Fortinet FortiSIEM Reviews

Mainly, we are configuring various correlation rules in FortiSIEM to detect various types of cyber threats and cybersecurity attacks, particularly brute force attacks, denial of service attacks, and distributed denial. We are using it to identify suspicious activities by internal staff as well as outsiders, for any type of intrusion.

The most fascinating aspect of FortiSIEM is its integration with the MITRE ATT&CK framework. It maps threat vectors and IOCs on the MITRE framework to identify the kind and magnitude of a threat and the techniques used. This allows us to take requisite measures using the SOAR solution or by involving our team of SOC analysts and incident responders.

My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification. 

My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and government departments to agencies.

Fortinet FortiSIEM is valuable mainly for its features around firewall monitoring, intrusion detection, and authentication. It provides extensive logging and record-keeping for internal networks, cloud applications, and services as well as perimeter physical network security. Compliance management capabilities, although limited, are utilized by mature customers for reporting.

We use this technology to configure and setup rules and conduct threat hunting.

Connecting all supported security technologies, such as firewalls from Palo Alto, Fortinet, and Check Point, is crucial. The platform needs to recognize logs coming from sources like Syslog. You might integrate an IPS or WAF for use cases like phishing. Whether on-premise or in the cloud, AD is especially important for providing context and supporting specific use cases. If FortiSIEM doesn't natively support a particular technology or cannot parse certain security logs, you can configure a custom parser to interpret those logs effectively.

FortiSIEM is primarily used as a monitoring tool that can monitor all the incidents and events occurring in the network. The main concern of the customer is to view all the events and incidents on a single pane where everything can be managed.

FortiSIEM is very efficient and helps discover all the points of incidents, identifying users that create loopholes in the network and determining potential points of contact.

We're using it to manage devices on the network. We get real-time incident reports on changes done on the servers and changes on routers and switches. They also use it to provide reports to management on activities, incidents, and events.

I like the reporting model where you can drill-down capabilities into user actions on the network.

I also like CMDB. The CMDB captures devices as long as they have SNMP enabled. It captures the information for me. 

Fortinet FortiSIEM is used to audit my servers and communications. It effectively handles vulnerability detection and correlates traffic to identify security issues or anomalies. It is also used to correlate my logs, which helps detect outliers and identify unusual events in my network.

It detects new technologies, vulnerabilities, and emerging threats on the internet.

I use the solution in my company for our client, which is a big university in Tunisia, and they have many servers and virtual machines. The university has to prevent attacks by making sure that they can stop the attack at the beginning. Fortinet is good for knowing if any of the equipment in the network has been attacked like ransomware or something, and we can stop the attack and secure the network.

The tool's most valuable feature stems from the fact that I can see a complete analysis, like all the incidents that have happened, and it detects everything in real-time. It lets you know of the attack in real-time. The tool sends alerts and reports, so I think it is a useful tool.