Fortinet has developed an architecture that enables unified data collection and analytics from diverse information sources including logs, performance metrics, SNMP Traps, security alerts and configuration changes. FortiSIEM (Security Information and Event Management) takes the analytics traditionally monitored in separate silos — SOC and NOC — and brings that data together for a comprehensive view of the security and availability of the business. Every piece of information is converted into an event which is first parsed and then fed into an event-based analytics engine for monitoring real-time searches, rules, dashboards and ad-hoc queries. 

FortiSIEM architecture overview