We performed a comparison between Fortinet FortiSIEM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The features that stand out are the detection engine and its integration with multiple data sources."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The pricing of the product is excellent."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The event correlation is pretty robust. The GUI is pretty good."
"The solution is easy to use and user-friendly."
"It's a very nice solution to work with."
"Technical support is helpful."
"The product is quite well-organized. The GUI makes it easy to navigate."
"Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections."
"The product's initial setup phase was easy."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"Wazuh is simple to use for PCI compliance."
"Wazuh has very flexible and robust features."
"Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"The log monitoring and analysis tools are great in addition to SIEM file activity monitoring."
"I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
"The solution could improve the playbooks."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"The playbook is a bit difficult and could be improved."
"The reporting could be more structured."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Patching is not great - we're not getting the support we'd expect."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much."
"When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement."
"They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."
"The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate."
"There is no proper guide for integration or configuration."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"The computing resources are consuming and do not make sense."
"Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"A lack of certain features creates limitations."
"Integration with Vyara could be better."
"The implementation is very complex."
"It would be great if there could be customization for the decoder portion."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Fortinet FortiSIEM is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, ThousandEyes and PRTG Network Monitor, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and CrowdStrike Falcon. See our Fortinet FortiSIEM vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.