Fortinet FortiSIEM vs Splunk Enterprise Security comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Sep 21, 2023

We compared Splunk Enterprise Security and Fortinet FortiSIEM across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:

  • Features: Splunk Enterprise Security stands out for its efficiency, extensive integration options, and powerful search functionality. Users say Splunk is a highly scalable and customizable solution. Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. 

  • Room for Improvement: Splunk users recommended improvements in AI capabilities, user-friendliness, and analytics. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring.

  • Service and Support: While some users found Splunk support to be responsive and helpful, others reported slow response times and a lack of expertise. Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable.

  • Ease of Deployment: Some users thought Splunk Enterprise Security was easy to deploy, while others found it challenging and needed assistance from Splunk engineers or third-party integrators. Some FortiSIEM users found it effortless to install within a day or two. Others reported difficulties regarding CPU and memory requirements, as well as a lengthier deployment time.

  • Pricing: Some users consider Splunk Enterprise Security to be expensive, but others said the price is reasonable. A few users expressed concerns about the cost of scaling up the solution and managing large volumes of data. FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets.

  • ROI: Users said that it’s challenging to calculate an ROI for Splunk Enterprise Security, and the return varies depending on individual circumstances. While some users have observed a substantial ROI, others have not actively explored or been engaged in ROI conversations. Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses.

Comparison Results: Splunk is highly regarded for its efficient data processing and powerful search capabilities, but reviewers say its analytics and AI capabilities need improvement. Fortinet FortiSIEM is considered an affordable solution with effective correlation features, but it falls short in terms of database monitoring and reporting.  

To learn more, read our detailed Fortinet FortiSIEM vs. Splunk Enterprise Security Report (Updated: November 2023).
746,670 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything.""Log aggregation and data connectors are the most valuable features.""Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications.""Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information.""The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent.""Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing""The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going.""The solution offers a lot of data on events. It helps us create specific detection strategies."

More Microsoft Sentinel Pros →

"Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same.""Technical support is helpful.""The event correlation is pretty robust. The GUI is pretty good.""The Threat Hunting feature provides complete traffic analysis.""The most valuable feature is the anomaly-reporting alarms.""FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high.""FortiSIEM is a great tool for making security processes transparent.""Fortinet FortiSIEM is less costly than other products and is available 24/7."

More Fortinet FortiSIEM Pros →

"It gives us good visibility into multiple environments, including cloud, on-premises, and hybrid; irrespective of platform.""The UI of Splunk makes it easier for our analysts to move around and see what they need to see.""Internal tracking is helpful because we do not like to deal with multiple ticketing systems, and I am not a fan of ServiceNow. We are able to keep everything internal and utilize Enterprise Security.""Splunk's strongest suit is its user interface. We can integrate multiple solutions and adjust settings in the Splunk interface.""The correlation searches are most valuable just because we are able to do things like RBA.""Three features stand out for me: the SDK for writing Python, the customizable and adaptable diagnostic dashboard, and the optimizer for collecting data.""I like Splunk's data aggregation and search capabilities.""The connections to the database are very good and updating the data files is simple to do. The dashboards are useful and user-friendly."

More Splunk Enterprise Security Pros →

"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel.""Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect.""I think the number one area of improvement for Sentinel would be the cost.""They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work.""It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools.""Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider.""Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language.""The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."

More Microsoft Sentinel Cons →

"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS.""Areas for improvement would be the ease of use and the integration with Fortinet's own products.""The process of installing Fortinet FortiSIEM and the customization of the alerts take too long.""The graphs on the user interface could be improved as we often experience glitches.""Fortinet FortiSIEM could improve to extend to several locations or sites.""The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.""The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial.""They need to integrate better with Cisco and Palo Alto."

More Fortinet FortiSIEM Cons →

"Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently.""Sometimes the communication with support happens with multiple staff. They should reduce the time to resolution.""Splunk Enterprise Security has not helped reduce our alert volume.""I love the solution, but I would like to see more accessibility to the machine-learning capabilities that are sprinkled around Splunk.""The level of scalability depends on the license you have. You can expand or reduce it based on the environment. It does cost more money to scale, however.""The support that is included with the standard licensing fee is very bad.""I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part.""Sometimes, there is latency in the logs."

More Splunk Enterprise Security Cons →

Pricing and Cost Advice
  • "Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."
  • "For us, it is not expensive at this time, but if we start to collect all logs from our on-premise SIEM solutions, it will cost more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than what we paid for QRadar."
  • "I don't know yet because they gave us a 30-day test window for free."
  • "It's costly to maintain and renew."
  • "Microsoft Sentinel is expensive."
  • "Sentinel is pretty competitive. The pricing is at the level of other SIEM solutions."
  • "It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."
  • "There are no additional costs other than the initial costs of Sentinel."
  • More Microsoft Sentinel Pricing and Cost Advice →

  • "Manageable, however would be better as pay as you go versus CapEX."
  • "The price of Fortinet FortiSIEM was reasonable compared to other solutions."
  • "There are additional features that cost more than the standard licensing fees."
  • "This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."
  • "Fortinet's products are not expensive, it is less than the competition."
  • "FortiSIEM's licensing is based on EPS, and its pricing is competitive in the market."
  • "The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license."
  • "Fortinet FortiSIEM is cheaper compared to other products."
  • More Fortinet FortiSIEM Pricing and Cost Advice →

  • "It is expensive. I used to buy it early on, but then they combined it into a higher-up organization. They buy it for multiple systems now. Last time, I paid around 60K for it. There is just the licensing fee. That's all."
  • "I remember Splunk being relatively affordable. Kibana was more reasonable, but you get more with Splunk. If I was suggesting something, I would probably suggest Splunk because it is better to pay a little bit more and get a lot more."
  • "Expensive compared to other options."
  • "The price of Splunk is too high for our market."
  • "The price of this solution is expensive. However, it has great features. If you want a great solution you need to pay a price matching the features."
  • "There is an annual license required to use this solution."
  • "Splunk is not a cheap solution and the license is billed annually."
  • "Splunk's costing is a little more difficult. The pricing method is complicated, and the way that costing is calculated in Splunk is a little more difficult."
  • More Splunk Enterprise Security Pricing and Cost Advice →

    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    746,670 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Top Answer:This solution offers extensive customization options, making it possible to adapt it precisely to their requirements.
    Top Answer:Pricing is determined based on the customer's budget. We discuss how to tailor the pricing to fit the specific needs and… more »
    Top Answer:Customer support service could be better.
    Top Answer:For tools I’d recommend:  -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is… more »
    Top Answer:Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitoring… more »
    Top Answer:We are using Microsoft 365 and we're using the Exchange Mail Service. It's good for monitoring that in particular.
    Also Known As
    Azure Sentinel
    FortiSIEM, AccelOps
    Learn More

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

    Companies around the world use FortiSIEM for the following use cases:

    • Threat management and intelligence that provide situational awareness and anomaly detection
    • Alleviating compliance mandate concerns for PCI, HIPAA and SOX
    • Managing “alert overload”
    • Handling the “too many tools” reporting issue
    • Addressing the MSPs/MSSPs pain of meeting service level agreements

    Splunk Enterprise Security is a SIEM, log management, and IT operations analytics tool. The solution provides users with the ability to secure their information and manage their data in the cloud, data centers, or other applications. Splunk Enterprise Security also offers visibility from different areas, levels, and devices, rather than from a single system, thus, providing its users with flexibility. Splunk Enterprise Security can monitor data and analyze, detect, and prevent intrusions. This benefits users as it provides alerts to possible intrusions, helps users to be proactive, and reduces risk factors. 

    Full visibility across your environment

    Break down data silos and gain actionable intelligence by ingesting data from multicloud and on-premises deployments. Get full visibility to quickly detect malicious threats in your environment.

    Fast threat detection

    Defend against threats with advanced security analytics, machine learning and threat intelligence that focus detection and provide high-fidelity alerts to shorten triage times and raise true positive rates.

    Efficient investigations

    Gather all the context you need and initiate flexible investigations with security analytics at your fingertips. The built-in open and extensible data platform boosts productivity and drives down fatigue.

    Open and scalable

    Built on an open and scalable data platform, you can stay agile in the face of evolving threats and business needs. Splunk meets you where you are on your cloud journey, and integrates across your data, tools and content.

    Learn more about Microsoft Sentinel
    Learn more about Fortinet FortiSIEM
    Learn more about Splunk Enterprise Security
    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
    Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.
    Top Industries
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Real Estate/Law Firm6%
    Computer Software Company17%
    Financial Services Firm10%
    Manufacturing Company7%
    Comms Service Provider23%
    Financial Services Firm10%
    Media Company10%
    Computer Software Company10%
    Computer Software Company16%
    Comms Service Provider10%
    Manufacturing Company6%
    Computer Software Company17%
    Financial Services Firm16%
    Energy/Utilities Company8%
    Financial Services Firm15%
    Computer Software Company14%
    Manufacturing Company7%
    Company Size
    Small Business33%
    Midsize Enterprise20%
    Large Enterprise47%
    Small Business24%
    Midsize Enterprise16%
    Large Enterprise60%
    Small Business40%
    Midsize Enterprise24%
    Large Enterprise35%
    Small Business30%
    Midsize Enterprise17%
    Large Enterprise52%
    Small Business31%
    Midsize Enterprise12%
    Large Enterprise57%
    Small Business19%
    Midsize Enterprise13%
    Large Enterprise68%
    Buyer's Guide
    Fortinet FortiSIEM vs. Splunk Enterprise Security
    November 2023
    Find out what your peers are saying about Fortinet FortiSIEM vs. Splunk Enterprise Security and other solutions. Updated: November 2023.
    746,670 professionals have used our research since 2012.

    Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 25 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 76 reviews. Fortinet FortiSIEM is rated 7.4, while Splunk Enterprise Security is rated 8.6. The top reviewer of Fortinet FortiSIEM writes "It has robust event correlation and good GUI, but their technical support should be better, and it should support more nonstandard log sources". On the other hand, the top reviewer of Splunk Enterprise Security writes "Can be used to find any threats or vulnerabilities inside a user’s environment". Fortinet FortiSIEM is most compared with IBM Security QRadar, LogRhythm SIEM, PRTG Network Monitor, ThousandEyes and ManageEngine Log360, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Azure Monitor. See our Fortinet FortiSIEM vs. Splunk Enterprise Security report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.