DATA SHEET

FortiSIEM®
Available in:

500F, 500G, 2000F, 2000G, 3500G, & VM

Appliance Virtual Cloud Hosted

Machine

Highlights

n CrossCorrelation of SOC and

NOC Analytics
n Real-Time Network Analytics
n Security and Compliance
out-of-the-box
n Single IT Pane of Glass
Unified Event Correlation and Risk Management for n Cloud Scale Architecture
Modern Networks
n Self
Learning Asset Inventory
Uptime is a mandate for today’s digital business and end users (CMDB)

do not care if their application problems are performance or n Multi-tenancy

security-related. That’s where FortiSIEM comes in. n MSP/MSSP Ready

n Available as a virtual or
physical appliance
Unified NOC and SOC Analytics (Patented)
Fortinet has developed an architecture that enables unified data collection and
analytics from diverse information sources including logs, performance metrics,
SNMP Traps, security alerts, and configuration changes. FortiSIEM essentially
takes the analytics traditionally monitored in separate silos — SOC and NOC — and
brings that data together for a comprehensive view of the security and availability
of the business. Every piece of information is converted into an event which is first
parsed and then fed into an event-based analytics engine for monitoring real-time
searches, rules, dashboards, and ad-hoc queries.

Machine Learning / UEBA

FortiSIEM uses Machine Learning to detect unusual user and entity behavior (UEBA)
without requiring the Administrator to write complex rules. FortiSIEM helps identify
insider and incoming threats that would pass traditional defenses. High fidelity
alerts help prioritize which threats need immediate attention.

User and Device Risk Scoring

FortiSIEM build a risk scores of Users and Devices that can augment UEBA rules
and other analysis. Risk scores are calculated by combining several datapoints
regarding the user and device. The User and Device risk scores are displayed in a
unified entity risk dashboard.

1
DATA SHEET | FortiSIEM®

HIGHLIGHTS
Distributed Real-Time Event Correlation Flexible and Fast Custom Log Parsing
(Patented) Framework (Patented)
Distributed event correlation is a difficult problem, as multiple Effective log parsing requires custom scripts but those can
nodes have to share their partial states in real time to trigger be slow to execute, especially for high volume logs like Active
a rule. While many SIEM vendors have distributed data Directory and firewall logs. Compiled code on the other
collection and distributed search capabilities, Fortinet is the hand, is fast to execute but is not flexible since it needs
only vendor with a distributed real-time event correlation new software releases. Fortinet has developed an XML-
engine. Complex event patterns can be detected in real based event parsing language that is functional like high
time. This patented algorithm enables FortiSIEM to handle level programming languages and easy to modify yet can be
a large number of rules in real time at high event rates for compiled during run-time to be highly efficient. All FortiSIEM
accelerated detection timeframes. parsers go beyond most competitor’s offerings using this
patented solution and can be parsed at beyond 10K EPS per
Real-Time, Automated Infrastructure node.
Discovery and Application Discovery
Engine (CMDB) Business Services Dashboard —
Rapid problem resolution requires infrastructure context.
Transforms System to Service Views
Most log analysis and SIEM vendors require administrators to Traditionally, SIEMS monitor individual components —
provide the context manually, which quickly becomes stale, servers, applications, databases, and so forth — but what
and is highly prone to human error. Fortinet has developed an most organizations really care about is the services those
intelligent infrastructure and application discovery engine that systems power. FortiSIEM now offers the ability to associate
is able to discover both physical and virtual infrastructure, individual components with the end user experience that
on-premises and in public/ private clouds, simply using they deliver together providing a powerful view into the true
credentials without any prior knowledge of what the devices availability of the business.
or applications are.

An up-to-date CMDB (Centralized Management Database)

Automated Incident Mitigation
enables sophisticated context aware event analytics using When an Incident is triggered, an automated script can be
CMDB Objects in search conditions. run to mitigate or eliminate the threat. Built-in scripts support
a variety of devices including Fortinet, Cisco, Palo Alto, and
Dynamic User Identity Mapping Window/Linux servers. Built-in scripts can execute a wide
range of actions including disabling a user’s Active Directory
Crucial context for log analysis is connecting network identity
account, disabling a switch port, blocking an IP address on
(IP address, MAC Address) to user identity (log name, full
a Firewall, deauthenticating a user on a WLAN Access Point,
name, organization role). This information is constantly
and more. Scripts leverage the credentials FortiSIEM already
changing as users obtain new addresses via DHCP or VPN.
has in the CMDB. Administrators can easily extend the actions
Fortinet has developed a dynamic user identity mapping available by creating their own scripts.
methodology. Users and their roles are discovered from
on-premises or Cloud SSO repositories. Network identity is Infusion of Security Intelligence
identified from important network events. Then geo-identity is FortiGuard Threat Intelligence and Indicators of Compromise
added to form a dynamic user identity audit trail. This method (IOC) and Threat Intelligence (TI) feeds from commercial,
makes it possible to create policies or perform investigations open source, and custom data sources integrate easily into
based on user identity instead of IP addresses — allowing for the security TI framework. This grand unification of diverse
rapid problem resolution. sources of data enables organizations to rapidly identify
root causes of threats, and take the steps necessary to
remediate and prevent them in the future. Steps can often
be automated with new Threat Mitigation Libraries for many
Fortinet products.

2 2
 DATA SHEET | FortiSIEM®

HIGHLIGHTS
Large Enterprise and Managed Service Provider Ready — “Multi-Tenant Architecture”
Fortinet has developed a highly customizable, multi-tenant architecture that enables enterprises and service providers to
manage a large number of physical/ logical domains and over-lapping systems and networks from a single console. In this
environment it is very easy to cross-correlate information across physical and logical domains, and individual customer
networks. Unique reports, rules, and dashboards can easily be built for each, with the ability to deploy them across a wide set
of reporting domains, and customers. Event archiving policies can also be deployed on a per domain or customer basis. Granular
RBAC controls allow varying levels of access to Administrators and Tenants/ Customers. For large MSSPs, Collectors can be
configured as multi-tenant to reduce the overall deployment footprint.

FEATURES
Real-Time Operational Context for Rapid Performance Monitoring
Security Analytics § Monitor basic system/ common metrics
§ Continually updated and accurate device context — § System level via SNMP, WMI, and PowerShell
configuration, installed software and patches, running
§ Application level via JMX, WMI, and PowerShell
services
§ Virtualization monitoring for VMware, Hyper-V — guest,
§ System and application performance analytics along with
host, resource pool, and cluster level
contextual inter-relationship data for rapid triaging of
security issues § Storage usage, performance monitoring — EMC, NetApp,
Isilon, Nutanix, Nimble, and Data Domain
§ User context, in real-time, with audit trails of IP addresses,
user identity changes, physical and geo-mapped location § Specialized application performance monitoring

§ Detect unauthorized network devices, applications, and § Microsoft Active Directory and Exchange via WMI and
configuration changes Powershell
§ Databases — Oracle, MS SQL, MySQL via JDBC
Out-of-the-Box Compliance Reports
§ VoIP infrastructure via IPSLA, SNMP, and CDR/CMR
§ Out-of-the-box pre-defined reports supporting a wide
range of compliance auditing and management needs § Flow analysis and application performance — Netflow,
including — SFlow, Cisco AVC, NBAR, and IPFix
PCI-DSS, HIPAA, SOX, NERC, FISMA, ISO, GLBA, GPG13, § Ability to add custom metrics
SANS Critical Controls, COBIT, ITIL, ISO 27001, NERC,
§ Baseline metrics and detect significant deviations
NIST800-53, NIST800-171, NESA
§ To meet GDPR requirements, Personally Identifiable Availability Monitoring
Information (PII) can be obscured based on an § System up/ down monitoring — via Ping, SNMP, WMI,
administrator’s role Uptime Analysis, Critical Interface, Critical Process and
Service, BGP/OSPF/EIGRP status change, Storage port up/
down
UEBA
§ Service availability modeling via Synthetic Transaction
§ FortiSIEM Agent-based UEBA telemetry allows for the Monitoring — Ping, HTTP, HTTPS, DNS, LDAP, SSH, SMTP,
collection of high fidelity user-based activity that includes IMAP, POP, FTP, JDBC, ICMP, trace route and for generic
User, Process, Device, Resource, and Behavior. Using TCP/UDP ports
an agent-based approach allows for the collection of
§ Maintenance calendar for scheduling maintenance
telemetry when the endpoint is on and off the corporate
windows
network, providing a more complete view of user activity.
UEBA telemetry allows for the identification of unknown § SLA calculation — normal business hours and after-hours
bad activities that can be alerted and acted upon considerations

3
DATA SHEET | FortiSIEM®

FEATURES

Powerful and Scalable Analytics Real-Time Configuration Change

§ Search events in real time— without the need for indexing Monitoring
§ Keyword and event-based searches § Collect network configuration files, stored in a versioned
repository
§ Search historical events — SQL-like queries with Boolean
filter conditions, group by relevant aggregations, time- § Collect installed software versions, stored in a versioned
of-day filters, regular expression matches, calculated repository
expressions — GUI and API § Automated detection of changes in network configuration
§ Use discovered CMDB objects, user/ identity and location and installed software
data in searches and rules § Automated detection of file/ folder changes — Windows
§ Schedule reports and deliver results via email to key and Linux — who and what details
stakeholders § Automated detection of changes from an approved
§ Search events across the entire organization, or down to a configuration file
physical or logical reporting domain § Automated detection of windows registry changes via
§ Dynamic watch lists for keeping track of critical violators — FortiSIEM windows agent
with the ability to use watch lists in any reporting rule
Device and Application Context
§ Scale analytics feeds by adding Worker nodes without
§ Network Devices including Switches, Routers, Wireless
downtime
LAN
Baselining and Statistical Anomaly § Security devices — Firewalls, Network IPS, Web/Email
Detection Gateways, Malware Protection, Vulnerability Scanners

§ Baseline endpoint/ server/ user behavior — hour of day § Servers including Windows, Linux, AIX, HP UX
and weekday/ weekend granularity § Infrastructure Services including DNS, DHCP, DFS, AAA,
§ Highly flexible — any set of keys and metrics can be Domain Controllers, VoIP
“baselined” § User-facing Applications including Web Servers, App
§ Built-in and customizable triggers on statistical anomalies Servers, Mail, Databases
§ Storage devices including NetApp, EMC, Isilon, Nutanix,
External Technology Integrations Data Domain
§ Integration with any external web site for IP address lookup § Cloud Apps including AWS, Box.com, Okta, Salesforce.com
§ API-based integration for external threat feed intelligence § Cloud infrastructure including AWS
sources
§ Environmental devices including UPS, HVAC, Device
§ API-based two-way integration with help desk systems Hardware
— seamless, out-of-the box support for ServiceNow,
§ Virtualization infrastructure including VMware ESX,
ConnectWise, and Remedy
Microsoft Hyper-V Scalable and Flexible Log Collection
§ API-based two-way integration with external CMDB — out-
of-the box support for ServiceNow, ConnectWise, Jira, and
SalesForce
§ Kafka support for integration with enhanced Analytics
FortiSIEM Advanced Agents
Reporting — i.e. ELK, Tableau, and Hadoop § Fortinet has developed a highly efficient agentless
technology for collecting information. However some
§ API for easy integration with provisioning systems
information, such as file integrity monitoring data, is
§ API for adding organizations, creating credentials, expensive to collect remotely. FortiSIEM has combined
triggering discovery, modifying monitoring events its agentless technology with high performance agents
for Windows and Linux to significantly bolster its data
collection.

4 4
 DATA SHEET | FortiSIEM®

FEATURES

Scalable and Flexible Log Collection External Threat Intelligence Integrations

§ Collect, Parse, Normalize, Index, and Store security logs at § APIs for integrating external threat feed intelligence —
very high speeds Malware domains, IPs, URLs, hashes, Tor nodes
§ Out-of-the-box support for a wide variety of security § Built-in integration for popular threat intelligence
systems and vendor APIs — both on-premises and cloud sources — FortiGuard, Dragos WorldView, ThreatStream,
ThreatConnect
§ Windows Agents provide highly scalable and rich event
collection including file integrity monitoring, installed § Technology for handling large threat feeds — incremental
software changes, and registry change monitoring download and sharing within cluster, real-time pattern
matching with network traffic. STIX and TAXII support
§ Linux Agents provide file integrity monitoring, syslog
monitoring, and custom log file monitoring
Simple and Flexible Administration
§ Modify parsers from within the GUI and redeploy on a
§ Web-based GUI
running system without downtime and event loss
§ Rich Role-based Access Control for restricting access to
§ Create new parsers (XML templates) via integrated parser
GUI and data at various levels
development environment and share among users via
export/import function § All inter-module communication protected by HTTPS

§ Securely and reliably collect events for users and devices § Full audit trail of FortiSIEM user activity
located anywhere § Easy software upgrade with minimal downtime and event loss
§ Policy-based archiving
Notification and Incident Management § Hashing of logs in real time for non-repudiation and
§ Policy-based incident notification framework integrity verification

§ Ability to trigger a remediation script when a specified § Flexible user authentication — local, external via Microsoft
incident occurs AD and OpenLDAP, Cloud SSO/SAML via Okta, Duo, RADIUS

§ API-based integration to external ticketing systems — § Ability to log into remote server behind a collector from
ServiceNow, ConnectWise, and Remedy FortiSIEM GUI via remote SSH tunnel

§ Built-in ticketing system

Easy Scale Out Architecture
§ Incident reports can be structured to provide the highest
§ Available as Virtual Machines for on-premises and public/
priority to critical business services and applications
private cloud deployments on the following hypervisors
§ Trigger on complex event patterns in real time — VMware ESX, Microsoft Hyper-V, KVM, Amazon Web
§ Incident Explorer — dynamically linking incidents to hosts, Services (AWS), Microsoft Azure and Google Cloud
IPs and user to understand all related incidents quickly Platform (GCP)
§ Multiple physical appliance models with varying levels of
Rich Customizable Dashboards performance to provide a variety of deployment options
§ Configurable real-time dashboards, with “Slide-Show” § Scale data collection by deploying multiple Collectors
scrolling for showcasing KPIs
§ Collectors can buffer events when connection to FortiSIEM
§ Sharable reports and analytics across organizations and Supervisor is not available
users
§ Scale analytics by deploying multiple Workers
§ Color-coded for rapidly identifying critical issues
§ Built-in load balanced architecture for collecting events
§ Fast — updated via in-memory computation from remote sites via collectors
§ Specialized layered dashboards for business services, § Log storage can be either the FortiSIEM proprietary NoSQL
virtualized infrastructure, event logging status dashboard, database, or Elasticsearch which provides the ultimate in
and specialized apps scalability
§ To meet high availability requirements, the Supervisor can
be configured with Active/ Passive instances

5
DATA SHEET | FortiSIEM®

FEATURES
AGENTLESS TECHNOLOGY ADVANCED WINDOWS AGENT ADVANCED LINUX AGENT
Agentless
Discovery ✓⃝ — —
Performance Monitoring ✓⃝ — —
(Low Performance) Collect System, App & Security Logs ✓⃝ — —

Agents
(High Performance) Collect System, App & Security Logs — ✓⃝ ✓⃝
Collect DNS, DHCP, DFS, IIS Logs — ✓⃝ —
Local Parsing and Time Normalization — ✓⃝ —
Installed Software Detection — ✓⃝ —
Registry Change Monitoring — ✓⃝ —
File Integrity Monitoring — ✓⃝ ✓⃝
Customer Log File Monitoring — ✓⃝ ✓⃝
WMI Command Output Monitoring — ✓⃝ —
PowerShell Command Output Monitoring — ✓⃝ —
Central Management and Upgrades of Agent — ✓⃝ ✓⃝

SPECIFICATIONS

FORTISIEM 500F FORTISIEM 500G

“COLLECTOR” “COLLECTOR”
Hardware Specifications
CPU Intel Xeon E3-1225V3 4C4T 3.20 GHz Intel Xeon E-2226GE 6C6T 3.40GHz
Memory DDR3 16 GB (2x 8 GB) DDR4 16GB (2 x 8GB)
Network Interfaces 4x GE RJ45 ports 4 x GbE RJ45
Console Port DB9 DB9
USB Ports 2x USB 2.0; 2x USB 3.0 2 x USB, 2 x USB 3.0

Storage Capacity 3 TB (1x 3 TB) 4TB (1 x 4TB)

Usable Event Data Storage — —

Performance Benchmark 5K EPS. 500 SNMP, 200 WMI for Performance/100 WMI for Logs 5K EPS. 500 SNMP, 200 WMI/OMI for Performance/100 WMI for Logs

Dimensions
Height x Width x Length (inches) 1.7 x 17.2 x 19.8 1.73 x 17.32 x 21.26
Height x Width x Length (mm) 43 x 437 x 503 44 x 440 x 540
Weight 31 lbs (14 kg) 16.76 lbs (7.6 kg)
Form Factor 1 RU 1 RU

Environment
AC Power Supply 100–240V AC, 60–50 Hz 350W single PSU
Power Consumption 132.3 W / 150.3 W 93.87 W / 114.73 W
(Average / Maximum)
Heat Dissipation 546.95 BTU/h 425.58 (BTU/h)
Operating Temperature 50°–95°F (10°–35°C) 32° ~ 104°F (0° ~ 40°C)
Storage Temperature -40°–158°F (-40°–70°C) -4° ~ 167°F (-20° ~ 75°C)
Humidity 8%–90% (non-condensing) 5% to 95% (non-condensing)

Compliance
Safety Certifications FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, CB FCC, ISED, CE, RCM, VCCI, BSMI, UL/cUL, CB

6 6
 DATA SHEET | FortiSIEM®

SPECIFICATIONS

FORTISIEM 2000F FORTISIEM 2000G FORTISIEM 3500G

“SUPERVISOR OR WORKER” “SUPERVISOR OR WORKER” “SUPERVISOR OR WORKER”
Hardware Specifications
CPU Intel Xeon E5-2620V3 6C12T 2 x Intel Xeon Silver 4210R, 10C20T, 2.40GHz, 2 x Intel Xeon Gold 5118 12C24T 2.30GHz
2.40 GHz C621 (total 40T)
Memory DDR4 32 GB (4x 8 GB) DDR4 128GB (16GB x 8 ECC REG Memory) DDR4 128GB (16GB x 8 ECC REG Memory)
Network Interfaces 4x GE RJ45 ports 4 x GbE RJ45 ports 2x GbE RJ45 ports
2 x GbE SFP ports 2x GbE SFP ports
2 x 25GbE SFP28 2x 25GbE SFP28
Console Port DB9 DB9 DB9
USB Ports 2x USB 2.0; 2x USB 3.0 2 x USB 3.0 6 x USB 3.0

Storage Capacity 36 TB (12x 3 TB) 32TB (3.5” SAS 4TB x 8) + 96 TB (4TB x 24)
4TB (2.5” NVMe 1TB x4)

Usable Event Data Storage 23.4 TB ~19TB usable for eventDB 75 TB

Performance Benchmark 15K EPS with Collectors 20K EPS with Collectors 40K EPS with Collectors

Dimensions
Height x Width x Length (inches) 3.5 x 17.2 x 25.6 3.46 x 17.32 x 29.33 7 x 17.2 x 26
Height x Width x Length (mm) 89 x 437 x 648 88 x 440 x 745 178 x 437 x 660
Weight 58 lbs (26.3 kg) 55.78 lbs (25.3 kg) 90.75 lbs (41.2 kg)
Form Factor 2 RU 2 RU 4 RU

Environment
AC Power Supply 100–240V AC, 60–50 Hz 100–240V AC, 60–50 Hz 100–240V AC, 60–50 Hz
Power Consumption 285.7 W / 310.5 W 593.1 W / 724.9 W 645.10 W / 696.02 W
(Average / Maximum)
Heat Dissipation 1093.55 BTU/h 2,507.48 BTU/h 2408.94 BTU/h
Operating Temperature 50°–95°F (10°–35°C) 32° ~ 104°F (0° ~ 40°C) 50°–95°F (10°–35°C)
Storage Temperature -40°–158°F (-40°–70°C) -4° ~ 167°F (-20° ~ 75°C) -40°–158°F (-40°–70°C)
Humidity 8%–90% (non-condensing) 5%-95% (non-condensing) 90% (non-condensing)

Compliance
Safety Certifications FCC Part 15 Class A, RCM, VCCI, CE, UL/cUL, FCC Part 15 Class A, RCM, VCCI, CE, BSMI, FCC Part 15 Class A, RCM, VCCI, CE,
CB RoHS, UL/cUL, CB UL/cUL, CB

LICENSING SCHEME
FortiSIEM Virtual Appliance (VA) and Hardware Appliance (HW)
FortiSIEM licenses provide the core functionality for cross-correlated analytic network device discovery. Devices include switches,
routers, firewalls, and servers. Each device that is to be monitored requires a license. Each license supports data capture and
correlation, alerting and alarming, reports, analytics, search, and optimized data repository, and includes 10 EPS (events per
second). EPS is a performance measurement that defines how many messages or events are generated by each device in a
second. Additional EPS can be purchased separately as needed.

FortiSIEM Cloud

FortiSIEM Cloud unifies all licensed components that are available with VA and HW licensing within the FortiSIEM Compute Units
(FCU). FortiSIEM Cloud is licensed on FCU, Online storage, and Archive storage and depending on the performance requirements
additional FCU or storage can be added. FCU are licensed with increments of 10 FCU with a minimum quantity of 50 and a
maximum of 250 FCU.

7
 DATA SHEET | FortiSIEM®

ORDER INFORMATION
PRODUCT SKU DESCRIPTION
FortiSIEM Hardware Product
FortiSIEM 500F FSM-500F FortiSIEM Collector Hardware Appliance FSM-500 supports up to 5K EPS, 500 SNMP, 200 WMI for
Performance/100 WMI for Logs.
FortiSIEM 500G FSM-500G FortiSIEM Collector Hardware Appliance FSM-500G. Supports up to 5000 EPS
FortiSIEM 2000F FSM-2000F FortiSIEM All-in-one Hardware Appliance FSM-2000F supports up to 15K EPS using Collectors,
(all features turned on). Does not include any device or EPS licenses which must be purchased
separately. Supports up to 500 Licensed, Agent-Based UEBA Telemetry.
FortiSIEM 2000G FSM-2000G FortiSIEM All-in-one Hardware Appliance FSM-2000G supports up to 20K EPS using Collectors, (all
features turned on). Does not include any device or EPS licenses which must be purchased separately.
FortiSIEM 3500G FSM-3500G FortiSIEM All-in-one Hardware Appliance FSM-3500G supports up to 40K EPS using Collectors, (all
features turned on). Does not include any device or EPS licenses which must be purchased separately.

FortiSIEM Base Product

FortiSIEM All-In-One Perpetual License FSM-AIO-BASE Base All-in-one Perpetual License for 50 devices and 500 EPS.
FSM-AIO-XX-UG Add XX devices and EPS/device All-in-one Perpetual License.
FortiSIEM All-In-One Perpetual License for FSM-AIO-2000-BASE 100 devices and 1000 EPS All-in-one Perpetual License for FortiSIEM FSM-2000.
FSM-2000 Does not include Maintenance & Support.
FortiSIEM All-In-One Perpetual License for FSM- FSM-AIO-3500-BASE 500 devices and 5000 EPS All-in-one Perpetual License for FortiSIEM FSM-3500G.
3500G Does not include Maintenance & Support.
FortiSIEM All-In-One Subscription License FC1-8-FSM98-180-02-DD Per Device Subscription License that manages minimum XX devices, 10 EPS/device.

FortiSIEM Additional Products

FortiSIEM End-Point Device Perpetual License FSM-EPD-XX-UG Add XX End-Points and 2 EPS/End-Point for All-in-one Perpetual License.
FortiSIEM End-Point Device Subscription License FC[1-8]-10-FSM98-184-02-DD Per End-Point Subscription License for minimum XX End-Points, 2 EPS/End-Point.
Add 1 EPS Perpetual License FSM-EPS-100-UG Add 1 EPS Perpetual.
Add 1 EPS Subscription License FC[1-10]-FSM98-183-02-DD Add 1 EPS Subscription.
FortiSIEM Advanced Agent (Windows & Linux) FSM-AGT-ADV-XX-UG XX Advanced Agents for Perpetual License.
Perpetual License
FortiSIEM Advanced Agent (WIndows & Linux) FC[1-8]-10-FSM98-182-02-DD Per Agent Subscription License for minimum XX Advanced Agents.
Subscription License
IOC Service Subscription License FC[1-G]-10-FSM98-149-02-DD (X Points) FortiSIEM Indicators of Compromise (IOC) Service. 1 “Device” or 2 “End-Points” or
3 “Advanced Agents - Log & FIM” or 10 “Advanced Agents - UEBA Telemetry” equals 1 point.

FortiSIEM-UEBA Agent Perpetual License FSM-UEBA-XX-UG Advanced Agents - UEBA Telemetry Perpetual Licenses. Does not include Maintenance & Support.
Not supported on F Series HW Appliances.

FortiSIEM-UEBA Subscription License FC[1/4/9]-10-FSM98-334-02-DD Per Advanced Agent - UEBA Telemetry Subscription License, a minimum of 25 Agents. Does not
include Maintenance & Support. Not supported on F Series HW Appliances.

FortiSIEM Manager FC1-10-SMMGR-574-02-DD Subscription license for FortiSIEM Manager providing centralised incident, management and status
of independent FortiSIEM instances. Requires a Minimum Qty. of 5 to monitor 5 separate FortiSIEM
Instances, max of 50 Instances. Includes Maintenance & Support.

FortiSIEM Support
FortiCare Support for FortiSIEM FC[1-G]-10-FSM97-248-02-DD 24x7 FortiCare Contract (X Points). 1 “Device” or 2 “End-Points” or 3 “Advanced Agents - Log & FIM”
or 10 “Advanced Agents - UEBA Telemetry” equals 1 point.
FortiCare Support for Hardware Appliance FC-10-FSM[XX]-247-02-DD FortiCare Premium Support - Hardware Appliance only - product support required separately.

FortiSIEM Cloud
FortiSIEM Compute Units FC-10-SMCLD-543-02-12 FortiSIEM Compute Units (FCU). Minimum quantity of 50 FCU. Annual Subscription. Includes
FortiCare Support.
FortiSIEM Cloud Online Storage FC-10-SMCLD-541-02-12 Additional 500GB online storage. Requires minimum quantity of 1 with initial FortiSIEM Compute Unit
order. Annual Subscription.
FortiSIEM Cloud Archive Storage FC-10-SMCLD-542-02-12 Archive 500GB storage. Annual Subscription.

www.fortinet.com

Copyright © 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that you will not use
Fortinet’s products and services to engage in, or support in any way, violations or abuses of human rights, including those involving censorship, surveillance, detention, or excessive use of force. Users of Fortinet products are required to comply with the Fortinet EULA
(https://www.fortinet.com/content/dam/fortinet/assets/legal/EULA.pdf) and report any suspected violations of the EULA via the procedures outlined in the Fortinet Whistleblower Policy (https://secure.ethicspoint.com/domain/media/en/gui/19775/Whistleblower_Policy.pdf).

FSIEM-DAT-R27-20220719