SLA-Backed CERT-In Compliant

Managed FortiSIEM Services —
SIEM-as-a-Service India

Your FortiSIEM runs 24/7 — but your security team doesn't. Ogma's managed FortiSIEM service wraps certified analysts, ongoing content engineering, and compliance reporting around your existing deployment. You get a continuously-improving SIEM without the cost of building an in-house team.

What's Included
60+
Managed SIEM deployments
70%
Alert noise reduction avg.
<15 min
P1 escalation SLA
6 Frameworks
Compliance reports covered

What's Included

Every managed service tier includes these six core pillars.

24/7 Alert Triage

Our L1/L2 analysts monitor your FortiSIEM console around the clock. Every high and critical alert is reviewed, correlated with threat intelligence, and escalated with full context — not just a raw alert dump.

  • 24×7×365 SOC coverage
  • P1 escalation to your team in <15 minutes
  • False-positive suppression and documentation
Monthly Content Engineering

FortiSIEM's value degrades if detection content isn't updated. Each month Ogma delivers 2–3 new use cases mapped to MITRE ATT&CK, tunes noisy rules, and updates parsers when application log formats change.

  • 2–3 new use cases/month
  • Rule tuning and threshold adjustments
  • Parser updates for changed log formats
Compliance Reporting

Monthly and on-demand compliance reports mapped to your regulatory obligations. We generate audit-ready PDFs for RBI CSF, CERT-In, PCI-DSS, and ISO 27001 — ready to hand to your auditor.

  • RBI Cyber Security Framework
  • CERT-In CCMP reporting
  • PCI-DSS 4.0 applicable controls
SOAR Playbook Management

We maintain and evolve your SOAR playbooks as your environment changes. New threat actors, new log sources, new integration endpoints — all handled without you raising a change request.

  • Playbook updates for new threat types
  • Integration health checks (ITSM, AD, FortiGate)
  • Automated response coverage reports
Monthly Health Report

A management-friendly monthly report covering: EPS trends, log source health, top rules triggered, MITRE ATT&CK coverage delta, and analyst activity summary. Useful for CISO reporting and board briefings.

  • Executive summary (1-page)
  • ATT&CK coverage heat map delta
  • Log source inventory and gap report
Platform Administration

We handle all FortiSIEM admin tasks: FortiSIEM upgrades, Collector health monitoring, disk usage management, licence utilisation optimisation, and log source re-onboarding when IP/format changes occur.

  • FortiSIEM patch/upgrade management
  • Collector connectivity monitoring
  • EPS usage optimisation and alerts

Why Ogma for Managed FortiSIEM?

Certified FortiSIEM Engineers

Our analysts hold NSE 4–7 certifications and have hands-on deployment experience across banking, NBFCs, manufacturing, and healthcare environments in India.

India-Specific Compliance

We're familiar with CERT-In's 6-hour incident reporting mandate, RBI CSF reporting cycles, SEBI CSCRF requirements, and IRDAI cybersecurity guidelines — our reports are pre-mapped to these frameworks.

SLA-Backed, Documented

Every engagement is governed by a signed MSA with defined SLAs for P1 escalation, monthly deliverable timelines, and content update commitments. No verbal agreements — everything is contractual.

Service Tiers

Minimum 3-month initial term. Tell us your tier and we'll send a tailored quote within 2 hours.

Starter
Competitive · monthly subscription
Up to 2,000 EPS · Up to 50 log sources
  • Business hours alert triage (8×5)
  • 1 new use case/month
  • Monthly health report
  • Compliance report (1 framework)
  • Parser update support
  • Platform admin tasks
MOST POPULAR
Professional
Competitive · monthly subscription
Up to 5,000 EPS · Up to 150 log sources
  • 24×7 alert triage (P1 <15 min SLA)
  • 2–3 new use cases/month
  • Monthly health report + executive summary
  • Compliance reports (3 frameworks)
  • SOAR playbook management (up to 10)
  • Parser updates + new parser (1/quarter)
  • Quarterly ATT&CK coverage review
Enterprise
Competitive · monthly subscription
10,000+ EPS · Unlimited log sources
  • 24×7 alert triage + dedicated L2 analyst
  • 4–5 new use cases/month
  • Monthly health + CISO board report
  • All compliance frameworks
  • SOAR playbook management (unlimited)
  • New parsers on-demand (up to 2/month)
  • Monthly in-person/virtual review call
  • Threat hunting (4 hours/month)

Does not include FortiSIEM platform licence fees, Fortinet support contracts, or infrastructure costs. Scope adjusted for environments exceeding tier limits.

Onboarding Process

From signed MSA to full managed service in 2 weeks.

1
MSA & Scope Sign-off

We finalise the service agreement, document your EPS volume, log source inventory, compliance frameworks in scope, and escalation contacts. SLAs are defined and signed before work begins.

2
Access & Integration

We obtain read access to your FortiSIEM console, configure analyst accounts with appropriate role permissions, and set up secure connectivity (VPN or MFA-protected portal). ITSM integration (ServiceNow/Jira) is configured for ticket creation.

3
Baseline Assessment

In week one, we audit your existing rules and parsers: which rules are enabled, which are too noisy, which log sources are missing. A baseline coverage report is delivered — this becomes the benchmark for monthly improvement.

4
Content Hardening

We implement immediate quick wins: disable rules generating >80% false positives, tune thresholds on top-triggered rules, and enable high-value rules that were previously disabled. Typical outcome: 40–60% alert volume drop in week two.

5
Steady-State Operations

From month two onwards: 24/7 alert triage (per tier SLA), monthly content updates, compliance reports, and health reports are delivered on a defined calendar. Quarterly review calls align the service roadmap to your evolving environment.

Frequently Asked Questions

No. Ogma's managed service fee covers analyst labour, content engineering, compliance reporting, and platform administration. Your FortiSIEM platform licence (Fortinet subscription) and Fortinet support contract are separate costs. We can advise on appropriate licence sizing, but the licence is purchased directly through Fortinet or an authorised reseller.

On Professional and Enterprise tiers, a P1 alert (ransomware behaviour, data exfiltration, critical privilege escalation) is escalated to your designated security contact within 15 minutes of analyst confirmation. This is a contractual SLA — if we miss it, it's documented in the monthly SLA report. The Starter tier is business hours only with a 30-minute escalation target.

Yes — and this is actually our most common engagement type. We start with a 2-week content hardening phase that addresses the worst noise sources before entering steady-state operations. You'll see a measurable drop in alert volume before we complete onboarding.

We need a dedicated analyst account with read access to incidents, events, and rules, plus write access to create/modify rules and parsers. We do not require root OS access to the FortiSIEM VM. All access is via your existing FortiSIEM HTTPS console — no VPN required if your console is internet-accessible with MFA.

The initial term is 3 months, which allows time for baseline assessment, content hardening, and the first steady-state month. After the initial term, the service continues on a rolling month-to-month basis with 30 days' written notice to terminate.

For CERT-In-regulated entities, we maintain a documented incident classification matrix aligned to CERT-In's 6-hour reporting requirement. When a confirmed security incident meets CERT-In's reportable criteria, we draft the initial notification and provide all technical evidence to your compliance team within the response window. Final submission is made by your authorised signatory — we do not submit on your behalf.

Yes. Many customers have FortiSIEM alongside FortiAnalyzer, a legacy SIEM, or a separate EDR platform. We can incorporate alerts from integrated tools into the FortiSIEM incident workflow and provide unified reporting. We also offer managed services for <a href='https://www.fortinet.com/products/management/fortianalyzer' target='_blank' rel='noopener'>FortiAnalyzer</a>, Splunk, and IBM QRadar — ask about a consolidated managed security service if you have a multi-tool environment.

Hand Your SIEM Over to the Experts

Tell us your EPS volume, log sources, and compliance obligations. We'll scope a managed service that fits your environment and budget.