We performed a comparison between Fortinet FortiSIEM and SolarWinds NPM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"It has basic out-of-the-box integrations with multiple log sources."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."
"The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
"It is used as an alerting platform."
"One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"Technical support is helpful."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"It is scalable."
"We have configured multiple alerts for our network devices, including routers and switches, so that we are notified if any interface goes down."
"The most valuable features are language support and technical support."
"I found a lot of valuable features in SolarWinds NPM, such as the customized application monitoring that allows you to customize any monitoring and script customization, and you also have the option to deploy and upgrade SolarWinds NPM online, which is very useful for my organization."
"It is very extensible with 'SWQL' and APIs to where we are beginning to integrate it with network automation."
"I love the GUI. Almost everything is accessible through the web interface. It is very user-friendly. It is easy to drag and drop resources wherever you want them."
"You can monitor performance counters effortlessly."
"Being able to easily, and quickly obtain disc space statistics from servers and determine how much was free or used on various volumes."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"I think the number one area of improvement for Sentinel would be the cost."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."
"The challenge I face with Fortinet FortiSIEM is the lack of support."
"The product does not have Security Orchestration and Automation Response, I would recommend adding this feature."
"The graphs on the user interface could be improved as we often experience glitches."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"There is no proper guide for integration or configuration."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"The solution's network discovery and node addition processes need more work."
"The improvement would be that SolarWinds NPM thoroughly checks its patches before releasing them to the market. Better testing, alpha testing, and then releasing it to the market."
"The only thing that can be improved is to continually add to the existing capabilities of the product."
"SolarWinds needs to be improved such that it is on par with the leading products in the market."
"Having more technical and support resources available in Saudi Arabia would be helpful."
"The solution does not offer much customization so is somewhat inflexible."
"Technical support can be slow to respond."
"There should be a little bit more integration in some of the other tooling and utilizing the APIs of devices or tools could be a little bit better."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while SolarWinds NPM is ranked 4th in Network Monitoring Software with 147 reviews. Fortinet FortiSIEM is rated 7.6, while SolarWinds NPM is rated 8.2. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of SolarWinds NPM writes "High-level, comprehensive, and proactive monitoring in a user-friendly interface". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas SolarWinds NPM is most compared with Zabbix, PRTG Network Monitor, ManageEngine OpManager, ThousandEyes and Entuity. See our Fortinet FortiSIEM vs. SolarWinds NPM report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.