Fortinet black logo

FortiSIEM Reference Architecture Using ClickHouse

Home FortiSIEM 6.7.0 FortiSIEM Reference Architecture Using ClickHouse
6.7.0
7.1.5
7.1.4
7.1.3
7.1.2
7.1.1
7.1.0
7.0.3
7.0.2
7.0.1
7.0.0
6.7.9
6.7.8
6.7.7
6.7.6
6.7.5
6.7.4
6.7.3
6.7.2
6.7.1
6.7.0

What is the FortiSIEM Reference Architecture

What is the FortiSIEM Reference Architecture

FortiSIEM combines a broad feature set, easy to use interface and massive scalability into a fully featured security information and event management (SIEM) platform, suitable for deployment in anything from a small organization to a large multi-tenant Managed Security Service Provider (MSSP).

The ease of use of FortiSIEM makes it suitable for organizations who are exploring SIEM technology for the first time. The breadth of features, massively scalable architecture and wide product support make it suitable for mature enterprise organizations. The full multi-tenant capabilities of a service provider installation make it suitable for MSSP installations hosting large numbers of customers. FortiSIEM is flexible, scalable and powerful while still being easy to use.

This FortiSIEM Reference Architecture provides a guide to deploying FortiSIEM using the ClickHouse event database. This guide provides a broader set of implementation considerations for organizations to consider.

Intended Audience

The intended audience of this document are administrators, security architects, and infrastructure administrators of the FortiSIEM platform.

About this Guide

This document describes many of the common deployment scenarios, both small and large. Guidance is also provided on storage and database options, hypervisor options and event collection.

This document should be read in conjunction with other FortiSIEM reference guides that are available at https://docs.fortinet.com/product/fortisiem/.

This guide is based on the capabilities available within FortiSIEM 6.7.x.

Previous
Next

What is the FortiSIEM Reference Architecture

FortiSIEM combines a broad feature set, easy to use interface and massive scalability into a fully featured security information and event management (SIEM) platform, suitable for deployment in anything from a small organization to a large multi-tenant Managed Security Service Provider (MSSP).

The ease of use of FortiSIEM makes it suitable for organizations who are exploring SIEM technology for the first time. The breadth of features, massively scalable architecture and wide product support make it suitable for mature enterprise organizations. The full multi-tenant capabilities of a service provider installation make it suitable for MSSP installations hosting large numbers of customers. FortiSIEM is flexible, scalable and powerful while still being easy to use.

This FortiSIEM Reference Architecture provides a guide to deploying FortiSIEM using the ClickHouse event database. This guide provides a broader set of implementation considerations for organizations to consider.

Intended Audience

The intended audience of this document are administrators, security architects, and infrastructure administrators of the FortiSIEM platform.

About this Guide

This document describes many of the common deployment scenarios, both small and large. Guidance is also provided on storage and database options, hypervisor options and event collection.

This document should be read in conjunction with other FortiSIEM reference guides that are available at https://docs.fortinet.com/product/fortisiem/.

This guide is based on the capabilities available within FortiSIEM 6.7.x.

Previous
Next