Fortinet FortiSIEM Review

We like the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation.

How has it helped my organization?

There are several examples, but the flexibility in reporting and alerting has given us the ability to have numerous teams be alerted for various security situations affecting each team's responsibilities.

What is most valuable?

The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation. The logs and search engine are also valuable features.

What needs improvement?

Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome.

Additionally, lately there have been releases which have broken existing functions. This directly relates to support being an area that also needs improvement.

What do I think about the stability of the solution?

In general, the system is stable.

What do I think about the scalability of the solution?

We had to deploy several workers to keep up with event collection. This was one reason that the AO agent was developed and released -- to reduce the load on the managers and workers.

How are customer service and technical support?

Customer Service:

Customer service is mediocre, but the relationship is improving with focused attention on customers.

Technical Support:

Technical support is good.

Which solution did I use previously and why did I switch?

We were a a Cisco MARS customer and needed to replace the solution once Cisco ceased support.

How was the initial setup?

The initial setup is straightforward. There is a learning curve for the software, but overall it was up and running and collecting information in a matter of an hour post setup.

What about the implementation team?

We implemented it with out in-house team.

Which other solutions did I evaluate?

We didn't evaluate other options as this was a direct, suggested replacement to MARS.

What other advice do I have?

Watch the sizing requirements for the virtual machines and quantities needed to support the environment. Make sure you get sign-off from Accelops on proposed the configuration and load for what’s being planned on the deployment.

**Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
More Fortinet FortiSIEM reviews from users
...who work at a Comms Service Provider
...who compared it with Splunk
Learn what your peers think about Fortinet FortiSIEM. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
511,307 professionals have used our research since 2012.
Add a Comment
ITCS user