We performed a comparison between Fortinet FortiSIEM and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The Log analytics are useful."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"It has basic out-of-the-box integrations with multiple log sources."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The most valuable feature of Fortinet FortiSIEM is the correlation of many events."
"The seamless integration with FortiGate is the solution's most valuable aspect."
"The product's initial setup phase was easy."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"FortiSIEM's best features are the dashboards and customization."
"Easy alert setup which enables different alerts in different categories."
"This solution offers extensive customization options, making it possible to adapt it precisely to their requirements."
"It is user-friendly. The notification part of McAfee ESM is very easy."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"This solution integrates easily and very well with other technologies."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The most valuable feature is the capability to correlate different events from different platforms that we feed into it."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"It has performed well and delivered the results that I have been looking for."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"The reporting could be more structured."
"There is room for improvement in entity behavior and the integration site."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"I think the number one area of improvement for Sentinel would be the cost."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"The only drawback is the licensing model. It can get expensive if you want to integrate more solutions."
"When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement."
"The dashboards need to be improved. It gives you so much detail, but sometimes too much detail, especially to an executive, it's too much."
"The graphs on the user interface could be improved as we often experience glitches."
"Our team tried configuring MS SQL database logs with Fortinet FortiSIEM, but it did not work for some time."
"We expect the latest patch from Fortinet FortiSIEM to give the ability to work with signature files."
"I would like to see easier implementation in the future."
"The policy editing should be easier. Right now, it's too hard."
"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
"Product currently requires Flash."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"I would like to see improvements to the user interface."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Fortinet FortiSIEM is rated 7.6, while Trellix ESM is rated 7.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our Fortinet FortiSIEM vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.