We performed a comparison between Fortinet FortiSIEM and Microsoft Sentinel based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Microsoft is considered one of the industry leaders in the SIEM space. Microsoft Sentinel allows users to investigate threats seamlessly and manage them quickly, all from one single place. Microsoft Sentinel is a complete solution. Many users feel Fortinet FortiSIEM's learning curve takes too long and tell us the solution should have better integrations with other third-party solutions.
"It works well with medium to large-scale enterprises."
"The most valuable feature is the anomaly-reporting alarms."
"The product is quite well-organized. The GUI makes it easy to navigate."
"It's a very nice solution to work with."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"The solution is easy to use and user-friendly."
"The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
"I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The UI-based analytics are excellent."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"Log aggregation and data connectors are the most valuable features."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"FortiSIEM is not a market leader in the SIEM space."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."
"The solution's interface could be modernized and improved."
"The challenge I face with Fortinet FortiSIEM is the lack of support."
"Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time."
"There is no proper guide for integration or configuration."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews. Fortinet FortiSIEM is rated 7.6, while Microsoft Sentinel is rated 8.2. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and LogRhythm SIEM. See our Fortinet FortiSIEM vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
