Try our new research platform with insights from 80,000+ expert users

Fortinet FortiSIEM vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Fortinet FortiSIEM
Ranking in Security Information and Event Management (SIEM)
8th
Average Rating
7.6
Reviews Sentiment
6.7
Number of Reviews
73
Ranking in other categories
No ranking in other categories
Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
90
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)
 

Mindshare comparison

As of April 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Fortinet FortiSIEM is 3.1%, up from 3.0% compared to the previous year. The mindshare of Microsoft Sentinel is 7.4%, down from 9.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Oliver Jackson - PeerSpot reviewer
Systems monitoring enhanced by firewall and intrusion detection features
My primary use case for Fortinet FortiSIEM is systems monitoring and alerting. I use it for standard functions like log monitoring, incident detection, and notification.  My customers are mostly medium-sized enterprises ranging from engineering companies, mining companies, independent schools, and…
KrishnanKartik - PeerSpot reviewer
Every rule enriched at triggering stage, easing the job of SOC analyst
It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's easy to manage. There's a web interface and a command line, depending on what the user is comfortable with. There's a large knowledge base available, and the support is timely."
"It is used as an alerting platform."
"Fortinet FortiSIEM is easy to use."
"It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth."
"The product is quite well-organized. The GUI makes it easy to navigate."
"We find the solution to be stable."
"The primary valuable feature is that it has replaced a whole lot of other products with one platform."
"Easy alert setup which enables different alerts in different categories."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The automation feature is valuable."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The UI-based analytics are excellent."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually."
 

Cons

"The biggest thing that could be better is a quicker response to support cases."
"With FortiSIEM, the issue has to do with the ways we can generate a report. It's not as flexible compared to that with other SIEM tools, like Splunk."
"The deployment of the platform took some time to set up and configure."
"There is no proper guide for integration or configuration."
"An improvement would be if FortiSIEM's licensing was based on the number of nodes rather than the EPS."
"Not very good on non-API features, lacks that functionality."
"Areas for improvement would be the ease of use and the integration with Fortinet's own products."
"The process of installing Fortinet FortiSIEM and the customization of the alerts take too long."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"The solution could improve the playbooks."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
 

Pricing and Cost Advice

"Please be cheaper and more simplified."
"They have a yearly subscription."
"Fortinet FortiSIEM is very cost-efficient compared to other SIEM solutions."
"We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that."
"Its price can be better. We are Fortinet partners, so we can get discounts, but its price can be an issue at the beginning for others. There is a licensing scheme for every case. There are three licensing schemes that we can choose from."
"Fortinet FortiSIEM is not an expensive solution."
"Fortinet FortiSIEM is cheaper compared to other products."
"FortiSIEM's licensing is based on EPS, and its pricing is competitive in the market."
"The price is reasonable because Sentinel includes features like user behavior analytics and SOAR that are typically sold separately. Overall, a standalone on-prem solution would require some high-end servers, and there's a different cost. It is a cloud-based solution, so there are backend cloud computing costs, but they are negligible."
"The current licensing is based on the logs that are being ingested on the platform. Most of the SIEM solutions utilize that pricing model, but Microsoft should give us a customization option for controlling the kind of logs that we feed into Microsoft Sentinel. That will be much better. Otherwise, the pricing is a bit higher."
"Microsoft is costlier. Some organizations may not be able to afford the cost of Sentinel orchestration and the Log Analytics workspace. The transaction hosting cost is also a little bit on the high side, compared to AWS and GCP."
"It is priced fairly given the value that you get from the use of the product. The biggest mistake people make with Microsoft Sentinel is not understanding the pricing model and the amount of data that they are going to be running through the tool because you are paying based on the flow. You are paying based on the amount of data that is moving through the tool. People do not plan, and therefore, they get surprised by the cost associated with using the tool. They connect everything because they want to know everything, but connecting everything is very expensive."
"Sentinel's pricing is on the higher side, but you can get a discount if you can predict your usage. You have to pay ingestion and storage fees. There are also fees for Logic Apps and particular features. It seems heavily focused on microtransactions, but they may be slightly optional. By contrast, Splunk requires no additional fee for their equivalent of Logic. You have a little more flexibility, but Sentinel's costs add up."
"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."
"Cost-wise, Sentinel is based on the volume of information being ingested, so it can be quite pricey. The ability to use strategies to control what data is being ingested is important."
"The product is costly compared to Splunk."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
845,589 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
9%
Government
7%
Comms Service Provider
7%
Computer Software Company
16%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Fortinet FortiSIEM?
Fortinet FortiSIEM needs to provide better API integrations to users.
What is your experience regarding pricing and costs for Fortinet FortiSIEM?
As a service, the cost is reasonable and affordable with scalable pricing based on the number of monitored devices. However, setting it up for oneself as an enterprise-licensed product can be quite...
What needs improvement with Fortinet FortiSIEM?
The built-in APIs in Fortinet FortiSIEM are somewhat lacking and could be improved for better integration with external ITSM products. Improving software stability and reducing bugs will make it a ...
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

FortiSIEM, AccelOps
Azure Sentinel
 

Overview

 

Sample Customers

FortiSIEM has hundreds of customers worldwide in markets including managed services, technology, financial services, healthcare, and government. Customers include Aruba Networks, Compushare, Port of San Diego, Cleveland Indians, Infoblox, Healthways, and Referentia.
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about Fortinet FortiSIEM vs. Microsoft Sentinel and other solutions. Updated: February 2025.
845,589 professionals have used our research since 2012.