We performed a comparison between Fortinet FortiSIEM and Microsoft Sentinel based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Microsoft is considered one of the industry leaders in the SIEM space. Microsoft Sentinel allows users to investigate threats seamlessly and manage them quickly, all from one single place. Microsoft Sentinel is a complete solution. Many users feel Fortinet FortiSIEM's learning curve takes too long and tell us the solution should have better integrations with other third-party solutions.
"We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
"Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses."
"AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
"We find the solution to be stable."
"It's very easy for anyone to work with."
"To add workers and even collectors is pretty easy."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"It has a lot of great features."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The connectivity and analytics are great."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"I would like to see more integration with other platforms."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"I would like to see easier implementation in the future."
"There is no proper guide for integration or configuration."
"Its training can be improved. Its price also needs to be improved."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"The solution could be more user-friendly; some query languages are required to operate it."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
Fortinet FortiSIEM is ranked 10th in Security Information and Event Management (SIEM) with 65 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 86 reviews. Fortinet FortiSIEM is rated 7.6, while Microsoft Sentinel is rated 8.2. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ThousandEyes, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Wazuh, Microsoft Defender for Cloud and LogRhythm SIEM. See our Fortinet FortiSIEM vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.