Fortinet FortiSIEM vs Microsoft Sentinel comparison

Fortinet and Microsoft are both solutions in the Security Information and Event Management (SIEM) category. Fortinet is ranked #8 with an average rating of 8.0, while Microsoft is ranked #3 with an average rating of 8.4. Fortinet holds a 3.0% mindshare in SIEM, compared to Microsoft’s 7.7% mindshare. Additionally, 82% of Fortinet users are willing to recommend the solution, compared to 93% of Microsoft users who would recommend it.

Fortinet FortiSIEM

Read 73 Fortinet FortiSIEM reviews

4,655 Views
3,151 Comparison Views

82% willing to recommend

Microsoft Sentinel

Read 89 Microsoft Sentinel reviews

14,981 Views
8,977 Comparison Views

93% willing to recommend

Fortinet FortiSIEM

Microsoft Sentinel

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 18, 2024

Fortinet FortiSIEM and Microsoft Sentinel are both robust security information and event management (SIEM) solutions. Users are generally happier with the pricing and support of Fortinet FortiSIEM, but many find Microsoft Sentinel's features superior, believing it justifies the cost.

Features:Fortinet FortiSIEM's valuable features include extensive network performance monitoring, seamless hardware integration, and reliable log management. Microsoft Sentinel's valuable features include advanced threat detection, robust analytics, and integration with Azure services.

Room For Improvement:Fortinet FortiSIEM users suggest improvements in log management, user experience, and reporting capabilities. Microsoft Sentinel users desire better integration with third-party applications, more streamlined operational workflows, and a more user-friendly interface.

Ease Of Deployment and Customer Service:Fortinet FortiSIEM is reported to have a straightforward deployment and reliable customer service. Microsoft Sentinel also offers an easy deployment process, with Azure integration simplifying setup, and users generally positive about support.

Pricing and ROI:Fortinet FortiSIEM is generally perceived as more cost-effective with favorable ROI. Microsoft Sentinel, while often viewed as pricier, is considered worth the investment due to its extensive features and advanced capabilities, providing higher ROI for larger organizations.

To learn more, read our detailed Fortinet FortiSIEM vs. Microsoft Sentinel Report (Updated: February 2025).

Buyer's Guide

Fortinet FortiSIEM vs. Microsoft Sentinel

February 2025

Download the complete report

Helped 838,640 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiSIEM

Ranking in Security Information and Event Management (SIEM)

8th

Average Rating

7.6

Reviews Sentiment

6.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Microsoft Sentinel

Ranking in Security Information and Event Management (SIEM)

3rd

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th), AI-Powered Cybersecurity Platforms (6th)

Mindshare comparison

As of February 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Fortinet FortiSIEM is 3.0%, down from 3.1% compared to the previous year. The mindshare of Microsoft Sentinel is 7.7%, down from 9.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

Oliver Jackson

Network Engineer at Laminar Communications Pty Ltd

Systems monitoring enhanced by firewall and intrusion detection features

My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification. My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and…

Read full review

KrishnanKartik

Cyber Security Consultant at Inspira Enterprise

Every rule enriched at triggering stage, easing the job of SOC analyst

It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."

"It detects new technologies, vulnerabilities, and emerging threats on the internet."

"We're able to get real-timec as well as our customer networks that we're monitoring at all times."

"It provides extensive logging and record-keeping for internal networks, cloud applications, and services as well as perimeter physical network security."

"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."

"It's very easy for anyone to work with."

"Our customer did not have security monitoring in the first place. With this solution, it provided security posture management and visibility about the security landscape and threats that they had."

"The most valuable features of the solution is its integration with other technologies, especially its ability to collect logs from Cisco and Aruba devices along with Fortinet products."

More Fortinet FortiSIEM pros

"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"

"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."

"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."

"The Log analytics are useful."

"The pricing of the product is excellent."

"We have no complaints about the features or functionality."

"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."

"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."

More Microsoft Sentinel pros

Cons

"The solution's technical support didn't help our company a lot."

"FortiSIEM is a bit resource-hungry, so work should be done on hardware resource utilization to consume less hardware."

"Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."

"The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients."

"The graphs on the user interface could be improved as we often experience glitches."

"There could be more AI features included in the product."

"The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."

"The solution's interface could be modernized and improved."

More Fortinet FortiSIEM cons

"I would like Microsoft Sentinel to enhance its SOAR capabilities."

"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."

"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."

"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."

"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."

"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."

"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."

"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."

More Microsoft Sentinel cons

Pricing and Cost Advice

"The tool is really expensive. For what the tool does for our team, the price is fair."

"If one is cheap and ten is expensive. I rate the tool's price as an eight out of ten. Compared with Splunk or Oracle, Fortinet is cheap."

"Its price can be better. We are Fortinet partners, so we can get discounts, but its price can be an issue at the beginning for others. There is a licensing scheme for every case. There are three licensing schemes that we can choose from."

"We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that."

"The price of the solution is expensive. The license is scalable. If there are 10 devices it is simple to license."

"Please be cheaper and more simplified."

"This is probably more on the lower cost end of the spectrum compared to competing products. Fortinet's license model is based on events per second, which makes sense, but that's not typical. It makes it very hard to calculate what your costs are going to be as you scale the platform because some log sources, such as firewall logs, are very noisy, and there are lots and lots of events per second, but some of them are not. So, it becomes a bit of a science experiment trying to guess what your costs are going to be as you scale the solution. This is where other competing products perhaps have a more straightforward license model."

"FortiSIEM's licensing is based on EPS, and its pricing is competitive in the market."

More Fortinet FortiSIEM pricing and cost advice

"In comparison to other security solutions, Microsoft Sentinel offers a reasonable price for the features included."

"The pricing is reasonable, and we think Sentinel is worth what we pay for it."

"The pricing isn't very high. It depends on the number of logs you have. If you're expecting to ingest 50 to 60G in a day, but you're only ingesting 20 to 25G per day at first and you have a good team to analyze the logs, then you can segregate the ingestion at under 15G."

"The solution is expensive and there is a daily usage fee."

"Sentinel is expensive relative to other products of the class, so it often isn't affordable for small-scale businesses. However, considering the solution has more extensive capabilities than others, the price is not so high. Pricing is based on GBs of ingested daily data, either by a pay-as-you-go or subscription model."

"Microsoft is costlier. Some organizations may not be able to afford the cost of Sentinel orchestration and the Log Analytics workspace. The transaction hosting cost is also a little bit on the high side, compared to AWS and GCP."

"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."

"There are no additional costs other than the initial costs of Sentinel."

More Microsoft Sentinel pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

838,640 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

Government

Manufacturing Company

Computer Software Company

16%

Financial Services Firm

10%

Manufacturing Company

Government

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Fortinet FortiSIEM?

Fortinet FortiSIEM needs to provide better API integrations to users.

See all answers

What is your experience regarding pricing and costs for Fortinet FortiSIEM?

As a service, the cost is reasonable and affordable with scalable pricing based on the number of monitored devices. However, setting it up for oneself as an enterprise-licensed product can be quite...

See all answers

What needs improvement with Fortinet FortiSIEM?

The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products. Improving software stability and reducing bugs will make it a ...

See all answers

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

See all answers

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

See all answers

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

See all answers

Comparisons

IBM Security QRadar vs Fortinet FortiSIEM

Compared 13% of the time

Wazuh vs Fortinet FortiSIEM

Compared 13% of the time

Splunk Enterprise Security vs Fortinet FortiSIEM

Compared 10% of the time

LogRhythm SIEM vs Fortinet FortiSIEM

Compared 7% of the time

ThousandEyes vs Fortinet FortiSIEM

Compared 6% of the time

More Fortinet FortiSIEM Competitors

AWS Security Hub vs Microsoft Sentinel

Compared 21% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 9% of the time

Cortex XSIAM vs Microsoft Sentinel

Compared 8% of the time

Wazuh vs Microsoft Sentinel

Compared 6% of the time

Microsoft Defender for Endpoint vs Microsoft Sentinel

Compared 2% of the time

More Microsoft Sentinel Competitors

Product Reports

Buyer's Guide

Fortinet FortiSIEM

February 2025

Download Fortinet FortiSIEM product report

Buyer's Guide

Microsoft Sentinel

February 2025

Download Microsoft Sentinel product report

Also Known As

FortiSIEM, AccelOps

Azure Sentinel

Overview

FortiSIEM (formerly AccelOps 4) provides an actionable security intelligence platform to monitor security, performance and compliance through a single pane of glass.

Companies around the world use FortiSIEM for the following use cases:

Threat management and intelligence that provide situational awareness and anomaly detection
Alleviating compliance mandate concerns for PCI, HIPAA and SOX
Managing “alert overload”
Handling the “too many tools” reporting issue
Addressing the MSPs/MSSPs pain of meeting service level agreements

Fortinet

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft

Sample Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Buyer's Guide

Fortinet FortiSIEM vs. Microsoft Sentinel

February 2025

Free Report: Fortinet FortiSIEM vs. Microsoft Sentinel

Find out what your peers are saying about Fortinet FortiSIEM vs. Microsoft Sentinel and other solutions. Updated: February 2025.

DOWNLOAD NOW

838,640 professionals have used our research since 2012.

See our Fortinet FortiSIEM vs. Microsoft Sentinel report.

See our list of best Security Information and Event Management (SIEM) vendors.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.