I primarily use FortiSIEM for Rwandan clients in banking and finance. Most of my clients require strictly on-prem solutions because of national data regulations. They are also skeptical of putting their data on the cloud, and the law requires all data to reside at a domestic data center.
Cyber Security Specialist at EAST-NB
It integrates well with solutions by the same vendor and other popular third-party vendors
Pros and Cons
- "I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
- "The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
What is our primary use case?
What is most valuable?
I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics.
What needs improvement?
The only drawback is the licensing model. It can get expensive if you want to integrate more solutions.
What do I think about the stability of the solution?
I rate FortiSIEM eight out of 10 for stability.
Buyer's Guide
Fortinet FortiSIEM
September 2023

Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
734,678 professionals have used our research since 2012.
What do I think about the scalability of the solution?
FortiSIEM is highly scalable, but you need to consider the costs. It will be expensive if you want to scale it up.
How are customer service and support?
We rely on Fortinet support, and their response times have room for improvement. They can take a while to respond sometimes.
How was the initial setup?
Setting up FortiSIEM is straightforward because they provide you with a step-by-step guide that covers installation and troubleshooting. The deployment time depends on your setup and what you need to integrate. It can take days or weeks, but we can typically finish in under a week.
There isn't a single one-size-fits-all implementation because some clients have mixed environments, and we need to develop a custom solution if we are working on multiple fabrics.
What's my experience with pricing, setup cost, and licensing?
You can get an annual license for FortiSIEM or a three-year license. It can be expensive if you're pulling data from many sources. If you plan to keep the solution for a while, I recommend choosing a three-year license or longer to save money.
What other advice do I have?
I rate FortiSIEM eight out of 10. My only advice is to understand your environment and learn as much as you can about SIEM before implementing the solution. I started by building open-source solutions from scratch, which gave me a big picture view of how to implement SIEM solutions and work with fabrics. You need to learn the basics about how to set rules and interpret logs.
Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
Last updated: Mar 29, 2023
Flag as inappropriate
Research Associate at a comms service provider with 1,001-5,000 employees
Good solution for security detection and response
Pros and Cons
- "Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."
- "The product does not have Security Orchestration and Automation Response, I would recommend adding this feature."
What is our primary use case?
My company is a partner of Fortinet FortiSIEM. We are a service provider and I take the solution from Fortinet and deploy it for my customers. We use the solution for security detection and response. This is a customer based solution, our customer's security admins and security operations use the solution, compromised of a team between three to five people.
How has it helped my organization?
Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had.
What is most valuable?
Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.
What needs improvement?
Fortinet FortiSIEM should consider converting the purchase model from a CapEX investment into a pay-per-use model. By doing this, it will be more attractive for more customers.
The product does not have Security Orchestration and Automation Response, I would recommend adding this feature.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for two years.
What do I think about the stability of the solution?
Stability is very good.
What do I think about the scalability of the solution?
Fortinet FortiSIEM is scalable.
How are customer service and support?
Technical support is perfect.
How was the initial setup?
The initial setup of Fortinet FortiSIEM was easy. The deployment took a week and a half and was based on a project plan. You don't need more than two people to deploy and maintain this solution.
What about the implementation team?
We use an integrator for the deployment of Fortinet FortiSIEM.
What's my experience with pricing, setup cost, and licensing?
The price of Fortinet FortiSIEM is manageable. The cost is approximately $90,000 on an annual basis.
What other advice do I have?
Before fitting the product into your environment, make sure you have the right requirements.
I would rate Fortinet FortiSIEM a 9 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Fortinet FortiSIEM
September 2023

Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
734,678 professionals have used our research since 2012.
Asst Programmer Data Center at a consultancy with 10,001+ employees
Lacks a level of support we'd expect to see, particularly for patching; Threat Hunting is a great feature
Pros and Cons
- "The Threat Hunting feature provides complete traffic analysis."
- "Patching is not great - we're not getting the support we'd expect."
What is our primary use case?
Our use case is for collecting logs and monitoring internet traffic through firewalls. We have Fortinet firewalls and Fortinet WAF. I'm a system programmer and we are customers of Fortinet.
What is most valuable?
I like the Threat Hunting feature which provides complete traffic analysis, like file movement and processes. It's a good feature.
What needs improvement?
We have recently faced many issues in terms of support and their turnaround time for giving support as well as their patch level. The patching is one of the significant issues we face with Fortinet SIEM. We're at the enterprise level and we're not getting the support we'd expect. They really need to bring in new features like proper dashboards and alert systems and a real-time alert system which would be beneficial for users.
For how long have I used the solution?
I've been using this solution for four years.
What do I think about the scalability of the solution?
Scalability is good; you just add extra licenses. We have 15 admin users and around 10,000 EPS.
How was the initial setup?
There are lots of issues with licensing policies like the agentless and agent-based installation. It creates a lot of issues because when we purchase the SIEM, by default, we expect most of the licenses to be in the bundle. But it's not like that. We need to purchase separate licenses for each agent and agentless system. There is also licensing with the EPS. It's quite difficult for proposing and purchasing the solution. We hire Fortinet professional services for deployment.
Which other solutions did I evaluate?
I think that QRadar and RSE are better solutions than SIEM. The interactivity, scalability, and performance are far better than Fortinet.
What other advice do I have?
My needs are not getting met with this solution so I would not recommend it to anyone and rate it four out of 10.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jan 11, 2023
Flag as inappropriateNetwork Security Engineer at Technicom Mali
A simple setup but needs better visibility and more correlation tools
Pros and Cons
- "It is used as an alerting platform."
- "The log collection and configuration management are not great."
What is our primary use case?
It is used as an alerting platform and has an availability manager.
What is most valuable?
We already have experience with Fortinet products, so dealing with Fortinet FortiSIEM is not complicated.
What needs improvement?
They should offer better visibility, more correlation tools and a better understanding of the network. Fortinet FortiSIEM already uses simple and standard protocols like SNMP, DuraMI and Syslog. Other solutions like QRadar use sFlow, so I think that they can do better.
In addition, the log collection and configuration management are not great.
For how long have I used the solution?
We have been using this solution for three years. We deployed Fortinet FortiSIEM at about three customer sites, and it is deployed on-premises.
What do I think about the stability of the solution?
The product is stable.
What do I think about the scalability of the solution?
It is a scalable solution.
How are customer service and support?
We have expertise with the product, so we don't use technical support often. We only require support for the error mark, and the support is quick and fast for that.
How was the initial setup?
The initial setup was simple, and we deployed Fortinet FortiSIEM in two days. We already had all the information regarding the customers' notes, and it was simple, quick and fast.
What's my experience with pricing, setup cost, and licensing?
It is cheaper than LogPoint or QRadar.
What other advice do I have?
I rate this solution a five out of ten. It is not as good as other solutions like QRadar, but it's cheaper than other products and very simple. In the next release, the visibility should consist of simple and standard protocols.
Regarding advice, if you don't have a dedicated team to handle your logs, don't have a big budget, and want a solution to correlate and collect logs from many vendors, Fortinet FortiSIEM is an excellent choice.
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Senior Product Manager at a financial services firm with 201-500 employees
Simple implementation, good performance, but scalability lacking
Pros and Cons
- "The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
- "Fortinet FortiSIEM could improve to extend to several locations or sites."
What is our primary use case?
I am using Fortinet FortiSIEM to correlate events in our enterprise.
How has it helped my organization?
Fortinet FortiSIEM has helped our organization by providing us with business monitoring.
What is most valuable?
The most valuable feature of Fortinet FortiSIEM is the correlation of many events.
What needs improvement?
Fortinet FortiSIEM could improve to extend to several locations or sites.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for approximately two years.
What do I think about the stability of the solution?
The stability of Fortinet FortiSIEM is okay but it could improve.
What do I think about the scalability of the solution?
We would like to increase the usage of Fortinet FortiSIEM.
How are customer service and support?
The technical support from Fortinet FortiSIEM is good.
Which solution did I use previously and why did I switch?
We previously used Juniper Security Threat Response Manager.
How was the initial setup?
The initial setup of Fortinet FortiSIEM is easy. The full deployment took approximately seven days.
What about the implementation team?
We had one supervisor and two others that helped do the implementation of Fortinet FortiSIEM. We did the implementation in-house.
We have five network administrators for maintenance.
What was our ROI?
We have seen a return on investment using Fortinet FortiSIEM.
What's my experience with pricing, setup cost, and licensing?
There are additional features that cost more than the standard licensing fees.
Which other solutions did I evaluate?
We evaluated two other solutions before choosing Fortinet FortiSIEM. The graphical user interface is better in Fortinet FortiSIEM.
What other advice do I have?
I rate Fortinet FortiSIEM a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
A stable solution with an awesome IP database
Pros and Cons
- "The solution’s IP database is awesome."
- "When our team tried configuring logs for Microsoft SQL, it did not work."
What is our primary use case?
We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.
What is most valuable?
The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.
What needs improvement?
When our team tried configuring logs for Microsoft SQL, it did not work.
The next release should improve database monitoring. Compared to servers and security devices, working with database and log configuration is not easy.
For how long have I used the solution?
I have been using the solution for the past four to five months.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable. We initially configured five devices and then could scale it to 20 without any challenges. Ten to fifteen people in the security operation center team use the solution.
How are customer service and support?
My team members contacted the support team, and they helped us configure a few things.
How was the initial setup?
My team did not face any issues during configuration.
What other advice do I have?
I would recommend the solution to others. One of our customers moved from ArcSight to FortiSIEM because they had some support issues. Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 3, 2023
Flag as inappropriateAccount Manager at Cairo International Airport Co.
The log correlation is good
Pros and Cons
- "FortiSIEM's log correlation is good."
- "FortiSIEM could be better integrated with other vendors."
What is our primary use case?
FortiSIEM analyzes the logs from all the servers and firewalls.
How has it helped my organization?
FortiSIEM provides visibility into what happens on our corporate network. We can see traffic from users and detect brute force or bot attacks. It's clear in the SIEM solution.
What is most valuable?
FortiSIEM's log correlation is good.
What needs improvement?
FortiSIEM could be better integrated with other vendors.
For how long have I used the solution?
This happened about one year or one year and a half.
What do I think about the stability of the solution?
We had some issues during the update. Some updates didn't install, so we opened a ticket with Forti support, but it took more time to solve.
What do I think about the scalability of the solution?
FortiSIEM scales enough for our company. After the initial deployment, we added some servers and increased the resources to enable FortiSIEM to take the logs from the servers.
How are customer service and support?
I rate Fortinet support nine out of 10. It's excellent.
How would you rate customer service and support?
Positive
How was the initial setup?
Fortinet performed the initial setup, and it took about a week. We installed the image and integrated it with another server's Active Directory. Then we integrated it with the firewalls, routers, switches, and controller. Finally, we had to configure the policies.
What other advice do I have?
I rate Fortinet FortiSIEM eight out of 10. I would recommend FortiSIEM for corporate users, but I haven't tried any other SIEM solutions, so I have no reference for comparison. In the future, we might try another vendor with a more comprehensive solution.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jan 13, 2023
Flag as inappropriateAssistant to Vice President at IT Green Public Company Limited
Plenty of features, good support, but lacking signature updates
Pros and Cons
- "The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls."
- "Fortinet FortiSIEM could improve by having a signature update."
What is our primary use case?
We use Fortinet FortiSIEM for security, a gateway, and for authentication.
What is most valuable?
The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls.
What needs improvement?
Fortinet FortiSIEM could improve by having a signature update.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for approximately 16 years.
What do I think about the stability of the solution?
Fortinet FortiSIEM is stable. However, it was not stable from the beginning.
What do I think about the scalability of the solution?
Fortinet FortiSIEM is the best soltuions here in Thailand. There are many users and partners here.
There are 10 to 3,000 users in my company. Most of the users are specialists in IT. We plan to increase usage in the future.
How are customer service and support?
I have used the technical support and they have been good.
Which solution did I use previously and why did I switch?
I have used other solutions previously.
How was the initial setup?
The initial setup of Fortinet FortiSIEM was easy. The deployment would take a few days for the middle and large models.
We need some information for the customer, such as policies, before we can implement the solution.
What about the implementation team?
We do the implementation of Fortinet FortiSIEM. We use one IT specialist for the deployment and maintenance of the solution.
What other advice do I have?
I would advise others this solution is easy to use and has a lot of features. They should try it out.
I rate Fortinet FortiSIEM a seven out of ten
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller

Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: September 2023
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
PRTG Network Monitor
LogRhythm SIEM
ThousandEyes
ManageEngine Log360
Rapid7 InsightIDR
Elastic Security
USM Anywhere
Nagios XI
N-able N-sight Remote Monitoring & Management
ArcSight Enterprise Security Manager (ESM)
Meraki Dashboard
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- RSA-EMC vs. other SIEM products?
- What Questions Should I Ask Before Buying SIEM?
- Between AlienVault and LogRhythm, which solution is suitable for Banks in Gulf Region
- What are the pros and cons of internal SOC vs SOC-as-a-Service?