Share your experience using SenSage AP

We are using Fortinet FortiSIEM on-premises and Azure Sentinel on the cloud. We are a university with an E5 license, and we cannot pump everything to Azure Sentinel because it will cost quite a lot. That's why we have two SIEM systems, one for cloud and one for on-premises.

We use Fortinet FortiSIEM for our on-premises services. It has a perpetual license, and we pay once. Depending on your storage size, you can pump to your on-premises SIEM system whenever you like. Our strategy is to use Azure Sentinel as little as possible. Since we have two SIEM systems, vendor integration is a problem, and we need more staff.

We have many application systems, and I can set up Fortinet FortiSIEM for users to monitor their systems.

The challenge I face with Fortinet FortiSIEM is the lack of support. I need to figure out many things by myself. Getting support for the solution is very hard. The support person is pretty good and nice. I need to go through the professional service channel for more professional support. Since my company cannot pay for professional services, I have to figure many things out myself.

For example, I have to figure out the best approach to design an architecture to fit into my environment. Then, I will go through the standard support channel to get confirmation from tech support, but they cannot help. I will return to the sales channel and try to get the right architecture for our environment approved.

Fortinet FortiSIEM is a new product, and Fortinet only supports one or two people. Fortinet FortiSIEM is not a mature solution.

Fortinet should educate existing customers about new features that can help them. Like Microsoft products, Fortinet should provide training or teaching material on YouTube. Fortinet provides free training on its website, but sometimes going through the whole course takes too long. I hope Fortinet improves this part.

Fortinet should provide 30 minutes or an hour-long webinars where we can learn lots of new things. Without this information, customers have to try to figure out things by themselves. Many smart engineers can do that, but they may not have enough resources or time to do it.

I have been using Fortinet FortiSIEM for six months.

I rate the solution’s stability a four out of ten.

I rate the solution a four out of ten for scalability.

I like Azure Sentinel more than Fortinet FortiSIEM because it has a lot of documentation, information, and training material. The problem with Microsoft is that they keep changing things regularly and you need to be updated about their changes. For usability, Azure Sentinel is much better than Fortinet FortiSIEM.

We purchased the solution from a third-party company. Their engineer helped us to design the tool. Two to three months later, we realized that the design was not good for our environment and we needed to change it. When we got back to the third-party we purchased it from, their new engineer knew nothing about FortiSIEM. So, I had to set up the tool myself.

Fortinet FortiSIEM is not an expensive solution. We purchased a perpetual license for FortiSIEM because Azure Sentinel is too expensive. We have to keep Fortinet FortiSIEM if we want to have the same system for the whole university. After purchasing the product, you also need lots of resources to develop it. If the price is mature, you don't need to spend too much resources to develop it.

You need a dedicated person to develop and work with the solution. Fortinet FortiSIEM is suitable for big companies because they have resources. It is not good for one person or field engineer to look after many systems. Compared with Azure Sentinel, Fortinet FortiSIEM is much cheaper.

Overall, I rate the solution a five out of ten.

We will have clients that generate events through our platform and wish to export those events as data points to Splunk.

The solution improves our customers' integrations. They really want insights into what their users are doing. They want to be alerted to anomalies, general pain points, or popular areas in the integration to understand what's working and what's not.

The metrics and trends that Splunk Enterprise Security generates using all the data points we send allow customers to understand better what their users are doing.

Splunk Enterprise Security should provide a better and richer integration. It has a regimented integration, where we had to build a Python library. It was a very tough way to integrate officially and get into the marketplace. We'd like to see more options so that we can better send data over to the Splunk platform.

The requirements of building the integration had to be a very specific and certain way to get onto your marketplace. Once it's there, it's fine, but it took a little effort to get it exactly that way. That's not as maintainable as we like, so we'd rather that be a more robust integration.

We've had an integration available for the better part of three or four years.

The solution provides good stability.

We haven’t seen any issues with the solution’s scalability.

We mostly interacted with the marketplace community. Although our support experience was not great, the issue was straightforward.

Our customers have seen a return on investment with the solution. We have seen customer satisfaction as it was a highly sought-after integration, and they're happy now that it exists.

The end-to-end visibility that the solution provides into our environment is incredibly important to our organization. We like to see it as the total answer. Any data point can be picked up, and you can really build anything you need from the integration. It's incredibly valuable with the data that it's generating. What the tool provides once integrated is highly valuable and sufficient for us.

Finding any security event across multi-cloud, on-premises, or hybrid environments with Splunk Enterprise Security has been incredibly easy. Using the rest of the Splunk platform, you can trigger whatever you need off the data coming in through the integration.

The solution has helped improve our organization's ability to ingest and normalize data. It also generates more customer activities so that there's a stickier relationship.

The Splunk integration triggers the necessary events so that downstream alerting isn't necessary.

Splunk Enterprise Security has helped speed up our security investigations. It's a great direct integration so that our customers can react quickly when necessary.

In principle, the solution has helped reduce our mean time to resolve, but not necessarily data points that we see as the integrator.

Overall, I rate the solution an eight out of ten.