We performed a comparison between Fortinet FortiSIEM and Wazuh based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Fortinet FortiSIEM is praised for its advanced agents and effective correlation capabilities. Reviews say FortiSIEM excels at anomaly reporting and threat hunting. Wazuh stands out for its effortless integration, excellent log monitoring capabilities, and ELK-based investigation. Fortinet FortiSIEM could benefit from better integration guides, more flexible reporting, and reduced resource consumption. Users also suggest adding more AI capabilities and improving database monitoring. Wazuh needs improvements in event source coverage, threat intelligence integration, and real-time monitoring of Unix systems.
Service and Support: Some FortiSIEM customers consider Fortinet support to be satisfactory and efficient, while others were unhappy and thought the engineers could be more knowledgeable. Wazuh's customer service is generally deemed satisfactory, and many customers noted that they could easily find answers from community forums.
Ease of Deployment: Some FortiSIEM users found it effortless to install within a day or two. Nonetheless, others encountered difficulties regarding CPU and memory requirements, as well as a lengthier deployment time. Some users said that Wazuh’s setup is easy and fast, while others perceived it as complicated and said it required a significant amount of time.
Pricing: FortiSIEM is generally regarded as reasonably priced and competitive. However, FortiSIEM may still be deemed costly in developing markets. Wazuh is a cost-effective option as it is open-source and completely free to acquire.
ROI: Fortinet FortiSIEM has consistently delivered a positive return on investment for businesses. Wazuh's MSP program and partnerships offer opportunities to generate revenue from the platform.
"One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good."
"Easy alert setup which enables different alerts in different categories."
"The most valuable feature is the anomaly-reporting alarms."
"Both the collecting logs and duo correlation are valuable features for us."
"I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports."
"FortiSIEM's best features are the dashboards and customization."
"The solution is very stable. It's run for years without the need to do anything except, add new patches when they are available, which are always a good idea to install."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"I like that the solution is on top of the Kubernetes stack."
"Wazuh has very flexible and robust features."
"Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring."
"Its cost-effectiveness is the most valuable aspect."
"The deployment is easy and they provide very good documentation."
"Wazuh is simple to use for PCI compliance."
"The solution's interface could be modernized and improved."
"The nodes on our network did not comply with the SIEM solution. They use a different format parking log."
"Sometimes, if there are changes made by a user on a database server, it can be difficult to get that information on the fly. I would like to see a situation where once I specify a user with the database server I need, and with the changes they have performed on that, I don't need to continue my search pattern to drill down just to get the information."
"I would like to see more integration with other platforms."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"They could work on their documentation. If there's anything about the solution that needs improvement, it's that. For example, documentation already is on a very high level but specifically on the CLI there are tons of features which can be fine-tuned and thousands of commands are very difficult to document. If they could make this easier, it would improve the overall solution."
"The solution needs to do a better job with third party integration. Right now, that's lacking on the solution. I specifically am talking about the AWS environment. Most of the AWS environment products do not have that capability to integrate."
"The support of the product changed recently, and I don't think it's for the better. They should work to improve the support they offer to clients."
"Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions."
"The deployment is a bit complex."
"Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs."
"The only challenge we faced with Wazuh was the lack of direct support."
"Some features, like alerting, are complex with Wazuh."
"Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."
"Wazuh is missing many things that a typical SIEM should have."
"The computing resources are consuming and do not make sense."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 65 reviews while Wazuh is ranked 3rd in Security Information and Event Management (SIEM) with 38 reviews. Fortinet FortiSIEM is rated 7.6, while Wazuh is rated 7.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". Fortinet FortiSIEM is most compared with IBM Security QRadar, Microsoft Sentinel, Splunk Enterprise Security, LogRhythm SIEM and ThousandEyes, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and Graylog. See our Fortinet FortiSIEM vs. Wazuh report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.