DATA SHEET

FortiSOAR™
Adaptive Security for SOC Teams and Enterprises

FortiSOAR™ is a holistic Security Orchestration,

Automation and Response workbench, designed for
SOC teams to efficiently respond to the ever-increasing
influx of alerts, repetitive manual processes, and
shortage of resources. This patented and customizable
security operations platform provides, automated
playbooks and incident triaging, and real-time
remediation for enterprises to identify, defend and
counter attacks. FortiSOAR™ optimizes SOC team
productivity by seamlessly integrating with over 300+
security platforms and 3000+ actions. This results in
faster responses, streamlined containment and
reduced mitigation times, from hours to seconds.

Common SOC Challenges Highlights

FortiSOAR enables SOC teams to quickly and securely:

Too many alerts § Manage security alerts, incidents, indicators, assets and tasks
through a simplified, easy-to-use GUI
§ Increase SOC team productivity by eliminating false positives and
focusing only on the alerts that matter
§ Track ROI, MTTD, MTTR through customizable reports and
dashboards
Repetitive tasks § Automate within the Visual Playbook Designer, with 300+ security
platform integrations & 3000+ actions for automated workflows
and connectors
§ Minimize Human Error by employing clear, auditable playbooks
and custom modules to handle ever-changing investigation
requirements
Disparate tools § Scale your network security solution with a truly multi-tenant
distributed architecture, from a single, collaborative console
§ Identify real threats with automated false positive filtering and
predict similar threats and campaigns with FortiSOAR’s
recommendation engine

Staff shortages § Eliminate Repetitive Tasks through automation, correlation of

incidents, threat intelligence & vulnerability data
§ Improve efficiency & effectiveness of SOC processes by
customizing and employing FortiSOAR’s automation templates to
save time and resources
§ Reduce security incident discovery times from hours to seconds
DATA SHEET | FortiSOAR™

Key Features
Role-Based Incident Management Multi-Tenancy
FortiSOAR’s™ Enterprise Role-Based Incident Management FortiSOAR™ provides a truly distributed multi-tenant product
solution provides organizations with robust field level role-based offering with a scalable, resilient, secure and distributed
access control to manage sensitive data in accordance with SOC architecture, allowing MSSPs to offer MDR like services, while
policies and guidelines. supporting operations in Regional and Global SOC environments.

With the ability to run automation workflows on specific tenants

Easily manage alerts and incidents in a customizable filter grid view
remotely, handling unique customer environments & product
with automated filtering, to keep analysts focused on real threats.
diversity becomes streamlined. FortiSOAR also involves tenants in
Execute dynamic actions and playbooks on alerts and incidents
case of approval requirements to control data flow to the master
and analyze correlated threat data in an intuitive user interface.
nodes. Other tenant features include creating tenant-specific alerts,
incident views, reports and dashboards, and filter views.
FortiSOAR’s Recommendations Engine predicts various fields such
as severity, asset, user, based on previously identified cases, aiding
the SOC analyst in grouping and linking them together to identify Visual Playbook Builder
duplicates and campaigns involving similar alerts, common threats FortiSOAR’s™ Visual Playbook Designer allows SOC teams to
and entities. design, develop, debug, control and use playbooks in the most
efficient manner.

The intuitive design includes a drag and drop interface to string

multiple steps together, using 300+ OOB workflow integrations,
3000+ automated actions, a comprehensive expression library for
easy development, playbook simulation and referencing, ability to
execute code in workflows like python, versioning, privacy control,
crash recovery, advanced step controls like looping, error handling,
notifications and more.

FortiSOAR’s extensible platform provides the ability to define new

modules with customization of fields, views, and permissions, and
creation of smart automated workflows and playbooks on top of
Role-Based Dashboards & Reporting
them, simplifying the analyst’s ability to support solutions for
Role-based dashboards and reporting, empowers SOC teams to vulnerability and threat management as well as regulation and
measure, track and analyze investigations and SOC performance compliance.
granularly with quantifiable metrics.

FortiSOAR’s™ ready-made library of industry standard, persona-

focused dashboard templates, intuitive drag and drop visual layout
builders, ensures SOC teams have the best tools to optimize their
time and resources. Comprehensive charts, listings, counters and
performance metrics help create rich views and informative data
models. FortiSOAR also provides Industry-standard reports for
Incident Closure, Incident Summary, Weekly Alert and Incident
Progress, IOC Summary and many others. Track metrics such
as MTTR, MTTD over various NIST approved incident phases,
analyst loads, escalation ratios, Automation ROI’s and other SOC
performance metrics.

2
 DATA SHEET | FortiSOAR™

Maximize your ROI with FortiSOAR

Steps Manual
FortiSOAR

Enrich Artifacts To Identify IOCs 45 - 60 minutes 3 minutes

Perform Triaging On Events from SIEM 20 minutes 1 minute

Submit a Zip to the detonation engine 1 hour to 6 hours 1 minute

Isolate affected devices 10 minutes 1 minute

Analyze, Create & Annotate an Incident 60 minutes 5 minutes

Block IOCs on a Firewall (e.g. FortiGate) 45 minutes to 2 hours 2 minutes

Remediation & Incident Response 60 minutes to 6 hours 5 minutes

Prepare and send an Incident Summary Report 2 to 3 hours 2 minutes

TOTAL 4.5 TO 15 hours 20 minutes

Connectors & Integrations

FortiSOAR 3rd Party Connectors & Integrations provide unlimited access to hundreds of products including desktop security software,
directories, network infrastructure, and other third-party security systems maximizing your ROI and providing unparalleled visibility and
control across your network through Security Orchestration, Automation and Response (SOAR). FortiSOAR seamlessly integrates with
other vendors and technologies. The following are a sample of the connectors that FortiSOAR integrates with:

Fortinet Connectors FortiGate, FortiAnalyzer, FortiSIEM, FortiEDR, FortiSandbox, FortiMail, FortiGuard Webfilter lookup, FortiSOAR Custom Connector

Network & Firewall FortiGate, Cisco Meraki MX VPN Firewall, Infoblox DDI, CISCO Umbrella Enforcement, Cisco Meraki MX L7 Firewall, Empire, CISCO Firepower,
ForeScout, Zscaler,Imperva Incapsula, NetSkope, RSA Netwitness Logs And Packets, PaloAlto Firewall, CISCO ASA, SOPHOS UTM-9, Arbor
APS, F5 Big-IP, Proofpoint TAP, Check Point Firewall, CISCO Catalyst, Citrix NetScaler WAF, Sophos XG, Cisco Stealthwatch, Pfsense, Symantec
Messaging Gateway, PRTG, Centreon

Analytics & SIEM FortiSIEM, FortiAnalyzer, RSA Netwitness SIEM, Sophos Central, Rapid7 InsightIDR, LogPoint, Micro Focus ArcSight Logger, Alienvault USM
Anywhere, xMatters, Sumo Logic, LogRhythm, Syslog, Elasticsearch, McAfee ESM, IBM QRadar, ArcSight, Splunk, ReversingLabs A1000

Vulnerability Management Rapid7 Nexpose, Kenna, Qualys, Tripwire IP360, Symantec CCSVM, Tenable IO, ThreadFix, Tenable Security Center

Ticket Management ConnectWise Manage, Foresight, Zendesk, ServiceAide, Manage Engine Service Desk Plus, Salesforce, BMC Remedy AR System, OTRS, Request
Tracker, JIRA, Pagerduty, RSA Archer, Cherwell, ServiceNow

Endpoint Security Endgame, Trend Micro Control Manager, CrowdStrike Falcon, FireEye HX, Carbon Black Defense, Malwarebytes, McAfee EPO, Symantec EDR
Cloud, Microsoft WMI, TrendMicro Deep Security, Symantec EPM, Symantec DLP, WINRM, NetBIOS, Microsoft SCCM, Microsoft SCOM, CISCO
AMP, Carbon Black Protection Bit9, CYLANCE Protect, SentinelOne, Carbon Black Response, TANIUM

Threat Intel EmailRep, AlienVault USM Central, Trend Micro SMS, Malware Domain List, Infocyte, Attivo BOTsink, FireEye ISIGHT, Vectra, Phishing Initiative,
Threatcrowd, ThreatConnect, CRITS, McAfee Threat Intelligence Exchange, Facebook ThreatExchange, Intel 471, Soltra Edge, Anomali STAXX,
Recorded Future, AlienVault OTX, MISP, DARKTRACE, IBM X-Force, ANOMALI THREATSTREAM, BluVector, ThreatQuotient

DevOps AWS Athena, AWS S3, Twilio, IBM BigFix, AWS EC2

Sandbox FortiSandbox, GitLab, ThreatSTOP, Intezer Analyze, FireEye AX, CISCO Threat Grid, URLSCAN.Io, Joe Sandbox Cloud, Koodous, Trend Micro
DDAN, Symantec CAS, HYBRID-ANALYSIS, VMRAY, PaloAlto WildFire, Malwr, Lastline, SecondWrite, Cuckoo

Email & Email Security GSuite For GMail, Microsoft Exchange, SMTP, IMAP, Mimecast, Symantec Email Security Cloud, FireEye EX, CISCO ESA

Investigation FortiAnalyzer, FortiSIEM, FortiMail, Securonix SNYPR, Symantec ICDx, Symantec Security Analytics, NMAP Scanner, Protectwise, PhishTank,
CloudPassage Halo, TruSTAR, Have I Been Pwned, Farsight Security DNSDB, Cofense PhishMe, RSA Netwitness
* FortiSOAR can be integrated with many other vendors and technologies in addition to those listed here.

3
DATA SHEET | FortiSOAR™

Order Information
Product SKU Description
FortiSOAR Subscription License FC-10-SRVMS-385-02-DD One year subscription for FortiSOAR Enterprise Edition - 2 User Logins included plus 24x7 FortiCare support
FC-10-SRVMS-386-02-DD One year subscription for FortiSOAR Multi Tenant Edition - 2 User Logins Included plus 24x7 FortiCare support
FC-10-SRVMS-387-02-DD One year subscription for FortiSOAR Multi Tenant Edition - Dedicated Tenant - 1 User Login Included plus 24x7 FortiCare support
FC-10-SRVMS-388-02-DD One year subscription for FortiSOAR Multi Tenant Edition - Regional SOC Instance - 2 User Login Included plus 24x7 FortiCare support
FC-10-SRVMS-384-02-DD One year subscription for FortiSOAR User Seat License - One Additional User Logins plus 24x7 FortiCare support
FortiSOAR Perpetual License LIC-FSRENT-2 FortiSOAR Enterprise Edition - 2 User Logins Included (Perpetual License)
LIC-FSRMTT-2 FortiSOAR Multi Tenant Edition - 2 User Logins Included (Perpetual License)
LIC-FSRMTD-1 FortiSOAR Multi Tenant Edition - Dedicated Tenant - 1 User Login Included (Perpetual License)
LIC-FSRMTR-2 FortiSOAR Multi Tenant Edition - Regional SOC Instance - 2 Users Login Included (Perpetual License)
LIC-FSRAUL-1 FortiSOAR User Seat License - Additional User Logins (Perpetual License) - add-on by 1
FC1-10-SRVMP-248-02-DD FortiCare 24x7 support for FortiSOAR Enterprise Edition
FC2-10-SRVMP-248-02-DD FortiCare 24x7 support for FortiSOAR Multi Tenant Edition
FC3-10-SRVMP-248-02-DD FortiCare 24x7 support for FortiSOAR Multi Tenant - Dedicated Tenant
FC4-10-SRVMP-248-02-DD FortiCare 24x7 support for FortiSOAR Multi Tenant - Regional SOC Instance

www.fortinet.com

Copyright © 2020 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results
may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to
the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event,
only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests.
Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version
of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without
notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-SOAR FSR-DAT-R02-202005