Fortinet FortiSIEM Reviews

We use the on-prem model of this solution. Our primary use case is for malware and behavior monitoring. We also use it to monitor system performance and user behavior. 

The most valuable feature is the dashboard. CMDB database collects data from a lot of pre-configured devices. 

The performance can be improved. Sometimes it takes a long time to fetch data. 

It is very stable. 

Scalability is very good. We currently have 150 users using this solution. We don't have plans to increase usage at the moment. 

We implemented through Fortinet professional services. We were one of the first customers to implement the new version and it was a bit complex. I believe it has become easier. Deployment took them only a few hours. It didn't take a long time. 

I would rate it an eight out of ten. They should implement better behavior monitoring features to make it a perfect ten. It should also have better integration with their own products. They have a lot of interfaces for other products but it's not so easy to integrate their own devices. 

I would recommend this solution to someone considering it. 

We're using FortiSIEM as the main metadata server for all the security and infrastructure devices. We integrate a lot of nodes, switches, firewalls, and sandboxes with it to gain and covers performance, availability, change, and security monitoring aspects of network devices, servers, and applications.

FortiSIEM gives us a lot of valuable events and details by using a unified event-based framework to analyze all data including logs, performance monitoring data and provides a broad range of metrics.

The comprehensive view of the dashboard and the attribute base interface and the flexibility of implementation methods.

 The Fortinet Fabric should be more easy more friendly to use. They use a different parsing log format.

for example Symantec ATP is not supported by FortiSIEM. Our reseller provided us FortiSIEM as a service. They should also provide us with a dashboard to monitor and to deploy a correlations.

I think fortinet should improve the AI correlations by combining advanced statistical and heuristic analysis with behavioral whitelisting .

Stability is the main feature we had looked for because of our environment, i.e. why we chose FortiSIEM. The stability is good. We just install a connector on the supervisor outside. 

With the stability of the connector, we faced some problems. The reseller asked us to reinstall the connector. The problem was with the reseller, not the connector.

We used the solution's technical support for a lot of cases and tickets. Their responses are very good, kind, and quick. 

They have a poor correlation. They didn't use any new concepts like Fortinet. They just display the logs as it is with no attribute base.

The initial setup with Fortinet FortiSIEM Accelops was not easy. We had faced a few problems. but I think Fortinet should give more training courses for their resellers.

We needed to find what the weak points were.  in our network. Our deployment took up to two months. 

We were looking to deploy a unique correlation between nodes. We wanted to track the packets from our clouds Services like cloud sandbox and anti-spam to log our end-to-end connections.

The reseller told us that they comply with our solution. After that, we figured out that it was not going to very easy. FortiSIEM doesn't support ATP Symantec. 

They also did not support our web gateway log format.

The interface is  easy to use but initial setup is not . The connector in the core has FortiSIEM support from the vendor. FortiSIEM supports a lot of vendors. It is a good product for us.

I rank it as eight on a scale from one to ten. because It doesn't support a lot of vendors and also the FortiSIEM still not common to use with fortinet partner maybe they doesn't give adequate training.

We are a partner, and we use this solution to ingest our customers' syslogs data for their firewalls.

This solution allows us to ingest syslogs from Fortinet firewalls and other products into what we call FortiSIEM. This is a processor that correlates it with the event types and incidents. It gives us the opportunity to generate notifications based upon rules that get triggered, and the rules could be specific to PCI, HIPAA, GIBA, NIST, and so forth. All of these incidents are now correlated and sent up to a dashboard or emailed, where, as a SOC, we can review these incidents and triage the necessary resolution.

The backup and recovery process for this solution needs improvement.

I would like to see a database with more structure in terms of maintenance and ease of use. The process of creating is much simpler than that of duplication. The procedures are not proper for handling its PostgreSQL database.

I would say that this solution is stable when it is configured and deployed by the Fortinet professional team.

The scalability is there, and you can expand on the EPS (Events Per Second) as needed.

We do plan on selling this service to our customers that can see the benefit in it. We will probably introduce an incident response application to help triage incidents at a faster level.

Technical support is very good. The people in support are excellent, and they know this product in and out. They are very quick to respond and the resolution is very quick.

The initial setup for this solution is straightforward, although we are not yet in full production. During the past two years, while we have been implementing, we have found a lot of bugs in the software. As such, we're still not in a state where we can go into full production. For example, if you are certified for PCI then one of the standards is that you have to have proper backup recovery in place. This solution is lapsing in that area. 

Two staff are required for deployment and maintenance.

We used Fortinet consultants for the deployment.

We bought the perpetual license, so we own the product, but there is a three-year support renewal fee for that.

We did evaluate Splunk before choosing this solution, but it was too much on the high end for our business model.

We are very impressed with this product. However, they have to fix their backup and recovery procedure and provide a good DR service without charging for a secondary license.

I would rate this solution a seven and a half out of ten.

We are a system integrator and we resell this solution.

Some of our customers who use this solution have seen improvement in their connection with load balancing on both connections.  

Our customers are noticing configuration available in the GUI interface and I think that they should be equal.

Stability and scalability are perfect. 

The initial setup wasn't complex. It took three days to deploy and we required two people for the deployment. 

I would rate it a nine out of ten. The configuration should be equal with the GUI interface. 

My primary use case is that it is an analyst tool for hunting on your site network.

The platform is nice. It is not easy to implement, but once you do so, there is a lot of value from the platform. 

AccelOps can handle a lot of data and it's just so important to true monitoring. That is the strong point of AccelOps.

The second one is detecting. I can create a lot of rules to detect anything I like, and this is another strong point.

It's also the only SIEM platform on the market that has health monitoring capabilities, and correlates. For example, if a service is going down I can detect that it is going down and correlate it. For example, if it's because of an exploit can correlate this. It's a nice feature.

I think all SIEM platforms have a problem handling a lot of data. My response is "it depends." Depends on the people, depends on the product, depends on the technology. To implement any technology you need good people, and this is independent of the label of the company or technology. The stability is not bad, it's not good. It's a complicated question.

I don't have any feature for load-sharing or high-availability, and these are important things to implement. I can do the same things in another way, but not naturally having these features makes it complicated. For example, the design is bad because you have one supervisor on one machine and you handle everything off this machine supervisor. It is a design problem. The technology also has limitations because you have a lot of memory and a lot of processors, but you have a limit with processors and memory, which causes problems with scalability. 

It's equal to any technical support. You need to go to level one, level two, level three to reach their engineers. It is complicated. With any technology it is like this. But my level of skill here is high, and going to level one, level two, level three is complicated. You have a ladder to solve the problems quickly. That's the problem. Any platform, any vendor has the same problem. You need to go through levels until you find one guy who can solve your problem.

I used a solution previously. I switched because I needed evolving technology. I needed to evolve to smart features.

The most important criteria when selecting a vendor is price. After that it's detection.

For the first steps you have some help. At the beginning you have priority support, you have engineers. After that you pay.

It's complex because you need to evaluate a lot of things.

I advise that you should plan your financial resources and plan the platform. Also, be sure to test the performance ability, as well as scalability. 

From CMDB configuration monitoring, it can provide information changes.

Analytics. It can provide log information from the device. With log information, I can see if there is a threat

In the CMDB configuration monitoring. Example, if there is a configuration on the wrong side of the network or there are changes that result in harm to our IT infrastructure, the solution should immediately fix it.

Yes.

Yes.

Very good.

FortiSIEM is better than previous products.

Complex due to the configuration.

Please be cheaper and more simplified.

Yes, but I cannot mention it because of privacy issues.

Please do a PoC.

It is provides extremely fast and flexible query of logs/events on the network. For example, it’s easy to write a quick query for all the “authentication” requests on the network, regardless of where they came from, i.e., during the past days, weeks or months.

The ability to write my own parsers for the devices that are not supported by Fortinet is the most valuable feature. It’s impossible to find an application that supports every device/manufacturer that we have. Thus, being able to write my own parsers for device logs, allows for greater scalability.

The reporting feature is not very attractive for the upper management and I am not able to perform complex/nested queries. However, it does function well for our day-to-day operations.

We did experience some stability issues. The parser engine crashes often, but it does recover without any noticeable impact to the performance or service.

There were no scalability issues; the product scales well for us.

Support was very good when owned by AccelOps. I have not opened any recent cases with Fortinet since its buyout.

The setup was pretty complex, but we had great support from AccelOps.

I haven’t looked at the latest offerings or licensing models since Fortinet bought this product. Previously, AccelOps was looking to add other Tableau reporting modules for more complex reporting purposes. This was not attractive to us, due to the high cost of Tableau's licensing. Also, it required licensing for an event forwarding engine to be installed on the servers. The cost was getting high when we looked at licensing for 50-plus servers.

We only evaluated this solution and loved the capabilities that it offers. We decided to take a chance and I’m not sorry that we did. Overall, the experience has been very positive.

Make sure you size the solution to the number of devices and servers on the network. Don’t be afraid to add additional workers.

Try to avoid using WMA formats for log retrieval of the busy servers; this is extremely resource-intensive. Price out the event forwarding engine that they offer and add it to your budget.