We performed a comparison between Fortinet FortiSIEM and NetCrunch based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Splunk, Wazuh and others in Security Information and Event Management (SIEM)."The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"The UI-based analytics are excellent."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"The Threat Hunting feature provides complete traffic analysis."
"The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature."
"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"The CMDB and the device discovery features are most valuable."
"Its automated response feature has benefited our customer communication. Analysts feel more confident in providing timely responses."
"The most valuable feature is the anomaly-reporting alarms."
"FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high."
"I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics."
"Reporting on NetCrunch is pretty good. It's very similar to SolarWinds. It's just a different interface. The majority of everything there was beneficial."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"The solution could improve the playbooks."
"The on-prem log sources still require a lot of development."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"Fortinet FortiSIEM could improve to extend to several locations or sites."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"There could be more AI features included in the product."
"I would like to see easier implementation in the future."
"The biggest thing that could be better is a quicker response to support cases."
"Customer support service could be better."
"Creating parsers to try make unknown events or currently unsupported devices produce meaningful information is extremely cumbersome."
"The policy editing should be easier. Right now, it's too hard."
"I didn't care for the role-based, permission-based options, which were not the best."
Earn 20 points
Fortinet FortiSIEM is ranked 8th in Security Information and Event Management (SIEM) with 63 reviews while NetCrunch is ranked 76th in Network Monitoring Software. Fortinet FortiSIEM is rated 7.6, while NetCrunch is rated 8.0. The top reviewer of Fortinet FortiSIEM writes "It's cheaper than other solutions with the same features but lacks integration with many third-party vendors". On the other hand, the top reviewer of NetCrunch writes "A network monitoring platform with a useful reporting feature, but permission-based options could be better". Fortinet FortiSIEM is most compared with IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM, Wazuh and ThousandEyes, whereas NetCrunch is most compared with Zabbix and PRTG Network Monitor.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.