Tired of expensive SIEMs that don't understand firewall logs?
FortiDragon is a full-featured analytics platform that transforms Fortinet (FortiGate, FortiEDR, FortiMail, FortiWeb) and Palo Alto PAN-OS logs into actionable threat intelligence without breaking the bank.
After 10+ years fighting with overpriced SIEMs that treat firewall logs as an leftover checkbox in a datasheet, we built the platform we always needed.
No sampling. No filtering. Full visibility. Full behavioral analysis.
Traditional SIEMs force you to choose:
- Option A: Log everything β Go bankrupt from licensing costs
- Option B: Sample/filter logs β Miss threats hiding in the gaps
We chose Option C: Build a platform optimized specifically for high-volume firewall logs using modern, cost-effective tech.
Built by security analysts, for security analysts
- Full field parsing - Every field from Fortinet and Palo Alto logs, not just the "important" ones
- ECS standardization - Translates to Elastic Common Schema
- Rich enrichment - GeoIP, network community ID, registered domains, threat intel integration
- Purpose-built dashboards for threat hunting (Kibana & Grafana)
- Behavioral analysis - Detect slow burns, lateral movement, beaconing
- No other tool (paid or free) has this depth of firewall log analysis
- One-script deployment for Elasticsearch components
- Pre-configured pipelines for Vector and Elastic Agent
- Production-ready dashboards on day one
- No vendor lock-in - swap components as needed
Fortinet/Palo Alto β Vector/Elastic Agent β Elasticsearch/Victoria Logs β Kibana/Grafana
Mix and match: Every layer is swappable. Use what works for your environment.
All detailed documentation has moved to our dedicated documentation site:
- Installation Guide - Step-by-step setup for all components
- Architecture - How FortiDragon works under the hood
- Dashboards - Dashboard structure and usage
- Roadmap - What's next for FortiDragon
- Engage - Join the community
Navigate seamlessly through traffic, UTM, and event dashboards
| Feature | Traditional SIEM | FortiDragon |
|---|---|---|
| Cost | $$$$$+ per GB | Free + your infrastructure |
| Firewall Focus | Generic checkbox | Purpose-built |
| Full Parsing | "Important fields" | Every field extracted |
| Sampling | Required for cost | Log everything |
| Dashboards | Generic | Threat hunting focused |
| Setup Time | Weeks/months | Hours |
- π¬ Join our Discord - Active community for questions and discussions
- π Read the Docs - Comprehensive guides
- π Report Issues - Bug reports and feature requests
You're already saving thousands on SIEM costs. Consider giving back:
- π° Donate via PayPal - Support development
- β Star this repo - Show your support
- π’ Share with colleagues - Spread the word
- π€ Contribute - Code, docs, datasets
- β Fortinet FortiGate
- β Fortinet FortiEDR
- β Fortinet FortiMail
- β Fortinet FortiWeb / FortiAppSec
- β Palo Alto PAN-OS
- β Vector (recommended)
β οΈ Elastic Agent (deprecated)β οΈ Logstash (deprecated)
- β Victoria Logs (recommended)
- β Elasticsearch
- β Grafana (recommended)
- β Kibana
Apache-2.0 license - See LICENSE for details