Skip to content Skip to navigation Skip to footer


As digital transformation sweeps through every industry, the attack surface grows dramatically (and constantly), making security management increasingly difficult. Security teams struggle to keep up with the deluge of alerts and other information generated by their multitude of security devices. And the cybersecurity skills gap only makes this more difficult.

Infrastructure, applications, and endpoints (including IoT devices) must all be secured. This requires visibility of all devices and all the infrastructure—in real time. Organizations also need to know what devices represent a threat and where. Security Information and Event Management (SIEM) Solutions plays a major role for organizations by analyzing event data in real time, allowing for early discovery of data breaches and targeted attacks.




2022 Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM)

We believe the recognition is due to FortiSIEM proving to meet the broad and complex requirements of the modern enterprise and service providers, plus the ability to execute on the security analytics requirements of a cybersecurity mesh architecture. FortiSIEM:

  • Eliminates blind spots
  • Reduces risk of business interruption
  • Streamlines security operations

Download Report


Events per Second
Storage Capacity
3 TB
Events per Second
Storage Capacity
36 TB
Events per Second
Storage Capacity
96 TB

FortiSIEM virtual machines are supported on VMware vSphere, KVM, Microsoft Hyper-V and OpenStack

50 devices and 500 EPS all-in-one perpetual license
Add 25 devices and 250 EPS all-in-one perpetual license
Add 50 devices and 500 EPS all-in-one perpetual license
Add 100 devices and 1000 EPS all-in-one perpetual license
Add 250 devices and 2500 EPS all-in-one perpetual license
Add 450 devices and 4500 EPS all-in-one perpetual license
Add 950 devices and 9500 EPS all-in-one perpetual license
Add 1950 devices and 19500 EPS all-in-one perpetual license
Add 3950 devices and 39500 EPS all-in-one perpetual license
Add 4950 devices and 49500 EPS all-in-one perpetual license

FortiSIEM virtual machines are available on Amazon Web Services.

FortiSIEM provides integration with many leading IT vendors as part of the Fortinet Security Fabric.  Below is a list of current FortiSIEM Alliance Partners:

自助導覽展示瞭解 FortiSIEM 監控工具如何幫助您偵測、防護和應對安全威脅。

請填寫表格,要求 FortiSIEM 展示

FortiSIEM Delivers Next-Generation SIEM Capabilities

FortiSIEM brings together visibility, correlation, automated response, and remediation in a single, scalable solution. It reduces the complexity of managing network and security operations to effectively free resources, improve breach detection, and even prevent breaches. 

What’s more is that our architecture enables unified data collection and analytics from diverse information sources including logs, performance metrics, security alerts, and configuration changes. FortiSIEM combines the analytics traditionally monitored in separate silos of the security operations center (SOC) and network operations center (NOC) for a more holistic view of the security and availability of the business.

In addition, FortiSIEM UEBA leverages machine learning and statistical methodologies to baseline normal behavior and incorporate real-time, actionable insights into anomalous user behavior regarding business-critical data. By combining telemetry that is pulled from endpoint sensors, network device flows, server and applications logs, and cloud APIs, FortiSIEM is able to build comprehensive profiles of users, peer groups, endpoints, applications, files, and networks.  FortiSIEM UEBA behavioral anomaly detection is a low-overhead but high-fidelity way to gain visibility of end-to-end activity, from endpoints, to on-premises servers and network activity, to cloud applications.

Related Resources

FortiSIEM Data Sheet

FortiSIEM Data Sheet

FortiSIEM Data Sheet

Detect and Respond To Insider Threats: Fortinet FortiSIEM With User and Entity Behavior Analytics

Detect and Respond To Insider Threats: Fortinet FortiSIEM With User and Entity Behavior Analytics

Recognizing the Many Faces of Insider Threats

Recognizing the Many Faces of Insider Threats


Key FortiSIEM Advantages

An advanced SIEM solution will do more than just aggregate security events. FortiSIEM offers leading threat protection and high business value. Key benefits include:

Scale As You Grow

Scale-as-you-grow architecture and licensing

Rapid scalability is inherent in FortiSIEM’s virtual machine (VM) architecture* and licensing options.

  • Easily increase performance and log-processing capacity by adding VMs.
  • No extra charge for adding VMs.
  • Flexible licensing options include MSSP PAYG, subscription, and perpetual.
Unified Platform

Unified platform

Reduce complexity with multi-tenancy and multi-vendor support.

  • Multi-tenancy is supported on a single platform. MSSPs are able to centrally manage all customers while maintaining overall visibility. FortiSIEM supports this with:
    • A customizable, multi-tenant-capable graphical user interface (GUI)
    • A multi-tenant-capable database
    • Scalable, multi-tenant-capable architecture.
  • FortiSIEM supports hundreds of multi-vendor products out-of-the-box and seamless integration with Fortinet products.
Single Pane of Glass Management

Single-pane-of-glass management and control

Most FortiSIEM features including dashboards, analytics, incidents, configuration management database (CMBD), and administration are accessed via an intuitive, web-based GUI.

  • Customizable role-based access control lets organizations determine what each user can access.
  • Active asset discovery assists with building out an integrated CMBD for better asset management.
  • Performance and availability monitoring, such as CPU, memory, storage, and configuration changes extend the functionality of the platform and deliver additional contextual data.
Incident Detection

Better incident detection with reduced incident impact

FortiSIEM identifies external and internal threats faster. Plus, it enables threat hunting and compliance monitoring.

  • Incident detection time is reduced with a patented and distributed correlation engine to detect incidents.
  • Out-the-box content includes pre-designed parsers, dashboards, and reporting to cover the most commonly found devices, delivering quick value
  • FortiSIEM Analytics helps hunt for threats and indicators of compromise (IOC).
  • Insider threats are identified with FortiSIEM UEBA, using an agent on endpoints to collect telemetry on behavior.
  • Overall, the mean time to respond (MTTR) is reduced

Out of the Box Compliance and Return on investment (ROI)

Higher ROI is obtained with improved efficiency, lowered risk and reduced impact of attacks, and simplified compliance.

  • Staff and analyst efficiency are improved because they receive the right information and detection.
  • Risks are managed with incident detection and reporting.
  • FortiSIEM out-of-the-box Compliance Reports help organizations stay compliant.
  • Pre-defined content reduces time to value. There are over 750 rules, about 3,000 reports, pre-defined dashboards, and more than 200 vendor devices supported.
  • Security teams can understand incident impact by defining business services. This should indicate what business service is affected by an incident.

FortiSIEM Videos

StratoZen Simplifies SIEM, SOC and Compliance with FortiSIEM
Fortinet Management and Analytics Solution

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.


FortiSIEM News

Gartner, Magic Quadrant for Security Information and Event Management, Pete Shoard, Andy Davies, Mitch Schneider, 11 October, 2022

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Fortinet.