Fortinet FortiSIEM Primary Use Case
SY
SaurabhYadav5
Network Engineer at Ogma Consulting
Our primary use case for Fortinet FortiSIEM is mostly in government offices. We fully rely on vendors for implementation, and we generally review and approve the recommendations made by the implementation partners.
View full review »
MT
Muhammad Tayyab
IT Solutions Product Manager at a computer software company with 11-50 employees
Mainly, we are configuring various correlation rules in FortiSIEM to detect various types of cyber threats and cybersecurity attacks, particularly brute force attacks, denial of service attacks, and distributed denial. We are using it to identify suspicious activities by internal staff as well as outsiders, for any type of intrusion.
View full review »My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification.
My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and government departments to agencies.
View full review »Buyer's Guide
Fortinet FortiSIEM
July 2025

Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
860,825 professionals have used our research since 2012.
We use this technology to configure and setup rules and conduct threat hunting.
View full review »FortiSIEM is primarily used as a monitoring tool that can monitor all the incidents and events occurring in the network. The main concern of the customer is to view all the events and incidents on a single pane where everything can be managed.
View full review »CO
Cletus Okolie
Senior Network Associate at AMCON, Inc.
We're using it to manage devices on the network. We get real-time incident reports on changes done on the servers and changes on routers and switches. They also use it to provide reports to management on activities, incidents, and events.
View full review »JO
Johan Ortiz
Security Manager at Banco Lopez de Haro
Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.
View full review »I use the solution in my company for our client, which is a big university in Tunisia, and they have many servers and virtual machines. The university has to prevent attacks by making sure that they can stop the attack at the beginning. Fortinet is good for knowing if any of the equipment in the network has been attacked like ransomware or something, and we can stop the attack and secure the network.
We use the solution for monitoring, intrusion detection, and user behavior analytics. We run the dashboards to detect anomalies. We have our own incident tracking solution. We use it to track the time to detect versus the time to resolve and close the ticket.
View full review »I normally use the solution in my company as part of SOC. The tool is implemented to collect logs from all networks, perimeter devices, and security devices. We are using all kinds of SIEM tools to collect logs, especially security logs from all network devices, and analyze all those logs. Fortinet FortiSIEM works for enterprise and banking customers and BFSI customers, as most of them use Fortinet FortiGate devices for the security of the perimeter devices.
The primary use case of FortiSIEM for my client is to provide comprehensive security information and event management (SIEM) capabilities. It is used to monitor, detect, and respond to security incidents across the client's network by aggregating and analyzing logs, events, and other data from various sources. FortiSIEM enables real-time threat detection, compliance reporting, and overall visibility into the security posture, helping to identify potential risks and take proactive measures to protect the organization's infrastructure.
View full review »We are using Fortinet FortiSIEM on-premises and Azure Sentinel on the cloud. We are a university with an E5 license, and we cannot pump everything to Azure Sentinel because it will cost quite a lot. That's why we have two SIEM systems, one for cloud and one for on-premises.
We use Fortinet FortiSIEM for our on-premises services. It has a perpetual license, and we pay once. Depending on your storage size, you can pump to your on-premises SIEM system whenever you like. Our strategy is to use Azure Sentinel as little as possible. Since we have two SIEM systems, vendor integration is a problem, and we need more staff.
I am part of the team that implements the solution, and we hand it over to the operations team. We use FortiSIEM to ingest logs. The customer provides us with the IPs for the log sources, and we add them to the FortiSIEM dashboard. We can check the logs for signs of malicious access from outside devices and set rules based on the customer's preferences.
View full review »FortiSIEM analyzes the logs from all the servers and firewalls.
View full review »We have eight use cases installed, and we are collecting log sources from most of the relevant endpoints. We did all that configuration ourselves. So, the product didn't really have a lot to do with it.
It is deployed on a private cloud. We manage the cloud infrastructure ourselves, and its primary purpose is to monitor and protect our network devices and our own business systems, not necessarily our customer-facing services.
We are most probably on version 3. We are not on the current release.
View full review »We primarily use the solution for security.
View full review »We use the solution to monitor events and logs. It gives us a very powerful view of what is going on. We can configure it to send notifications of any malicious detection because it is based on an ML (machine learning) algorithm. Aside from using the solution to monitor the logs from different sources, we can also get detections because it has strong machine learning capability.
View full review »SS
SrikanthSubramanian
senior consutant at HCLSoftware
We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.
View full review »We have an MSSP license and provide services to customers from various verticals like manufacturing, pharmaceutical, and MRD (Manufacturing, Retail & Distribution). We provide the services of Fortinet FortiSIEM to customers who cannot avail of costly on-premise services.
View full review »I primarily use FortiSIEM for Rwandan clients in banking and finance. Most of my clients require strictly on-prem solutions because of national data regulations. They are also skeptical of putting their data on the cloud, and the law requires all data to reside at a domestic data center.
Our use case is for collecting logs and monitoring internet traffic through firewalls. We have Fortinet firewalls and Fortinet WAF. I'm a system programmer and we are customers of Fortinet.
View full review »SI
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
We use Fortinet FortiSIEM for storage of security information and analysis, as well as for alerts from the 50-60 services that we have. All of our webs are linked to FortiSIEM. It's a form of SOC tool and data is used for identifying trends and what's happening around the networks. We're customers and end-to-end users when it comes to FortiSIEM, but for other Fortinet products we're either partners or a value-added reseller. I'm the principal cloud architect in our company.
SS
SrikanthSubramanian
senior consutant at HCLSoftware
We use the Fortinet FortiSIEM tool for log monitoring and alert generation. We use Fortinet FortiSIEM to collect logs from the critical servers of the customer's infrastructure, like active directory servers and file servers. We also collect logs from a few security devices like the firewall, the proxy, and the antivirus setup. Based on that, our team checks the logs, and we get an alert to take action on the development.
View full review »AB
Andre Boettcher
Solution Consultant at 1&1 Versatel Deutschland GmbH
FortiSIEM combines information from operations and integrates it into management.
View full review »MC
Marcelo Canedo
Presales IT at a tech services company with 201-500 employees
I work in our presales department. We have three of our clients using Fortinet FortiSIEM.
The solution is useful to integrate logs from different sources so that there is a common place to see and create dashboards and the AI associated with event checking.
We have a common service desk for our customers that has three employees monitoring everything. It requires less than one person to watch the dashboards, send the alerts and call the back office during an event. The solution requires maintenance every three months to install the last stable version of the firmware.
View full review »We are using the solution for our customers.
View full review »We are using Fortinet FortiSIEM for multi-tenant SOC service.
Fortinet FortiSIEM is deployed in our data center, and we have one collector. Each client has a collector within their environment. We set up a collector within each client's environment, and then have a VPN connection from the client's environment to our environment.
View full review »We are creating our new dashboards and correlations as per our requirements with Fortinet FortiSIEM.
View full review »Fortinet FortiSIEM is used to retrieve logs from different sources, such as network switches, firewalls, and servers, that are running difficult operating systems. The solution adds intelligence to the process that can provide meaningful information for the data analyst to use.
The solution can be deployed on the cloud or on-premise.
View full review »I use FortiSIEM for email events and security alarms.
View full review »I am using Fortinet FortiSIEM to correlate events in our enterprise.
View full review »My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.
View full review »RN
RakeshNaganna
Cyber Security Analyst at a retailer with 1,001-5,000 employees
We use it as our main SIEM tool for creating rules, creating alerts, monitoring, and accessing CMDB. We also use it to monitor a few more things related to writing security.
View full review »MB
MarioBrito
chief of cybersecurity at ECSSA El Salvador
We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.
Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges.
View full review »IS
Ishwor Shrestha
Security Analyst at netfiniti
I primarily use the solution as part of the firewall. I work mostly with banks and have extensive experience with configuring the VPN in relation to Fortinet.
We primarily use it for all of our cloud space and for firewalls,and AWS security services etc., for example, for the email, Cloud watch and AWS security HUB
SM
SahrahMohammed
Network Security Engineer at Go Faster
We use FortiSIEM to protect our customers.
Our current client has 20 branches and we can connect from any branch to their headquarters. We have high availability between headquarters and branches via the VPN connection. We can protect our SD-WAN, as well.
View full review »I implemented Fortinet FortiSIEM in my company to collect all logs from old systems, networks, and security devices in the network. Fortinet FortiSIEM has a correlation rule, and from it, you can generate incidents and get analytics. The tool also serves as a threat intelligence and integration platform. With FortiGuard or any third-party tools, Fortinet FortiSIEM, as a threat intelligence platform, can enrich the log attributes or criteria, which is well reflected in incidents.
DM
COCO BABY
Soc analyst at Konvergenz
I use the solution in my company since it provides ease of monitoring. My company uses the product to get reports for our customers and monitoring purposes, as per the customer's preferences.
View full review »If a customer is looking to establish a centralized monitoring and security solution, Fortinet FortiSIEM can be tailored to meet their specific needs effectively. This solution offers extensive customization options, making it possible to adapt it precisely to their requirements.
View full review »DD
Drissa DOUMBIA
Network Security Engineer at Technicom Mali
It is used as an alerting platform and has an availability manager.
We use Fortinet FortiSIEM for security, a gateway, and for authentication.
View full review »We use this solution to collect logs.
View full review »This solution is used to detect irregular user and entity behavior using machine learning.
View full review »PD
ParveshDhurmea
Assistant Engineer at Harel Mallac Technologies Ltd
Fortinet FortiSIEM can be used to detect unusual user and entity behavior on networks.
We currently are in the process of testing the solution.
View full review »We primarily use the solution for network and security monitoring.
View full review »JG
JoshuaGardner
IT Executive: Operations & Security at Icon Information Systems (Pty) Ltd
We run a Manage Security Services company and we use it in-house and for some of our clients. The service is a multitenant platform where our clients can log on to view and access various security-related activities and features. In more ways, it becomes like a cloud solution to them. We make use of a secure connection from the clients’ networks using collectors located on their premises back to our centralized SIEM platform.
View full review »TA
TalhaAktas
Security Manager at BKL
We primarily use the solution for integration with FortiGate Firewall. We use it for multiple authentification, malware detection, and protection from DDoS attacks.
View full review »We primarily use the solution for collecting logs and duo correlation on our customer's premises.
View full review »AK
ICTenterprserv67
Manager, ICT Enterprise Services at a government with 201-500 employees
We use the on-prem deployment model of this solution. Our primary use case of this solution is for all of our infrastructure monitoring, applications, performance monitoring, and for security, incident, and event analysis.
View full review »We use the on-prem model of this solution. Our primary use case is for malware and behavior monitoring. We also use it to monitor system performance and user behavior.
View full review »We're using FortiSIEM as the main metadata server for all the security and infrastructure devices. We integrate a lot of nodes, switches, firewalls, and sandboxes with it to gain and covers performance, availability, change, and security monitoring aspects of network devices, servers, and applications.
We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.
View full review »We are a system integrator and we resell this solution.
View full review »WM
Wander Menezes
Technical Lead at Arcon Labs at a tech services company with 51-200 employees
My primary use case is that it is an analyst tool for hunting on your site network.
View full review »We have nearly 30 analysts currently using FortiSIEM.
View full review »We are trying to onboard some devices, which we will analyze using Fortinet FortiSIEM.
Once it responds smoothly, we will onboard some clients with requests.
View full review »We use the product for threat detection.
View full review »Buyer's Guide
Fortinet FortiSIEM
July 2025

Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
860,825 professionals have used our research since 2012.