Fortinet FortiAnalyzer 3100G Appliance
Unified Data Lake, Visibility, and Automation

Overview:

FortiAnalyzer: The Turnkey Security Operations Platform

As the Data Lake of the Fortinet Security Fabric, FortiAnalyzer consolidates telemetry across networks, endpoints, and cloud environments, integrating Fortinet and third-party tools. It normalizes and enriches data with AI/ML-powered analytics, providing structured dashboards for IoT, SOC, email, and endpoint vulnerabilities. It streamlines operations with built-in threat intelligence, SIEM, and SOAR capabilities, along with prebuilt SOC automation content packs that are updated monthly. Enhanced with AI assistance and augmented operations delivered by FortiAI. Offering flexible deployment options across appliances, VMs, and the cloud, FortiAnalyzer enables network and security teams to detect faster, respond smarter, and improve efficiency—all from a single platform.

Highlights:

• Centralized log collection. Unified visibility across network and security assets
• Real-time system and network monitoring
• Prebuilt reports and dashboards
• Built-in SIEM and SOAR
• Advanced threat detection
• Regularly updated SOC Automation Content packs
• Generative AI assistant
• Built-in threat intelligence. Enriches events with real-time context from FortiGuard
• Scalable data lake and XDR-ready. Unified data lake connects events across endpoints, network and cloud
• Designed to complement and work alongside any SIEM or logging solution customers use

Key Capabilities:

Unified Security Data Lake

Centralized Visibility Across the Security Fabric

FortiAnalyzer aggregates logs and telemetry from Fortinet products and third-party systems into a unified data lake. This centralized view enables better threat detection across networks, endpoints, applications, and cloud infrastructure and faster incident response.

Supports ingestion through various methods such as syslog, APIs, alert ingestion service, and agent-based forwarding using FortiClient. Offers scalable log storage with role-based access control and data retention policies to meet compliance requirements.

---

Advanced Analytics and Correlation

Detect Threats Earlier with Context-Rich Intelligence

With built-in analytics and correlation across Security Fabric components, FortiAnalyzer helps identify sophisticated attacks by connecting seemingly unrelated events. Automated playbooks and event handlers improve response time and reduce manual workload.

---

Real-Time Threat Intelligence

Strengthen Detection with FortiGuard Feeds

Integrates seamlessly with FortiGuard Labs’ threat intelligence to enhance detection with the latest indicators of compromise, outbreak alerts service, enabling proactive defense and rapid investigation.

---

Automation and Custom Reporting

Operational Efficiency Through Automation

Supports automated workflows for alert handling, ticketing, and notification. Built-in and Custom dashboards and compliance reports (e.g., PCI-DSS, HIPAA) provide actionable insights for both technical and executive audiences.

---

Pre-Built Content Packs for SOC Automation

Continuously Updated Intelligence to Accelerate SOC Operations

FortiAnalyzer provides monthly content packs from FortiGuard Labs, delivering pre-built use cases that include log parsers, reports, correlation rules, event handlers, and automated playbooks. These content packs help organizations quickly onboard new log sources, detect emerging threats, and meet compliance requirements without extensive manual setup.

---

Streamlined SOC Operations

From Alert Monitoring to Automated Response

FortiAnalyzer helps security operations centers manage the full incident lifecycle — from alert monitoring and triage to deep investigation and response. Analysts can efficiently prioritize alerts using built-in correlation, indicator enrichment, and user assets and identity tracking. Integrated connectors simplify data ingestion from Fortinet and third-party sources, while built-in playbooks and automation tools enable faster, consistent responses to common threats.

---

Generative AI Assistant for Faster Insights

Simplifying Investigations and Enhancing Analyst Efficiency

FortiAnalyzer includes a built-in Generative AI assistant that helps security teams quickly analyze and understand complex data. Analysts can use natural language queries to explore logs, summarize incidents, or ask questions about alerts—without needing deep query language expertise. The AI assistant provides context-aware insights, speeds up investigations, and reduces time spent on manual data correlation. Integrated with the Security Fabric, it helps SOC teams make faster, more informed decisions across a broad range of security events.

---

Extended Detection and Response Across the Security Fabric

Coordinated Detection and Response Across Multiple Security Layers

FortiAnalyzer enables extended detection and response (XDR) by integrating with key Fabric SecOps platforms such as FortiEDR, FortiNDR, FortiDeceptor, FortiCNAPP, and FortiDLP. It correlates data across these layers to deliver unified visibility, advanced threat detection, and enriched context for faster investigations.

Automated responses can be triggered through integrated enforcement points such as FortiGate, FortiManager, FortiMail, FortiEDR, FortiAuthenticator and FortiCNAPP — enabling quick containment, policy enforcement, or remediation actions. This tightly integrated approach helps SOC teams detect threats earlier, respond faster, and reduce risk across endpoints, networks, applications, and the cloud.

---

High Availability and Scalable Fabric Architecture

Resilient and Distributed for Enterprise and Hyperscale Environments

• Flexible Deployment Options
  FortiAnalyzer supports a wide range of deployment models to fit diverse infrastructure needs, offering adaptability across on-premises, cloud, and hybrid environments. It is available as a physical appliance for on-premises deployments, a virtual appliance for private or public cloud environments, and also as a hosted solution. This flexibility enables easy scalability across branch offices, hybrid cloud setups, and centralized Security Operations Centers (SOCs).
• FortiAnalyzer High Availability (HA)
  FortiAnalyzer HA provides real-time redundancy to protect organizations by ensuring continuous operational availability. In the event that the primary (active) FortiAnalyzer fails, a secondary (passive) FortiAnalyzer (up to four-node cluster) will immediately take over, providing log and data reliability and eliminating the risk of having a single point of failure
• FortiAnalyzer Fabric
  FortiAnalyzer Fabric allows SOC Administrators to configure two operation modes - Supervisor and Member. This allows viewing of member devices, ADOMs and authorized logging devices, as well as incidents and events created on members. Admins get access to Reports and FortiView across all member FortiAnalyzers, and can perform global search in Log View of logs collected across FortiAnalyzer Fabric members with pre-defined device filters and log drill down for each Member and Member ADOMs
• Analyzer Collector Modes
  FortiAnalyzer provides two operation modes: Analyzer and Collector. In Collector mode, the primary task is forwarding logs of the connected devices to an Analyzer and archiving the logs. This configuration greatly benefits organizations with increasing log rates, as the resource intensive log-receiving task is off-loaded to the Collector so that the Analyzer can focus on generating analytics and reports.
  Network operations teams can deploy multiple FortiAnalyzers in Collector and Analyzer modes to work together to improve the overall performance of log receiving and processing increased log volumes, providing log storage and redundancy, and rapid delivery of critical network and threat information.
• Log Forwarding for Third-Party Integration
  Forward logs from one FortiAnalyzer to another FortiAnalyzer unit, a syslog server, or (CEF) server. In addition to forwarding logs to another unit or server, the client FortiAnalyzer retains a local copy of the logs, which are subject to the data policy settings for archived logs. Logs are forwarded in real-time or near real-time as they are received from network devices.

---

Subscriptions and Extensions:

Subscription Licenses and FortiGuard Security Services

• FortiGuard Outbreak Detection Service
  Deliver automated content package download for detecting the latest malware, including a summary of outbreaks and kill chain mapping for how the malware works. The package includes a FortiGuard Report for the outbreak, Event Handler, and a Report Template to detect outbreaks.
• FortiGuard Indicators of Compromise Service
  Empower security teams with forensic data from 500 000 IOCs daily, used in combination with FortiAnalyzer analytics to identify suspicious usage and artifacts observed on the network or in an operations system, that have been determined with high confidence to be malicious infections or intrusions, and historical rescan of logs for threat hunting.
• OT Security Service
  Provide security teams with advanced OT analytics, risk and compliance reports, OT event handlers, and use-case correlation rules.
• FortiAnalyzer Attack Surface Security Rating and Compliance Service
  Helps security teams design, implement, and maintain their security posture, and provides actionable configuration recommendations as well as key performance and risk indicators.
• SOC Automation Subscription Service
  Subscription enables further automation for incident response with enhanced monitoring and escalation, built-in incident management workflows, connectors, playbooks and more
• FortiAI Subscription Service
  Provide a generative AI security assistant integrated into FortiAnalyzer for incident investigation, response, and threat hunting. It interprets security events, generates summaries, identifies potential impacts, and offers remediation recommendations. By using natural language prompts, FortiAI can create complex database queries, generate reports, and efficiently perform various other FortiAnalyzer functions.

---

Cloud Services

FortiAnalyzer Cloud
FortiAnalyzer Cloud offers customers a PaaS-based delivery option for automation-driven, single pane analytics, providing log management, analytics, and reporting for Fortinet NGFW and SD-WAN with an easily accessible cloud-based solution. FortiAnalyzer Cloud delivers reliable real-time insights into network activity with extensive reporting and monitoring for clear, consistent visibility of an organization’s security posture. Customers can easily access their FortiAnalyzer Cloud from their FortiCloud single sign-on portal.

---

Virtual Offereings

FortiAnalyzer VM-Subscription

The FortiAnalyzer VM Subscription license model consolidates into one single SKU: VM product SKU, FortiCare Support SKU, FortiGuard IOC and Outbreak Detection Service, SOC Automation services, to simplify the product purchase, upgrade, and renewal. FortiAnalyzer-VM S provides organizations with centralized security event analysis, forensic research, reporting, content archiving, data mining, malicious file quarantining, and vulnerability assessment. Centralized collection, correlation, and analysis of geographically and chronologically diverse security data from Fortinet and third party devices deliver a simplified, consolidated view of your security posture.

The FortiAnalyzer-VM S series SKUs come in stackable 5, 50, and 500 GB/ day logs licenses, so that multiple units of this SKU can be purchased together providing organizations with the ability and cost-efficiencies to scale and meet their logging needs.

FortiAnalyzer VM

Fortinet offers FortiAnalyzer-VM licensing in a perpetual license model with a-la-carte technical support and subscription services. This software-based version of the FortiAnalyzer hardware appliance is designed to run on many virtualization platforms, allowing you to expand your virtual solution as your environment expands.

Specifications:

Particulars	FortiAnalyzer 3100G	FortiAnalyzer 3510G	FortiAnalyzer 3700G
Capacity and Performance
GB/Day of Logs	3000	5000	8300
Analytic Sustained Rate (logs/sec)*	42,000	60,000	100,000
Collector Sustained Rate (logs/sec)*	60,000	90,000	150,000
Devices/VDOMs (Maximum)	4000	10,000	10,000
Max Number of Days Analytics**	30	35	60
Options
FortiGuard IOC and Outbreak Detection Service
Security Automation Service
Enterprise Bundle
Hardware Bundle
OT Security Service
Security Rating and Compliance Service
Hardware Specifications
Form Factor (supports EIA/non-EIA standards)	3 RU Rackmount	4 RU Rackmount	4 RU Rackmount
Total Interfaces	2x GE RJ45, 2x 25GE SFP28	2x 10GbE RJ45, 2x 25GbE SFP28	2x 10GE RJ-45 + 2x 25GE SFP28
Storage Capacity	64 TB (16 x 4TB) 3.5" SAS SED HDD + 3.84 (2x 1.92TB) 2.5" NVMe SSD	24x 4TB (96TB) + 2x 3.84TB (7.68TB)	240TB (60x 4TB) 3.5 in HDD + 19.2TB (6x 3.2TB) NVMe SSD
Usable Storage (After RAID)	56 TB	84 TB	224 TB
Removable Hard Drives
RAID Levels Supported	RAID 0/1,1s/5,5s/6,6s/10/50/60	RAID 0/1,1s/5,5s/6,6s/10/50/60	RAID 0/1,1s/5,5s/6,6s/10/50/60
RAID Type	Hardware / Hot Swappable	Hardware / Hot Swappable	Hardware / Hot Swappable
Default RAID Level	50	50	50
Redundant Hot Swap Power Supplies
Trusted Platform Module (TPM)***
Dimensions
Height x Width x Length (inches)	5.2 x 17.2 x 25.5	7 x 17.2 x 27.5	7.0 x 17.2 x 30.2
Height x Width x Length (cm)	13.0 x 44.0 x 65.0	17.8 x 43.7 x 69.9	17.8 x 43.7 x 76.7
Weight	69.6 lbs (31.57 kg)	65 lbs (29.5 kg)	118 lbs (53.5 kg)
Environment
AC Power Supply	100-127V~/10A, 200-240V~/5A	100-127V~/10A, 200-240V~/5A	2000W AC****
Power Consumption (Average/Max)	395 W / 510 W	983 W / 1278 W	850 W / 1423.4 W
Heat Dissipation	1740.19 BTU/h	3424 BTU/h	4858 BTU/h
Operating Temperature	32°F to 104°F (0°C to 40°C)	32°F to 104°F (0°C to 40°C)	50°F to 95°F (10°C to 35°C)
Storage Temperature	-4°F to 158°F (-20°C to 70°C)	-4°F to 167°F (-20°C to 75°C)	-40°F to 158°F (-40°C to 70°C)
Humidity	5% to 95% (non-condensing)	5% to 95% (non-condensing)	8% to 90% (non-condensing)
Forced Airflow	Front to Back	Front to Back	Front to Back
Operating Altitude	Up to 13,123 ft (4000 m)	Up to 10,000 ft (3048 m)	Up to 7,400 ft (2250 m)
Compliance
Safety Certifications	FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB	FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB	FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB

* Sustained Rate - maximum constant log message rate that the FAZ platform can maintain for minimum 48 hours without SQL database and system performance degradation.
** The maximum number of days if receiving logs continuously at the sustained analytics log rate. This number can increase if the average log rate is lower.
*** Gen2 refers to hardware that has been upgraded since initial release.
**** 3700G must connect to a 200V - 240V power source.

Documentation:

Download the Fortinet FortiAnalyzer Series Datasheet (PDF).