We performed a comparison between Fortinet FortiSIEM and NetWitness Platform based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The pricing of the product is excellent."
"It's pretty powerful and its performance is pretty good."
"The automation feature is valuable."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."
"It works well with medium to large-scale enterprises."
"FortiSIEM's log correlation is good."
"Easy alert setup which enables different alerts in different categories."
"FortiSIEM's best features are the dashboards and customization."
"Fortinet FortiSIEM is less costly than other products and is available 24/7."
"AccelOps can handle a lot of data and it's just so important to true monitoring. Also, I can create a lot of rules to detect anything I like."
"Analytics. It can provide log information from the device. With log information, I can see if there is a threat"
"Offers a good wireless feature."
"The solution is really scalable for the high-end power, enterprise customer."
"The most valuable features are the packet inspection and the automated incident response."
"NetWitness Platform is valuable for creating rules that the solution must detect."
"What we are mainly using are the RSA concentrator, RSA Decoder, Archiver, Broker, and Log Decoder."
"The most valuable features are the threat prediction and network forensics."
"The most valuable feature of RSA NetWitness Logs and Packets are the alerts and correlations tools."
"It gives the ability to investigate into network traffic in the Net and the organization what we couldn't do before."
"The product can be improved by reducing the cost to use AI machine learning."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The troubleshooting has room for improvement."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The reporting could be more structured."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"They should enhance the solution's AI capabilities, including XDR and EDR."
"They need to integrate better with Cisco and Palo Alto."
"When compared with some competitors, in terms of performance, the CPU and RAM requirements and the capability of coordination with development all need some improvement."
"Customer support service could be better."
"Fortinet FortiSIEM could improve to extend to several locations or sites."
"Does not have load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated."
"It's difficult to integrate unsupported devices with FortiSIEM compared to QRadar. It's easier to integrate and develop processes in QRadar. It's harder to develop a custom process in FortiSIEM."
"The product does not have Security Orchestration and Automation Response, I would recommend adding this feature."
"There are instances where you try to run the reports and then it does not give you the desired outcome."
"The solution should have more integration capabilities with different platforms."
"Lots of competing products have vulnerability protection built into their products, and this solution would be improved by including that support."
"The user interface is a little bit difficult for new users and it needs to be improved."
"The documentation is not as structured as I would like, personally, and I think that it can be improved and made much more user-friendly."
"Security needs improvement."
"More customizability is required, which is something that they need to improve on."
"Health monitoring of the event sources and devices."
Fortinet FortiSIEM is ranked 9th in Security Information and Event Management (SIEM) with 63 reviews while NetWitness Platform is ranked 28th in Security Information and Event Management (SIEM) with 35 reviews. Fortinet FortiSIEM is rated 7.6, while NetWitness Platform is rated 7.4. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NetWitness Platform writes "Can find out if there is lateral movement, but integration and workflow need improvement". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas NetWitness Platform is most compared with Splunk Enterprise Security, RSA enVision, IBM Security QRadar, Cisco Secure Network Analytics and Arbor DDoS. See our Fortinet FortiSIEM vs. NetWitness Platform report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.