We performed a comparison between Fortinet FortiSIEM and ThousandEyes based on real PeerSpot user reviews.
Find out what your peers are saying about Splunk, Microsoft, Wazuh and others in Security Information and Event Management (SIEM)."It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The analytics has a lot of advantages because there are 300 default use cases for rules and we can modify them per our environment. We can create other rules as well. Analytics is a useful feature."
"We have no complaints about the features or functionality."
"The automation feature is valuable."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The analytic rule is the most valuable feature."
"We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us."
"The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers."
"I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
"FortiSIEM is a great tool for making security processes transparent."
"We find the solution to be stable."
"Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features."
"Technical support is helpful."
"FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high."
"ThousandEyes gives companies better visibility."
"From our perspective, ThousandEyes stands out as an invaluable tool because of its deep and extensive capabilities."
"The most valuable feature of ThousandEyes is user-friendliness. It has been essential for us to have a solution that is easy to use."
"The solution is very easy to use."
"It's fairly easy to set up."
"The solution's initial setup process was straightforward...In terms of ROI, the solution is worth the money."
"The most valuable aspect of the solution was the ability to see how the connection quality is between the sites and get an alert if it was turning bad."
"The installation process is not hard at all."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"Not very good on non-API features, lacks that functionality."
"There is no proper guide for integration or configuration."
"Fortinet FortiSIEM is a little out of sight and needs more marketing efforts to be popular in the market."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"The UI could improve in Fortinet FortiSIEM. Humans view the UI frequently for data and if it was more visually pleasing it would be beneficial."
"Once I fully use the tool 100%, I'm sure I would have something to critique, however, for now, I'm happy with it."
"It's an expensive solution."
"I would like the product to offer more agility."
"ThousandEyes could improve the dashboards by adding more features."
"They only offer synthetic requests."
"There is room for improvement in terms of customization and user-friendliness."
"The guest portal is hard to use."
"Presently, it lacks the ability to integrate with other Cisco products."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while ThousandEyes is ranked 12th in Network Monitoring Software with 11 reviews. Fortinet FortiSIEM is rated 7.6, while ThousandEyes is rated 8.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of ThousandEyes writes "Reliable. simple to set up, and offers fast monitoring capabilities". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and PRTG Network Monitor, whereas ThousandEyes is most compared with Cisco Secure Network Analytics, Accedian Skylight, Dynatrace, SolarWinds NPM and LiveAction LiveNX.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.