I implemented Fortinet FortiSIEM in my company to collect all logs from old systems, networks, and security devices in the network. Fortinet FortiSIEM has a correlation rule, and from it, you can generate incidents and get analytics. The tool also serves as a threat intelligence and integration platform. With FortiGuard or any third-party tools, Fortinet FortiSIEM, as a threat intelligence platform, can enrich the log attributes or criteria, which is well reflected in incidents.
Security Technical Manager at a tech services company with 51-200 employees
Offers good integration capabilities with multiple tools from different vendors
Pros and Cons
- "Fortinet FortiSIEM needs to provide better API integrations to users."
- "Fortinet FortiSIEM needs to provide better API integrations to users."
What is our primary use case?
What is most valuable?
The most valuable feature of the solution for the detection of threats stems from FortiSIEM's components, including the threat intelligence platform and the ability to provide integrations.
What needs improvement?
Fortinet FortiSIEM is a better solution than other products. As a SIEM solution, it can meet all the requirements of customers.
The product already offers good integration capabilities with multiple vendors. There will be new products being introduced every day in the market, so Fortinet FortiSIEM needs to ensure integrations are possible with the new tools. Fortinet FortiSIEM needs to provide better API integrations to users. Better support services can help you deal with the integration party easily. API integration capabilities will make it easy to integrate Fortinet FortiSIEM with new products unless such tools have custom or special configurations set by the vendor or the device.
For how long have I used the solution?
I have been using Fortinet FortiSIEM since 2018.
Buyer's Guide
Fortinet FortiSIEM
March 2025

Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
What do I think about the stability of the solution?
Stability-wise, I rate the solution a nine out of ten.
If every device can get a ten out of ten in terms of stability, then I believe it is a 100 percent perfect product.
What do I think about the scalability of the solution?
It is an easily scalable solution. Suppose you want to increase the scalability in seconds. You can increase the number of tools with an HA supervisor to handle multiple events per second, and you can use multiple collectors for remote defense. It is easy to manage the tool's scalability and availability.
My company deals with around six customers who use the product.
How are customer service and support?
The solution's technical support is good. If you want to deal with the issues from the tool of other vendors, Fortinet's support team provides help.
How was the initial setup?
The product's initial setup phase is easy.
In Fortinet FortiSIEM, with multiple tenants, one does not need to invest in the implementation process.
After the virtual machine deployment or hardware appliance initial configuration, I think network discovery is the first step in the installation process. The process continues with vendor discovery and asset inventory at customer sites. Three intelligence integrations are the second step, and the configuration with the customer's devices to send all logs to SNMP TRAPS and then to the SIEM solution is a part of the main basic implementation. If you have some configurations and event handler and event order and logs, the initial configuration can be managed depending on the needs of customers.
What's my experience with pricing, setup cost, and licensing?
I don't have the price list of any of the competitors of Fortinet FortiSIEM. I work with the technical part of the tool.
There is a need to make yearly payments towards the licensing charges attached to the product. The free version license of the product is available for two months.
What other advice do I have?
The product offers multiple integrations with all vendors. If there is a new or unknown vendor in the market, a custom API can be made to ensure that integration with Fortinet FortiSIEM is possible.
I rate the integration capabilities of the tool a nine out of ten.
The implementation of the product can improve incident response time according to the arrangement and local relation of built-in rules or custom rules. This will reduce the time of incident response, especially if you use a SOAR solution with it. You can enrich the tool by buying a SOAR solution.
It is a good product in general. It is a product that offers stability and scalability with a multiple and wide range of built-in rules. The solution is also easy to use.
I rate the tool a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator

Asst Programmer Data Center at a consultancy with 10,001+ employees
Plenty of features, reliable, but more frequent updates needed
Pros and Cons
- "We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
- "We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."
What is our primary use case?
We are creating our new dashboards and correlations as per our requirements with Fortinet FortiSIEM.
What is most valuable?
We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.
What needs improvement?
We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files.
The patch management on the software needs to be better. We have not received frequent updates from their site. That's the major challenge for us. Going by the latest trends there are lots of cyber attacks happening in the entire world. All of the latest trends, patches, file updates, and hash updates should be released as soon as possible, whilst an attack is detected the patch has to be released on time.
For how long have I used the solution?
I have been using Fortinet FortiSIEM for two and a half years.
What do I think about the stability of the solution?
It's a foolproof solution for our requirements, it is stable.
What do I think about the scalability of the solution?
The solution is scalable. However, this depends on the license we purchase. Additionally, to scale the solution requires a large investment for computer hardware, such as SSD, memory, and CPUs.
We have approximately 25 security engineers using the solution and approximately 10,000 end users.
We do not have plans to increase the usage of the solution at this time.
How are customer service and support?
I would rate the support of Fortinet FortiSIEM a four out of ten.
Which solution did I use previously and why did I switch?
We previously were using the Juniper STRM, but Juniper STRM is currently not available. I think that their company was taken over by IBM QRadar, this is why we have gone with FortiSIEM.
How was the initial setup?
The workload required for this software is a major challenge. It requires a huge workload in terms of CPU and memory. It requires a huge workload for the installation and for the integration with all the systems. The whole implementation took approximately six months.
What about the implementation team?
We had help from the Fortinet team for the implementation team.
What was our ROI?
We have received a return on investment by using this solution.
What's my experience with pricing, setup cost, and licensing?
The price of Fortinet FortiSIEM is a lot less when compared to other solutions.
What other advice do I have?
My advice to others thinking about implementing this solution is if your organizational budget is low, then we go for Fortinet FortiSIEM. Otherwise, if we have enough budget, I would recommend IBM QRadar and or other solutions.
I rate Fortinet FortiSIEM a six out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Fortinet FortiSIEM
March 2025

Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,690 professionals have used our research since 2012.
chief of cybersecurity at ECSSA El Salvador
Allows us to combine SOC and NOC operations and has good reports, integrations, and support
Pros and Cons
- "One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good."
- "Its training can be improved. Its price also needs to be improved."
What is our primary use case?
We are an enterprise that resells services. We are like a small MSSP for Salvador and Central America region. We provide services to other enterprises.
Our clients have multiple use cases. Its most common use case to detect logging events from different IP addresses or locations. It is used to detect simultaneous logins by the same user from different IP addresses or locations, such as from different countries. It is also used to detect any attempts to log in to a server with root privilege and trying remote access with root privileges.
How has it helped my organization?
With the help of FortiSIEM we have improved the cybersecurity posture of our clients and ours. Through the early detection of threats, it allows to follow up on each security incident. It is easy to communicate to asset managers about related security events, reducing remediation time.
What is most valuable?
One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.
There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.
What needs improvement?
Its training can be improved. Its price also needs to be improved.
For how long have I used the solution?
I have been using this solution for one year.
What do I think about the stability of the solution?
It has been good so far. We don't have any complaints about the tool.
What do I think about the scalability of the solution?
It is very scalable. It is easy to grow with this tool. We are going step-by-step, and we are doing good so far.
Our clients are big enterprises, such as banks, and we also have small businesses. In Salvador, as per a local compliance requirement, every business or enterprise needs to have a SIEM solution. We have an installation for 1,000 users.
How are customer service and technical support?
We are Fortinet's partner here in Salvador, and the tech support is really good. Their response time is also really good. We are very happy with this solution.
How was the initial setup?
The implementation process is kind of easy. We start in a small way. The challenge for us is the storage. We need to find a way to have storage redundancy so that if the main site fails, we have a copy of the data on a remote site. This is the challenge that we are facing right now.
What about the implementation team?
For its deployment and maintenance, we have a very small group of five people. We have a networking guy, a server guy, and a few analysts to maintain this platform.
What's my experience with pricing, setup cost, and licensing?
There is a licensing scheme for every case. There are three licensing schemes that we can choose from.
Which other solutions did I evaluate?
Our clients also evaluate other solutions such as Rapid7, McAfee, and LogRhythm. We have always been a Fortinet enterprise. We have people with Fortinet and other certifications in the industry, such as EasyConsole certifications. We can also support this solution for the Fortinet sites. That is the main differentiator between us and other vendors.
What other advice do I have?
I would advise others to start small and plan for future growth.
I would rate Fortinet FortiSIEM an eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Solution Consultant at 1&1 Versatel Deutschland GmbH
It's a good tool for making security processes transparent
Pros and Cons
- "FortiSIEM is a great tool for making security processes transparent."
What is our primary use case?
FortiSIEM combines information from operations and integrates it into management.
What is most valuable?
FortiSIEM is a great tool for making security processes transparent.
What do I think about the stability of the solution?
I rate FortiSIEM 10 out of 10 for stability.
What do I think about the scalability of the solution?
I rate FortiSIEM nine out of 10 for scalability.
How was the initial setup?
Setting up FortiSIEM is straightforward. I prefer this product in the Fortinet environment. It's easy to install and configure.
What's my experience with pricing, setup cost, and licensing?
FortiSIEM might be considered expensive in some markets. We have an international customer base, and it's affordable for a lot of them.
However, customers in some markets cannot build a suitable use case around it. But it's not because of the product. It often depends on customers' operation organization.
You also need some operation and security knowledge to make a professional management decision.
A company needs to work with the consultants and distributors who are delivering the environment and necessary support.
What other advice do I have?
I rate Fortinet FortiSIEM nine out of 10.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Asst Programmer Data Center at a consultancy with 10,001+ employees
Lacks a level of support we'd expect to see, particularly for patching; Threat Hunting is a great feature
Pros and Cons
- "The Threat Hunting feature provides complete traffic analysis."
- "Patching is not great - we're not getting the support we'd expect."
What is our primary use case?
Our use case is for collecting logs and monitoring internet traffic through firewalls. We have Fortinet firewalls and Fortinet WAF. I'm a system programmer and we are customers of Fortinet.
What is most valuable?
I like the Threat Hunting feature which provides complete traffic analysis, like file movement and processes. It's a good feature.
What needs improvement?
We have recently faced many issues in terms of support and their turnaround time for giving support as well as their patch level. The patching is one of the significant issues we face with Fortinet SIEM. We're at the enterprise level and we're not getting the support we'd expect. They really need to bring in new features like proper dashboards and alert systems and a real-time alert system which would be beneficial for users.
For how long have I used the solution?
I've been using this solution for four years.
What do I think about the scalability of the solution?
Scalability is good; you just add extra licenses. We have 15 admin users and around 10,000 EPS.
How was the initial setup?
There are lots of issues with licensing policies like the agentless and agent-based installation. It creates a lot of issues because when we purchase the SIEM, by default, we expect most of the licenses to be in the bundle. But it's not like that. We need to purchase separate licenses for each agent and agentless system. There is also licensing with the EPS. It's quite difficult for proposing and purchasing the solution. We hire Fortinet professional services for deployment.
Which other solutions did I evaluate?
I think that QRadar and RSE are better solutions than SIEM. The interactivity, scalability, and performance are far better than Fortinet.
What other advice do I have?
My needs are not getting met with this solution so I would not recommend it to anyone and rate it four out of 10.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director of IT with 501-1,000 employees
We've been able to monitor our account-hacking issues internally, including attempted attacks on our network and logins to accounts.
What is most valuable?
The security notifications and monitoring features.
How has it helped my organization?
With the online-based monitoring we've set up, we've been able to watch trends of attempted attacks on our network.
We're also able to monitor our account issues internally as attackers attempt to log into our accounts.
We fall under HIPAA so security is key.
What needs improvement?
As we're an SMB, I would like to see different licensing options and the solution is priced out of the reach of some small businesses. It was a priority for us, though, because of the HIPAA regulations we fall under, and a more attractive licensing structure would be nice for SMB's.
For the product itself, it's the configuration. You really have to have their help to configure the product. When hands are off and it's in maintenance mode, it's difficult to configure unless you're totally engrossed in the product on a day-to-day basis.
For how long have I used the solution?
I've used it for one year.
What was my experience with deployment of the solution?
No issues encountered.
What do I think about the stability of the solution?
No issues encountered.
What do I think about the scalability of the solution?
No issues encountered.
How are customer service and technical support?
Customer Service:
9/10, based strictly on the limited experience with one person that I've had.
Technical Support:9/10, based strictly on the limited experience with one person that I've had.
Which solution did I use previously and why did I switch?
We used freeware or third party apps (two or three of them), but we liked the consolidation of this product -- one interface, one screen -- to capture what the other applications were doing.
How was the initial setup?
It was complex because we didn't know the product. It's pretty in-depth, but once we got familiar with the software it made a lot of sense.
What about the implementation team?
We had the vendor help us implement, and they were 8/10.
What's my experience with pricing, setup cost, and licensing?
As mentioned above, they need to improve their licensing, but it depends on what industry segment they're going after. Maybe introduce some kind more attractive bundle for SMB's to help them get started with the product.
Which other solutions did I evaluate?
We did, but I don't recall which ones.
What other advice do I have?
Everyone's implementation will be different, so be very focused and deliberate in what you want to monitor, because you can inundate the system.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Presales IT at a tech services company with 201-500 employees
Integrates logs from different sources so that there is a common place to see and create dashboards
Pros and Cons
- "FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
- "The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
What is our primary use case?
I work in our presales department. We have three of our clients using Fortinet FortiSIEM.
The solution is useful to integrate logs from different sources so that there is a common place to see and create dashboards and the AI associated with event checking.
We have a common service desk for our customers that has three employees monitoring everything. It requires less than one person to watch the dashboards, send the alerts and call the back office during an event. The solution requires maintenance every three months to install the last stable version of the firmware.
How has it helped my organization?
FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication. We use VPN instead of publishing services to the world, and we closed some services that are no longer being used. Eventually, we geographically blocked some services that do not need to be published in China or the United States, for example.
What is most valuable?
FortiSIEM has been a good product. It does everything that it has promised that it can do. It has been very useful to discover new threats from the outside such as external exploits, brute-force, or password tries.
What needs improvement?
The process of installing Fortinet FortiSIEM and the customization of the alerts take too long. You need to customize the alerts that come to the dashboard so that not everything is an alert. If everything is an alert, nothing is an alert. This is a complicated process and takes time.
In future releases, I would like to see a resource for common environments like VMware and VMware/FortiGate or VMware/Check Point. The resource should discover and speed up implementation.
For how long have I used the solution?
We have been using Fortinet FortiSIEM for a year and a half.
What do I think about the stability of the solution?
Being a Linux virtual appliance, FortiSIEM is a stable platform.
What do I think about the scalability of the solution?
We are located in Uruguay, which is a small country. We have no issues with scalability because we have so few people and our IT infrastructure is quite simple.
Our customers have between 200 and 400 users of Fortinet FortiSIEM.
How are customer service and support?
I would rate the customer service and support of Fortinet FortiSIEM a four out of five. They are quite good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Prior to FortiSIEM, we did not use SIEM. We had a log concentrator, but it did not have the ability or the AI to correlate logs like SIEM has.
We decided to implement FortiSIEM because SIEM has the ability to create logs using AI. With a log concentrator, we have all the events there, but there is no relation between them and what we have to do manually.
How was the initial setup?
The initial setup of Fortinet FortiSIEM is easy. The solution is on a virtual appliance that you download and put in the VMworld or on-premise. I would rate the ease of initial setup a five out of five.
What about the implementation team?
Deployment and implementation of FortiSIEM took three months due to the tuning and the building of the dashboards. We used Fortinet professional services for our first deployment. For the second deployment, we used our in-house team.
What was our ROI?
We are seeing very good results on a security level.
What's my experience with pricing, setup cost, and licensing?
Fortinet's products are not expensive, it is less than the competition. There are additional fees for space in the virtual environment. You require virtual space because the logs take up space on the disk. Eventually, you need to buy disks and put them in your environment or in the cloud. Without the disk, you have to turn off the device.
I would rate them a three out of five overall for pricing.
Which other solutions did I evaluate?
We did consider Sentinel in Azure because it is almost free.
What other advice do I have?
If you are considering Fortinet FortiSIEM for your organization, write down what alerts are important to you, which devices deserve to be monitored, and which logs you really need. You will need to customize all of this. If you have all of this detailed, the implementation process will be easier.
I would rate the solution an eight out of ten overall.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Infrastructure Operations Manager at a computer software company with 501-1,000 employees
It provides me with operational oversight on our environment using configured dashboards and reports.
Pros and Cons
- "There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
- "The biggest thing that could be better is a quicker response to support cases."
Improvements to My Organization
In large-sized medium-sized and a small-sized organizations, it improves the ability to quickly drill down into events that occur, perform analysis, and find root cause. The most value I’ve found in it, quicker time-to-resolution.
Valuable Features
I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight. There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not. Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.
Room for Improvement
The biggest thing that could be better is a quicker response to support cases.
Stability Issues
As I keep the system updated it helps to keep the system stable, but it’s been extremely stable and extremely reliable.
Scalability Issues
I have scaled it out with multiple workers and collectors. It’s scaled in every direction that I would like it to, geographically and from a correlation and reporting capacity standpoint.
Customer Service and Technical Support
I’ve had lots of different engagements with support over the years and generally I’ve had very good support, knowledgeable staff and occasionally you’ll have a weird problem, longer to resolve than some other problems; but generally speaking, the support’s been very good.
I’ve used the product for a long time so I’ve requested quite a few different features. Those features have always been added, and it’s been more or less the time they need depending on what the feature is.
Initial Setup
It’s not harder than any other similar product. It’s very easy to set up in the fact that they provide an OVA file that you can quickly and simply download and with a few configuration settings be on the network. There are multiple other deployment options for other hypervisors as well as bare metal deployments. More than anything the troubles come with configuring all of your log sources to send the necessary log messages. That’s true for any product, not just Accelops.
Other Advice
My advice would be to come up with a game plan to figure out exactly what devices or what system to focus on. Then (once you become familiar with reporting, alerting and tuning) integrate more devices/systems into Accelops.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Security Information and Event Management (SIEM)Popular Comparisons
Microsoft Sentinel
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Rapid7 InsightIDR
Cortex XSIAM
Sumo Logic Security
AlienVault OSSIM
Securonix Next-Gen SIEM
Google Chronicle Suite
ManageEngine Log360
USM Anywhere
Buyer's Guide
Download our free Fortinet FortiSIEM Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What Solution for SIEM is Best To Be NIST 800-171 Compliant?
- When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
- What are the main differences between Nessus and Arcsight?
- What's The Best Way to Trial SIEM Solutions?
- Which is the best SIEM solution for a government organization?
- What is the difference between IT event correlation and aggregation?
- What Is SIEM Used For?
- RSA-EMC vs. other SIEM products?
- What Questions Should I Ask Before Buying SIEM?
- What are the pros and cons of internal SOC vs SOC-as-a-Service?