We performed a comparison between Fortinet FortiSIEM and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"It has a lot of great features."
"Sentinel pricing is good"
"The UI of Sentinel is very good and easy to use, even for beginners."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"FortiSIEM's log correlation is good."
"It's very easy for anyone to work with."
"Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses."
"It is used as an alerting platform."
"The primary valuable feature is that it has replaced a whole lot of other products with one platform."
"FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high."
"We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"It makes everything easier by automating some tasks and growing with our needs."
"The tool is simple to use."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"There could be more AI features included in the product."
"The log collection and configuration management are not great."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"FortiSIEM is not a market leader in the SIEM space."
"The backup and recovery process for this solution needs improvement."
"Customer support service could be better."
"Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great.vvv"
"It's difficult to integrate unsupported devices with FortiSIEM compared to QRadar. It's easier to integrate and develop processes in QRadar. It's harder to develop a custom process in FortiSIEM."
"I would like to see a better reporting work structure on the dashboard."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"Log source integration with Sentinel needs to be improved."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"The dashboard and customer view should be improved"
"There is no integration in the web-side of the tool."
"The solution does not allow outsourced authorizations."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews. Fortinet FortiSIEM is rated 7.6, while Sentinel is rated 7.6. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas Sentinel is most compared with Splunk Enterprise Security, IBM Security QRadar, Google Chronicle Suite, Wazuh and LogRhythm SIEM. See our Fortinet FortiSIEM vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.