We have been using this tool for two years now and it has helped us to have more visibility of the threats or possible threats that we could have in our network, as well as having reports of the devices that are part of our infrastructure and that it needs to comply with security standards, as well as being able to fulfill the role of auditor when required.

What I like the most about this tool is its potential to be able to monitor, discover and collect information from the devices on our network, which makes it a powerful tool for collecting information that will later be helpful in detecting abnormalities and threats in our network. infrastructure

At the moment I have nothing negative to add to the tool since it has worked very well for us and is fulfilling its role.

FortiSIEM has allowed us as an organization to scale office branches and manage them efficiently without over-spending on transportation and extra resource acquisition in terms of human resources and we can simply manage and support branches from a centralized location for almost all support issues raised.

First and foremost, i specifically like its robustness and flexibility and can accommodate most network infrastructure devices. By offering one centralized management point, administrators and users and react and act on support issues in different branches, update device firmware and manage devices much simpler. These ability to manage different devices in different branches from one centralized console proves to also be a big factor economically and no extra resources are needed to visit the branches in different geographical locations nor any extra IT staff needed.

As good as FortiSIEM is, unfortunately it best works and can be fully utilized best when dealing with Fortinet Products. Connection from different network infrastructure products is great but in some cases prove to be hectic when trying to support and resolve support issues.

It's a great system overall, except for a few bugs and the fact that the reporting could be improved. The only big issue is the fact that since they lack support engineers, it can take a very long time to get anything resolved when there is an issue.

Very straightforward and it makes it very easy to manage alerts.

It's extremely difficult to build custom reports and the support is mediocre - they do not have enough ressources.

The functionality and visualization that it offers me in my network, to be able to act proactively in the event of any incident. This solution allows me to have all the events that happen in all my network equipment from the different vendors.

As good as FortiSIEM is, it unfortunately works better and can be used better when it comes to Fortinet products. Connecting different network infrastructure products is great, but sometimes hectic when it comes to providing support and resolving support issues and it takes a bit of time and effort to fully understand and implement the tool correctly.

I have had good experiences using this Siem solution, currently I have a deployment of 80 devices nationwide and having all the logs in a single solution that allows me to quickly generate the cases of one.

that it is a solution that is very complete for the management of the logs and the correlation of events and that also has a friendly interface and it is easy to create the use cases I need for the reports

One of the few points that I don't like is the amount of time in the implementation since having to configure all the computers to send all the logs to Siem requires many hours of work.

With this product this year we have found threats and we have been able to respond in time and isolate the problem, it has been very helpful in our network

It is a very good product for the early detection of threats in your network, you can collect data to respond correctly and quickly.

some knowledge is needed to implement, it may be that you need help from your provider, this would be the only thing that could say negative

We can set the priority by categorizing all syslog messages.

You need to allocate time for each category and separate the important ones among thousands of notifications.

we have been using this tool to keep a track of security threats and breaches and see who is access what resource and from what location/IP Address so that we can take action and terminate any unauthorized access or threat.

requires a little bit of time and effort to fully grasp and implement the tool properly.

A complex tool with lots of features.

Lots of features included. Both SOC and a NOC in the same deployment.

Setting up was complex. Also the licencing model.

Useful and powerful features. Easy to monitor and access logs. Enabling rules makes it easy. Creating reports and searching for specific data is easy.

Exporting data or creating reports for a large set of data (more than 60 days) will take a lot of time and resources.