We performed a comparison between Fortinet FortiSIEM and NetCrunch based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Free ingestion for Azure logs (with E5 licence)"
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Log aggregation and data connectors are the most valuable features."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The analytic rule is the most valuable feature."
"The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."
"FortiSIEM's best features are the dashboards and customization."
"The product is quite well-organized. The GUI makes it easy to navigate."
"It is used as an alerting platform."
"Both the collecting logs and duo correlation are valuable features for us."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"Easy alert setup which enables different alerts in different categories."
"The solution is very stable. It's run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install."
"Reporting on NetCrunch is pretty good. It's very similar to SolarWinds. It's just a different interface. The majority of everything there was beneficial."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The solution could improve the playbooks."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"The AI capabilities must be improved."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Our customers are noticing configuration available in the GUI interface and I think that they should be equal."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"The graphs on the user interface could be improved as we often experience glitches."
"They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."
"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."
"It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"Its training can be improved. Its price also needs to be improved."
"I didn't care for the role-based, permission-based options, which were not the best."
Earn 20 points
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while NetCrunch is ranked 76th in Network Monitoring Software. Fortinet FortiSIEM is rated 7.6, while NetCrunch is rated 8.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NetCrunch writes "A network monitoring platform with a useful reporting feature, but permission-based options could be better". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas NetCrunch is most compared with Zabbix and PRTG Network Monitor.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
