FortiSIEM sends an email or SMS notifications to admins when there are significant incidents. It's a highly efficient way of responding to incidents. 

Fortinet has a unique model, which they call MSSP, managed services security partner. They select a telco in a country, partner with them, and offer them the certification track. We are an MSSP partner in Pakistan. FortiSIEM and FortiSOAR, their overall solutions that are there for threat mitigation, visibility, control, et cetera, is well integrated.

We like the integration of all of these Fortinet platforms together. Everything is integrated well, and we are able to sell that as a service to our customers.

There's a VR feature that is basically segmenting these firewalls, these security devices. Using that feature, we can make a network slice for each and every enterprise customer. All of the infrastructure is deployed in our data center, yet customer uses it as if it is their own.

The solution’s IP database is awesome. If we get malicious IP attacks in the firewall, the solution has a validated database to mark IPs as malicious and generate an alert. We need not use any third-party solution.

FortiSIEM's log correlation is good. 

The product kicks the logs automatically without an agent. We also use it for file integrity monitoring. The analytics engine is quite good. It can correlate traffic across our various platforms and give us a standard dashboard view of what's happening. By seeing what's happening on the network, we can pick anomalies like encrypted traffic, policy violations, and unusual accesses. It helps us be compliant. We can push back on the users and the IT team and keep them accountable based on what they are doing across their network.

Real-time monitoring makes life quite easy for me. Once I have the assurance that I have visibility into what's happening, I can report to the business and my boss that all is well. It also allows me to keep the security operations team on its toes. We do a lot of red teaming. It allows us to see whether the SOC team is doing what it is supposed to do.

The tool is relatively easy to integrate. It's agentless. We have a Windows environment majorly. We can tell the product to monitor everything at once. As long as it's authenticated, it will fix what we need.

The pricing is good. 

The best features are the dashboard and the integration between the Fortinet products. We can connect the nodes very easily.

The initial setup is very easy.

It's great to use both this and FortiSOAR. It makes everything better. If you use them together with Fortianalyzer, it's better than Splunk.

The solution is stable. 

It is a scalable product. 

Technical support is helpful. 

I like the reporting model where you can drill-down capabilities into user actions on the network.

I also like CMDB. The CMDB captures devices as long as they have SNMP enabled. It captures the information for me. 

Fortinet FortiSIEM has its own validated and authentic IP database that marks malicious IP attacks against the firewall and generates an alert for the same.

The event correlation is pretty robust. The GUI is pretty good. 

I like FortiSIEM because it integrates natively with our other Fortinet solutions and the Fortinet Fabric, but it also integrates with Cisco, Palo Alto and other security fabrics. 

Fortinet FortiSIEM provides good detection against advanced threats.

FortiSIEM is a great tool for making security processes transparent. 

I think the most valuable feature is the easy alert setup, it's very important. It's quite simple to use and enables us to have different alerts in different categories. SOC is able to see all the red alerts, it's impossible to miss them. It's a good tool for analysis and for SOC. We upload all network detection tools that support FortiSIEM and can investigate for different alerts or vulnerabilities. A great feature is that you can use Python scripting for data stack. It's great for devices that don't generate a genuine local source of information. 

Fortinet FortiSIEM is less costly than other products and is available 24/7.

The most valuable feature of Fortinet FortiSIEM is the user and entity behave as analytics(UEBA). This feature mixes your data and provides useful information based on the behavior of the targeted.

The solution's ability to collect data from different sources is its most valuable feature.

It works exceptionally well when combined with a vulnerability management solution.

I like the Threat Hunting feature which provides complete traffic analysis, like file movement and processes. It's a good feature. 

Fortinet FortiSIEM combines the SOC and NOC into a single solution with a single pane of glass. This feature on its own is next level and its easy to handle.

We have found the most important features in Fortinet FortiSIEM to be the correlation, file utility check, latest file, and hash changes. These features are important for us.

Fortinet FortiSIEM's most valuable feature is the simplicity in handling multi-tenancy and the ability to switch between different clients at the same time. That was handled flawlessly.  

Every feature is good. This is one of the greatest SIEM products on the market. The most valuable feature this solution offers is that it protects the server and the client.

It's very easy for anyone to work with. You don't need any help externally.

I like the various options, including the option for CMDB and the easier access to create rules, playbooks, or use cases. It's also easier to use for creating dashboards and reports.

I’ve used Accelops in multiple different capacities and at several organizations. As far as my current role, I am an operations manager, and it gives me operational oversight. There are things like dashboards and reports (pre-configured and custom) that let me know that things are operating the way they should be, and when they are not. Reports and Alerts help identify security risks, identify performance problems, and help in capacity planning.

FortiSIEM has been a good product. It does everything that it has promised that it can do. It has been very useful to discover new threats from the outside such as external exploits, brute-force, or password tries. 

The most valuable feature of Fortinet FortiSIEM is the correlation of many events.

• Visibility
• Flexibility

The primary valuable feature is that it has replaced a whole lot of other products with one platform. That's a huge win right there. It can take logs from all my devices agentlessly and correlate data. It already has a lot of the advanced analytics and dashboards that we need already built-in.

Accelops is also well positioned within the industry, for example, by partnering with Octave which we're using as a login index for Accelops. We're able to bring up a security operations center, which helps a lot of the newer information security people.

The security notifications and monitoring features.

We already have experience with Fortinet products, so dealing with Fortinet FortiSIEM is not complicated.

FortiSIEM's best features are the dashboards and customization.

One of the most valuable features is that we can combine SOC and NOC operations in the same tool. We can provide NOC and SOC services in the same tool for two separate teams.

There are plenty of third-party solutions that integrate with FortiSIEM. All these solutions already have a ready integration, and we have the possibility to create a custom connector for these solutions. Its reports are also very good.

The seamless integration with FortiGate is the solution's most valuable aspect.

The most valuable features for us are the built-in reports and alerts, along with the extreme flexibility in reporting and rule generation. The logs and search engine are also valuable features.

The most valuable features of Fortinet FortiSIEM are the SD-WAN, Global LAN, and application controls.

• The automation piece -- its ability to dynamically discover which services need to be monitored and to automatically setup the appropriate monitoring.
• We also like the intelligence behind the alerting; we like the out-of-the-box rules that don’t require a lot of tuning.
• The product doesn’t require a lot of manpower, so there isn’t a lot of tuning or management overhead required for it.

There's a great feature on the solution that allows us to analyze security issues and incidents. It automatically allows us to trace any incident. It's an invaluable aspect of the solution. 

The solution has a relatively low cost.

We find the solution to be stable.

It's my understanding that the solution can scale well.

The solution is quite user-friendly.

It's very easy to configure everything, including the VPN. It gives you lots of good options.

The product is quite well-organized. The GUI makes it easy to navigate.

Most of those CM functions and the correlation alerts are very helpful to our clients. 

The network monitoring is one of the most valuable aspects of the solution.

You can scale the solution with ease if you need to expand.

The stability is very reliable. It offers very good performance.

Both the collecting logs and duo correlation are valuable features for us.

Fortinet also offers very good pricing. Their pricing is incredible.

Analytics is the most valuable feature. The business service summaries in the dashboards and the correlations for the SIEM are also valuable features. 

FortiSIEM provides a single PIN to monitor SOC and NOC. It's a nice tool for integration and monitoring. It provides multiple categories for monitoring based on security designations like low, medium, and high. 

The solution is easy to use and user-friendly.

The solution has an all-in-one approach. We buy one product and everything our customer needs is included. He doesn't have to pay any additional licenses to get more functionality, so everything is there and if we have to do any adjustments, it's also done very quickly and easily.

Fortinet FortiSIEM is easy to use.

The CMDB and the device discovery features are most valuable.

The most valuable feature is the differentiator, which has a combination of not only the SOC which covers the security operations aspect, but it also includes NOC capabilities. FortiSIEM uses PAM (Performance, Availability, and Monitoring) from an NOC perspective. So not only do you natively look at security data as most SIEM solutions, but you're also looking at the performance and the availability component of those devices. It's easy for us to coordinate if a security incident occurs. You're not only looking at security logs but you also looking at what could potentially have happened in terms of device performance. So that feature to me already makes it quite a big differentiator in the market, compared to other SIEM tools out there.

The granular monitoring capabilities. Also, it's very configurable.

The advanced agents used to collect logs have been most valuable. We have also made use of the advanced intelligence this solution offers.

The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature. It’s impossible to find an application that supports every device/manufacturer that we have. Thus, being able to write my own parsers for device logs, allows for greater scalability.

It's a very nice solution to work with. It is easy to understand.

The primary thing I use it for is monitoring IPS because we have 12 or 14 Cisco IPS devices, and the Cisco solution for monitoring that many IPS devices is hokey at best, aside from it being expensive. I also use it when we’re trying to track down activity on a particular IP address – I use the query engine to search for things like that.

The comprehensive view of the dashboard and the attribute base interface and the flexibility of implementation methods.

AccelOps can handle a lot of data and it's just so important to true monitoring. That is the strong point of AccelOps.

The second one is detecting. I can create a lot of rules to detect anything I like, and this is another strong point.

It's also the only SIEM platform on the market that has health monitoring capabilities, and correlates. For example, if a service is going down I can detect that it is going down and correlate it. For example, if it's because of an exploit can correlate this. It's a nice feature.

• Log correlation
• Alerting

Analytics. It can provide log information from the device. With log information, I can see if there is a threat

The most valuable feature is the anomaly-reporting alarms.

The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices.