Global
Africa
South Africa
Albania
Australia
Austria
Bosnia Herzegovina
Bulgaria
Canada
Canada FR
Croatia
Czech Republic
Denmark
Estonia
Finland 
Finland (English)
France
Germany
Hong Kong
Hungary
Iceland
India
Indonesia
Ireland
Israel
Italy
Kosovo
Latvia
Lithuania
Malaysia
Middle East
Montenegro
Netherlands
New Zealand
North Macedonia
Norway
Philippines
Poland
Portugal
Romania
Saudi Arabia
Serbia
Singapore
Slovakia
Slovenija
Spain
Sweden
Switzerland DE
Switzerland FR
Thailand
Turkey
USA
Ukraine
United Kingdom
Vietnam
Major enhancements being made to FortiAnalyzer
Have you already heard about FortiTIP? It was one of the announcements made during the opening keynotes at the beginning of Accelerate 2025. FortiTIP is an add-on service to FortiAnalyzer, which provides threat intelligence based on the events captured by our beloved logging device. It is not available yet, so there is not much info to be found, but the engineers mentioned that this service will become available starting from FortiAnalyzer 7.6.4.
It is only one of the enhancements which are being added to FortiAnalyzer and points out the greater importance of FortiAnalyzer as the heart of Fortinet’s XDR solution.
At the SOC booth, you could not only see this FortiTIP in action, but also all the products comprising the SOC suite within the Fortinet portfolio. Think about FortiAnalyzer, FortiSIEM, FortiSOAR, FortiRecon and FortiNDR Cloud. The cool thing was that the solutions displayed on these screens actually acted as the central security organ of all the network connectivity at the event. So, you had nothing to hide once you were connected to Accelerate’s WiFi network.
Like mentioned, the product that grabbed our interest the most was FortiAnalyzer. It really is the main protagonist in Fortinet’s SecOps story, and this also is shown by the development that is happening on the product. As it will function as a unified data lake across all products within the Security Fabric, the goal is to offer deeper insights in the high-severity incidents in your network and stich all the individual logs together in order to offer a complete story to the SOC analysts leveraging its capabilities.
This is mainly enforced by FortiAI. The Forti-ChatGPT that can help with prioritizing events, further investigate incidents and is an enabler for threat hunting on the data in the data lake. The Gen-AI assistant is already available, but you need at least FortiAnalyzer 7.6 in order to be able to use it.
Next big enhancement that we noticed, is a newly added SOC dashboard. It shows you in a very visual and animative way how many logs are entering the device and how many incidents are created out of them. It visualizes the main affected assets and where these detections are coming from.
If you click through, you arrive on the incidents pane, which also got a bit of a makeover. It should now be more clear to prioritize events via newly added charts on top of the screen and assess important information about the incident by the addition of extra columns and tags.
Fortinet also has the vision to become more open towards accepting third-party logs. This is done via the addition of log-parsers as part of the Security Automation Service license. Log parsers which are already available include SentinelOne, Cisco, Nozomi Networks, Microsoft EntraID, Crowdstrike, Office365, Okta, PaloAlto Pan-OS, Zscaler, … More are being added every month, together with additional correlation rules, reports, playbooks, and more connectors to also take actions outside of our regular Security Fabric.
Altogether, these new additions highlight the crucial role that FortiAnalyzer plays in Fortinet’s XDR story. They surely look promising, empowering the single-pane-of-glass experience that FortiAnalyzer should offer combining analytics across your Fortinet stack and beyond.
