FortiSIEM
Security information and event management (SIEM) software
System security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if FortiSIEM and its alternatives fit your requirements.
Contact the product provider
Free Trial
Free version unavailable
Small
Medium
Large
- Retail and wholesale
- Energy and utilities
- Manufacturing
What is FortiSIEM
FortiSIEM is a security information and event management (SIEM) platform used to collect, normalize, correlate, and retain logs and events across networks, endpoints, servers, and cloud services. It supports security operations and IT operations use cases such as threat detection, incident investigation, compliance reporting, and infrastructure monitoring. The product combines SIEM analytics with device discovery, performance/availability monitoring, and automated remediation workflows. It is typically deployed by mid-market to enterprise security teams, especially in environments standardized on the Fortinet security stack.
Broad log and device coverage
FortiSIEM ingests events from a wide range of security and infrastructure sources, including network devices, servers, applications, and cloud services. It includes discovery and inventory capabilities that help map devices and services to monitored entities. This can reduce the number of separate tools needed for basic monitoring plus security event correlation. It is well-suited to mixed environments where security and IT operations share visibility requirements.
Integrated monitoring and SIEM workflows
The platform combines SIEM correlation with performance and availability monitoring, enabling investigations that tie security events to infrastructure context. Built-in rules, dashboards, and reporting support common operational and compliance workflows. It also supports automated actions (e.g., ticketing or scripted responses) to standardize triage and remediation steps. This integrated approach can be useful for teams that want one console for both security and operational signals.
Strong fit in Fortinet ecosystems
FortiSIEM integrates closely with other Fortinet products, which can simplify log onboarding and enrichment when those tools are already deployed. Shared vendor integrations can streamline alert context and reduce integration effort compared with stitching together multiple vendors. For organizations standardizing on a single security vendor, this can lower operational overhead. It can also simplify procurement and support relationships for the SIEM layer.
Complex deployment and tuning
SIEM implementations typically require careful sizing, data source onboarding, and ongoing rule tuning, and FortiSIEM is no exception. Achieving high-fidelity detections often depends on normalization quality and environment-specific correlation logic. Organizations without dedicated SIEM engineering resources may experience longer time-to-value. Upgrades and content changes can also require validation to avoid alert noise or missed detections.
User experience can feel dated
Compared with newer cloud-native analytics platforms, the interface and workflow design may feel less streamlined for some analysts. Building custom dashboards, reports, and correlation content can require more product-specific expertise. Investigation workflows may involve more manual steps depending on the data model and how sources are onboarded. This can impact analyst efficiency in high-volume SOC environments.
Best value with Fortinet stack
While FortiSIEM supports third-party integrations, its strongest operational fit is often in environments heavily using Fortinet security controls. Organizations with heterogeneous security stacks may need additional integration work to achieve comparable enrichment and response workflows. Some advanced analytics and automation expectations may require complementary tools or additional configuration. This can reduce the simplicity benefits for teams seeking a vendor-neutral SIEM experience.
Plan & Pricing
Pricing model: Usage-based / subscription or perpetual (SKU-based).
How priced (official): Licensed by Fortinet based on number of managed devices, number of agents (Windows/Linux), and Events Per Second (EPS); an alternative GB-per-day licensing model is also offered for some deployments (FortiSIEM Cloud and VM deployments). Licenses can be perpetual (one-time base license + maintenance) or subscription (annual) depending on SKU.
Official SKUs / ordering notes (as listed in Fortinet docs):
- FSM-AIO-BASE — FortiSIEM All‑In‑One Perpetual License (base) — 50 devices / 500 EPS (perpetual base SKU).
- FSM-AIO-XXXX-UG — Add X devices / EPS/device All‑In‑One (AIO) Perpetual add‑on SKU.
- FC[1-8]-10-FSM98-180-02-DD — FortiSIEM All‑In‑One Subscription SKU (per‑device subscription license; example SKU family shown in docs).
- FortiSIEM Cloud SKUs: FC-10-SMCLD-543-02-DD (FortiCloud entitlement / FortiSIEM Compute Units), plus storage SKUs (FC-10-SMCLD-541-02-DD for 500GB online storage, FC-10-SMCLD-542-02-DD for 500GB archive).
Key notes:
- Fortinet documents explicitly describe EPS‑based licensing and GB‑per‑day licensing and list SKUs, but do not publish list prices or per‑unit dollar amounts on the Fortinet site.
- Procurement/ordering instructions in the docs direct buyers to purchase SKUs via Fortinet sales or authorized partners and to register SKUs through FortiCare/support.
Example (official) licensing attributes — no prices published:
- Per‑device counts (managed devices)
- Agents (Windows/Linux) counts
- Total EPS or additional EPS SKUs
- GB/day raw event licensing (for GB-per-day model)
- Optional automation/UEBA/IOC/maintenance/FortiGuard services included as subscription items
Discounts / commercial terms: Not published on the public Fortinet product/pricing pages; ordering/discounts handled through sales/reseller channels (contact sales/reseller).
Seller details
Fortinet, Inc.
Sunnyvale, California, USA
2000
Public
https://www.fortinet.com/
https://x.com/Fortinet
https://www.linkedin.com/company/fortinet/
