We performed a comparison between Fortinet FortiSIEM and Pico Corvil Analytics based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"It is used as an alerting platform."
"The interface is very easy to use. The connector in the core has FortiSIEM support from the vendor."
"Real-time monitoring makes life quite easy for me."
"One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams. There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good."
"We find the solution to be stable."
"Easy alert setup which enables different alerts in different categories."
"Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"We can use CLI with the UI for configuring the new monitoring system, which is good."
"We use the data to analyze how much time we spend within the applications. Then, based on that, we are doing multiple analyses and types of investigations to work on reducing the amount of time spent on the latency, which helps our applications."
"We're able to quickly drill down and find answers to events that are happening in real-time, using Corvil's analytics tools. That's the feature which is most in the spotlight..."
"What is most valuable is the ability to troubleshoot when a client complains of spikes in latencies. It gives us the ability to go granular, all the way down to looking at the network packets and analyze them."
"The performance metrics are pretty good. We've got everything from the network layer to the actual application layer. We can see what's going on with things like sending time and batching."
"It has all the decoders so it's capturing every network packet and it's decoding in real-time and it's giving us latency information in real-time... It's the real-time decoding and getting the latency information statistics that we find the most useful."
"With the Corvil Stored Data Analyzer module, we can use it for test data or a set of production data to set up the configuration for latency setup, so we can use the fields to correlate messages."
"The analytics features of Corvil are really good... As long as you know what the field is in the message, you can build your metrics based on that field... It means you can do the analytics that you actually care for. You can customize it..."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."
"There is no proper guide for integration or configuration."
"We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."
"There could be more AI features included in the product."
"Fortinet FortiSIEM could improve to extend to several locations or sites."
"FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"Fortinet FortiSIEM could improve by having better integration and extensions. This would benefit by allowing us to give more rules."
"I have seen errors where the CNE and the CMC haven't synced because of something missing in the CMC, which was there in the CNE. We would get some type of error, but it doesn't actually say what exactly was missing in the CNE."
"The creation of charts and real-time windows was somewhat cumbersome. The vendor's website had an application called App Agent that required improvement. This API was designed to track message rates between microservers ingested into a microservice memory map. It allowed users to monitor the number of transactions that occurred at specific points within the application, and it was quite impressive. However, it had some limitations, and it mainly served as a tool for basic tracking. The protocols it employed could reveal the type of server-to-server communication and the specific order types, but it was not able to provide a more in-depth analysis of the application. The vendor has the potential to integrate application metrics more extensively into their product suite."
"While the product is scalable, it's not easy to scale. It needs investment hardware and network bandwidth consideration. It's not something you can just do overnight."
"Alerting isn't great... you can only put in one email address in. And that's for all kinds of alerting on the box."
"The analytics feature is very nice, but it's mostly software. We are hoping that it could be embedded in ASICs, so it could be faster."
"Overall, the Corvil device needs a little bit of training for people to handle it. If that could be reduced and made more user-friendly, more intuitive, it would be better."
"In terms of performance analysis, if you really want to dig down into the minutiae and get statistics on the important things... that would be the only piece lacking because, in our environment, we have thousands and thousands of symbols. With the architecture that Corvil is built on, it's cumbersome."
"Before I got the Corvil training... one thing that was not very efficient was that every time you had to create a new stream or a new session from within Corvil... you had to tell it what protocol the message is going to come through and how to correlate messages, etc... After I went for the training, they had already added these nice features in the 9.4 version where it could do auto-discovery... Based on the traffic that it has already seen, it could create sessions on the fly."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Pico Corvil Analytics is ranked 51st in Network Monitoring Software with 9 reviews. Fortinet FortiSIEM is rated 7.6, while Pico Corvil Analytics is rated 9.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Pico Corvil Analytics writes "Helpful support agents, beneficial issue detection, and high availability". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas Pico Corvil Analytics is most compared with NETSCOUT nGeniusONE, Gigamon Deep Observability Pipeline and ThousandEyes. See our Fortinet FortiSIEM vs. Pico Corvil Analytics report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.