What is our primary use case?
We're using FortiSIEM as the main metadata server for all the security and infrastructure devices. We integrate a lot of nodes, switches, firewalls, and sandboxes with it to gain and covers performance, availability, change, and security monitoring aspects of network devices, servers, and applications.
How has it helped my organization?
FortiSIEM gives us a lot of valuable events and details by using a unified event-based framework to analyze all data including logs, performance monitoring data and provides a broad range of metrics.
What is most valuable?
The comprehensive view of the dashboard and the attribute base interface and the flexibility of implementation methods.
What needs improvement?
The Fortinet Fabric should be more easy more friendly to use. They use a different parsing log format.
for example Symantec ATP is not supported by FortiSIEM. Our reseller provided us FortiSIEM as a service. They should also provide us with a dashboard to monitor and to deploy a correlations.
I think fortinet should improve the AI correlations by combining advanced statistical and heuristic analysis with behavioral whitelisting .
For how long have I used the solution?
I have been using the solution around six months.
What do I think about the stability of the solution?
Stability is the main feature we had looked for because of our environment, i.e. why we chose FortiSIEM. The stability is good. We just install a connector on the supervisor outside.
With the stability of the connector, we faced some problems. The reseller asked us to reinstall the connector. The problem was with the reseller, not the connector.
How are customer service and technical support?
We used the solution's technical support for a lot of cases and tickets. Their responses are very good, kind, and quick.
Which solution did I use previously and why did I switch?
They have a poor correlation. They didn't use any new concepts like Fortinet. They just display the logs as it is with no attribute base.
How was the initial setup?
The initial setup with Fortinet FortiSIEM Accelops was not easy. We had faced a few problems. but I think Fortinet should give more training courses for their resellers.
We needed to find what the weak points were. in our network. Our deployment took up to two months.
We were looking to deploy a unique correlation between nodes. We wanted to track the packets from our clouds Services like cloud sandbox and anti-spam to log our end-to-end connections.
The reseller told us that they comply with our solution. After that, we figured out that it was not going to very easy. FortiSIEM doesn't support ATP Symantec.
They also did not support our web gateway log format.
What other advice do I have?
The interface is easy to use but initial setup is not . The connector in the core has FortiSIEM support from the vendor. FortiSIEM supports a lot of vendors. It is a good product for us.
I rank it as eight on a scale from one to ten. because It doesn't support a lot of vendors and also the FortiSIEM still not common to use with fortinet partner maybe they doesn't give adequate training.
Disclosure: I am a real user, and this review is based on my own experience and opinions.