Fortinet FortiSOAR PaaS
Unified Security Orchestration, Automation, and Response (SOAR)

Features:

Centralize, Standardize, and Automate Security Operations

With broad integrations, rich functions, hundreds of pre-built playbooks and simple customization, FortiSOAR is designed to be the central hub for the critical operations that protect and power your organization

Alert Ingestion and Bi-directional Integrations

The foundation of FortiSOAR is connectivity. Integration flexibility and connectors to over 500 multivendor products allows FortiSOAR to ingest alerts from virtually any security source and interact with any IT system or application. The pre-built connectors each support an array of actions, typically bi-directional, that enable automated commands, queries, and actions useful for investigation, remediation, and notifications. Comprehensive Solution Packs include connectors, actions and full playbooks for typical integrations and use cases.

Investigation, Response, and Case Management

FortiSOAR can automatically triage, enrich, and assess alerts from virtually any security product. Routine alerts can be automatically handled and closed. Priority alerts are mapped to the MITRE ATT&CK framework and intelligently grouped into incidents for deeper investigation. ML-driven task automation and playbook recommendations augment rich investigation features, suggest actions, and execute complete remediation steps. FortiSOAR supports complete case management features as well as two-way linkages to ticketing and communications systems, and includes a secure mobile application.

Collaboration and Incident War Room

The FortiSOAR investigation interface makes it simple to for analysts to collaborate, and supports communications and playbook permissions via email, Zoom, Slack, Teams and other popular methods. Analysts can also trigger a dedicated war room for streamlined and collaborative high-priority incident management. War room functions include invitation-only access, task management, collaboration tools, dedicated private communications, reporting, and full forensics-level logging of all activities.

Threat Intelligence Management

FortiSOAR automatically ingests aggregates, normalizes and curates, a wide range of IT/OT threat feeds, including Fortinet’s FortiGuard threat intel data. Relevant intel automatically enriches alerts and is presented during analyst investigations. As a complete Threat Intel Platform, FortiSOAR supports IOC export via STIX, TAXII, and CSV, a dedicated goal-based threat intelligence management workspace, and request ticketing and assignment to facilitate threat research, collaboration and sharing.

Asset and Vulnerability Management

FortiSOAR integrates with asset management and vulnerability scanning systems to give you a complete risk-based picture of your IT/OT assets—including identification, criticality, vulnerability status, and alert conditions. Analysts and managers can use this information to launch automated remediation or other playbooks and assign and track tasks. Alert and incident investigation is enriched and accelerated by having complete asset profiles at hand without the need to access other systems or tools.

Workforce and SLA Management

FortiSOAR provides all of the key functions a SOC manager needs to run effective operations. The system can automatically assign tasks based on priority, expertise matching and analyst task backlog. Leaders can define and manage work queues, manage shift schedules, and staff calendaring. Team and individual SLA metrics can be defined and tracked. Standard reports suiting both enterprise and MSSP uses can be easily customized or newly created.

Playbook and Connector Creation

The patented playbook design experience provides a visual drag/drop graphical user interface (GUI) and a low-code rapid development mode that allows users to easily create playbooks without technical coding skills. Hundreds of prebuilt playbooks and automated actions can be used as building blocks, while the FortiSOAR Recommendation Engine provides inline step guidance. The designer function includes full CI/CD support as well as a simulation engine for testing. New connector creation is supported by an intuitive and guided wizard application.

AI-Driven Assistance and Automation

FortiAI uses augmented Generative AI to guide, simplify, and automate FortiSOAR analyst activities such as threat investigation, response, and playbook building. An integral part of analyst workflows, FortiAI extends and curates GenAI results with the latest Fortinet threat intel and product knowledge to give analysts the actionable guidance they urgently need.

Compliance Automation and Reporting

FortiSOAR automates advisory update and overall compliance activities with advisory processing playbooks, specialized tracking, dashboards, and IT/OT compliance management reporting for regulations, including GDPR, HIPAA, US BOD 22-01, US NERC CIP, and more. FortiSOAR asset management, vulnerability management, SLA tracking, and other features support mandatory alerts and actions necessary for compliance adherence.

OT Security Operations

FortiSOAR fully supports OT security automation and consolidated IT/OT operations. You can monitor and manage OT SecOps with features such as risk-based OT asset and vulnerability management, MITRE ATT&CK industrial control system (ICS) views for threat investigation, OT threat remediation playbooks, and full OT vendor and threat intelligence ecosystem integration. FortiSOAR’s design approach to OT is based on best practices aligned with Cybersecurity and Infrastructure Security Agency (CISA) operational directives.

Network Operations and Beyond

FortiSOAR bi-directional integrations and pre-built playbooks automate a full array of network operations for security response as well as standard NOC activities such as deployment, configuration, configuration updates and any move/update/change actions. Full experience customization and simple playbook creation allow automation of virtually any workflow.

Content Hub and Community

The FortiSOAR Content Hub provides an extensive and growing library of ready-made product content and valuable knowledge via an intuitive, web-based and in-product portal of hundreds of connectors and playbooks, dashboard widgets, and complete solution packs built by the Fortinet team or contributed by the user community. Demo and how-to videos deliver tutorials and best practices to help you get the most from your automation initiatives.

Specifications:

Documentation:

Download the Fortinet FortiSOAR Datasheet (PDF).