We performed a comparison between Fortinet FortiSIEM and Icinga based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"The pricing of the product is excellent."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation."
"The most valuable feature is the anomaly-reporting alarms."
"Both the collecting logs and duo correlation are valuable features for us."
"FortiSIEM's log correlation is good."
"The product's initial setup phase was easy."
"The product is quite well-organized. The GUI makes it easy to navigate."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"We have found the solution to be stable."
"An affordable solution for small organizations to do basic network monitoring."
"The apply rules feature saves a lot of time."
"It is really easy in Icinga to create your own plugin and integrate it without any fuss. And it works just perfectly fine."
"There's a module called Icinga Director, which helps us configure the product using an intuitive interface through clicks instead of creating a text configuration. It's very helpful for us."
"The drafts are easy but what I like about Icinga is that there are many add-ons that you can download."
"Macros and the ability to connect it to Google Maps are valuable features."
"The best thing about the solution is how it highlights errors, the issues, and what needs my attention. The solution directs me to areas that I should look for first."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"There is room for improvement in entity behavior and the integration site."
"The log collection and configuration management are not great."
"FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"I would like to see more integration with other platforms."
"Their technical support is horrible. By horrible, I mean a train wreck of a disaster that has fallen off a bridge and caught fire."
"There is no proper guide for integration or configuration."
"It lacks a "wizard" that shows a particular user's activity or particular circumstance. I think the interface is intimidating because there's so much information there."
"Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."
"The tool currently fails to provide notifications to users."
"Icinga’s automation could be improved."
"I think the software is quite good, but we have had problems with getting it to recognize certain areas and amend certain checks, where we needed so we would have to create backend scripts for those checks. Though, being open source, it has the support to create backend scripts, it would be better to have these scripts in-built."
"Icinga is a complex solution that's hard to learn. It's a powerful product for monitoring, but new users will have a hard time figuring out what to do."
"The user interface should be improved."
"One thing that Icinga lacks is the capability to create advanced and customized dashboards within the tool itself."
"The solution lacks many features important to higher-level IT management and network support."
"The installation and configuration are very complex."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Icinga is ranked 22nd in Network Monitoring Software with 16 reviews. Fortinet FortiSIEM is rated 7.6, while Icinga is rated 7.6. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Icinga writes "A stable, scalable and cost-effective solution that helps with inbuilt scripts for easy modification". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas Icinga is most compared with Zabbix, Checkmk, Nagios Core, Nagios XI and Centreon. See our Fortinet FortiSIEM vs. Icinga report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
