FortiSIEM is designed to be the backbone of your security operations team and attack protection. It provides a unique, high-performance IT/OT SIEM feature set built on advanced analytics, inbuilt configuration management database (CMDB), native SOAR automation, and the latest in GenAI assistance. Delivering out-of-the-box value, complete flexibility, and ultimate scale, it's the right solution for organizations and MSSPs of any size.
Universal event collection
FortiSIEM collects, correlates, and normalizes events/alerts from hundreds of IT/OT multivendor sources across any cloud or on-prem environment. FortiSIEM Generic API integrations and inbound webhook allows for customize support of API and SaaS based services. FortiSIEM flexible agent technology supports high speed ingestion and can filter and tag events at the source. Advanced Endpoint Agents can be used to directly collect detailed information such as file integrity monitoring and support built-in Osquery for advanced threat hunting and investigations.
IT/OT asset CMDB with discovery and monitoring
FortiSIEM supports a built-in Configuration Management Database (CMDB) that provides automatic asset identification and categorization, as well as the collection, monitoring, and threshold alerting of essential asset health metrics. Active polling employs a range of methods to collect metrics, including availability, performance, resource utilization, and configuration changes. CMDB information and asset categorization are also helpful during the incident investigation, providing insights into affected assets and simplifying analyst search queries.
Advanced behavioral threat detection using AI
FortiSIEM uniquely detects attacks using a wide variety of methods and a distributed processing architecture. Tunable UEBA ML and over 2800 IT/OT correlation rules that are updated and powered by threat available threat intelligence. Customers can import additional rules from the open-source SIGMA library and create or customize their own rules. Additionally, the inbuilt ML workbench, designed for ease of use, makes it straightforward for customers to build, train, and deploy their ML-based detections, all within FortiSIEM.
FortiGuard Threat Intelligence and more
FortiGuard Threat Intelligence integrated within FortiSIEM expands and improves incident detection. FortiSIEM can import threat intelligence feeds from a wide variety of independent sources to power threat detection, incident enrichment, and threat hunting. FortiGuard intelligence value-added features include Outbreak Detections, which provide intelligence, detection rules, and threat hunting procedures on for newly discovered security attacks.
Realtime risk-based threat scoring
FortiSIEM provides a clear view of incidents, prioritized through severity ratings while dynamically scoring the associated users and hosts. FortiSIEM risk scoring considers asset criticality, the type and volume of associated incidents and vulnerabilities. With a comprehensive approach to identify the severity and risk, security teams can more effectively manage and mitigate risks.
