We performed a comparison between Fortinet FortiSIEM and NetBrain based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"FortiSIEM is a great tool for making security processes transparent."
"FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents."
"The CMDB and the device discovery features are most valuable."
"I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
"The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"This product has good network monitoring and troubleshooting capabilities."
"NetBrain is a very simple tool."
"Enables maps to be drawn out."
"Chain management is a good feature. I don't get it on other solutions."
"A reliable, time-saving tool for providing accurate layer 2 and layer 3 network mappings."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"One key area that can be improved is by building a strong integration with our XDR platform."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The product can be improved by reducing the cost to use AI machine learning."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients."
"They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."
"Our customers are noticing configuration available in the GUI interface and I think that they should be equal."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"When our team tried configuring logs for Microsoft SQL, it did not work."
"I would like to see easier implementation in the future."
"The IP interface brief isn't consistent."
"Support needs to improve for the installed product and some of the reporting could be more flexible to provide more complete cataloging."
"Each device needs to be configured to allow NetBrain to poll for the information it needs, which can be very time-consuming for a large network."
"The solution could integrate more automation."
"It would be nice if the setup was a little simpler. Also, if the solution could provide more training materials for new people coming into our company so they can quickly learn how to use the functionalities."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while NetBrain is ranked 15th in Network Troubleshooting with 6 reviews. Fortinet FortiSIEM is rated 7.6, while NetBrain is rated 7.2. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NetBrain writes "Good monitoring and troubleshoot capabilities, improves overall network traffic visibility". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas NetBrain is most compared with Cisco DNA Center, ThousandEyes, Red Hat Ansible Automation Platform, SolarWinds Network Automation Manager and Forward Enterprise. See our Fortinet FortiSIEM vs. NetBrain report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
