Regarding Fortinet FortiSIEM, I cannot identify any specific areas for improvement because I can find everything I need. For the time being, I cannot find a real point for improvement. Everything is working great on Fortinet FortiSIEM.
Fortinet FortiSIEM should broaden its remediation part to include more features for incident management. Currently, to manage repetitive incidents or for remediation, I need to use a separate software called FortiSOAR ( /products/fortinet-fortisoar-reviews ). Additionally, the search functionality in FortiAI should be improved to provide more precise results, making it easier for me to understand what actions need to be taken.
Network Engineer at Laminar Communications Pty Ltd
Reseller
Top 5
Dec 18, 2024
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products. Improving software stability and reducing bugs will make it a better tool for future use. Enhancing the completeness of its APIs could aid in better external integrations.
IT Solutions Product Manager at a computer software company with 11-50 employees
Real User
Top 5
Nov 19, 2024
FortiSIEM is a bit resource-hungry, so work should be done on hardware resource utilization to consume less hardware. Another major problem is its licensing model, which initially required separate licenses for devices, agents, and EPS. Recently, they revised it to a subscription-based, all-inclusive license. There is also some latency observed in generating correlation alerts, which should be improved for quicker responses.
There could be improvements like introducing some solutions directly into FortiSIEM to avoid the need for separately purchasing additional tools like FortiStore.
One area where FortiSIEM could improve is in its custom normalizer/parser capabilities. While FortiSIEM offers powerful event correlation and log analysis features, creating and customizing normalizers can be complex and time-consuming. Improving the user interface for building custom normalizers, along with providing more intuitive tools or templates, would make it easier for security teams to tailor the solution to specific needs. Enhancements in this area would enable quicker adaptation to unique log formats and data sources, allowing for more accurate event parsing and better overall performance in diverse environments. Additionally, the search functionality could be less confusing. Streamlining the search experience and providing clearer guidance or examples would help users quickly find the information they need, ultimately improving the overall usability of the platform. These enhancements would facilitate quicker adaptation to unique log formats and more efficient event analysis, leading to better performance in diverse environments.
Technical Consultant at Vertex Techno Solutions (B) Pvt Ltd
Real User
Top 5
Jul 30, 2024
With Fortinet's current integrations with endpoints and with the integration capabilities of EDR and XDR solutions from Fortinet itself, when we are trying to integrate them with other technologies or other OEMs like CrowdStrike or SentinelOne, the integration part is very complex. It takes a lot of time to take care of the implementations. When we integrated Fortinet FortiSIEM with external threat intelligence, like CyberArk or ThreatConnect, the integration seemed to be tough. If Fortinet FortiSIEM could create some use cases or some templates with all its listed competitors or technology partners, then a customer would be able to integrate all those technologies easily. The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues. Even though the tool offers twenty-four hours and seven days of support, we might not get the right engineer on time.
Security Technical Manager at a tech services company with 51-200 employees
Real User
Apr 24, 2024
Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers. The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.
Network detection and response is a separate product. That's how I ended up with Wazuh. I'm looking for something to help me on the network and endpoint level. The vendor must look to consolidate and improve that area.
Programmer Data Center at a consultancy with 10,001+ employees
Real User
Top 10
Jan 10, 2023
We have recently faced many issues in terms of support and their turnaround time for giving support as well as their patch level. The patching is one of the significant issues we face with Fortinet SIEM. We're at the enterprise level and we're not getting the support we'd expect. They really need to bring in new features like proper dashboards and alert systems and a real-time alert system which would be beneficial for users.
They should offer better visibility, more correlation tools and a better understanding of the network. Fortinet FortiSIEM already uses simple and standard protocols like SNMP, DuraMI and Syslog. Other solutions like QRadar use sFlow, so I think that they can do better. In addition, the log collection and configuration management are not great.
Head - IT & SWIFT at a financial services firm with 1-10 employees
Real User
Aug 25, 2022
An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS. In the next release, FortiSIEM should implement a central repository.
Director, Infrastructure and Operations at a comms service provider with 11-50 employees
Real User
Aug 10, 2022
Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire. The out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the solution will have gaps. Out of the box, this product doesn't support a lot of normal security devices that are common, and then you get into building custom parsers yourself to get it to work. The other problem is infrastructure stability. The architecture scaling rules that the vendor provides are vastly understated. So, we constantly run into stability problems that we end up figuring out and solving by throwing more infrastructure at it because they're understating the infrastructure requirements. It is understandable that they would do that, and you see why they would do that, but it is causing no end of problems.
Senior Security Engineer at a tech services company with 1,001-5,000 employees
Real User
Jun 16, 2022
It's difficult to integrate unsupported devices with FortiSIEM compared to QRadar. It's easier to integrate and develop processes in QRadar. It's harder to develop a custom process in FortiSIEM.
The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.
Programmer Data Center at a consultancy with 10,001+ employees
Real User
Top 10
Nov 18, 2021
We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files. The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.
Cyber Security Analyst at a retailer with 1,001-5,000 employees
Real User
Aug 26, 2021
With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk. When you work with a service provider who is using FortiSIEM as a service for other clients, you cannot run more than 30 clients on one tool. You cannot onboard, which would consume more resources and would make it slower. Also, resource consumption would be high.
This solution is not very good on non-API features and lacks that functionality. We've raised multiple tickets to Fortinet about this and they are pending there. The product development hasn't been fast enough to ensure it can function on the cloud. It's excellent when you download and get the security locks but in areas like Microsoft 365, you have to fetch the security access using APIs and they don't update quickly enough. If Microsoft announces a new service today, we have to wait at least six months before FortiSIEM start supporting it. It's crucial that the API support is updated, for now FortiSIEM lacks functionality compared to its competitors.
The initial setup is complex. They need to make it easier in terms of implementation. That said, all CM implementations are quite difficult. It may not be a fault of this particular product. The policy editing should be easier. Right now, it's too hard. Some of the parts of the mapping tool should be in the product itself. It would make our efforts easier. The product is quite expensive. It's something clients always comment on.
The solution is almost 100% perfect. It's already quite simple and easy to configure. In that sense, no improvements are needed. You do seem to be constantly learning new things with the product. There's a bit of an ongoing learning curve in terms of usage. Right now, I'm learning about higher availability and that's an ongoing process. It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option. The solution offers both command line and GUI visualizations. They need to ensure that their GUI offers just as much flexibility on the configuration as the command line structure.
This is a great product for everyone. The disadvantage is the product portfolio. We need more incidents automatically to protect our network. We need to see incident reports about the event log, without events from the administrator or through human interaction. In the next release, I would like to have automated generation reports of incident reports.
IT Executive: Operations & Security at Icon Information Systems (Pty) Ltd
Real User
Nov 13, 2019
When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.
When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement. The solution should offer user behavior analytics in a future release.
Solutions Consultant at a comms service provider with 51-200 employees
Consultant
Sep 19, 2019
The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients. They also have to improve their import perfection solution.
Manager, ICT Enterprise Services at a government with 201-500 employees
Real User
Aug 19, 2019
Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great. It should also have better integration.
System Engineer / Network Consultant at a tech services company with 51-200 employees
Consultant
Aug 18, 2019
The solution can't be improved, but it can be managed more clearly. The solution just needs minor improvements. I'm quite sure Fortinet is already working on this. They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI, there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution.
Network and Security Administrator at PETRA Engineering Industries Co.
Real User
Jun 26, 2019
The Fortinet Fabric should be more easy more friendly to use. They use a different parsing log format. for example Symantec ATP is not supported by FortiSIEM. Our reseller provided us FortiSIEM as a service. They should also provide us with a dashboard to monitor and to deploy a correlations. I think fortinet should improve the AI correlations by combining advanced statistical and heuristic analysis with behavioral whitelisting .
The backup and recovery process for this solution needs improvement. I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.
Fortinet FortiSIEM offers robust features like automation, real-time monitoring, and scalable log correlation. It integrates SOC and NOC, enhancing security by seamlessly managing data. A preferred choice for threat management, its comprehensive reports and competitive pricing add value. Fortinet FortiSIEM serves as a comprehensive platform for security monitoring, threat detection, and incident management. It streamlines operations by integrating seamlessly with Fortinet and third-party...
Fortinet FortiSIEM is great overall. Performance could be enhanced, but I do not wish to elaborate on needed improvements.
Regarding Fortinet FortiSIEM, I cannot identify any specific areas for improvement because I can find everything I need. For the time being, I cannot find a real point for improvement. Everything is working great on Fortinet FortiSIEM.
Fortinet FortiSIEM should broaden its remediation part to include more features for incident management. Currently, to manage repetitive incidents or for remediation, I need to use a separate software called FortiSOAR ( /products/fortinet-fortisoar-reviews ). Additionally, the search functionality in FortiAI should be improved to provide more precise results, making it easier for me to understand what actions need to be taken.
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products. Improving software stability and reducing bugs will make it a better tool for future use. Enhancing the completeness of its APIs could aid in better external integrations.
FortiSIEM is a bit resource-hungry, so work should be done on hardware resource utilization to consume less hardware. Another major problem is its licensing model, which initially required separate licenses for devices, agents, and EPS. Recently, they revised it to a subscription-based, all-inclusive license. There is also some latency observed in generating correlation alerts, which should be improved for quicker responses.
There could be improvements like introducing some solutions directly into FortiSIEM to avoid the need for separately purchasing additional tools like FortiStore.
One area where FortiSIEM could improve is in its custom normalizer/parser capabilities. While FortiSIEM offers powerful event correlation and log analysis features, creating and customizing normalizers can be complex and time-consuming. Improving the user interface for building custom normalizers, along with providing more intuitive tools or templates, would make it easier for security teams to tailor the solution to specific needs. Enhancements in this area would enable quicker adaptation to unique log formats and data sources, allowing for more accurate event parsing and better overall performance in diverse environments. Additionally, the search functionality could be less confusing. Streamlining the search experience and providing clearer guidance or examples would help users quickly find the information they need, ultimately improving the overall usability of the platform. These enhancements would facilitate quicker adaptation to unique log formats and more efficient event analysis, leading to better performance in diverse environments.
With Fortinet's current integrations with endpoints and with the integration capabilities of EDR and XDR solutions from Fortinet itself, when we are trying to integrate them with other technologies or other OEMs like CrowdStrike or SentinelOne, the integration part is very complex. It takes a lot of time to take care of the implementations. When we integrated Fortinet FortiSIEM with external threat intelligence, like CyberArk or ThreatConnect, the integration seemed to be tough. If Fortinet FortiSIEM could create some use cases or some templates with all its listed competitors or technology partners, then a customer would be able to integrate all those technologies easily. The tool's technical team's response time is too high, and they are not available even when they know that there are many pending issues. Even though the tool offers twenty-four hours and seven days of support, we might not get the right engineer on time.
Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers. The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.
Network detection and response is a separate product. That's how I ended up with Wazuh. I'm looking for something to help me on the network and endpoint level. The vendor must look to consolidate and improve that area.
The solution's interface could be modernized and improved.
Customer support service could be better.
Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market.
The only drawback is the licensing model. It can get expensive if you want to integrate more solutions.
They should enhance the solution's AI capabilities, including XDR and EDR.
FortiSIEM could be better integrated with other vendors.
We have recently faced many issues in terms of support and their turnaround time for giving support as well as their patch level. The patching is one of the significant issues we face with Fortinet SIEM. We're at the enterprise level and we're not getting the support we'd expect. They really need to bring in new features like proper dashboards and alert systems and a real-time alert system which would be beneficial for users.
They should offer better visibility, more correlation tools and a better understanding of the network. Fortinet FortiSIEM already uses simple and standard protocols like SNMP, DuraMI and Syslog. Other solutions like QRadar use sFlow, so I think that they can do better. In addition, the log collection and configuration management are not great.
An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS. In the next release, FortiSIEM should implement a central repository.
Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire. The out-of-the-box log ingestion for the supported devices is fine. The main issues arise when you're trying to ingest a log source that's not supported. You're left to figure it out yourself. You have to figure out the custom parsing yourself. There should be better support for nonstandard log sources. That's because unless you can ingest logs from all of your key controls, the solution will have gaps. Out of the box, this product doesn't support a lot of normal security devices that are common, and then you get into building custom parsers yourself to get it to work. The other problem is infrastructure stability. The architecture scaling rules that the vendor provides are vastly understated. So, we constantly run into stability problems that we end up figuring out and solving by throwing more infrastructure at it because they're understating the infrastructure requirements. It is understandable that they would do that, and you see why they would do that, but it is causing no end of problems.
Fortinet FortiSIEM could improve to extend to several locations or sites.
It's difficult to integrate unsupported devices with FortiSIEM compared to QRadar. It's easier to integrate and develop processes in QRadar. It's harder to develop a custom process in FortiSIEM.
The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work.
The graphs on the user interface could be improved as we often experience glitches.
Areas for improvement would be the ease of use and the integration with Fortinet's own products.
Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules.
I would like to see more integration with other platforms.
We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files. The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.
With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk. When you work with a service provider who is using FortiSIEM as a service for other clients, you cannot run more than 30 clients on one tool. You cannot onboard, which would consume more resources and would make it slower. Also, resource consumption would be high.
There is no proper guide for integration or configuration. They need to improve the documentation library.
This solution is not very good on non-API features and lacks that functionality. We've raised multiple tickets to Fortinet about this and they are pending there. The product development hasn't been fast enough to ensure it can function on the cloud. It's excellent when you download and get the security locks but in areas like Microsoft 365, you have to fetch the security access using APIs and they don't update quickly enough. If Microsoft announces a new service today, we have to wait at least six months before FortiSIEM start supporting it. It's crucial that the API support is updated, for now FortiSIEM lacks functionality compared to its competitors.
I would like to see easier implementation in the future.
The initial setup is complex. They need to make it easier in terms of implementation. That said, all CM implementations are quite difficult. It may not be a fault of this particular product. The policy editing should be easier. Right now, it's too hard. Some of the parts of the mapping tool should be in the product itself. It would make our efforts easier. The product is quite expensive. It's something clients always comment on.
Its training can be improved. Its price also needs to be improved.
The solution is almost 100% perfect. It's already quite simple and easy to configure. In that sense, no improvements are needed. You do seem to be constantly learning new things with the product. There's a bit of an ongoing learning curve in terms of usage. Right now, I'm learning about higher availability and that's an ongoing process. It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option. The solution offers both command line and GUI visualizations. They need to ensure that their GUI offers just as much flexibility on the configuration as the command line structure.
The solution needs to be form flow diagram automatically with AWS platform
This is a great product for everyone. The disadvantage is the product portfolio. We need more incidents automatically to protect our network. We need to see incident reports about the event log, without events from the administrator or through human interaction. In the next release, I would like to have automated generation reports of incident reports.
When they started out after acquiring AccelOps, the user interface wasn't that great. But from version 5.0 they have obviously radically changed the interface, aligning it to the rest of the Forti products from a user experience point of view. This means that there is constant improvement on the interface side of the solution. The other thing that I've noticed is when searching for very old incidents, there is a slight delay. It obviously has to pull that information from the backend database, and the key point to note is that it depends on how you set it up in the backend where factors such as disk types and disk array configs come into play.
When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement. The solution should offer user behavior analytics in a future release.
The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients. They also have to improve their import perfection solution.
Their product support, in general, is not that great. The product support is in the same ecosystem. Their support is improving but it's not that great. It should also have better integration.
The solution can't be improved, but it can be managed more clearly. The solution just needs minor improvements. I'm quite sure Fortinet is already working on this. They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI, there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution.
The performance can be improved. Sometimes it takes a long time to fetch data.
The Fortinet Fabric should be more easy more friendly to use. They use a different parsing log format. for example Symantec ATP is not supported by FortiSIEM. Our reseller provided us FortiSIEM as a service. They should also provide us with a dashboard to monitor and to deploy a correlations. I think fortinet should improve the AI correlations by combining advanced statistical and heuristic analysis with behavioral whitelisting .
The backup and recovery process for this solution needs improvement. I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.