We performed a comparison between Fortinet FortiSIEM and LogicMonitor based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"We have no complaints about the features or functionality."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Both the collecting logs and duo correlation are valuable features for us."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"This solution offers extensive customization options, making it possible to adapt it precisely to their requirements."
"The Threat Hunting feature provides complete traffic analysis."
"The solution’s IP database is awesome."
"FortiSIEM's best features are the dashboards and customization."
"The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices."
"The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted."
"It has improved our organization with its capacity planning. We have a performance environment that we use to benchmark our applications. We use it to say, "Okay, at a certain level of concurrency, we know where our application will fall over." Therefore, we are using LogicMonitor dashboards to tell us that we're good. Our platform can handle X number of clients concurrently hitting us at a time."
"It's the depth of data that it gathers that I find really useful because there's nothing worse, when you're trying to find information about something or dig deeper into something, than hitting the bottom of the information really quickly and not having enough information to work with. With LogicMonitor, there is a load of information to dig through. It's a really good solution for that."
"The breadth of its ability to monitor all our environments, putting it in one place, has been helpful. This way, we don't have to manage multiple tools and try to juggle multiple balls to keep our environment monitored. It presents a clear picture to us of what is going on."
"I really appreciate the reporting function because it allows me to create dashboards that will be emailed to me during the morning so that I have a complete overview of my client's health, within a specific time frame."
"One thing that's very valuable for us is the technical knowledge of the people who work with LogicMonitor. We looked at several products before we decided to use LogicMonitor, and one of the key decision-making points was the knowledge of the things that they put in the product. It provides real intelligence regarding the numbers that you see on the product, which makes it easy for us technical people to troubleshoot. Other products don't provide you with such information. You see a value going up, but you don't know what it means. LogicMonitor provides such information. For instance, if a value goes up, it says that it is probably because your disk area was too low."
"The most valuable feature is the visualization of the data that it is collecting. I have used many products in the past and they tend to roll up the data. So, if you're looking at data over long periods of time, they start averaging the data, which can skew the figures that you're looking at. With LogicMonitor, they have the raw data there for two years, if you are an enterprise customer. If you are looking at that long duration of data, you're seeing exactly what happened during that time."
"It is easy to set up and monitor an entire facility. This is crucial because we have around 80 facilities that require monitoring. LifePoint is a hub-and-spoke environment, so it is essential to understand all of the WAN interfaces."
"The most valuable feature of LogicMonitor is the infrastructure monitoring capability."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"The solution could be more user-friendly; some query languages are required to operate it."
"There is room for improvement in entity behavior and the integration site."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"It would be good if the solution offered even more configuration options, especially in relation to the VPN so that it continues to be a very flexible option."
"Our customers are noticing configuration available in the GUI interface and I think that they should be equal."
"When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement."
"FortiSIEM needs to expand its integration with third-party vendors. I don't know if Forcepoint has been added, but there were limited resources for integrating Forcepoint solutions when we implemented FortiSIEM. It integrates well with other Fortinet products and solutions from established cybersecurity companies like Palo Alto but doesn't integrate with some of the newer vendors."
"The backup and recovery process for this solution needs improvement."
"There is no proper guide for integration or configuration."
"The interface needs some improvements because it's a bit cumbersome when you're trying to view items. It takes some time to get used to. Additionally, sometimes the scrolling does not work."
"If there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it."
"One of the areas that I sometimes find confusing is the way that the data is presented. For example, a couple of weeks back I was looking at bandwidth utilization. That's quite a difficult thing to present, but they should try to dumb down how the data is presented and simplify what they're presenting."
"It needs better access for customizing and adding monitoring from the repository. That would be helpful. It seems like you have to search through the forums to figure out what specific pieces you need to get in for specific monitoring, if it's a nonstandard piece of equipment or process. You have to hunt and find certain elements to get them in place. If they could make it a bit easier rather having to find the right six-digit code to put in so it implements, that would be helpful."
"LogicMonitor can easily easy to pull data from one item at a time. I have yet to find a good way to get LogicMonitor to show me all the WAN devices and how they're doing in terms of capacity."
"LogicMonitor has good features, but the ease of use is a little bit confusing. Additionally, we are looking for workflow automation, which is a little bit tricky for LogicMonitor."
"Some more application performance type monitoring would be nice. For example, an APM type solution, which would not necessarily completely replace it, but be able to tie into to what we're seeing on the application performance side so we can correlate what's going on with the application versus the underlying infrastructure."
"The dashboards can be improved. They are good, but there is a pain point. To show things to management, to explain pain points to other customers, to show them exactly where we can do better, the dashboarding could be better. Dashboards need to show the key things. Nobody is going to go into the ample details of Excel sheets or HTML."
"One drawback of LogicMonitor is its licensing model, which requires an additional license for each module. For example, if you need to use Azure monitoring, you'll need an additional license on top of the base license."
"LogicMonitor should always improve AI because we are always striving for real intelligence. An additional feature we'd like to see in the next release of LogicMonitor is more in the area of identification of when the dominant workload is working. There are certain devices and applications that have cycles of their own. Some are used primarily during prime time, and some are used during the overnight timeframe, and better identification and classification of those workloads would be helpful. For example, we could then do some more planning about, for this particular set of devices, as it has a prime time environment, and we don't want to see a 24-hour average, as we want to see what is the 75th or 90th percentile utilization during the prime time when it is being used, whenever that prime time is."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while LogicMonitor is ranked 17th in Network Monitoring Software with 25 reviews. Fortinet FortiSIEM is rated 7.6, while LogicMonitor is rated 9.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of LogicMonitor writes "We went from nothing to full visibility across our internal and external estates of equipment". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas LogicMonitor is most compared with SolarWinds NPM, ScienceLogic, Zabbix, SCOM and OpsRamp. See our Fortinet FortiSIEM vs. LogicMonitor report.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.