FortiAnalyzer – Security Analytics, Logging & Reporting Platform

FortiAnalyzer is a security analytics platform from Fortinet that centralises logging, analytics and reporting to support security visibility and investigation across enterprise Fortinet environments. It helps teams review activity across FortiGate and the Security Fabric, giving clearer audit visibility, faster access to threat and traffic history, and simpler compliance reporting.

SKU FortiAnalyzer Categories , Brand:

FortiAnalyzer Overview

Central log retention, incident tracing and audit-ready reporting are essential when security and operations teams must understand what happened across a distributed Fortinet estate.

Security Log Management and Analytics

FortiAnalyzer is a security analytics and reporting platform for Fortinet environments, supporting logging, analytics and security operations visibility across FortiGate, SD-WAN and broader Security Fabric deployments.

How It Supports Production Investigation

In Fortinet estates, it collects and stores logs from FortiGate and other Security Fabric products in a unified data lake. Analysts can then review firewall activity, traffic and threat history without exporting data into separate tools. When an incident occurs, event correlation and drill-down across Fortinet log sources help trace blocked traffic, policy outcomes and related alerts.

Operational Outcomes

This gives teams clearer firewall audit visibility, faster access to threat and traffic history and simpler compliance reporting from retained logs. It also supports recurring trend analysis, helping security managers tune controls and identify emerging risks from the evidence already in the platform.

If you are evaluating FortiAnalyzer for log management, reporting or SOC investigation workflows, our team can help you assess how it fits your Fortinet environment.

FortiAnalyzer Key Features​

FortiAnalyzer is a security analytics platform for enterprise Fortinet environments, providing central logging, reporting, and operational visibility across Fortinet devices and Security Fabric workflows.

Centralize Fortinet Security Insight

Unified Log Collection
The platform collects logs from FortiGate, FortiClient, FortiMail, FortiWeb, FortiSandbox and other Security Fabric products to give teams a central record for investigation and reporting.

Firewall Activity Reporting
FortiAnalyzer supports reports and events that help security teams review firewall traffic, threat activity, and policy outcomes without exporting logs into separate tools.

SOC Event Investigation
Searchable event data helps analysts trace blocked traffic, threat indicators, and incident timelines across Fortinet environments during security investigations.

Security Fabric Visibility
The platform provides a unified data lake for broader Security Fabric deployments so teams can identify estate-wide activity patterns that isolated device logs may not reveal.

Support Compliance And Trends

Retained Audit Evidence
Central log retention and scheduled reporting help organisations maintain evidence of security activity and policy enforcement for audit and compliance review.

Threat Trend Analysis
Recurring reports and analytics help security managers review traffic and threat trends, tune controls, and identify emerging risks across the Fortinet estate.

Fortinet Ecosystem Integration
Integration with FortiManager, FortiSIEM, FortiSOAR and FortiGuard services supports central reporting, incident review, compliance evidence and security operations workflows.

Speak to a FortiAnalyzer Security Specialist

If you need central Fortinet log management, investigation-ready event data, or compliance reporting across Security Fabric deployments, our team can help align FortiAnalyzer to your security operations requirements.

FortiAnalyzer Use Cases

Fortinet Security Log Management

Used in Fortinet estates, FortiAnalyzer collects and retains logs from FortiGate and other Security Fabric products in a central data lake, giving teams one place to search, analyse and review security activity across the environment. Its log management, analytics and reporting functions make it well suited to operational monitoring, incident review and long-term visibility across Fortinet deployments.

Firewall Reporting and Analytics

Applied to FortiGate operations, FortiAnalyzer turns traffic, threat and policy logs into dashboards and scheduled reports that show how firewall controls are performing, what is being blocked or allowed, and where policy changes may be needed. This makes it a strong fit for teams that need Fortinet-native reporting and analytics rather than separate reporting tools.

SOC Event Investigation

Used by analysts reviewing Fortinet alerts, FortiAnalyzer correlates events and provides drill-down across Security Fabric log sources so incidents can be traced from alert to root cause. It is suited to SOC investigation because it centralises log data from FortiGate, FortiClient, FortiMail, FortiWeb, FortiSandbox and related products, supporting fast triage and deeper review.

Compliance and Audit Reporting

Applied where firewall and security activity must be evidenced, FortiAnalyzer produces scheduled and custom reports from retained logs to support audits, governance checks and compliance reviews. Its central log retention and reporting model is well suited to organisations that need repeatable evidence from Fortinet systems without piecing together records from multiple consoles.

Security Fabric Visibility

Used across Fortinet deployments, FortiAnalyzer consolidates telemetry from the Security Fabric so teams can see activity across FortiGate, SD-WAN and connected Fortinet products without reviewing each system separately. This unified visibility makes it a practical choice for organisations that rely on the Fortinet ecosystem and want central operational insight from one analytics platform.

Threat Trend Analysis

Used for operational security reviews, FortiAnalyzer analyses Fortinet threat, traffic and event data over time to highlight recurring patterns, spikes and behaviour changes that may indicate emerging risk. Its logging, analytics and reporting capabilities make it suitable for trend analysis across Fortinet environments, helping teams spot developing issues and prioritise response.

Supported FortiAnalyzer Environments & Integrations

Fortinet Logging & Analytics Environments

FortiAnalyzer collects logs, events and reports from FortiGate, FortiClient, FortiMail, FortiWeb, FortiSandbox and other Security Fabric products.

Fortinet Security Fabric Deployments

Supports estate-wide visibility across Security Fabric environments by consolidating telemetry instead of reviewing each device separately.

FortiGate Firewall Environments

FortiAnalyzer turns traffic, threat and policy logs from FortiGate into dashboards and reports for firewall analysis.

Fortinet SOC Investigation Workflows

Provides searchable event data and drill-down analysis for analysts tracing alerts, blocked traffic and policy outcomes.

FortiManager, FortiSIEM & FortiSOAR Ecosystem

Integrates with FortiManager, FortiSIEM and FortiSOAR to support central reporting, incident review and security operations workflows.

FortiGuard Services & Compliance Reporting

Connects with FortiGuard services and retained logs to produce scheduled reports and audit evidence for compliance review.

FortiAnalyzer Licensing Options

FortiAnalyzer Appliance Licensing

FortiAnalyzer hardware appliances include the software licence with a built-in daily log ingestion limit, internal storage and a maximum managed device count, while IOC, Outbreak Alert, Security Automation and FortiAI are added separately.

FortiAnalyzer-VM Subscription Licensing

FortiAnalyzer-VM subscription licensing uses stackable GB/day tiers that bundle 24×7 FortiCare Premium support, IOC, Outbreak Detection Service and Security Automation Service into a single all-in subscription.

FortiAnalyzer-VM Perpetual Licensing

FortiAnalyzer-VM perpetual licensing adds one-time GB/day capacity uplift SKUs to the base VM entitlement, with FortiCare and optional services purchased separately under matching GB/day tiers.

FortiAnalyzer Cloud Licensing

FortiAnalyzer Cloud is licensed either per device with form-factor-based daily log volume and standard retention, or through a pooled GB/day subscription shared across supported log sources in one FortiCloud account.

Separately Licensed Add-Ons

FortiAnalyzer may require separate licensing for FortiGuard IOC, Outbreak Alert, Security Automation and FortiAI on perpetual or hardware deployments, while FortiClient and FortiMail cloud ingestion can need additional storage SKUs.

Licence Review & Optimisation

Our team can help assess log volume, retention needs, deployment type, add-on requirements, FortiSIEM handoff, multi-tenant ADOM use and FortiFlex or renewal alignment.

FortiAnalyzer Implementation and Support

Solution Design & Planning

We help assess your FortiAnalyzer requirements, log volumes, retention needs and reporting priorities so the deployment approach fits your Fortinet security operations and compliance objectives.

Deployment & Configuration

Our team can assist with FortiAnalyzer setup, initial configuration, report scheduling and event handling so your security team has a structured logging and investigation platform from the outset.

Integration with Existing Environments

We support integration with FortiGate, FortiClient, FortiMail, FortiWeb and the wider Fortinet Security Fabric, alongside FortiManager, FortiSIEM and FortiSOAR where central reporting and incident workflows are required.

User Adoption & Operational Readiness

We help security administrators and SOC teams become operational with FortiAnalyzer by aligning report ownership, investigation processes and handover activities so day-to-day use is clear and consistent.

Ongoing Support & Lifecycle Management

Our team can assist with ongoing FortiAnalyzer support, health checks, reporting reviews, licence alignment and renewal planning to help you maintain the right service level as logging needs change.

Commercial Optimisation & Support for FortiAnalyzer

Subscription & Licence Reviews

We help assess FortiAnalyzer licensing against actual log volumes, retention needs and the mix of FortiGate, FortiClient, FortiMail, FortiWeb and FortiSandbox data so your subscription or appliance capacity remains aligned to how the environment is used.

Portfolio Alignment

Our team can review FortiAnalyzer alongside wider Fortinet investments, including FortiManager, FortiSIEM, FortiSOAR and FortiGuard services, to improve renewal visibility, reduce overlap and keep commercial decisions coordinated across the portfolio.

Commercial Optimisation

We can review appliance, VM and cloud models, along with all-in subscription, perpetual and FortiFlex options, to help align FortiAnalyzer investment with growth, add-on requirements such as IOC, Outbreak Alert, Security Automation and FortiAI, and budget priorities.

Renewal Planning & Lifecycle Management

We support proactive renewal planning by tracking changing ingest demand, retention needs and service usage so FortiAnalyzer capacity and support arrangements can be reviewed before expiry and kept in step with the evolving estate.

Adoption & Value Realisation

Clearer visibility only delivers value when it is actively used, and our team can help maximise FortiAnalyzer value through adoption planning, report usage review, workflow optimisation and ongoing lifecycle guidance.

Related solutions for FortiAnalyzer

The software and technologies listed here support different requirements and are often used together as part of a wider IT stack.

As an official partner to vendors including Cisco, Juniper, HPE and Fortinet, we can help confirm which software or combination provides the capabilities your team needs, while avoiding under- or over-licensing.

Not sure which software or licensing tier you need?

Speak to our team for help matching the right solution and licence level to your requirements.

Need a clearer view of your software costs?

We can review your current setup, licensing and renewal cycle to check whether your software is still doing what you need, where costs can be reduced, and where administration can be simplified.