Overview
Unified Security Orchestration, Automation, and Response (SOAR)
SOC teams are overloaded with investigating alerts and responding to threats across dozens of tools. Most have difficulty keeping pace and may be slow to discover and respond to serious attacks before a breech occurs. Using FortiSOAR as a central operations hub to standardize and execute these workflows speeds response and SOC operations, allowing analysts to focus on what matters most to protect the organization.
Centralize, Standardize, and Automate Security Operations
With broad integrations, rich functions, hundreds of pre-built playbooks and simple customization, FortiSOAR is designed to be the central hub for the critical operations that protect and power your organization.
Alert Ingestion and Bi-directional Integrations
The foundation of FortiSOAR is connectivity. Integration flexibility and connectors to over 500 multivendor products allows FortiSOAR to ingest alerts from virtually any security source and interact with any IT system or application. The pre-built connectors each support an array of actions, typically bi-directional, that enable automated commands, queries, and actions useful for investigation, remediation, and notifications. Comprehensive Solution Packs include connectors, actions and full playbooks for typical integrations and use cases.
Investigation, Response, and Case Management
FortiSOAR can automatically triage, enrich, and assess alerts from virtually any security product. Routine alerts can be automatically handled and closed. Priority alerts are mapped to the MITRE ATT&CK framework and intelligently grouped into incidents for deeper investigation. ML-driven task automation and playbook recommendations augment rich investigation features, suggest actions, and execute complete remediation steps. FortiSOAR supports complete case management features as well as two-way linkages to ticketing and communications systems, and includes a secure mobile application.
Features
Collaboration and Incident War Room
The FortiSOAR investigation interface makes it simple to for analysts to collaborate, and supports communications and playbook permissions via email, Zoom, Slack, Teams and other popular methods. Analysts can also trigger a dedicated war room for streamlined and collaborative high-priority incident management. War room functions include invitation-only access, task management, collaboration tools, dedicated private communications, reporting, and full forensics-level logging of all activities.
Asset and Vulnerability Management
FortiSOAR integrates with asset management and vulnerability scanning systems to give you a complete risk-based picture of your IT/OT assets—including identification, criticality, vulnerability status, and alert conditions. Analysts and managers can use this information to launch automated remediation or other playbooks and assign and track tasks. Alert and incident investigation is enriched and accelerated by having complete asset profiles at hand without the need to access other systems or tools.
AI-Driven Assistance and Automation
FortiAI uses augmented Generative AI to guide, simplify, and automate FortiSOAR analyst activities such as threat investigation, response, and playbook building. An integral part of analyst workflows, FortiAI extends and curates GenAI results with the latest Fortinet threat intel and product knowledge to give analysts the actionable guidance they urgently need.
OT Security Operations
FortiSOAR fully supports OT security automation and consolidated IT/OT operations. You can monitor and manage OT SecOps with features such as risk-based OT asset and vulnerability management, MITRE ATT&CK industrial control system (ICS) views for threat investigation, OT threat remediation playbooks, and full OT vendor and threat intelligence ecosystem integration. FortiSOAR’s design approach to OT is based on best practices aligned with Cybersecurity and Infrastructure Security Agency (CISA) operational directives.
MSSP and Global Enterprise Features
Financial Services
Top 5 institutions in 10 countries
Government
Over 20 institutions in 15 countries
Energy
8 top producers/distributors
No. 1 O&G producer worldwide
Managed Security Services
Over 15 major MSSPs worldwide
4 of top 20 worldwide providers
Healthcare
Largest US healthcare insurer
Largest US healthcare provider
Technology and Software
Top Telecom solutions provider
Top CAD/CAM provider
Telecom
Over 10 major providers
5 of top 20 worldwide providers
Manufacturing
Top 5 automaker
Top 5 electronics maker
Connectors and Bi-Directional Integrations
The following are notable integrations that FortiSOAR offers today. Most integrations are bidirectional, supporting API-commands and FortiSOAR playbooks to execute actions, inquiries, searches, and other external product commands useful to SOC/NOC analysts and managers. The connector list is always growing.
Fortinet Fabric Solutions
FortiAnalyzer, FortiAuthenticator, FortiCNP, FortiCWP, FortiDeceptor, FortiEDR, FortiEMS, FortiGate, FortiGuard, FortiMail, FortiManager, FortiMonitor, FortiNAC, FortiNDR, FortiSandbox, FortiSIEM, FortiWeb.
Network and Firewall Products
Check Point Firewall, Cisco ASA/Firepower/Meraki, F5 BIG-IP, Palo Alto Firewall, Zscaler
DevOps
Gitlab, Jenkins, Docker, Kubernetes, Terraform
Email and Email Security
FortiMail, Cisco Email Security Appliance (ESA), GSuite for Gmail, Microsoft Exchange, Mimecast, Symantec Email Security Cloud
Endpoint Security
FortiEDR, CrowdStrike Falcon, Microsoft Defender, SentinelOne, Symantec EDR Cloud, Tanium
Investigation
FortiAnalyzer, FortiSIEM, Have I Been Pwned, RSA NetWitness, Nmap Scanner, Securonix SNYPR, Symantec Security Analytics
Log Management and Analytics
FortiSIEM, FortiAnalyzer, IBM QRadar, Microsoft Sentinel, Rapid7 InsightIDR, Splunk, Sumo Logic
Sandbox
FortiSandbox, FireEye AX, Hybrid-Analysis, Joe Sandbox Cloud, Palo Alto WildFire, VMRay
Threat Intel
Fortinet FortiGuard, Anomali ThreatStream, CrowdStrike Falcon Intelligence, IBM X-Force Exchange, Mandiant Threat Intelligence, VirusTotal
Ticket Management
BMC Remedy AR System, JIRA SM, ManageEngine ServiceDesk, ServiceNow, Zendesk
Vulnerability Management
FortiEDR, CrowdStrike Falcon, Microsoft Defender, SentinelOne, Symantec EDR Cloud, Tanium
Models & Specs
Deployment Options and Licensing Model
| FortiSOAR VM Subscription | FortiSOAR VM Perpetual | FortiSOAR PaaS | |
|---|---|---|---|
| Deployment | |||
| License Type | Subscription | Perpetual | Subscription |
| Hosting Type | On Premise or Public Cloud | On Premise or Public Cloud | Fortinet Hosted |
| Editions | |||
| Enterprise Edition | FC-10-SRVMS-389-02-DD | LIC-FSRENT-2 | FC-10-SRCLD-385-02-DD* |
| Multi Tenant Edition - Manager Node | FC-10-SRVMS-390-02-DD | LIC-FSRMTT-2 | FC-10-SRCLD-386-02-DD* |
| Starter Edition (10,000 actions/day) | FC-10-SRVMS-1023-02-DD | — | — |
| Add-on | |||
| Multi-Tenant - Dedicated Node | FC-10-SRVMS-387-02-DD | LIC-FSRMTD-1 | FC-10-SRCLD-387-02-DD |
| Multi-Tenant - Regional Node | FC-10-SRVMS-388-02-DD | LIC-FSRMTR-2 | FC-10-SRCLD-388-02-DD |
| HA Node | FC-10-SRVMS-1121-02-DD | LIC-FSRHA-2 | — |
| Threat Intel Management Module | FC-10-SRVMS-592-02-DD | FC-10-SRVMP-592-02-DD | FC-10-SRCLD-592-02-DD |
| User Seat | FC-10-SRVMS-384-02-DD | LIC-FSRAUL-1 | FC-10-SRCLD-384-02-DD |
| Cloud Storage (1TB add-on) | — | — | FC1-10-SRCLD-584-01-DD |
| FortiMonitor - Advanced Health Monitoring | — | — | FC2-10-MNCLD-437-01-DD ** |
| Subscription / Renewal | |||
| Enterprise Edition Renewal (FortiCare Premium) | FC-10-SRVMS-385-02-DD | FC1-10-SRVMP-248-02-DD | FC-10-SRCLD-385-02-DD |
| Multi-Tenant Manager Renewal (FortiCare Premium) | FC-10-SRVMS-386-02-DD | FC2-10-SRVMP-248-02-DD | FC-10-SRCLD-386-02-DD |
| Multi-Tenant - Dedicated Node Renewal | FC-10-SRVMS-387-02-DD | FC3-10-SRVMP-248-02-DD | FC-10-SRCLD-387-02-DD |
| Multi-Tenant - Regional SOC Node Renewal | FC-10-SRVMS-388-02-DD | FC4-10-SRVMP-248-02-DD | FC-10-SRCLD-388-02-DD |
| HA Node Renewal (FortiCare Premium) | FC-10-SRVMS-1121-02-DD | FC5-10-SRVMP-248-02-DD | — |
| Professional and Training Services | |||
| Per Day Charge for Resource Service (SOW) | FP-10-00000-M08-00-00 | ||
| Per Hour Charge After-Hours / Weekend (min 4 hrs) | FP-PS001-HR | ||
| Custom Travel and Expenses (On Site) | FP-MISC-TE | ||
| Deployment Quick Start Service | FP-10-QSSOAR-DP1-00-00 | ||
| NSE 6 FortiSOAR Administration Training | FT-FSR-ADM | ||
| NSE 6 Administration Exam Voucher | NSE-EX-SPL6 | ||
| NSE 7 FortiSOAR Design & Development Training | FT-FSR-DEV | ||
| NSE 7 Design & Development Exam Voucher | NSE-EX-CERT | ||
| NSE 7 Design & Development Lab Access | FT-FSR-DEV-LAB | ||
FortiSOAR Edition and Services
| Category | Customer Hosted Subscription | Customer Hosted Perpetual | Fortinet Hosted Cloud Subscription |
|---|---|---|---|
| FortiSOAR Enterprise Edition | FC-10-SRVMS-389-02-DD | LIC-FSRENT-2 | FC-10-SRCLD-385-02-DD |
| Enterprise Edition (Renewal) | FC-10-SRVMS-385-02-DD | ||
| Multi Tenant Edition - Manager | FC-10-SRVMS-390-02-DD | LIC-FSRMTT-2 | FC-10-SRCLD-386-02-DD |
| Multi Tenant Edition – Manager (Renewal) | FC-10-SRVMS-386-02-DD | ||
| Add User Seat | FC-10-SRVMS-384-02-DD | LIC-FSRAUL-1 | FC-10-SRCLD-384-02-DD |
| Add Tenants on ManagerNode | Included | Included | Included |
| Dedicated Tenant Node (Single User Locked) | FC-10-SRVMS-387-02-DD | LIC-FSRMTD-1 | FC-10-SRCLD-387-02-DD |
| Dedicated Tenant Node (Multi-User) | FC-10-SRVMS-388-02-DD | LIC-FSRMTR-2 | FC-10-SRCLD-388-02-DD |
| Starter Edition (10,000 actions/day) | FC-10-SRVMS-1023-02-DD | ||
| HA Edition | FC-10-SRVMS-1121-02-DD | LIC-FSRHA-2 | |
| Add Cloud Storage (1000GB) | FC1-10-SRCLD-584-01-DD | ||
| FortiMonitor Subscription | FC2-10-MNCLD-437-01-DD * | ||
| Threat Intel Mgmt Service (FortiGuard Premium Feed) | FC-10-SRVMS-592-02-DD | FC-10-SRVMP-592-02-DD | FC-10-SRCLD-592-02-DD |
| FortiCare Premium Contract | Included | See Below | Included |
| FortiCare BPS | Included | See Below | Included |
| FortiCare Premium (Enterprise Edition) | FC1-10-SRVMP-248-02-DD | ||
| FortiCare Premium (Multi Tenant Manager) | FC2-10-SRVMP-248-02-DD | ||
| FortiCare Premium (Dedicated Tenant) | FC3-10-SRVMP-248-02-DD | ||
| FortiCare Premium (Regional SOC) | FC4-10-SRVMP-248-02-DD | ||
| FortiCare Premium (HA Edition) | FC5-10-SRVMP-248-02-DD | ||
| FortiCare Premium + BPS (Enterprise) | FC1-10-SRVMP-338-02-DD | ||
| FortiCare Premium + BPS (Multi Tenant) | FC2-10-SRVMP-338-02-DD | ||
| FortiCare Premium + BPS (Dedicated Tenant) | FC3-10-SRVMP-338-02-DD | ||
| FortiCare Premium + BPS (Regional SOC) | FC4-10-SRVMP-338-02-DD | ||
| Professional Services |
Per Day Service – FP-10-00000-M08-00-00 After-Hours Service – FP-PS001-HR Travel & Expenses – FP-MISC-TE Deployment QuickStart – FP-10-QSSOAR-DP1-00-00 |
||
| Training Services |
Administrator Training (2 days) – FT-ILT-D02 On-Demand Labs – FT-LAB-D02 Certification Exam – NSE-EX-FTE2 Design & Development Training (3 days) – FT-ILT-D03 Design & Development On-Demand Labs – FT-LAB-D02 |
||