We performed a comparison between Fortinet FortiSIEM and TruView based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."
"FortiSIEM's log correlation is good."
"It works well with medium to large-scale enterprises."
"The most valuable feature is the anomaly-reporting alarms."
"Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections."
"We're able to get real-timec as well as our customer networks that we're monitoring at all times."
"It's a very nice solution to work with."
"The event correlation is pretty robust. The GUI is pretty good."
"The most valuable feature for us was the ability to monitor sites and get a nice overview of all the data in a single view."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"The playbook is a bit difficult and could be improved."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"The biggest thing that could be better is a quicker response to support cases."
"When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement."
"The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."
"It's difficult to integrate unsupported devices with FortiSIEM compared to QRadar. It's easier to integrate and develop processes in QRadar. It's harder to develop a custom process in FortiSIEM."
"Patching is not great - we're not getting the support we'd expect."
"FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors."
"Its training can be improved. Its price also needs to be improved."
"We need to see incident reports about the event log, without events from the administrator or through human interaction."
"One area that could be improved is the reporting features. In the version transformation from ten to eleven, the platform changed from a Windows-based platform to a Linux-based platform. As a result, the previous reporting feature using Crystal Reports was no longer available. Instead, we had to generate PDF dashboard reports, which were not as flexible."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 64 reviews while TruView is ranked 54th in Network Monitoring Software with 16 reviews. Fortinet FortiSIEM is rated 7.6, while TruView is rated 9.6. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of TruView writes "We lacked visibility into network and app performance, so we chose Visual TruView to proactively manage our network". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas TruView is most compared with NETSCOUT nGeniusONE and Softinventive Lab Total Network Monitor.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
