Skip to main content
Splunk Lantern

Fortinet: FortiGate


FortiGate Next Generation Firewalls (NGFWs) deliver industry-leading enterprise security for any edge at any scale with full visibility and threat protection. Organizations can weave security deep into the hybrid IT architecture and build security-driven networks to achieve ultra-fast security, end to end.

FortiGate datacenter threat visualizations in Splunk help you identify anomalous behavior and de-duplicate threat feed data to enable the fast creation and consolidation of analytics. Splunk ingests and maps security and traffic data collected from FortiGate physical and virtual appliances across domains. Log fields can be mapped from FortiGate appliances and interchanges into a common format. In the Common Information Model, FortiGate data is typically mapped to the Firewall data model.


Guidance for onboarding data can be found in the Spunk Documentation: 

Refer to the documentation, and note the following:


When your Splunk deployment is ingesting Fortinet FortiGate data, you can use the data to achieve the following: