We performed a comparison between Fortinet FortiSIEM and SCOM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers."
"FortiSIEM helped us discover all the threats at the time that were attacking the IT services of the company. We now have multiple-level authentication."
"The solution is very stable. It's run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install."
"FortiSIEM's best features are the dashboards and customization."
"The primary valuable feature is that it has replaced a whole lot of other products with one platform."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"The product is quite well-organized. The GUI makes it easy to navigate."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"The most valuable feature of SCOM is real-time alerts."
"SCOM has helped us to monitor all the VMs in our environment, especially the Windows servers."
"The stability has been great."
"The solution is used for monitoring the hardware inventory. For instance, it helps with the whole operational monitoring view for the company's infrastructure."
"This solution saves us a lot of work because it reduces the effort that is required in order to start monitoring."
"I enjoy its integration with the Microsoft Active Directory functions, which means users, computers, or other group policies can connect with Windows Active Directory."
"The most valuable feature of SCOM is the capability of using classes within your management pack development."
"The product has helped our organization with in-depth monitoring."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"The solution could be more user-friendly; some query languages are required to operate it."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"They need to integrate better with Cisco and Palo Alto."
"The biggest thing that could be better is a quicker response to support cases."
"Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"The log collection and configuration management are not great."
"They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."
"The solution’s initial setup is difficult."
"I would like to see better support for monitoring Unix-based systems."
"The GI is difficult to work with and the reporting servers are also difficult."
"Third-party tools have had to be created to make SCOM management pack creation more efficient and effective. However, this weighs down the application as it just adds a resource requirement, which is ballooning the size of the necessary storage and all that for essentially substandard components."
"There are some negative points about this product. Sometimes, the capabilities of the software don't appear, and you can't directly see the results. You have to wait for a long period to refresh the policy to push it to the software or other patches."
"It lacks certain details that other products do better, like granular access and better application monitoring."
"There could be more integration of SIM in the solution."
"The solution should be more user-friendly and offer a better user interface."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while SCOM is ranked 3rd in Event Monitoring with 77 reviews. Fortinet FortiSIEM is rated 7.6, while SCOM is rated 7.8. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of SCOM writes "Has a good reporting engine, but its monitoring of the cloud-based environment could be improved". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and AlienVault OSSIM, whereas SCOM is most compared with Zabbix, Dynatrace, Datadog, Nagios XI and AppDynamics. See our Fortinet FortiSIEM vs. SCOM report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.