NSE 7 — Enterprise Firewall & SIEM CERT-In · RBI CSF · PCI-DSS Ready

FortiSIEM Installation &
Deployment Services in India

FortiSIEM is powerful — but complex. A multi-node Supervisor + Worker + Collector architecture, EPS sizing mistakes, and misconfigured parsers are the top reasons SIEM deployments fail. Ogma's certified SIEM engineers have deployed FortiSIEM for banks, hospitals, and manufacturers across India. We've seen every gotcha — and we get you live in 30 days.

View Scope
25+
FortiSIEM deployments in India
30 Days
Go-live SLA from kickoff
100+ EPS
to 10K+ EPS deployments handled
6 Frameworks
CERT-In, RBI CSF, PCI-DSS, ISO 27001, HIPAA, NIST

FortiSIEM Architecture — Getting It Right

FortiSIEM uses a distributed architecture. Getting node roles, sizing, and network connectivity wrong at the start creates performance problems that are hard to fix later.

Supervisor
Core analytics engine, GUI, rules engine, reporting. Minimum: 16 vCPU / 32 GB RAM / 500 GB storage.
Worker(s)
EPS processing nodes. Each Worker handles ~2,000–5,000 EPS. Scale-out by adding Workers — no re-architecture needed.
Collector(s)
Remote log aggregators (virtual or hardware). Deploy one Collector per site or segment — forwards normalised events to Supervisor.
Ogma EPS Sizing Guide
Organisation SizeTypical EPSRecommended Nodes
SMB (100–500 users)100–500 EPS1S + 1W
Mid Enterprise (500–2000)500–3K EPS1S + 2W + 1C
Large Enterprise (2000+)3K–10K EPS1S + 4W + 2–3C
Managed SOC / MSSP10K+ EPSHA Supervisor + 8W+

S=Supervisor, W=Worker, C=Collector. Ogma architects the right topology before any deployment begins.

Installation Project Scope

Node Deployment & Clustering

FortiSIEM VM or hardware appliance deployment, Supervisor–Worker cluster registration, Collector agent deployment on remote sites, NTP synchronisation, and initial system health validation.

Log Source Onboarding (50 sources)

Syslog (FortiGate, Linux, network switches), WMI (Windows endpoints and servers), SNMP trap integration, and REST API connectors. Up to 50 log sources onboarded in base scope. Parsers validated post-onboarding.

Built-in Compliance Reports

Activation and scheduling of FortiSIEM's built-in compliance report templates: CERT-In, RBI Cyber Security Framework (CSF), PCI-DSS 4.0, ISO 27001, HIPAA. First reports generated and validated before handover.

AD/LDAP & CMDB Integration

Active Directory integration for user identity correlation (maps IP → username in events). CMDB auto-discovery scan to populate assets, business services, and criticality ratings. FortiGate integration for real-time threat context.

Use Case Rules & Alerts

Activation of 30 out-of-box use case rules tailored to your environment — brute force detection, privilege escalation, impossible travel, data exfiltration, malware lateral movement. Alert routing to email/webhook.

Admin Training & Handover

4-hour administrator training session covering: incident investigation, CMDB management, adding log sources, report scheduling, and parser customisation basics. As-built documentation + architecture diagram delivered.

FortiSIEM Installation Tiers

Fixed-scope professional services — excludes FortiSIEM license and hardware. Tell us your EPS and site count and we'll quote within 2 hours.

Starter
1 Supervisor + 1 Worker, up to 500 EPS
Competitive · fixed-scope project
Sized to your EPS + log sources
  • VM deployment (on-prem VMware/Hyper-V)
  • Up to 30 log sources
  • CERT-In + 2 compliance reports
  • AD integration + 20 use case rules
  • 30-day post-go-live support
RECOMMENDED
Enterprise
1S + 2W + 1C, up to 3,000 EPS, multi-site
Competitive · fixed-scope project
Sized to your EPS + log sources
  • Everything in Starter
  • Up to 50 log sources (3 sites)
  • All 6 compliance report templates
  • CMDB auto-discovery
  • 30 use case rules (tuned)
  • Admin training + runbook
Large / MSSP
1S + 4W+ + multi-Collector, 5K+ EPS
Competitive · fixed-scope project
Sized to your EPS + log sources
  • Enterprise scope + HA Supervisor option
  • 100+ log sources
  • Multi-tenant MSSP configuration
  • Custom parser development (5 parsers)
  • SOAR playbook setup (5 playbooks)
  • 60-day post-go-live support

Frequently Asked Questions

Supervisor minimum: 16 vCPU, 32 GB RAM, 500 GB storage (NVMe/SSD recommended). Each Worker: 16 vCPU, 32 GB RAM, 200 GB. Collector: 4 vCPU, 8 GB RAM, 50 GB. For hardware appliance models (FSM-500G, FSM-2000F), Ogma handles rack, cable, and OS configuration.

Our standard 30-day go-live SLA covers deployment, initial log source onboarding, use-case activation, and admin training. Complex multi-site projects with custom parsers run 6–8 weeks. We've never missed a go-live date on a FortiSIEM project.

Yes — this is one of our key differentiators. We develop FortiSIEM parsers for SAP ERP, Tally (syslog forwarding), custom banking core systems, Aadhaar e-KYC API logs, and legacy HRMS/ERP platforms that Fortinet's library doesn't cover. Covered under our FortiSIEM Implementation service.

Yes. FortiSIEM's SOAR integration supports Jira, ServiceNow, Freshservice, Zendesk, and generic REST APIs via webhook. Ogma configures bi-directional integration — incidents created in FortiSIEM automatically open tickets, and ticket closure syncs back.

Syslog sources (firewalls, switches, Linux servers, WAF), WMI sources (Windows servers, AD domain controllers, endpoint agents), SNMP trap sources (network devices), and REST API connectors (cloud services — AWS CloudTrail, Azure AD Sign-in, Microsoft 365). Custom/non-standard sources are quoted as additional parsers.

Yes. FortiSIEM includes built-in CERT-In report templates aligned to the CERT-In Cyber Crisis Management Plan. Ogma activates, customises, and schedules these reports during installation. You receive the first scheduled compliance report before project handover.

Yes — Ogma offers Managed FortiSIEM Services: monthly alert triage, content updates (new use cases, updated parsers), compliance report delivery, and dedicated analyst coverage. See our Managed FortiSIEM page for pricing.

Get Your FortiSIEM Live in 30 Days

Share your EPS estimate, number of log sources, and compliance requirements. We'll send a detailed deployment plan and fixed-price proposal within 48 hours.