The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
I implemented Fortinet FortiSIEM in my company to collect all logs from old systems, networks, and security devices in the network. Fortinet FortiSIEM has a correlation rule, and from it, you can generate incidents and get analytics. The tool also serves as a threat intelligence and integration platform. With FortiGuard or any third-party tools, Fortinet FortiSIEM, as a threat intelligence platform, can enrich the log attributes or criteria, which is well reflected in incidents.
The most valuable feature of the solution for the detection of threats stems from FortiSIEM's components, including the threat intelligence platform and the ability to provide integrations.
Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers.
The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.
I have been using Fortinet FortiSIEM since 2018.
Stability-wise, I rate the solution a nine out of ten.
If every device can get a ten out of ten in terms of stability, then I believe it is a 100 percent perfect product.
It is an easily scalable solution. Suppose you want to increase the scalability in seconds. You can increase the number of tools with an HA supervisor to handle multiple events per second, and you can use multiple collectors for remote defense. It is easy to manage the tool's scalability and availability.
My company deals with around six customers who use the product.
The solution's technical support is good. If you want to deal with the issues from the tool of other vendors, Fortinet's support team provides help.
The product's initial setup phase is easy.
In Fortinet FortiSIEM, with multiple tenants, one does not need to invest in the implementation process.
After the virtual machine deployment or hardware appliance initial configuration, I think network discovery is the first step in the installation process. The process continues with vendor discovery and asset inventory at customer sites. Three intelligence integrations are the second step, and the configuration with the customer's devices to send all logs to SNMP TRAPS and then to the SIEM solution is a part of the main basic implementation. If you have some configurations and event handler and event order and logs, the initial configuration can be managed depending on the needs of customers.
I don't have the price list of any of the competitors of Fortinet FortiSIEM. I work with the technical part of the tool.
There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months.
The product offers multiple integrations with all vendors. If there is a new or unknown vendor in the market, a custom API can be made to ensure that integration with Fortinet FortiSIEM is possible.
I rate the integration capabilities of the tool a nine out of ten.
The implementation of the product can improve incident response time according to the arrangement and local relation of built-in rules or custom rules. This will reduce the time of incident response, especially if you use a SOAR solution with it. You can enrich the tool by buying a SOAR solution.
It is a good product in general. It is a product that offers stability and scalability with a multiple and wide range of built-in rules. The solution is also easy to use.
I rate the tool a nine out of ten.
AlienVault has an agent and OS X, which provide good detection. It is an open-source solution, and the agent gives more visibility to the endpoints. The alert feature is also good.
It gives us much more visibility if something is going on in the environment or if certain features are being used on the endpoint, copying files, or certain event codes that have been there for our servers. We need log in, log out, and every detail. It gives us much more information.
The log management could be improved because of the open source.
In the configuration of AlienVault OSSIM, users can determine backup frequency, retention policies, and other settings. There is a limitation on customizing backup settings for specific devices. Unfortunately, there's no option within the interface. Even accessing the backend database doesn't offer a solution, as it only allows for full database backups or none at all. This is a significant drawback, particularly for larger environments or clients with specific device backup needs.
I have been using AlienVault OSSIM for 3 months. We are using the V5.6 of the solution.
The product is stable.
I rate the solution’s stability a ten out of ten.
The solution is not scalable. It impacts so hard. In the initial stages, AlienVault OSSIM can be suitable for small environments. There may be limitations if the customer expresses a desire to expand and add more devices. In such cases, we would need to either explore additional solutions or work within the constraints of the existing setup.
We have set up alerts and configured everything in AlienVault OSSIM. It actively monitors for any security incidents. It provides us with regular updates and notifications about any ongoing activities.
Only one person is using the solution. It is the perfect solution for small businesses.
I rate the solution’s scalability a three out of ten.
There is no straightforward documentation available now at AT&T. They are focusing on the cloud. The on-prem documentation is not available there.
AT&T has removed the support. They are trying to force the customer to go with the cloud. They still have the tool up and going. They won't be able to configure it If something new is there.
The initial setup is straightforward. It takes a week for everything, including onboarding of the devices.
The only issue is the support for certain network devices. We needed to onboard them onto AlienVault OSSIM, but few pre-existing integrations were available. As a result, we had to create custom configurations for those devices. For example, when attempting to onboard Cisco Unified Communication Manager, which allows centralized management of Cisco routers and other equipment, we faced challenges with the configuration process.
I followed the documentation provided for AlienVault OSSIM, which included straightforward commands. After downloading the setup, running the command established the management console as expected. Additional steps were required for agents. The agents needed to be installed, and their IPs were configured. There are discrepancies in some configuration files that were not documented. We had to edit these files to ensure that the IPs matched.
I rate the initial setup as seven out of ten, where one is difficult, and ten is easy.
The solution is free.
Asset discovery is good. You give the IP range, and it'll scan everything in the network. You can select it and onboard it.
If you're new to AlienVault OSSIM, dive in and start configuring it. Experiment, play around with its features, and get comfortable with it. If it meets your needs and you feel confident using it, you can continue using it. However, if you encounter issues with scalability or log management that you can't resolve, it may be necessary to explore alternative solutions.
Overall, I rate the solution an eight out of ten.
