Fortisiem Duration That Logs Are Hold
Press and hold the Shift key and drag the mouse over a time window. This modifies the time window in the current tab. Click Save and Run to see the results. Viewing parsed raw events. Hover over a Raw Event Log cell and click Show Details. The display shows how FortiSIEM parsed that event. Adding an attribute to the filter criteria in the search. In-Place Hold and Litigation Hold in Exchange Server. 2/8/2020; 14 minutes to read +4; In this article. When a reasonable expectation of litigation exists, organizations are required to preserve electronically stored information (ESI), including email that's relevant to the case.
Antivirus
This chapter includes the following sections:
l FortiClient Antivirus l Antivirus logging l Antivirus options l Endpoint control
FortiClient Antivirus
FortiClient includes an antivirus module to scan system files, executable files, removable media, dynamic-link library (DLL) files, and drivers. FortiClient will also scan for and remove rootkits. In FortiClient, File Based Malware, Malicious Websites, Phishing, and Spam URL protection is part of the antivirus module. Scanning can also be extended using FortiSandbox.
This section describes how to enable and configure antivirus options.
Enable or disable antivirus
To enable real-time protection:
- On the AntiVirus tab, select the settings icon next to Realtime Protection Disabled. The real-time protection settings page will open.
- Select Scan files as they are downloaded orcopied to my system.
- Select OK.
If you have another antivirus program installed on your system, FortiClient will show a warning that your system may lock up due to conflicts between different antivirus products.
To disable real-time protection:
- On the AntiVirus tab, select the settings icon next to Realtime Protection Enable. The real-time protection settings page will open.
- Deselect Scan files as they are downloaded orcopied to my system.
- Select OK.
Conflicting antivirus warning
FortiSandbox
FortiClient integration with FortiSandbox allows users to submit files to FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they cannot be detected by the local, real-time scanning. Access to the downloaded file is blocked until the scanning result is returned.
As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time and on-demand AV scanning.
This option cannot be configured on a registered endpoint, and must instead be configured on the FortiGate/EMS.
To extend scanning using FortiSandbox:
- On the AntiVirus tab, select the settings icon to open the real-time protection settings page.
- Select Extend scanning using FortiSandbox.
- Enter the FortiSandbox IP address, then select Test to ensure that the connection is correct.
- Optionally, select Identify malware & exploits using signatures received from FortiSandbox.
- Select OK to apply your changes.
Blocking access and communication channels
To block access to malicious websites and known communication channels used by attackers:
- On the AntiVirus tab, select the settings icon to open the real-time protection settings page.
- Select Block all access to malicious websites and Block known communication channels used by attackers.
- Select OK to apply your changes.
Notifications
Select the notifications icon in the FortiClient console to view notifications. When a virus has been detected, the notifications icon will change from gray to yellow.
Event notifications include:
- Antivirus events including scheduled scans and detected malware. l Endpoint Control events including configuration updates received from FortiGate.
- WebFilter events including blocked web site access attempts. l System events including signature and engine updates and software upgrades.
Select the Threat Detected link to view quarantined files, site violations, and real-time protection events.
Scan now
To perform on-demand antivirus scanning, select the Scan Now button in the FortiClient console. Use the dropmenu to select Custom Scan, Full Scan, Quick Scan, or Removable media Scan. The console displays the date of the last scan to the left of the button.
- Custom Scan runs the rootkit detection engine to detect and remove rootkits. It allows you to select a specific file folder on your local hard disk drive (HDD) to scan for threats.
- Full Scan runs the rootkit detection engine to detect and remove rootkits, then performs a full system scan including all files, executable files, DLLs, and drivers for threats.
- Quick System Scan runs the rootkit detection engine to detect and remove rootkits. It only scans executable files, DLLs, and drivers that are currently running for threats.
- Removable media Scan runs the rootkit detection engine to detect and remove rootkits. It scans all connected removable media, such as USB drives.
Scan a file or folder on your workstation
To perform a virus scan a specific file or folder on your workstation, right-click the file or folder and select Scan with FortiClient AntiVirus from the menu.
Submit a file for analysis
You can select to send up to 5 files a day to FortiGuard for analysis. To submit a file, right-click a file or executable and select Submit foranalysis from the menu. A dialog box will be displayed which allows you to see the number of files you have submitted. Confirm the location of the file you want to submit then select the Submit button.
View FortiClient engine and signature versions
To view the current FortiClient version, engine, and signature information, select Help in the toolbar, and select About in the menu. Hover the mouse over the status field to see the date and time that FortiClient last updated the selected item.
When FortiClient is registered to FortiGate for endpoint control, you can select to use a FortiManager device for client software and signature updates. When configuring the FortiClient profile, select Use FortiManagerforclient software/signature updates to enable the feature and enter the IP address of your FortiManager device. You can select to failover to FDN when FortiManager is not available.
Schedule antivirus scanning
Select the settings icon beside Realtime Protection in the FortiClient console to open the antivirus settings page, then select the Scheduled Scan tab to schedule antivirus scanning.
Scans cannot be scheduled on registered endpoint.
Configure the following settings:
| Schedule Type | Select Daily, Weekly, or Monthly from the drop-down list. |
| Scan On | For Weekly scheduled scan, select the day of the week in the drop-down list. For Monthly scheduled scan, select the day of the month in the drop-down list. |
| Start | Select the time of day that the scan starts. The time format uses a 24-hour clock. |
| Scan Type | Select the scan type: l Quick system scan runs the rootkit detection engine to detect and remove rootkits. It only scans executable files, DLLs, drivers that are currently running for threats. l Full system scan runs the rootkit detection engine to detect and remove rootkits. It then performs a full system scan including all files, executable files, DLLs, and drivers for threats. l Custom scan runs the rootkit detection engine to detect and remove rootkits. It allows you to select a specific file folder on your local hard disk drive (HDD) to scan for threats. You cannot schedule a removable media scan. A full scan will scan removable media. |
| Disable Scheduled Scan | Select to disable scheduled scan. |
Select OK to save the setting and return to the main FortiClient console page.
If you configure monthly scans to occur on the 31st of each month, the scan will occur on the first day of the month for those months with less than 31 days.
Add files/folders to an exclusion list
Select the settings icon beside Realtime Protection in the FortiClient console to open the antivirus settings page, then select the Exclusion List tab.
To add files/folders to the antivirus exclusion list, select the add icon and then select Add file or Add folder from the drop-down list. Any files or folders in this exclusion list will not be scanned. Select the minus icon to remove files or folders from the list.
Select OK to save the setting and return to the FortiClient console page.
View quarantined threats
To view quarantined threats, select the X Threats Detected link in the FortiClient console, then select the Quarantined Files tab. In this page you can view, restore, or delete the quarantined file. You can also view the original file location, the virus name, submit the suspicious file to FortiGuard, and view logs.
This page displays the following:
| File Name | The name of the file. | |
| Date Quarantined | The date and time that the file was quarantined by FortiClient. | |
| Refresh | Select to refresh the quarantined files list. | |
| Details | Select a file from the list to view detailed information including the file name, original location, date and time that the virus was quarantined, the submitted status, status, virus name, and quarantined file name. | |
| Logs | Select to view FortiClient log data. | |
| Refresh | Select to refresh the list. | |
| Submit | Select to submit the quarantined file to FortiGuard. Press and hold the control key to submit multiple entries. | |
| Restore | Select to restore the quarantined file. A confirmation dialog box will be displayed. You can select Yes to add this file/folder to the exclusion list, No to restore the file, or Cancel to exit the operation. Press and hold the control key to restore multiple entries. | |
| Delete | Select to delete the quarantined file. A confirmation dialog box will be displayed, select Yes to continue. Press and hold the control key to delete multiple entries. | |
| Close | Select to close the page and return to the FortiClient console. | |
View site violations
To view site violations, select the X Threats Detected link in the FortiClient console, then select the Site Violations tab. On this page you can view site violations and submit sites to be re-categorized.
This page displays the following:
| Website | Displays the name of the website. | |
| Time | Displays the date and time of the site violation. | |
| Refresh | Select to refresh the site violation list. | |
| Details | Select an entry in the list to view site violation details including the website name, category, date and time, user name, and status. Select the category link to request to have the site category re-evaluated. | |
View alerts dialog box
When FortiClient antivirus detects a virus while attempting to download a file via a web-browser, you will receive a warning dialog message.
Select View recently detected virus(es) to collapse the virus list. Select a file in the list and right-click to access the context menu.
| Delete | Select to delete a quarantined or restored file. |
| Quarantine | Select to quarantine a restored file. |
| Restore | Select to restore a quarantined file. |
| Submit Suspicious File | Select to submit a file to FortiGuard as a suspicious file. |
| Submit as False Positive | Select to submit a quarantined file to FortiGuard as a false positive. |
| Add to Exclusion List | Select to add a restored file to the exclusion list. Any files in the exclusion list will not be scanned. |
| Open File Location | Select to open the file location on your workstation. |
When Alert when viruses are detected under AntiVirus Options on the Settings page is not selected, you will not receive the virus alert dialog box when attempting to download a virus in a web browser.
Realtime Protection events
When an antivirus real-time protection event has occurred you can select to view these events in the FortiClient console. From the AntiVirus tab, select X Threats Detected, then select Real-time Protection events (x) in the left pane. The realtime_scan.log will open in the default viewer.
Example log output:
Realtime scan result: time: 09/29/15 10:46:07, virus found: EICAR_TEST_FILE, action: Quarantined, c:usersuserdesktopeicar.com
logging
time: 09/29/15 10:46:07, virus found: EICAR_TEST_FILE, action: Quarantined, c:usersuserdesktopeicar.com.txt
time: 09/29/15 10:46:07, virus found: EICAR_TEST_FILE, action: Quarantined, c:usersuserdesktopeicarcom2.zip
time: 09/29/15 10:46:08, virus found: EICAR_TEST_FILE, action: Quarantined, c:usersuserdesktopeicar_com.zip
time: 09/29/15 10:46:39, virus found: EICAR_TEST_FILE, action: Quarantined, c:usersuserappdatalocaltemp3g_bl8y9.com.part
time: 03/18/15 10:48:13, virus found: EICAR_TEST_FILE, action: Quarantined, c:usersuserappdatalocaltempxntwh8q1.zip.part
Antivirus logging
To configure logging, select File > Settings from the toolbar then expand the Logging section.
Configure the following settings:
| Enable logging for these features | Select antivirus to enable logging for this feature. |
| Log Level | Select the level of logging: l Emergency: The system becomes unstable. l Alert: Immediate action is required. l Critical: Functionality is affected. l Error: An error condition exists and functionality could be affected. l Warning: Functionality could be affected. l Notice: Information about normal events. l Information: General information about system operations. l Debug: Debug FortiClient. |
| Log file | |
| Export logs | Select to export logs to your local hard disk drive (HDD) in .log format. |
| Clear logs | Select to clear all logs. You will be presented a confirmation window, select Yes to proceed. |
Antivirus options
For information on configuring antivirus options, see Antivirus options on page 109.
Endpoint control
Endpoint control
When FortiClient is registered to FortiGate/EMS for endpoint control, FortiClient receives configuration and settings via the FortiClient Profile configured on the device.
To enable antivirus protection on FortiGate:
- Log in to your FortiGate.
- In the left tree menu, select Security Profiles > FortiClient Profiles.
- In the right pane, in the Edit FortiClient Profile page, in the Security tab, enable AntiVirus.
- Select Apply to save the profile.
The FortiGate will send the FortiClient Profile configuration update to registered clients.
To enable antivirus protection on EMS:
- Log in to the EMS.
- Go to Endpoint Profiles and select a profile to edit.
- In the right pane, select AntiVirus Protection to enable antivirus protection and configure as needed.
- Select Save to save the profile.
The EMS will send the FortiClient Profile configuration update to registered clients.
Antivirus profile settings
FortiGate and EMS share similar settings for antivirus profiles. EMS also includes advanced options.
Endpoint control
After enabling antivirus protection on FortiGate/EMS, the following settings can be configured:
| Scan Downloads | Scan files as they are downloaded or copied to my system. |
| Scan with FortiSandbox | Extended scanning using FortiSandbox. FortiClient will send supported files downloaded over the internet to FortiSandbox if they cannot be detected by the local, real-time scanning |
| FortiSandbox IP address | The IP address of the FortiSandbox device. |
| Wait for FortiSandbox results | Wait for FortiSandbox results before allowing file access. |
| Use FortiSandbox signatures | Identify malware & exploits using signatures or URLs received from FortiSandbox. |
Endpoint control
| Block malicious websites | Block all access to malicious websites. EMS also has the option of using the exclusion list defined in the web filter profile. |
| Block attack channels | Block known communcation channels used by attackers. |
| Alert when viruses are detected | This option is EMS only. |
| Schedule Scan | Schedule automatic scans daily, weekly, or monthly at a specific time of day. Quick, Full, and Custom scans can be run automatically. |
| Excluded Paths | Files or folders that are not scanned. |
Advanced options available on EMS only include:
| Scan Downloads | Files that are scanned as they are downloaded or copied to the system can be treated in one of the following ways: l Clean infected files (quarantine if cannot clean) l Repair infected files (quarantine if cannot clean) l Warn the user if a process attempts to access infected files l Quarantine infected files l Deny access to infected files |
| Scan with FortiSandbox | If waiting for FortiSandbox results is enabled, access to downloaded files can be denied if FortiSandbox is offline. |
| Scan compresses files | Scan compressed files that are up to a specified size (default: 10Mb). |
| Scan email | Scan email messages and attachments. |
| User process scanning | l Scan files when processes read or write them l Scan files when processes read them l Scan files when processes write them |
| Scan network files | Scan network files. |
| System process scanning | l Scan files when system processes read or write them l Scan files when system processes read them l Scan files when system processes write them l Do not scan files when system processes read or write them |
Endpoint control
| On demand scanning | Configure on-demand file scan options. l Clean infected files (quarantine if cannot clean) l Repair infected files (quarantine if cannot clean) l Warn the user if a process attempts to access infected files l Quarantine infected files |
| Integrate FortiClient into Windows Explorer’s mouse menu | Add the options to Scan with FortiClient AntiVirus and Submit foranalysis to the Windows Explorer right-click menu. |
| Pause scanning when running on battery power | Pause a scanning process when the computer is running on battery power. |
| Automatically submit suspicious files to FortiGuard for analysis | Submit all files to FortiGuard for analysis. |
| Scan compresses files | Scan compressed files that are up to a specified size (default: 10Mb, 0 means unlimited) |
| Maximize scan speed | Select the amount of memory a computer must have before FortiClient maximizes its scan speed. One of: 4MB, 6MB, 8MB, 12MB, 16MB. |
| More Options | Enable or disable various other options, including: l Scan for rootkits l Scan for adware l Scan for riskware l Enable advanced heuristics l Scan removable media on insertion l Scan mime files (inbox files) l Enable FortiGuard Analytics l Notify logged in users if their AntiVirus signatures expire |
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Overview:
FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.
Companies around the world use FortiSIEM for the following use cases:
- Threat management and intelligence that provide situational awareness and anomaly detection
- Alleviating compliance mandate concerns for PCI, HIPAA and SOX
- Managing “alert overload”
- Handling the “too many tools” reporting issue
- Addressing the MSPs/MSSPs pain of meeting service level agreements
Major Customers:
FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
Pricing & Plans:
Plan | Overview | Support | Price |
FortiSIEM All-In-One Perpetual License | |||
FortiSIEM All-In-One Perpetual License | 50 devices and 500 EPS all-in-one perpetual license for Non-MSP/MSSP's | Does not include Maintenance & Support | $24,916.00 |
FortiSIEM All-In-One Subscription | FortiSIEM All-In-One Subscription License Base subscription license for Security and Monitoring Services All In One | Manages up to 50 devices and 500 EPS (24x7 FortiCare Support Included) | $12,458.00 |
FortiSIEM All-In-One Subscription License | |||
FortiSIEM All-In-One Subscription License - 1 Year | 1 Year FortiSIEM All-In-One Subscription License Per Device Subscription License that manages minimum 50-5000 devices, 10 EPS/Device | Does not include Maintenance & Support | Price per device (minimum number of devices): 50 - $174.00 150 - $141.00 300 - $123.00 500 - $112.00 1000 - $98.00 2000 - $86.00 4000 - $75.00 5000 - $72.00 |
FortiSIEM All-In-One Subscription License - 2 Year | 2 Year FortiSIEM All-In-One Subscription License Per Device Subscription License that manages minimum 50-5000 devices, 10 EPS/Device | Does not include Maintenance & Support | Price per device (minimum number of devices): 50 - $327.00 150 - $265.00 300 - $231.00 500 - $210.00 1000 - $183.00 2000 - $160.00 4000 - $140.00 5000 - $134.00 |
FortiSIEM All-In-One Subscription License - 3 Year | 3 Year FortiSIEM All-In-One Subscription License Per Device Subscription License that manages minimum 50-5000 devices, 10 EPS/Device | Does not include Maintenance & Support | Price per device (minimum number of devices): 50 - $458.00 150 - $370.00 300 - $324.00 500 - $294.00 1000 - $257.00 2000 - $225.00 4000 - $197.00 5000 - $188.00 |
FortiSIEM End-Point Device Subscription License | |||
FortiSIEM End-Point Device Subscription License - 1 Year | 1 Year FortiSIEM End-Point Device Subscription License Per End-Point Subscription License that manages minimum 50-5000 End-Points, 2 EPS/End-Point | Does not include Maintenance & Support | Price per endpoint (minimum number of endpoints): 50 - $87.00 150 - $71.00 300 - $62.00 500 - $56.00 1000 - $49.00 2000 - $43.00 4000 - $37.00 5000 - $36.00 |
FortiSIEM End-Point Device Subscription License - 2 Year | 2 Year FortiSIEM End-Point Device Subscription License Per End-Point Subscription License that manages minimum 50-5000 End-Points, 2 EPS/End-Point | Does not include Maintenance & Support | Price per endpoint (minimum number of endpoints): 50 - $164.00 150 - $132.00 300 - $116.00 500 - $105.00 1000 - $92.00 2000 - $80.00 4000 - $70.00 5000 - $67.00 |
FortiSIEM End-Point Device Subscription License - 3 Year | 3 Year FortiSIEM End-Point Device Subscription License Per End-Point Subscription License that manages minimum 50-5000 End-Points, 2 EPS/End-Point | Does not include Maintenance & Support | Price per endpoint (minimum number of endpoints): 50 - $229.00 150 - $185.00 300 - $162.00 500 - $147.00 1000 - $128.00 2000 - $112.00 4000 - $98.00 5000 - $94.00 |
FortiSIEM Subscription License for Basic Windows Agent | |||
FortiSIEM Subscription License for Basic Windows Agent - 1 Year | 1 Year FortiSIEM Subscription License for Basic Windows Agent Per Agent Subscription License for minimum 50-5000 Basic Windows Agents | - | Price per agent (minimum number of agents): 50 - $29.00 150 - $26.00 300 - $23.00 500 - $20.00 1000 - $17.00 2000 - $15.00 4000 - $12.00 5000 - $11.00 |
FortiSIEM Subscription License for Basic Windows Agent - 2 Year | Download lies korea. 2 Year FortiSIEM Subscription License for Basic Windows Agent Per Agent Subscription License for minimum 50-5000 Basic Windows Agents | - | Price per agent (minimum number of agents): 50 - $54.00 150 - $49.00 300 - $43.00 500 - $38.00 1000 - $33.00 2000 - $28.00 4000 - $22.00 5000 - $21.00 |
FortiSIEM Subscription License for Basic Windows Agent - 3 Year | 3 Year FortiSIEM Subscription License for Basic Windows Agent Per Agent Subscription License for minimum 50-5000 Basic Windows Agents | - | Price per agent (minimum number of agents): 50 - $76.00 150 - $69.00 300 - $60.00 500 - $53.00 1000 - $46.00 2000 - $39.00 4000 - $31.00 5000 - $29.00 |
FortiSIEM Subscription License for Advanced Windows Agent | |||
FortiSIEM Subscription License for Advanced Windows Agent - 1 Year | 1 Year FortiSIEM Subscription License for Advanced Windows Agent Per Agent Subscription License for minimum 50-5000 Advanced Windows Agents | - | Price per agent (minimum number of agents): 50 - $54.00 150 - $49.00 300 - $42.00 500 - $37.00 1000 - $32.00 2000 - $27.00 4000 - $22.00 5000 - $21.00 |
FortiSIEM Subscription License for Advanced Windows Agent - 2 Year | 2 Year FortiSIEM Subscription License for Advanced Windows Agent Per Agent Subscription License for minimum 50-5000 Advanced Windows Agents | - | Price per agent (minimum number of agents): 50 - $101.00 150 - $91.00 300 - $79.00 500 - $70.00 1000 - $60.00 2000 - $51.00 4000 - $42.00 5000 - $39.00 |
FortiSIEM Subscription License for Advanced Windows Agent - 3 Year | 3 Year FortiSIEM Subscription License for Advanced Windows Agent Per Agent Subscription License for minimum 50-5000 Advanced Windows Agents | - | Price per agent (minimum number of agents): 50 - $141.00 150 - $128.00 300 - $111.00 500 - $98.00 1000 - $84.00 2000 - $71.00 4000 - $58.00 5000 - $54.00 |
FortiSIEM Indicators of Compromise (IOC) Service for FortiSIEM Deployments | |||
FortiSIEM IOC Service for FortiSIEM Deployments - 1 Year | FortiSIEM Indicators of Compromise (IOC) Service for FortiSIEM deployments (1 - 10000 Points), 1 Year | - | Price per number of points: 1-50 - $2,093.00 1-100 - $3,386.00 1-200 - $5,924.00 1-300 - $8,886.00 1-400 - $10,736.00 1-500 - $13,420.00 1-750 - $17,609.00 1-1000 - $23,479.00 1-1500 - $30,809.00 1-2000 - $41,078.00 1-3000 - $53,899.00 1-4000 - $71,866.00 1-4500 - $80,849.00 1-5000 - $89,832.00 1-7500 - $129,078.00 1-10000 - $172,104.00 |
FortiSIEM IOC Service for FortiSIEM Deployments - 2 Year | FortiSIEM Indicators of Compromise (IOC) Service for FortiSIEM deployments (1 - 10000 Points), 2 Year | - | Price per number of points: 1-50 - $3,924.00 1-100 - $6,349.00 1-200 - $11,108.00 1-300 - $16,662.00 1-400 - $20,129.00 1-500 - $25,162.00 1-750 - $33,018.00 1-1000 - $44,024.00 1-1500 - $57,767.00 1-2000 - $77,022.00 1-3000 - $101,061.00 1-4000 - $134,748.00 1-4500 - $151,592.00 1-5000 - $168,435.00 1-7500 - $242,021.00 1-10000 - $322,695.00 |
FortiSIEM IOC Service for FortiSIEM Deployments - 3 Year | FortiSIEM Indicators of Compromise (IOC) Service for FortiSIEM deployments (1 - 10000 Points), 3 Year | - | Price per number of points: 1-50 - $5,494.00 1-100 - $8,888.00 1-200 - $15,551.00 1-300 - $23,326.00 1-400 - $28,181.00 1-500 - $35,226.00 1-750 - $46,225.00 1-1000 - $61,633.00 1-1500 - $80,873.00 1-2000 - $107,831.00 1-3000 - $141,485.00 1-4000 - $188,647.00 1-4500 - $212,228.00 1-5000 - $235,809.00 1-7500 - $338,830.00 1-10000 - $451,773.00 |
24x7 FortiCare Contract for FortiSIEM Software Deployments | |||
24x7 FortiCare Contract - 1 Year | 1 Year 24x7 FortiCare Contract (1 - 10000 points) for FortiSIEM Software deployments 1 device or 2 End points or 3 Windows Agents equals 1 point | - | Price per number of points: 1-50 - $3,737.00 1-100 - $6,539.00 1-200 - $11,440.00 1-300 - $15,868.00 1-400 - $20,015.00 1-500 - $23,964.00 1-750 - $33,240.00 1-1000 - $41,927.00 1-1500 - $58,156.00 1-2000 - $73,353.00 1-3000 - $101,748.00 1-4000 - $128,337.00 1-4500 - $141,134.00 1-5000 - $153,659.00 1-7500 - $213,139.00 1-10000 - $268,837.00 |
24x7 FortiCare Contract - 2 Year | 2 Year 24x7 FortiCare Contract (1 - 10000 points) for FortiSIEM Software deployments 1 device or 2 End points or 3 Windows Agents equals 1 point | - | Price per number of points: 1-50 - $7,007.00 1-100 - $12,261.00 1-200 - $21,450.00 1-300 - $29,753.00 1-400 - $37,528.00 1-500 - $44,933.00 1-750 - $62,906.00 1-1000 - $78,613.00 1-1500 - $109,043.00 1-2000 - $137,537.00 1-3000 - $190,778.00 1-4000 - $240,632.00 1-4500 - $264,626.00 1-5000 - $288,111.00 1-7500 - $399,636.00 1-10000 - $504,069.00 |
24x7 FortiCare Contract - 3 Year | 3 Year 24x7 FortiCare Contract (1 - 10000 points) for FortiSIEM Software deployments 1 device or 2 End points or 3 Windows Agents equals 1 point Go back in time and see what your computer was doing while you were away. | - | Price per number of points: 1-50 - $9,812.00 1-100 - $17,711.00 1-200 - $31,597.00 1-300 - $41,656.00 1-400 - $52,796.00 1-500 - $62,906.00 1-750 - $88,140.00 1-1000 - $110,058.00 1-1500 - $154,208.00 1-2000 - $192,554.00 1-3000 - $269,796.00 1-4000 - $336,885.00 1-4500 - $370,587.00 1-5000 - $403,355.00 1-7500 - $592,932.00 1-10000 - $774,764.00 |
Trial/Demo:
Fortinet offers a free 30-day trial.
For more information, visit https://www.fortinet.com/offers/fortisiem-free-trial.html.
Want Advice From Your Peers?
If you’re looking to learn more about FortiSIEM pricing and benefits then you’ve come to the right place. IT Central Station has hundreds of users who are successfully using Network Monitoring Software and Security Information and Event Management (SIEM) solutions in their businesses. Read reviews of FortiSIEM and also of alternate solutions, such as Splunk, LogRhythm, SolarWinds LEM, and IBM Security QRadar SIEM. These users are also available to answer any questions that you may have about any of these products.
Also, check out the advice users have regarding cost and licensing for IBM Security QRadar SIEM, Splunk, and LogRhythm.
IT Central Station is the leading product review site for enterprise technology. Our community of peers has contributed 10,000+ reviews and share their tips and advice for choosing vendors. In a market full of vendor hype, you can use IT Central Station to connect with peers, promote your expertise, and get the information you need.
By Meir Joffe