We performed a comparison between Fortinet FortiSIEM and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The automation feature is valuable."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The product can integrate with any device."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
"We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
"The event correlation is pretty robust. The GUI is pretty good."
"The stability is very reliable. It offers very good performance."
"Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections."
"Fortinet FortiSIEM provides good detection against advanced threats."
"Their technical support responds quickly and are knowledgable."
"The most valuable features are the threat prediction and network forensics."
"It gives the capability for the incident response team to correlate logs to identify any kind of problem like malware and incidents in a general sense, both for logs and packets."
"The most valuable feature is the hunting ability to work in a CERT."
"The software is scalable to whatever is required, and you can also put a lot of resources in the cloud."
"The most valuable features are its ingestion of logs and raising of alerts based on those logs."
"The product's initial setup phase was not at all difficult."
"It's fully scalable. There is no limit. Of course, the license limits per day the number of terabytes. In my opinion, it's very flexible."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The on-prem log sources still require a lot of development."
"The solution should allow for a streamlined CI/CD procedure."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"Sentinel's reporting is complex and can be more user-friendly."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"Not very good on non-API features, lacks that functionality."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"There is no proper guide for integration or configuration."
"Patching is not great - we're not getting the support we'd expect."
"Our customers are noticing configuration available in the GUI interface and I think that they should be equal."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"The nodes on our network did not comply with the SIEM solution. They use a different format parking log."
"I'd like to see improvement in its ease of use. It's basically unusable. It's overly complex."
"More customizability is required, which is something that they need to improve on."
"The log system is a bit complex and has room for improvement."
"An area for improvement would be better automation and more inbuilt use cases."
"There is no support for this product in this country, so problems have to be resolved through global technical teams."
"The implementation needs assistance."
"The solution should have more integration capabilities with different platforms."
"The initial setup is very complex and should be simplified."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 63 reviews while NetWitness Platform is ranked 28th in Security Information and Event Management (SIEM) with 35 reviews. Fortinet FortiSIEM is rated 7.6, while NetWitness Platform is rated 7.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Arbor DDoS. See our Fortinet FortiSIEM vs. NetWitness Platform report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.