Fortinet FortiSIEM Reviews

The CMDB and the device discovery features are most valuable.

I would like to see easier implementation in the future.

I have been using the solution for approximately five months.

Most of our clients are medium-sized businesses.

The technical support has been very good in helping us with issues we have been facing during the implementation of the solution. We are not finished yet but we are close.

The initial setup is not simple.

We are having some issues with the agent installation, it is requiring several reboots. This could be the system environment at the client site because in our lab the agent installation is straightforward and it does not require reboots. We are still working on this issue.

We are doing the implantation of the solution and it has a moderate level of difficulty.

I rate Fortinet FortiSIEM a seven out of ten.

From CMDB configuration monitoring, it can provide information changes.

Analytics. It can provide log information from the device. With log information, I can see if there is a threat

In the CMDB configuration monitoring. Example, if there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it.

Yes.

Yes.

Very good.

FortiSIEM is better than previous products.

Complex due to the configuration.

Please be cheaper and more simplified.

Yes, but I cannot mention it because of privacy issues.

Please do a PoC.

We're using FortiSIEM as the main metadata server for all the security and infrastructure devices. We integrate a lot of nodes, switches, firewalls, and sandboxes with it to gain and covers performance, availability, change, and security monitoring aspects of network devices, servers, and applications.

FortiSIEM gives us a lot of valuable events and details by using a unified event-based framework to analyze all data including logs, performance monitoring data and provides a broad range of metrics.

The comprehensive view of the dashboard and the attribute base interface and the flexibility of implementation methods.

 The Fortinet Fabric should be more easy more friendly to use. They use a different parsing log format.

for example Symantec ATP is not supported by FortiSIEM. Our reseller provided us FortiSIEM as a service. They should also provide us with a dashboard to monitor and to deploy a correlations.

I think fortinet should improve the AI correlations by combining advanced statistical and heuristic analysis with behavioral whitelisting .

Stability is the main feature we had looked for because of our environment, i.e. why we chose FortiSIEM. The stability is good. We just install a connector on the supervisor outside. 

With the stability of the connector, we faced some problems. The reseller asked us to reinstall the connector. The problem was with the reseller, not the connector.

We used the solution's technical support for a lot of cases and tickets. Their responses are very good, kind, and quick. 

They have a poor correlation. They didn't use any new concepts like Fortinet. They just display the logs as it is with no attribute base.

The initial setup with Fortinet FortiSIEM Accelops was not easy. We had faced a few problems. but I think Fortinet should give more training courses for their resellers.

We needed to find what the weak points were.  in our network. Our deployment took up to two months. 

We were looking to deploy a unique correlation between nodes. We wanted to track the packets from our clouds Services like cloud sandbox and anti-spam to log our end-to-end connections.

The reseller told us that they comply with our solution. After that, we figured out that it was not going to very easy. FortiSIEM doesn't support ATP Symantec. 

They also did not support our web gateway log format.

The interface is  easy to use but initial setup is not . The connector in the core has FortiSIEM support from the vendor. FortiSIEM supports a lot of vendors. It is a good product for us.

I rank it as eight on a scale from one to ten. because It doesn't support a lot of vendors and also the FortiSIEM still not common to use with fortinet partner maybe they doesn't give adequate training.

My primary use case is that it is an analyst tool for hunting on your site network.

The platform is nice. It is not easy to implement, but once you do so, there is a lot of value from the platform. 

AccelOps can handle a lot of data and it's just so important to true monitoring. That is the strong point of AccelOps.

The second one is detecting. I can create a lot of rules to detect anything I like, and this is another strong point.

It's also the only SIEM platform on the market that has health monitoring capabilities, and correlates. For example, if a service is going down I can detect that it is going down and correlate it. For example, if it's because of an exploit can correlate this. It's a nice feature.

I think all SIEM platforms have a problem handling a lot of data. My response is "it depends." Depends on the people, depends on the product, depends on the technology. To implement any technology you need good people, and this is independent of the label of the company or technology. The stability is not bad, it's not good. It's a complicated question.

I don't have any feature for load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated. For example, the design is bad because you have one supervisor on one machine and you handle everything off this machine supervisor. It is a design problem. The technology also has limitations because you have a lot of memory and a lot of processors, but you have a limit with processors and memory, which causes problems with scalability. 

It's equal to any technical support. You need to go to level one, level two, level three to reach their engineers. It is complicated. With any technology it is like this. But my level of skill here is high, and going to level one, level two, level three is complicated. You have a ladder to solve the problems quickly. That's the problem. Any platform, any vendor has the same problem. You need to go through levels until you find one guy who can solve your problem.

I used a solution previously. I switched because I needed evolving technology. I needed to evolve to smart features.

The most important criteria when selecting a vendor is price. After that it's detection.

For the first steps you have some help. At the beginning you have priority support, you have engineers. After that you pay.

It's complex because you need to evaluate a lot of things.

I advise that you should plan your financial resources and plan the platform. Also, be sure to test the performance ability, as well as scalability. 

We are trying to onboard some devices, which we will analyze using Fortinet FortiSIEM. 

Once it responds smoothly, we will onboard some clients with requests.

It's a very nice solution to work with. It is easy to understand.

There is no proper guide for integration or configuration. They need to improve the documentation library.

We are using the enterprise version in my organization. I have been using it for 30 to 40 days, but not more than two months.

We have contacted technical support. They are good and provide good resolutions.

The initial setup was straightforward.

I will definitely recommend this solution to others. I am still exploring it, as it is new to us. I need more time to analyze it further.

I would rate Fortinet FortSIEM a seven out of ten.

• Log correlation
• Alerting

AccelOps gives us a greater visibility into potential data/network breach attempts with the monitoring and alerting capabilities.

Ease-of-use for end users that do not spend every day in the product.

Also, the presentation of historical and trending data in dashboards needs to be improved immensely. Something as simple as an RRDtool graphing mechanism on a dashboard would be a huge improvement to the product.

I've used it for one and half years.

Not that I recall, but its been over a year since deployment.

No issues encountered.

No issues encountered.

It's high.

Medium to high, some of the problems is just in the maturity of the product and how AccelOps develops this moving forward.

Solarwinds, we assumed that AccelOps would be an easier product to manage moving forward and it was less expensive.

I don't think it was complex.

In-house with a little assistance from support.

We are a system integrator and we resell this solution.

Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections.  

Our customers are noticing configuration available in the GUI interface and I think that they should be equal.

Stability and scalability are perfect. 

The initial setup wasn't complex. It took three days to deploy and we required two people for the deployment. 

I would rate it a nine out of ten. The configuration should be equal with the GUI interface. 

We use the on-prem model of this solution. Our primary use case is for malware and behavior monitoring. We also use it to monitor system performance and user behavior. 

The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices. 

The performance can be improved. Sometimes it takes a long time to fetch data. 

It is very stable. 

Scalability is very good. We currently have 150 users using this solution. We don't have plans to increase usage at the moment. 

We implemented through Fortinet professional services. We were one of the first customers to implement the new version and it was a bit complex. I believe it has become easier. Deployment took them only a few hours. It didn't take a long time. 

I would rate it an eight out of ten. They should implement better behavior monitoring features to make it a perfect ten. It should also have better integration with their own products. They have a lot of interfaces for other products but it's not so easy to integrate their own devices. 

I would recommend this solution to someone considering it.