Tired of expensive SIEMs that don't understand firewall logs?
FortiDragon is a full-featured analytics platform that transforms Fortinet (FortiGate, FortiEDR, FortiMail, FortiWeb) and Palo Alto PAN-OS logs into actionable threat intelligence without breaking the bank.
After 10+ years fighting with overpriced SIEMs that treat firewall logs as an leftover checkbox in a datasheet, we built the platform we always needed.
No sampling. No filtering. Full visibility. Full behavioral analysis.
Traditional SIEMs force you to choose:
- Option A: Log everything → Go bankrupt from licensing costs
- Option B: Sample/filter logs → Miss threats hiding in the gaps
We chose Option C: Build a platform optimized specifically for high-volume firewall logs using modern, cost-effective tech.
Built by security analysts, for security analysts
- Full field parsing - Every field from Fortinet and Palo Alto logs, not just the "important" ones
- ECS standardization - Translates to Elastic Common Schema
- Rich enrichment - GeoIP, network community ID, registered domains, threat intel integration
- Purpose-built dashboards for threat hunting (Kibana & Grafana)
- Behavioral analysis - Detect slow burns, lateral movement, beaconing
- No other tool (paid or free) has this depth of firewall log analysis
- One-script deployment for Elasticsearch components
- Pre-configured pipelines for Vector and Elastic Agent
- Production-ready dashboards on day one
- No vendor lock-in - swap components as needed
Fortinet/Palo Alto → Vector/Elastic Agent → Elasticsearch/Victoria Logs → Kibana/Grafana
Mix and match: Every layer is swappable. Use what works for your environment.
All detailed documentation has moved to our dedicated documentation site:
- Installation Guide - Step-by-step setup for all components
- Architecture - How FortiDragon works under the hood
- Dashboards - Dashboard structure and usage
- Roadmap - What's next for FortiDragon
- Engage - Join the community
Navigate seamlessly through traffic, UTM, and event dashboards
| Feature | Traditional SIEM | FortiDragon |
|---|---|---|
| Cost | $$$$$+ per GB | Free + your infrastructure |
| Firewall Focus | Generic checkbox | Purpose-built |
| Full Parsing | "Important fields" | Every field extracted |
| Sampling | Required for cost | Log everything |
| Dashboards | Generic | Threat hunting focused |
| Setup Time | Weeks/months | Hours |
- 💬 Join our Discord - Active community for questions and discussions
- 📖 Read the Docs - Comprehensive guides
- 🐛 Report Issues - Bug reports and feature requests
You're already saving thousands on SIEM costs. Consider giving back:
- 💰 Donate via PayPal - Support development
- ⭐ Star this repo - Show your support
- 📢 Share with colleagues - Spread the word
- 🤝 Contribute - Code, docs, datasets
- ✅ Fortinet FortiGate
- ✅ Fortinet FortiEDR
- ✅ Fortinet FortiMail
- ✅ Fortinet FortiWeb / FortiAppSec
- ✅ Palo Alto PAN-OS
- ✅ Vector (recommended)
⚠️ Elastic Agent (deprecated)⚠️ Logstash (deprecated)
- ✅ Victoria Logs (recommended)
- ✅ Elasticsearch
- ✅ Grafana (recommended)
- ✅ Kibana
Apache-2.0 license - See LICENSE for details