We use the solution for monitoring, intrusion detection, and user behavior analytics. We run the dashboards to detect anomalies. We have our own incident tracking solution. We use it to track the time to detect versus the time to resolve and close the ticket.
CISO at a financial services firm with 501-1,000 employees
Provides an excellent analytics engine, and the real-time monitoring features make life easy
Pros and Cons
- "Real-time monitoring makes life quite easy for me."
- "Network detection and response is a separate product."
What is our primary use case?
What is most valuable?
The product kicks the logs automatically without an agent. We also use it for file integrity monitoring. The analytics engine is quite good. It can correlate traffic across our various platforms and give us a standard dashboard view of what's happening. By seeing what's happening on the network, we can pick anomalies like encrypted traffic, policy violations, and unusual accesses. It helps us be compliant. We can push back on the users and the IT team and keep them accountable based on what they are doing across their network.
Real-time monitoring makes life quite easy for me. Once I have the assurance that I have visibility into what's happening, I can report to the business and my boss that all is well. It also allows me to keep the security operations team on its toes. We do a lot of red teaming. It allows us to see whether the SOC team is doing what it is supposed to do.
The tool is relatively easy to integrate. It's agentless. We have a Windows environment majorly. We can tell the product to monitor everything at once. As long as it's authenticated, it will fix what we need.
What needs improvement?
Network detection and response is a separate product. That's how I ended up with Wazuh. I'm looking for something to help me on the network and endpoint level. The vendor must look to consolidate and improve that area.
For how long have I used the solution?
I have been using the solution for more than five years.
Buyer's Guide
Fortinet FortiSIEM
September 2025

Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
867,497 professionals have used our research since 2012.
What do I think about the stability of the solution?
The tool is quite stable. I rarely ever need to reboot or check things. I just fine-tune the rules based on the new use cases that keep coming up.
What do I think about the scalability of the solution?
We've not had any troubles with the tool’s scalability. We are a small growing bank. We have around 800 endpoints at the moment.
How are customer service and support?
I have no complaints with the technical support.
How would you rate customer service and support?
Positive
How was the initial setup?
I rate the ease of setup a seven to eight out of ten. It's agentless. We can hit the ground running. A third-party provider currently supports us in maintaining the product. We have no complaints regarding the maintenance work.
What's my experience with pricing, setup cost, and licensing?
The price is competitive. We can scale based on the licensing. It is an annual CapEx.
Which other solutions did I evaluate?
I am using only Fortinet and Wazuh currently. I have worked with AlienVault and IBM QRadar in a different organization. The products have their own unique space in the market. SolarWinds has a logging engine. IBM is huge.
What other advice do I have?
It's a good tool if we are small and growing. It is easy to deploy. The support is available. The product is easy to learn. Overall, I rate the solution a nine out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Security Consultant at Vertex Techno Solutions (B) Pvt Ltd
Helps collect security logs from all network devices
Pros and Cons
- "The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products."
- "The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues."
What is our primary use case?
I normally use the solution in my company as part of SOC. The tool is implemented to collect logs from all networks, perimeter devices, and security devices. We are using all kinds of SIEM tools to collect logs, especially security logs from all network devices, and analyze all those logs. Fortinet FortiSIEM works for enterprise and banking customers and BFSI customers, as most of them use Fortinet FortiGate devices for the security of the perimeter devices.
What is most valuable?
The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products. The tool has an endless number of templates, so based on a customer's use case, we can choose the templates, create the report as per compliance, and submit it to management for higher visibility.
What needs improvement?
With Fortinet's current integrations with endpoints and with the integration capabilities of EDR and XDR solutions from Fortinet itself, when we are trying to integrate them with other technologies or other OEMs like CrowdStrike or SentinelOne, the integration part is very complex. It takes a lot of time to take care of the implementations. When we integrated Fortinet FortiSIEM with external threat intelligence, like CyberArk or ThreatConnect, the integration seemed to be tough. If Fortinet FortiSIEM could create some use cases or some templates with all its listed competitors or technology partners, then a customer would be able to integrate all those technologies easily.
The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues. Even though the tool offers twenty-four hours and seven days of support, we might not get the right engineer on time.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for more than ten years. I am an integrator of the solution. I use Fortinet FortiSIEM 7.0.0.
What do I think about the stability of the solution?
From the application perspective, yeah, I think it is a stable tool most of the time, but we have met some issues with the database sometimes. Stability-wise, I rate the solution a nine out of ten.
What do I think about the scalability of the solution?
It is a highly scalable solution. Scalability-wise, I rate the solution a ten out of ten.
I think around ten customers of my company use the tool.
My customers are medium and enterprise-sized businesses.
How are customer service and support?
The solution's technical support has been a nightmare. I rate the technical support a four or five out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
If one is difficult and ten is easy to set up, I rate the product's initial setup phase a nine out of ten. It is not very complicated, but a tech person who has the expertise to install and scale implement all these features would be required to implement the tool.
The product's installation model depends on the company's compliance and IT policies. Most customers prefer implementing an on-premises model. When considering commercial and upfront investment, customers are ready to go for cloud solutions as well. But in my experience, most customers prefer to implement an on-premises model.
The time required to deploy the solution depends on how big your network is currently. It might take two days to up to two weeks, so that is the normal project implementation time. It is always based on how big our network is and how we know our network. If customers have good visibility and understanding of their network, good access, and all the authentication paths, the integration will be much easier. In some cases, it might take more than two weeks. On average, I think it will take one to two weeks to complete installation.
The deployment of the tool is always for the SOC part of a company. It is used for real-time network analytics.
For the deployment, we discuss all the requests or use cases with the customer and understand their network topology. Most of the time, we access their platform for installation, and so we deal with virtualization platforms, like VMware ESXi, and based on that, we will download the SIEM pack from Fortinet. Once the installation has been completed, we try to find all the devices in the network that we need to monitor so we can enable all those processes. It is the normal deployment procedure we are following for implementation. Once the primary implementation has been completed based on customer use cases or complaints, we might create those dashboards and templates for reporting.
What's my experience with pricing, setup cost, and licensing?
If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap.
What other advice do I have?
For threat detection, some AI-based analytics tools are there, and it is one of the latest features in the product. The AI helps mitigate threats.
In terms of the tool's ability to streamline customer security workflow, the product normally searches events in real-time, so customers will get alerts of the event in real-time. Compared to other products like Splunk or Oracle, I think Fortinet FortiSIEM is more reliable in real-time.
If there is proper support and better technical capabilities, it can become a good solution.
I rate the tool an eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. integrator
Buyer's Guide
Fortinet FortiSIEM
September 2025

Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2025.
867,497 professionals have used our research since 2012.
Senior Network Security Engineer at Orange
It's cheaper than other solutions with the same features but lacks integration with many third-party vendors
Pros and Cons
- "FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents."
- "FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors."
What is our primary use case?
I am part of the team that implements the solution, and we hand it over to the operations team. We use FortiSIEM to ingest logs. The customer provides us with the IPs for the log sources, and we add them to the FortiSIEM dashboard. We can check the logs for signs of malicious access from outside devices and set rules based on the customer's preferences.
What is most valuable?
FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents.
What needs improvement?
FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors.
I would also like to see FortiSIEM add more of the features available in FortiSOAR. You need to buy two separate solutions to get these features, but they should all be available in one product.
For how long have I used the solution?
I have used FortiSIEM for two years.
What do I think about the stability of the solution?
We haven't had any issues with stability aside from the problems associated with integrating FortiSIEM with third-party vendors.
What do I think about the scalability of the solution?
We haven't scaled FortiSIEM much until recently. Our customers typically implement it on one node, so I'm not sure how easy it is to scale. We often work with large enterprise companies, so we've used the solution in healthcare. For example, we deployed FortiSIEM at a children's cancer hospital in Egypt. We also used it for banking clients, including an investment bank.
How are customer service and support?
Fortinet support is helpful.
How was the initial setup?
Deploying FortiSIEM is straightforward. Most of our customers prefer the on-prem version over the cloud.
Which other solutions did I evaluate?
Other vendors like IBM QRadar are more effective than FortiSIEM for a SOC use case because they specialize in that area. I would recommend that if you are trying to build a large SOC team.
What other advice do I have?
I rate FortiSIEM seven out of 10. I strongly recommend this solution for customers who are using Fortinet products. It offers the same features as other vendors, but it's less expensive. However, some other SIEM solutions are more effective.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Account Manager at Cairo International Airport Co.
The log correlation is good
Pros and Cons
- "FortiSIEM's log correlation is good."
- "FortiSIEM could be better integrated with other vendors."
What is our primary use case?
FortiSIEM analyzes the logs from all the servers and firewalls.
How has it helped my organization?
FortiSIEM provides visibility into what happens on our corporate network. We can see traffic from users and detect brute force or bot attacks. It's clear in the SIEM solution.
What is most valuable?
FortiSIEM's log correlation is good.
What needs improvement?
FortiSIEM could be better integrated with other vendors.
For how long have I used the solution?
This happened about one year or one year and a half.
What do I think about the stability of the solution?
We had some issues during the update. Some updates didn't install, so we opened a ticket with Forti support, but it took more time to solve.
What do I think about the scalability of the solution?
FortiSIEM scales enough for our company. After the initial deployment, we added some servers and increased the resources to enable FortiSIEM to take the logs from the servers.
How are customer service and support?
I rate Fortinet support nine out of 10. It's excellent.
How would you rate customer service and support?
Positive
How was the initial setup?
Fortinet performed the initial setup, and it took about a week. We installed the image and integrated it with another server's Active Directory. Then we integrated it with the firewalls, routers, switches, and controller. Finally, we had to configure the policies.
What other advice do I have?
I rate Fortinet FortiSIEM eight out of 10. I would recommend FortiSIEM for corporate users, but I haven't tried any other SIEM solutions, so I have no reference for comparison. In the future, we might try another vendor with a more comprehensive solution.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Security Manager at Banco Lopez de Haro
Audits servers, handles vulnerability detection and correlates traffic
Pros and Cons
- "It detects new technologies, vulnerabilities, and emerging threats on the internet."
- "The deployment of the platform took some time to set up and configure."
What is our primary use case?
Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.
What is most valuable?
It detects new technologies, vulnerabilities, and emerging threats on the internet.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for four years.
What do I think about the scalability of the solution?
500 users are using this solution.
How are customer service and support?
The product could benefit from more local support. There is an opportunity to improve the support for products like Deepgram and FortiSIEM.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
The deployment of the platform took some time to set up and configure. I have experience using SolarWinds and its tools.
How was the initial setup?
The initial setup is very easy and takes four months to complete. They need to focus on this because the provider did much of the configuration rather than them doing it directly. The support we receive helps us improve in comparison to using this platform alone.
I rate the initial setup an eight out of ten, where one is difficult, and ten is easy.
What about the implementation team?
Our provider does the deployment and maintenance.
What was our ROI?
What's my experience with pricing, setup cost, and licensing?
It has a good price and is more competitive than the others.
What other advice do I have?
If the protection and monitoring make my network safer by detecting outliers and events, I can report these findings to my manager. They need to be aware of live events affecting the company.
Overall, I rate the solution an eight out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Head of Product Management (Cloud & Digital) at Pakistan Telecommunication Company Limited
Integrates well with other Fortinet solutions, has nice VR and security feature s
Pros and Cons
- "We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
- "FortiSIEM is not a market leader in the SIEM space."
What is our primary use case?
We primarily use the solution for security.
What is most valuable?
Fortinet has a unique model, which they call MSSP, managed services security partner. They select a telco in a country, partner with them, and offer them the certification track. We are an MSSP partner in Pakistan. FortiSIEM and FortiSOAR, their overall solutions that are there for threat mitigation, visibility, control, et cetera, is well integrated.
We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers.
There's a VR feature that is basically segmenting these firewalls, these security devices. Using that feature, we can make a network slice for each and every enterprise customer. All of the infrastructure is deployed in our data center, yet customer uses it as if it is their own.
What needs improvement?
FortiSIEM is not a market leader in the SIEM space. In SIEM solutions, typically, our customers ask for Splunk, or they ask for Logarithm. Some legacy customers ask for IBM. This isn’t as popular. Fortinet needs to grow in that perspective. They need to become a leader in the magic quadrant of Gartner and be seen as visionary so that the top customers, the big customers, take them seriously in the SIEM space.
For how long have I used the solution?
I’ve been using the solution for more than a year now.
What do I think about the stability of the solution?
This is an absolutely stable solution. There aren’t bugs or glitches, and it doesn’t crash or freeze. It’s reliable.
What do I think about the scalability of the solution?
We don’t have users per se. We are selling it. We have just started selling it. At this point, we have more than double-digit customers onboarded who are using the services.
My understanding is that the solution is entirely scalable.
How are customer service and support?
We find technical support quite helpful. They're very responsive. They have a very good on-the-ground team in Pakistan.
How was the initial setup?
While I am responsible for the overall product owners within PTCL, within my organization, I don’t directly deal with implementation tasks.
My colleagues tell me it is easy to deal with, however.
What's my experience with pricing, setup cost, and licensing?
I can’t speak to the general cost of the solution. They have a very flexible model for partners like us, however. It is a pay-as-you-grow model.
What other advice do I have?
I’m not sure which exact version I’m using.
We are a cloud provider. Whatever we do, we sell it to our clients. We're not an enterprise, we are a public cloud provider, PTCL, and we sell to our clients.
I’d rate the solution eight out of ten.
If a company already has Fortinet devices in their network they have all the components of security of Fortinet, then it will make sense for them to consider FortiSIEM. If, however, it doesn’t have Fortinet security devices, it may be difficult to leverage.
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Senior Consutant at HCLSoftware
A stable solution with an awesome IP database
Pros and Cons
- "The solution’s IP database is awesome."
- "When our team tried configuring logs for Microsoft SQL, it did not work."
What is our primary use case?
We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.
What is most valuable?
The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.
What needs improvement?
When our team tried configuring logs for Microsoft SQL, it did not work.
The next release should improve database monitoring. Compared to servers and security devices, working with database and log configuration is not easy.
For how long have I used the solution?
I have been using the solution for the past four to five months.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable. We initially configured five devices and then could scale it to 20 without any challenges. Ten to fifteen people in the security operation center team use the solution.
How are customer service and support?
My team members contacted the support team, and they helped us configure a few things.
How was the initial setup?
My team did not face any issues during configuration.
What other advice do I have?
I would recommend the solution to others. One of our customers moved from ArcSight to FortiSIEM because they had some support issues. Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
SOC Analyst at a tech vendor with 1-10 employees
Security tool facilitates efficient monitoring and policy customization
What is our primary use case?
I have a lot of experience working with solutions such as Fortinet FortiSIEM, FortiSOAR, and FortiGate. I have also worked with ImmuniWeb. However, I did not have the credentials or the software to work with ImmuniWeb, which is why I was searching for more information on the website to learn more about the tool.
In the company I work for, we have a partnership with Fortinet.
In my organization, I work on Fortinet FortiSIEM in the cloud.
What is most valuable?
Fortinet FortiSIEM is really user-friendly. You can filter easily, find rules, and even create new rules. I appreciate Fortinet FortiSIEM the most because it is easy to search, filter, make rules, and look for correlations and events.
For Fortinet FortiGate, it is easy to navigate through the tool itself, make policies, and look at events and logs. It is very easy to monitor on Fortinet FortiGate. I really appreciate it and believe anyone in the field can work with it easily.
For FortiSOAR, it is easy to work with playbooks and rules for approvals, and everything there is straightforward. Fortinet FortiSIEM pulls the events from FortiSOAR, processes them, and applies the playbooks. It is simple in its functions, has correlations, and offers everything needed.
I can find everything I need on Fortinet FortiSIEM. The filters, trends, and dashboard make it easy to use. The database, alerts, and customer service are excellent as well.
What needs improvement?
Regarding Fortinet FortiSIEM, I cannot identify any specific areas for improvement because I can find everything I need. For the time being, I cannot find a real point for improvement. Everything is working great on Fortinet FortiSIEM.
For how long have I used the solution?
I have experience with Fortinet FortiSIEM for almost six months.
How are customer service and support?
For Cortex XDR from Palo Alto, it rates 10 out of 10. Everything is excellent with XDR and the technical support is exceptional.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have worked with Splunk and QRadar SIEM tools, but I prefer Fortinet FortiSIEM the most.
What's my experience with pricing, setup cost, and licensing?
I am not familiar with the price and cost of Fortinet FortiSIEM. I cannot tell you if it is high, expensive, or low. However, I can say that it is cost-effective as it provides everything needed.
Which other solutions did I evaluate?
I do not have relevant experience with tools such as Acunetix, Synopsys, Invicti, Snyk, Prolexic, AWS Shield, or Global Accelerator.
What other advice do I have?
I wish to remain anonymous, with no names for my company or myself. I prefer written communication rather than voice-based.
Based on my experience, I would rate this solution 9 or 10 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Aug 15, 2025
Flag as inappropriate
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: September 2025
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
CrowdStrike Falcon
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
Cortex XSIAM
Rapid7 InsightIDR
LogRhythm SIEM
AlienVault OSSIM
Google Chronicle Suite
Sentinel
Securonix Next-Gen SIEM
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- What's The Best Way to Trial SIEM Solutions?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- RSA-EMC vs. other SIEM products?
- What Questions Should I Ask Before Buying SIEM?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?