Fortinet white logo
Fortinet white logo

FortiSIEM Reference Architecture Using ClickHouse

Design for the Platform Use-Cases

Design for the Platform Use-Cases

FortiSIEM can be used for many applications across an enterprise, such as:

  • Log ingestion and storage

  • SOC Analytics and incident response

  • Performance monitoring

  • Compliance reporting

  • Management reporting

Many deployments will need several or all of these use-cases. Identifying and understanding the organizational use-cases and stakeholder requirements is a key step in designing a successful FortiSIEM solution, for example:

  • Log ingestion and storage requirements have a direct impact on the license, the number of nodes and event database sizing

  • SOC analytics and incident response requirements impact the requirements for integration with 3rd party systems, remediations, dashboards and other analyst features, as well as post-installation training

  • Performance monitoring impacts the number of nodes required to run performance jobs, plus dashboard design

  • Compliance reporting impacts the requirement for custom reporting, plus the selection of log sources to meet compliance monitoring needs

  • Management reporting requirements may need custom report building, and custom dashboards for management monitoring

Design for the Platform Use-Cases

Design for the Platform Use-Cases

FortiSIEM can be used for many applications across an enterprise, such as:

  • Log ingestion and storage

  • SOC Analytics and incident response

  • Performance monitoring

  • Compliance reporting

  • Management reporting

Many deployments will need several or all of these use-cases. Identifying and understanding the organizational use-cases and stakeholder requirements is a key step in designing a successful FortiSIEM solution, for example:

  • Log ingestion and storage requirements have a direct impact on the license, the number of nodes and event database sizing

  • SOC analytics and incident response requirements impact the requirements for integration with 3rd party systems, remediations, dashboards and other analyst features, as well as post-installation training

  • Performance monitoring impacts the number of nodes required to run performance jobs, plus dashboard design

  • Compliance reporting impacts the requirement for custom reporting, plus the selection of log sources to meet compliance monitoring needs

  • Management reporting requirements may need custom report building, and custom dashboards for management monitoring