Fortinet FortiSIEM vs Splunk Enterprise Security vs Trellix ESM comparison

Security Information and Event Management (SIEM)

Download the complete report

Helped 864,574 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Mindshare comparison

As of August 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Fortinet FortiSIEM is 3.3%, up from 3.0% compared to the previous year. The mindshare of Splunk Enterprise Security is 9.4%, down from 11.8% compared to the previous year. The mindshare of Trellix ESM is 1.1%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

Oliver Jackson

Network Engineer at Laminar Communications Pty Ltd

Systems monitoring enhanced by firewall and intrusion detection features

My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification. My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and…

Has many predefined correlation rules and is brilliant for investigation and log analysis

ROBERT-CHRISTIAN

CTO at kyndryl

It is very complicated to write your own correlation rules without the help of Splunk support. What Splunk could do better is to create an API to the standard SIEM tools, such as Microsoft Sentinel. The idea would be to make it less painful. In ELK Stack, Kibana is the query language with which you can search log files. I believe Splunk has also a query language in which they search their log files, but once you have identified the log file that you want to use for further security correlation, you want to very quickly transport that into your SIEM tool, such as Microsoft Sentinel. That is something that Splunk could make a little bit less painful because it is a lot of effort to find that log file and forward it. An API with Microsoft Sentinel or a similar SIEM tool would be a good idea.

Helps to monitor and detect cyberattacks

Daniel Durian

Senior Information Security Manager at a real estate/law firm with 10,001+ employees

The tool's effectiveness depends on how you define your log sources. To build visibility of incoming and outgoing traffic, you need logs from perimeter defense, firewalls, web application firewalls, and endpoint protection. With good traffic visibility, incident response time is really quick. Trellix ESM provides situation awareness. On the dashboard, I can see outbound and inbound communications to known threat hosts, IPS/IDS activity, and threat intelligence of the perimeter defense in the firewall. This information helps preempt attacks.

More Fortinet FortiSIEM pros

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"We have many application systems, and I can set up Fortinet FortiSIEM for users to monitor their systems."

"FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high."

"The stability is very reliable. It offers very good performance."

"To add workers and even collectors is pretty easy."

"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."

"The most fascinating aspect of FortiSIEM is its integration with the MITRE ATT&CK framework."

"The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."

"The interface is very easy to use. The connector in the core has FortiSIEM support from the vendor."

"It has a big user base, so the community is useful."

"It helps streamline troubleshooting and log analysis."

"It is easy to use in any environment."

"The most valuable feature of Splunk Enterprise Security is the threat intelligence integration because essentially having to go out and correlate all the data on our own becomes convoluted."

"I am satisfied with the support."

"One key advantage of Splunk over competitors like IBM QRadar is its superior device integration capabilities."

"The graph visualization is the most valuable feature."

"The solution is very fast and succinct."

More Splunk Enterprise Security pros

"Compared to other solutions, the user interface is good."

"It has good technical support, which is available around the clock. You can call up anytime and get whatever you want. My queues are resolved."

"The support I have received from the vendor has been great."

"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."

"It can be easily deployed with the other solutions."

"The most valuable feature is for the security operation center because it provides visibility of all traffic within the company infrastructure."

"Trellix ESM is very user-friendly."

"McAfee as a whole is a good solution."

More Trellix ESM pros

Cons

"The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products."

"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."

"Fortinet FortiSIEM needs to provide better API integrations to users."

"The graphs on the user interface could be improved as we often experience glitches."

"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."

"The challenge I face with Fortinet FortiSIEM is the lack of support."

"FortiSIEM could be better integrated with other vendors."

"The solution's interface could be modernized and improved."

More Fortinet FortiSIEM cons

"Some of the queries are difficult to run and have room for improvement."

"The glass table feature does not perform as expected."

"On-premises scaling of the solution is a bit more limited than it is on the cloud."

"The threat detection library needs to increase the frequency at which the playbooks are updated."

"It is a good product, but the Achilles heel for a lot of organizations is the cost model for it because it gets expensive. That's because the model is based on how much data it processes a day, which can be prohibitive, especially if you have a lot of data. A lot of customers may not be ready for the sticker shock on how to fully leverage the product. I realized that the reason for that is that when it was originally designed, it was kind of like a big data modeling application. If they want to have a bigger customer base, they can come out with subsets of their product that are focused on specific things and have different pricing models. It may help with the cost."

"The analytics of Splunk could be improved."

"The product could be cheaper."

"The product was designed for security and IT with business intelligence needs, such as PDF exporting, but this has not been the highest priority. While the functionality is there, it could be developed more."

More Splunk Enterprise Security cons

"The user interface could be more user-friendly."

"McAfee is no more providing security updates on this product, and the enhancements to this product seem to have stopped. Moreover, we don't get proper support, and we struggle to get its support. It would be good if they can add some AI engine and out of the box use cases because it is currently limited to the same scenario and the same setup. I have done a POC for Securonix, LogRhythm. These products are much more ahead as compared to McAfee ESM. They have included multiple modules in the same solution. Correlation is very easy. If McAfee ESM can improve, especially in such implementations, then I believe it would be much better."

"There should be support for multitenancy in the product."

"Product-wise, adding accounts on a single data source by batch would be a really great help."

"I would like to see fingerprint recognition included in the next release of this solution."

"The initial setup is difficult and could improve."

"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."

"Areas of Trellix ESM that could be improved or enhanced include checking on the clients who are still on-prem, especially banks, as most are not moving everything to the cloud due to confidentiality and accessibility during network outages."

More Trellix ESM cons

Pricing and Cost Advice

"We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that."

"There are additional features that cost more than the standard licensing fees."

"The solution is available for both, perpetual and subscription licenses."

"Manageable, however would be better as pay as you go versus CapEX."

"The tool is really expensive. For what the tool does for our team, the price is fair."

"There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months."

"Fortinet FortiSIEM is very cost-efficient compared to other SIEM solutions."

"The price of Fortinet FortiSIEM was reasonable compared to other solutions."

More Fortinet FortiSIEM pricing and cost advice

"Setup cost is cheap: It is free, it is user-friendly, and it is fast."

"It would be nice if the pricing were cheaper. However, we did purchase it."

"I remember Splunk being relatively affordable. Kibana was more reasonable, but you get more with Splunk. If I was suggesting something, I would probably suggest Splunk because it is better to pay a little bit more and get a lot more."

"Splunk is expensive based on our current requirements, but it's obviously worth what we pay."

"Splunk is really expensive compared to all the other tools on the market, including Microsoft Sentinel."

"I think that most of the log analytics solutions are expensive and I'm not sure if it's worth it."

"Splunk Enterprise Security is a worthwhile investment given the comprehensive range of features it offers."

"While some clients find the cost of Splunk Enterprise Security to be on the higher end, its pricing is comparable to other SIEM solutions."

More Splunk Enterprise Security pricing and cost advice

"The cost is dependent on the customer's environment and requirements."

"The cost is all included. The finance department handles the financial part, and we mostly don't get involved in it."

"The price of McAfee ESM is higher than some of the other solutions. There are additional features that can be added at an additional fee."

"We pay for our licensing fees on a yearly basis, and there are no costs in addition to the standard licensing fees."

"The pricing is fair."

"When compared to IBM Security QRadar and other similar platforms, the pricing of McAfee ESM is reasonable and comparatively less expensive."

"The price is good. It's moderate. We follow a pay-as-you-go model. There are different models available, and they can also be monthly. You can choose monthly or yearly. It's very flexible. If our existing customers exceed the current plan, you can just call McAfee and get it extended."

"You should buy the distributed option instead of the all-in-one for environments with more than 1000 end points."

More Trellix ESM pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

864,574 professionals have used our research since 2012.

Comparison Review

Vinod Shankar

Manager, Enterprise Risk Consulting at Deloitte & Touche

Feb 26, 2015

HP ArcSight vs. IBM QRadar vs. McAfee Nitro vs. Splunk vs. RSA Security vs. LogRhythm

We at Infosecnirvana.com have done several posts on SIEM. After the Dummies Guide on SIEM, we are following it up with a SIEM Product Comparison – 101 deck. So, here it is for your viewing pleasure. Let me know what you think by posting your comments below. The key products compared here are…

What do you like most about Fortinet FortiSIEM?

Top Industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

Government

Comms Service Provider

Computer Software Company

14%

Financial Services Firm

14%

Manufacturing Company

Government

Comms Service Provider

13%

Financial Services Firm

12%

Computer Software Company

11%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Fortinet FortiSIEM needs to provide better API integrations to users.

What is your experience regarding pricing and costs for Fortinet FortiSIEM?

The pricing is reasonable, which is why it is preferred by government customers. Windows agent licenses cost around 3...

What needs improvement with Fortinet FortiSIEM?

Fortinet FortiSIEM should broaden its remediation part to include more features for incident management. Currently, t...

What SOC product do you recommend?

For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...

How does Splunk compare with Azure Monitor?

Splunk handles a high amount of data very well. We use Splunk to capture information and as an aggregator for monitor...

What do you like most about McAfee ESM?

The solution's technical support is great.

What is your experience regarding pricing and costs for McAfee ESM?

When discussing Trellix ESM pricing and licensing, if you consider some premium product, the pricing also has to be p...

What needs improvement with McAfee ESM?

We need to improve Trellix ESM by making sure that most of the logging devices available in the global market should ...

Wazuh vs Fortinet FortiSIEM

Comparisons

Compared 12% of the time

IBM Security QRadar vs Fortinet FortiSIEM

Compared 11% of the time

LogRhythm SIEM vs Fortinet FortiSIEM

Compared 6% of the time

Microsoft Sentinel vs Fortinet FortiSIEM

Compared 5% of the time

Rapid7 InsightIDR vs Fortinet FortiSIEM

Compared 2% of the time

More Fortinet FortiSIEM Competitors

IBM Security QRadar vs Splunk Enterprise Security

Compared 8% of the time

Wazuh vs Splunk Enterprise Security

Compared 7% of the time

Dynatrace vs Splunk Enterprise Security

Compared 7% of the time

Datadog vs Splunk Enterprise Security

Compared 5% of the time

Google Chronicle Suite vs Splunk Enterprise Security

Compared 2% of the time

More Splunk Enterprise Security Competitors

OpenText Enterprise Security Manager vs Trellix ESM

Compared 27% of the time

IBM Security QRadar vs Trellix ESM

Compared 13% of the time

LogRhythm SIEM vs Trellix ESM

Compared 12% of the time

SentinelOne Singularity Complete vs Trellix ESM

Compared 11% of the time

Graylog Security vs Trellix ESM

Compared 5% of the time

More Trellix ESM Competitors

Product Reports

Download Fortinet FortiSIEM product report

Fortinet FortiSIEM

August 2025

Splunk Enterprise Security

Download Splunk Enterprise Security product report

Trellix ESM

Download Trellix ESM product report

Also Known As

FortiSIEM, AccelOps

No data available

McAfee ESM, NitroSecurity, McAfee Enterprise Security Manager

Overview

FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

Companies around the world use FortiSIEM for the following use cases:

Threat management and intelligence that provide situational awareness and anomaly detection
Alleviating compliance mandate concerns for PCI, HIPAA and SOX
Managing “alert overload”
Handling the “too many tools” reporting issue
Addressing the MSPs/MSSPs pain of meeting service level agreements

Fortinet

Splunk Enterprise Security is widely used for security operations, including threat detection, incident response, and log monitoring. It centralizes log management, offers security analytics, and ensures compliance, enhancing the overall security posture of organizations.

Companies leverage Splunk Enterprise Security to monitor endpoints, networks, and users, detecting anomalies, brute force attacks, and unauthorized access. They use it for fraud detection, machine learning, and real-time alerts within their SOCs. The platform enhances visibility and correlates data from multiple sources to identify security threats efficiently. Key features include comprehensive dashboards, excellent reporting capabilities, robust log aggregation, and flexible data ingestion. Users appreciate its SIEM capabilities, threat intelligence, risk-based alerting, and correlation searches. Highly scalable and stable, it suits multi-cloud environments, reducing alert volumes and speeding up investigations.

What are the key features?

Comprehensive Dashboards: Provide a holistic view of security operations.
Flexible Data Ingestion: Supports various data sources for better analysis.
Robust Log Aggregation: Centralizes log management for easier monitoring.
Machine Learning Toolkit: Enhances threat detection and prediction capabilities.
SIEM Capabilities: Integrates security information and event management.
Threat Intelligence: Utilizes external information to improve security measures.
Risk-Based Alerting: Prioritizes alerts based on the risk they pose.
Correlation Searches: Identifies and correlates security events effectively.

What benefits or ROI should users look for?

Enhanced Visibility: Improves monitoring across endpoints, networks, and users.
Faster Incident Response: Speeds up identification and resolution of security issues.
Reduced Alert Volumes: Lowers false positives and enhances signal-to-noise ratio.
Scalability: Adapts to growing and changing security needs.
Improved Security Operations: Integrates multiple security facets into one platform.

Splunk Enterprise Security is implemented across industries like finance, healthcare, and retail. Financial institutions use it for fraud detection and compliance, while healthcare organizations leverage its capabilities to safeguard patient data. Retailers deploy it to protect customer information and ensure secure transactions.

Splunk

Make your organization more resilient and confident with Trellix Security Operations. Filter out the noise and cut complexity to deliver faster, more effective SecOps. Integrate your existing security tools and connect with over 650 Trellix solutions and third-party products.

Trellix

Sample Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.

Splunk has more than 7,000 customers spread across over 90 countries. These customers include Telenor, UniCredit, ideeli, McKenney's, Tesco, and SurveyMonkey.

San Francisco Police Credit Union, Wªstenrot Gruppe, Volusion, California Department of Corrections & Rehabilitation, Government of New Brunswick, State of Colorado, Macquarie Telecom, Texas Tech University Health Sciences Center, Cologne Bonn Airport

Security Information and Event Management (SIEM)