We performed a comparison between Fortinet FortiSIEM and Rapid7 InsightIDR based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"It has a lot of great features."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Fortinet FortiSIEM is easy to use."
"We're able to get real-timec as well as our customer networks that we're monitoring at all times."
"We find the solution to be stable."
"The stability is very reliable. It offers very good performance."
"To add workers and even collectors is pretty easy."
"Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses."
"The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
"The solution is easy to use and user-friendly."
"We were able to identify criminals attempting to login from China and put a stop on their IP locations."
"Simple configuration and automatically syncs to the cloud platform."
"I have seen that Rapid7 InsightIDR provides security to the networks and endpoints in the company."
"The technical support is a solid 10 out of 10 as they take the time to answer any questions or problems which may arise in a reasonable time frame."
"Log search allows us to dive deep into aggregated logs and query all event types at once."
"InsightIDR helps us investigate an environment to discover information about incidents."
"Very intuitive and easy to set up."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"We are invoiced according to the amount of data generated within each log."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"The AI capabilities must be improved."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"I would like to see more integration with other platforms."
"Patching is not great - we're not getting the support we'd expect."
"It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"Fortinet FortiSIEM could improve by having a signature update."
"The dashboard needs to improve."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"The main problem lies in the processes within the client's operating systems."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"The dashboard is an area that could be simplified."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews. Fortinet FortiSIEM is rated 7.6, while Rapid7 InsightIDR is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and Zabbix, whereas Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and CrowdStrike Falcon. See our Fortinet FortiSIEM vs. Rapid7 InsightIDR report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
