Fortinet FortiSIEM Review

I can write my own parsers for the devices that are not supported. I am unable to perform complex/nested queries.

How has it helped my organization?

It is provides extremely fast and flexible query of logs/events on the network. For example, it’s easy to write a quick query for all the “authentication” requests on the network, regardless of where they came from, i.e., during the past days, weeks or months.

What is most valuable?

The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature. It’s impossible to find an application that supports every device/manufacturer that we have. Thus, being able to write my own parsers for device logs, allows for greater scalability.

What needs improvement?

The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries. However, it does function well for our day-to-day operations.

What do I think about the stability of the solution?

We did experience some stability issues. The parser engine crashes often, but it does recover without any noticeable impact to the performance or service.

What do I think about the scalability of the solution?

There were no scalability issues; the product scales well for us.

How is customer service and technical support?

Support was very good when owned by AccelOps. I have not opened any recent cases with Fortinet since its buyout.

How was the initial setup?

The setup was pretty complex, but we had great support from AccelOps.

What's my experience with pricing, setup cost, and licensing?

I haven’t looked at the latest offerings or licensing models since Fortinet bought this product. Previously, AccelOps was looking to add other Tableau reporting modules for more complex reporting purposes. This was not attractive to us, due to the high cost of Tableau's licensing. Also, it required licensing for an event forwarding engine to be installed on the servers. The cost was getting high when we looked at licensing for 50-plus servers.

Which other solutions did I evaluate?

We only evaluated this solution and loved the capabilities that it offers. We decided to take a chance and I’m not sorry that we did. Overall, the experience has been very positive.

What other advice do I have?

Make sure you size the solution to the number of devices and servers on the network. Don’t be afraid to add additional workers.

Try to avoid using WMA formats for log retrieval of the busy servers; this is extremely resource-intensive. Price out the event forwarding engine that they offer and add it to your budget.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortinet FortiSIEM reviews from users
...who work at a Comms Service Provider
...who compared it with Splunk
Add a Comment