FortiAnalyzer can be configured as both an Identity Provider (IdP) and a Service Provider (SP) for SAML roles. As an Identity Provider, FortiAnalyzer can authenticate and assert the identity of a user to a Service Provider. As a Service Provider, FortiAnalyzer relies on an Identity Provider to authenticate users and then permits access based on the SAML assertions received.

A system backup created on FortiAnalyzer includes report information and system information. Report information comprises configured report settings and custom report details, while system information includes the device IP address and administrative user information.

To authorize a FortiGate on FortiAnalyzer using Fabric authorization, it is necessary to have valid FortiAnalyzer credentials. This ensures that the FortiGate administrator can log in to the FortiAnalyzer and complete the required registration process.

High availability (HA) on FortiAnalyzer supports synchronization of logs and some system and configuration settings, ensuring data consistency and operational integrity across multiple devices. Additionally, all devices in a FortiAnalyzer HA cluster must operate in the same mode, either all as analyzers or all as collectors, to maintain proper synchronization and functionality.

Threat hunting allows you to proactively search for suspicious or potentially risky network activity in your environment. This proactive approach helps administrators identify threats that might have eluded detection by the current security solutions or configurations, thereby enhancing network security management.