Overview
Product Information on Microsoft Sentinel
What is Microsoft Sentinel?
Microsoft Sentinel Pricing
Overall experience with Microsoft Sentinel
“Automation With Logic Apps Shines, But GUI Features Remain Limited In Sentinel”
“Integration with Microsoft Smooth, Third-Party and Querying Hinder Experience”
About Company
Company Description
Microsoft enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more. Microsoft is dedicated to advancing human and organizational achievement. Microsoft Security helps protect people and data against cyberthreats to give peace of mind.
Company Details
Do You Manage Peer Insights at Microsoft?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
User Sentiment About Microsoft Sentinel
Reviewer Insights for: Microsoft Sentinel
Deciding Factors: Microsoft Sentinel Vs. Market Average
Performance of Microsoft Sentinel Across Market Features
Microsoft Sentinel Likes & Dislikes
KQL is awesome to work with, and easy to pick up and start working with. There are always other things you can really dive into to improve your skills, like functions or setting up ASIM tables to format your data. The transformations on a data collection rule make it very easy to bring in just the data that you need, even if you do pay a bit for some transformation if you are dropping a lot of data.
It is easu to integrate with Microsoft envioronments, both cloud and on-premise
Strong log correlations and analytics across a wide and ever expanding selection of data sources. Integration with the Microsoft Defender portal to have all Microsoft security related data in a common location. Ability to leverage the Customer Community Program to work closely with developers on my deployment needs. New AI features such as Security Copilot and the ability to query data in the data lake with natural language prompts.
Some of the areas of the main page just do not work as expected. For example, on an entity, you can click on it and there is an Insights tab that almost never loads information. The investigation page is almost worthless as well. I love Sentinel for the automation, but the GUI features are just not there, and with the migration into Defender, I don't see them being updated.
What I dont like at all is the thir-party integration, the associated costs when integrating new sources, and keeping in mind that every GB used must be included in the budget. On the other hand, theres the issue of queries, for which you must have knowledge of KQL
The product always seems to be in a state of flux. It's not easy to keep up with new features and I wish there was some sort of versioning to the product. Bundle a bunch of changes into a release at a specified cadence.
Top Microsoft Sentinel Alternatives
Peer Discussions
Microsoft Sentinel Reviews and Ratings
- MANAGER, IT SECURITY AND RISK MANAGEMENT50M-1B USDManufacturingReview Source
Automation With Logic Apps Shines, But GUI Features Remain Limited In Sentinel
Sentinel is by far my favorite SIEM. We migrated away from another vendor and have been all in on Sentinel for about 2 years now. Being able to use Logic apps for automation is great and I just find KQL to be far more intuitive than dealing with SPL, which is likely because the same skills can be used on other various logs in Azure for Diagnostics. - IT Security & Risk Management Associate50M-1B USDSoftwareReview Source
Microsoft Sentinel: The evolving SIEM for the AI Age
Deploying or migrating a SIEM is not an easy task. While we had some teething pains in the beginning of our deployment, Microsoft has continually improved the product, including changes based on feedback I have provided to developers. We require a multi-workspace sentinel environment which was not initially supported by Sentinel. I worked with developers to help test out private-preview features to support the multi-workpace deployment. It - It Security Associate10B+ USDIT ServicesReview Source
Advanced Threat Detection and Investigation Features Available With Kusto Query Language
One of the best SIEM solutions in the market for large as well as small environments. We have been using it for the last few years. It is one of the best SOC platform to hunt for advanced threats using kusto query language. We can also investigate for lateral movement and all the other mitre attacks ttps. - Director of IT10B+ USDManufacturingReview Source
Use of Sentinel Reduces Infrastructure Hassles but Can Complicate Unconnected Integrations
We came from an on-prem solution and capacity based licensing as well as the required infrastructure made it very expensive. With Sentinel we pay for what we use and don't have to worry about growth and scaling of infrastructure. - It Support Specialist1B-10B USDServices (non-Government)Review Source
Real-Time Security Analytics and Centralized Event Management With Microsoft Sentinel
Microsoft Sentinel is helpful in our organization for its effectiveness in security information and event management services. The software provides us with real-time security analytics and real-time threat detection and response. It also provides us with privileged access management and behavioural analytics management. Microsoft Sentinel is easy to deploy and implement and is well suited for centralised event management and real-time log data collection.