We performed a comparison between Fortinet FortiSIEM and LogRhythm SIEM based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. Users praised LogRhythm SIEM for its user-friendly centralized dashboard, strong integration capabilities, and event-filtering capabilities. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring. LogRhythm SIEM has the potential to improve its SOAR and NDR features, platform stability, and MDI integration.
Service and Support: Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable. LogRhythm SIEM was generally praised for its helpful and knowledgeable support, although there have been occasional delays and knowledge problems.
Ease of Deployment: Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time. LogRhythm SIEM's setup is considered to be straightforward. However, it is more time-consuming and complex for enterprise deployments involving multiple components or vendors, and users often require assistance from professional services or LogRhythm-certified engineers.
Pricing: FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets. LogRhythm SIEM’s license typically includes all elements. However, enterprise customers may encounter complexities related to additional features and add-ons.
ROI: Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses. LogRhythm SIEM has proven to be highly valuable, delivering a significant ROI by reducing the mean time to detect and respond.
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
"To add workers and even collectors is pretty easy."
"There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not."
"AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
"We find the solution to be stable."
"It's very easy for anyone to work with."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"We have many application systems, and I can set up Fortinet FortiSIEM for users to monitor their systems."
"LogRhythm NextGen SIEM is customizable, simple to manage, and there are many features. The solution does not require an expert to be able to use it, anyone can use it."
"The alarm functions have helped us cut down on the manual work. They bubble things up to us instead of our having to go look for stuff. Also, from an operational perspective, day to day, the Case Management functions are really useful for us. They allow us to track what we see in the incidents that we have."
"File Integrity Monitoring is really valuable because we have it set up on our core assets. This is one of the key features that I utilize. We also use it quite a lot for event management to do reporting."
"It's reliable and the performance is good."
"The initial setup is pretty easy."
"Alarms are the most valuable feature. We also like the dashboard and how things are at your fingertips. The fact that we can now edit the report templates is going to be a great thing."
"The most valuable features would be the automation, reporting, and the support."
"Even other products we have that feed into it, instead of having to watch all of them we only have to watch one. For example, we have CrowdStrike, so instead of having to pay attention that solution - because their dashboard doesn't really pop when an alarm comes up - we can see issues with the red on the LogRhythm alarm. That is very nice."
"The on-prem log sources still require a lot of development."
"The only thing is sometimes you can have a false positive."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"I think the number one area of improvement for Sentinel would be the cost."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"The product can be improved by reducing the cost to use AI machine learning."
"Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"I would like to see easier implementation in the future."
"Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time."
"The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries."
"The performance can be improved. Sometimes it takes a long time to fetch data."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"FortiSIEM is not a market leader in the SIEM space."
"When we originally got LogRhythm, their tech support was fantastic, and I loved them. Now, we don't quite get as quick of a response. I've been disappointed in the more recent tech support. When you call in, they'll say that they will get you somebody, and you'll finally get someone who will contact you back a day or so later. Whereas before, I would get help right away."
"Scalability misses the mark sometimes, especially when you have an integrated disaster recovery built into the solution."
"More detail in the alerts given to avoid additional searches, as often the source or destination associated with the alert is not evidenced."
"The web and on-premise console interface should be the same instead of having a separate engine for each."
"The built-in functionality of the solution for NDR, SOAR, SIEM, and EDS has room for improvement."
"The customer support system is time-consuming."
"I have Windows administrators who will remove the agent when they think that that's what's fouling up their upgrade or their install or their reconfiguration, etc. The first thing they do is to turn off the antivirus, turn down the firewall, and take off anything else. They don't realize that the LogRhythm agent is just sitting there monitoring. Most antivirus products have application protection features built-in where, if I'm an admin on a box, I can't uninstall antivirus. I need to have to the antivirus admin password to do that."
"There are other security technologies outside of this SIEM that should be inside of this SIEM. I can see in their roadmap that they're trying to address a lot of these things, and have these technologies built into the solution, because there is no point in going to another vendor or opening up a second window to obtain the data that you need."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while LogRhythm SIEM is ranked 6th in Security Information and Event Management (SIEM) with 166 reviews. Fortinet FortiSIEM is rated 7.6, while LogRhythm SIEM is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of LogRhythm SIEM writes "The solution reduced our investigation time from days to hours and assists in managing our workflows". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, ThousandEyes and PRTG Network Monitor, whereas LogRhythm SIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm Axon and Fortinet FortiAnalyzer. See our Fortinet FortiSIEM vs. LogRhythm SIEM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.