du produit
Fax: 1 408 235 7737
• Protection contre de nouvelles menaces

DEBE REGISTRAR EL
P R O D U C T O PA R A R E C I B I R :
• Apoyo técnico

• Nuevas funcionalidades del producto

• Protección contra ataques

November 03, 2016

OS-541-370731-20160513

Copyright© 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered
trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other
product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in
internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments
and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all
warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel,
with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics
and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims
in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
 Configure FortiAnalyzer Network Settings
1 Set Up FortiAnalyzer
1. Go to System Settings > Network.

Configure FortiAnalyzer Network Settings 2. Change the IP address/Netmask to your internal network.

3. Keep the default Administrative Access settings.

1. Connect the FortiAnalyzer Port 1 to the Management computer port.
4. Specify a Default Gateway.

5. Change the IP address/Netmask of the management computer accordingly to

reconnect it to FortiAnalyzer.

FortiAnalyzer Port 1 Management computer port

IP address: 192.168.1.99 IP address: 192.168.1.10

2. Set the management computer to be on the same subnet as FortiAnalyzer.

(The default is 192.168.1.99.)
For Example:
IP Address: 192.168.1.10
Netmask: 255.255.255.0

3. Visit https://192.168.1.99 in your web browser.

Set Up Administrator Accounts
4. Log in with username admin and no password.
1. Go to System Settings > Admin > Administrator, and click Create New in the
toolbar.

2. Enter user name and password.

3. Click OK to save the change.

. .
4 5
Configure Log Storage Policy
2 Connect FortiGate to FortiAnalyzer
1. Go to System Settings > Dashboard.

2. In the System Information widget, under Log Storage Policy, select Edit Log
Storage policy. Management PC

• Data Policy:

Set Keep Logs for Analytics to 90 days. Internal Network

Set Keep Logs for Archive to 180 days.

• Disk Utilization:
Internet
WAN
Keep the default values. LAN

FortiGate

FortiAnalyzer

Configure FortiGate Log Settings

1. Log in to the FortiGate GUI from the management computer.

2. Go to Log & Report > Log Settings.

• Turn on Send Logs to FortiAnalyzer/FortiManager.

• Enter the IP address of the FortiAnalyzer and click Apply.

You can monitor the log storage settings and adjust as you go.

Check License and Registration

Don’t click Test Connectivity yet. You need to register this FortiGate on the
FortiAnalyzer first.

Check that you have a valid license for the IOC Service, to enable the feature.

. .
6 7
Register FortiGate on FortiAnalyzer Test Connectivity on FortiGate

1. Go to Device Manager of FortiAnalyzer. Click the Unregistered Devices tab in the 1. Go back to the Log Settings pane of FortiGate, and click Test Connectivity. If the
quick status bar. connection is successfully established, a connection summary is shown.

2. Select the FortiGate device, and click Add.

3. In the Add Device dialog box that opens, select the root ADOM, type a device name,
and click OK.

Verify Logs Being Received

1. Go to Log View of the FortiAnalyzer. Select Last 5 minutes from the time period
list and press GO. You should be able to see the FortiGate logs.

. .
8 9
 1 Look into FortiView Summaries
In FortiView, the Summary view provides different Fortinet summaries as widgets. You can
customize the widgets being displayed, and also drill down into each widget for further
info.

Fortiview Summary

Source IP 172.16.100.80 EICAR is the top threat Torrent used the

used the most bandwidth. to your network. most bandwidth.

DAY 2: NAVIGATE
• Interact with FortiView
• Generate reports
• Monitor events

. .
11
Top Threats

Drill Down Sort Entries

Double-click Click a column
the entry. heading.

Drill Down Get an Overview Sort Entries

Double-click the graphical Hover over a graphical Select from the drop-down
element. element. menu.

. .
12 13
Filter Data in FortiView

Regular Search Advanced Search Filter by Device Filter by Time Period

Select a filter from the list Click the icon to switch between Select devices from the Select a predefined time period
and specify a value. regular and advanced search. drop-down menu. or create a custom one.

Export to Chart
Export a filtered Fortiview (or
a drill-down) to charts, and
save to the Chart Library.

FortiView Summary Formats

Use this drop-down menu
to switch between different
formats.

. .
14 15
Drill Down and View Log Details
Here is the drill-down view of threat ow.ly at log level.

View Data from Different Tabs View Log Details View UTM Logs
Click the corresponding tab. Double-click a row to open the Click the UTM log icon to open
log detail pane in tree view. the UTM log view window.

. .
16 17
 Generate Reports
2 Generate Reports
1. Go to Reports > Report Definitions > All Reports.
FortiAnalyzer provides a comprehensive set of easily customizable report templates for
2. Double click the Application Risk and Control Report.
you to quickly build reports.
3. Click Run Report from the view report tab.

4. Once the report is generated, click on a format link to view and/or download it.
Predefined Report Templates
1. Go to Reports > Report Definitions > Templates to view the predefined report
templates.

3 Monitor Events

Configure Event Handler

Events are triggered when the values of certain log fields meet the criteria defined in the
Event Handlers. To create an event handler to catch the Botnet events:

1. Go to Event Management > Event Handler Lists.

2. Select the default handler: UTM App Ctrl Event.

3. Click Clone.

2. Click HTML or PDF in the preview column to view the sample report.

. .
18 19
4. Enter a custom name. View Events
5. Remove the application category Proxy from the matching criteria.
All triggered events are displayed on the event list page. To view events:
6. Click OK to save the handler.
1. Go to Event Management > All Events.

2. Click an entry from the list to view more details.

. .
20 21
 Enable Event Notification
You can send alert notifications via Email, SNMP, to Syslog Server.

To configure notifications:

Event Monitor > Event Handler List > [Event Handler] Edit

Create Custom Report

Create reports from predefined FortiAnalyzer templates, or use any of the 300+ predefined
charts and 400+ datasets.

To create a custom report:

Reports > All Reports > Create New

DAY 3: EXPLORE FURTHER

Monitor Storage Usage Graphs
Monitor FortiAnalyzer disk space, data policy, storage and disk utilization, as well as drill
down to Analytic and Archive usage by device.

To monitor storage usage:

Log View > Storage Statistics

System Dashboard Log Rate Widgets

Monitor logging rates and performance from the Dashboard. Useful widgets include Insert
Rate vs Receive Rate, Log Receive Monitor and Log Insert Lag Time.

To add Widgets to monitor log rates:

System Settings > Dashboard > Toggle Widgets

Indicators of Compromise for APT Detection

FortiView > Threats > IOC

For more information, see Administration Guide and videos in

Fortinet Video Library

. .
23
 LEARN MORE

FortiAnalyzer Administration Guide

http://docs.fortinet.com/fortianalyzer/admin-guides

Fortinet Document Library

http://docs.fortinet.com

Fortinet Video Guide

http://video.fortinet.com

Fortigate Cookbook

http://cookbook.fortinet.com

Training Services

http://www.fortinet.com/training

SUPPORT AND FEEDBACK

Customer Service & Support

https://support.fortinet.com 

Feedback on Fortinet technical document

Email: [email protected]

F O R T I N E T. C O M