We performed a comparison between Fortinet FortiSIEM and Microsoft Sentinel based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Microsoft is considered one of the industry leaders in the SIEM space. Microsoft Sentinel allows users to investigate threats seamlessly and manage them quickly, all from one single place. Microsoft Sentinel is a complete solution. Many users feel Fortinet FortiSIEM's learning curve takes too long and tell us the solution should have better integrations with other third-party solutions.
"The solution is easy to use and user-friendly."
"We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
"FortiSIEM's best features are the dashboards and customization."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"The most valuable feature is the anomaly-reporting alarms."
"The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
"Technical support is helpful."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The connectivity and analytics are great."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The product does not have Security Orchestration and Automation Response, I would recommend adding this feature."
"The graphs on the user interface could be improved as we often experience glitches."
"They should enhance the solution's AI capabilities, including XDR and EDR."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"FortiSIEM could be better integrated with other vendors."
"FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"Fortinet FortiSIEM could improve to extend to several locations or sites."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"There is room for improvement in entity behavior and the integration site."
"We are invoiced according to the amount of data generated within each log."
"The troubleshooting has room for improvement."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The playbook is a bit difficult and could be improved."
Fortinet FortiSIEM is ranked 10th in Security Information and Event Management (SIEM) with 27 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 71 reviews. Fortinet FortiSIEM is rated 7.4, while Microsoft Sentinel is rated 8.2. The top reviewer of Fortinet FortiSIEM writes "It has robust event correlation and good GUI, but their technical support should be better, and it should support more nonstandard log sources". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Fortinet FortiSIEM is most compared with Splunk Enterprise Security, IBM Security QRadar, PRTG Network Monitor, LogRhythm SIEM and ThousandEyes, whereas Microsoft Sentinel is most compared with AWS Security Hub, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Cloud and Palo Alto Networks Cortex XSOAR. See our Fortinet FortiSIEM vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
