Fortinet FortiSIEM Reviews

We use the solution to monitor events and logs. It gives us a very powerful view of what is going on. We can configure it to send notifications of any malicious detection because it is based on an ML (machine learning) algorithm. Aside from using the solution to monitor the logs from different sources, we can also get detections because it has strong machine learning capability.

Fortinet FortiSIEM provides good detection against advanced threats.

The solution's interface could be modernized and improved.

I have been working with Fortinet FortiSIEM for one year.

I rate Fortinet FortiSIEM ten out of ten for stability.

Around 50 users are using Fortinet FortiSIEM in our organization.

I rate the solution an eight out of ten for scalability.

I rate Fortinet FortiSIEM a nine out of ten for the ease of its initial setup.

If nothing goes wrong, the solution can be deployed in one week.

We have seen a return on investment with Fortinet FortiSIEM.

Fortinet FortiSIEM is very cost-efficient compared to other SIEM solutions.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.

The solution is deployed on the cloud in our organization. I'll recommend Fortinet FortiSIEM to users because of its functionalities, irrespective of whether they have a hybrid, on-prem, or cloud deployment. If a company has some compliance and regulations, the solution can fulfill their compliance and regulations within their country or industry.

Overall, I rate Fortinet FortiSIEM a nine out of ten.

We use the solution to collect logs from critical servers on the customer's infrastructure, like Active Directory, and a few security devices, like firewall, proxy, and antivirus setup. Our team monitors the log. If we get an alert, we take the necessary action in the development environment.

The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.

When our team tried configuring logs for Microsoft SQL, it did not work.

The next release should improve database monitoring. Compared to servers and security devices, working with database and log configuration is not easy.

I have been using the solution for the past four to five months.

The solution is stable.

The solution is scalable. We initially configured five devices and then could scale it to 20 without any challenges. Ten to fifteen people in the security operation center team use the solution.

My team members contacted the support team, and they helped us configure a few things.

My team did not face any issues during configuration.

I would recommend the solution to others. One of our customers moved from ArcSight to FortiSIEM because they had some support issues. Overall, I rate the solution an eight out of ten.

We have an MSSP license and provide services to customers from various verticals like manufacturing, pharmaceutical, and MRD (Manufacturing, Retail & Distribution). We provide the services of Fortinet FortiSIEM to customers who cannot avail of costly on-premise services.

Fortinet FortiSIEM is less costly than other products and is available 24/7.

Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market.

We have been using Fortinet FortiSIEM for almost one and a half years.

The stability of Fortinet FortiSIEM is good.

Fortinet FortiSIEM has good scalability.

I have faced no issues with Fortinet FortiSIEM’s customer support.

The deployment of Fortinet FortiSIEM, which included the migration of 30 plus customers and the initial setup of all components, did not take more than a month.

Fortinet FortiSIEM is cheaper compared to other products.

I use the latest version of Fortinet FortiSIEM. We have deployed Fortinet FortiSIEM on VMware.

Overall, I rate Fortinet FortiSIEM a seven out of ten.

I primarily use FortiSIEM for Rwandan clients in banking and finance. Most of my clients require strictly on-prem solutions because of national data regulations. They are also skeptical of putting their data on the cloud, and the law requires all data to reside at a domestic data center. 

I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics. 

The only drawback is the licensing model. It can get expensive if you want to integrate more solutions.

I rate FortiSIEM eight out of 10 for stability. 

FortiSIEM is highly scalable, but you need to consider the costs. It will be expensive if you want to scale it up. 

We rely on Fortinet support, and their response times have room for improvement. They can take a while to respond sometimes. 

Setting up FortiSIEM is straightforward because they provide you with a step-by-step guide that covers installation and troubleshooting. The deployment time depends on your setup and what you need to integrate. It can take days or weeks, but we can typically finish in under a week.

There isn't a single one-size-fits-all implementation because some clients have mixed environments, and we need to develop a custom solution if we are working on multiple fabrics.

You can get an annual license for FortiSIEM or a three-year license. It can be expensive if you're pulling data from many sources. If you plan to keep the solution for a while, I recommend choosing a three-year license or longer to save money. 

I rate FortiSIEM eight out of 10. My only advice is to understand your environment and learn as much as you can about SIEM before implementing the solution. I started by building open-source solutions from scratch, which gave me a big picture view of how to implement SIEM solutions and work with fabrics. You need to learn the basics about how to set rules and interpret logs. 

Our use case is for collecting logs and monitoring internet traffic through firewalls. We have Fortinet firewalls and Fortinet WAF. I'm a system programmer and we are customers of Fortinet. 

I like the Threat Hunting feature which provides complete traffic analysis, like file movement and processes. It's a good feature. 

We have recently faced many issues in terms of support and their turnaround time for giving support as well as their patch level. The patching is one of the significant issues we face with Fortinet SIEM. We're at the enterprise level and we're not getting the support we'd expect. They really need to bring in new features like proper dashboards and alert systems and a real-time alert system which would be beneficial for users.

I've been using this solution for four years. 

Scalability is good; you just add extra licenses. We have 15 admin users and around 10,000 EPS.

There are lots of issues with licensing policies like the agentless and agent-based installation. It creates a lot of issues because when we purchase the SIEM, by default, we expect most of the licenses to be in the bundle. But it's not like that. We need to purchase separate licenses for each agent and agentless system. There is also licensing with the EPS. It's quite difficult for proposing and purchasing the solution. We hire Fortinet professional services for deployment. 

I think that QRadar and RSE are better solutions than SIEM. The interactivity, scalability, and performance are far better than Fortinet. 

My needs are not getting met with this solution so I would not recommend it to anyone and rate it four out of 10. 

We use Fortinet FortiSIEM for storage of security information and analysis, as well as for alerts from the 50-60 services that we have. All of our webs are linked to FortiSIEM. It's a form of SOC tool and data is used for identifying trends and what's happening around the networks. We're customers and end-to-end users when it comes to FortiSIEM, but for other Fortinet products we're either partners or a value-added reseller. I'm the principal cloud architect in our company. 

I think the most valuable feature is the easy alert setup, it's very important. It's quite simple to use and enables us to have different alerts in different categories. SOC is able to see all the red alerts, it's impossible to miss them. It's a good tool for analysis and for SOC. We upload all network detection tools that support FortiSIEM and can investigate for different alerts or vulnerabilities. A great feature is that you can use Python scripting for data stack. It's great for devices that don't generate a genuine local source of information. 

This solution is not very good on non-API features and lacks that functionality. We've raised multiple tickets to Fortinet about this and they are pending there. The product development hasn't been fast enough to ensure it can function on the cloud. It's excellent when you download and get the security locks but in areas like Microsoft 365, you have to fetch the security access using APIs and they don't update quickly enough. If Microsoft announces a new service today, we have to wait at least six months before FortiSIEM start supporting it. It's crucial that the API support is updated, for now FortiSIEM lacks functionality compared to its competitors.

It's a very reliable solution, we haven't had any outages during the last year and we're using it a lot. We have over 40 people using it 24/7.

This solution is not very scalable if you have a lot of security events; it's focused more around smaller companies. We've become too big for it with 48,000 devices which we are monitoring and we had to create another instance and split things. It's not perfect because it requires purchase of a second license. We use the solution all the time. 

Fortinet support is very fast. If I need to ask something, I'll get a response within a couple of hours. 

The initial setup was quite straightforward. They have good documentation and once we deployed, there were only a couple of times where we needed a little bit of support because there were delayed reactions. 

The licensing is on an annual basis and calculated on the set up number. Of course, the licensing cost could be less but it's not too bad and is quite nicely priced. With Centreon or Splunk you just pay for the use but if we compare the cost of FortiSIEM with Splunk, it's less than half the price.

We took a look at IBM QRadar, which was the main competitor, and we also looked at Splunk. Splunk lost out quickly because of the cost and we ended up going with Fortinet because it was much easier to manage and implement things than QRadar and it has the Python scripting.

If your use case suits this solution, I would recommend it. If you are a professional operator and you're into pre-investing, and not just paying per use, then FortiSIEM is one of the best options you can have.

I rate this product an eight out of 10. 

We use the Fortinet FortiSIEM tool for log monitoring and alert generation. We use Fortinet FortiSIEM to collect logs from the critical servers of the customer's infrastructure, like active directory servers and file servers. We also collect logs from a few security devices like the firewall, the proxy, and the antivirus setup. Based on that, our team checks the logs, and we get an alert to take action on the development.

Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same.

Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time.

Fortinet FortiSIEM's database monitoring could be made easier, like the servers and the security devices.

I have been using Fortinet FortiSIEM for the past four to five months.

Fortinet FortiSIEM is a stable product.

Fortinet FortiSIEM is a scalable product. We initially configured five devices, and then we could scale it to twenty. There could be some issues if the device count goes up to hundreds and thousands. Around 10 to 15 engineers use Fortinet FortiSIEM in our company.

Overall, I rate Fortinet FortiSIEM an eight out of ten.

FortiSIEM combines information from operations and integrates it into management.  

FortiSIEM is a great tool for making security processes transparent. 

I rate FortiSIEM 10 out of 10 for stability. 

I rate FortiSIEM nine out of 10 for scalability.

Setting up FortiSIEM is straightforward.  I prefer this product in the Fortinet environment. It's easy to install and configure.  

FortiSIEM might be considered expensive in some markets. We have an international customer base, and it's affordable for a lot of them. 

However, customers in some markets cannot build a suitable use case around it. But it's not because of the product. It often depends on customers' operation organization. 

You also need some operation and security knowledge to make a professional management decision. 

A company needs to work with the consultants and distributors who are delivering the environment and necessary support.

I rate Fortinet FortiSIEM nine out of 10.