Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs RSA enVision comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
3rd
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
98
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)
RSA enVision
Ranking in Security Information and Event Management (SIEM)
28th
Average Rating
7.2
Reviews Sentiment
6.7
Number of Reviews
6
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of August 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 6.6%, down from 8.4% compared to the previous year. The mindshare of RSA enVision is 0.3%, down from 0.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Ivan Angelov - PeerSpot reviewer
Threat detection and response capabilities enhance investigation processes
My security team has been using Microsoft Sentinel for around two years. We also have Bastion and SolarWinds as part of our monitoring tools. We use a three-way tool, alongside Microsoft Sentinel, in our environment The most valuable features for us include threat collection, threat detection,…
reviewer1093020 - PeerSpot reviewer
Though the solution offers good technical support, it needs to be made more user-friendly
I rate the initial setup a seven and a half out of ten. So, it's closer to seven. The tool is deployed in our organization on-premises with some test servers. In only two tests in a test environment, the deployment can be carried out. The deployment time only depends on the size of your infrastructure. If I limit the company's size, it will not take too much time. So, it can be done in seven to eight hours. Regarding the deployment process, we have managed some test servers, after which we need to install some agents. If you include more servers, you need to install more agents. If you want to use agent-based, I would say that it is totally up to the stakeholder. You will get some additional benefits if you can choose the agent since you will be more assured that less positive false positive results you will get from the tool. For deployment, one test server, a few deployment servers, and some policy configurations are done by the OEM with some local support. We used some Windows servers and Linux servers, and we installed some agents in different types of operating systems. So different versions of Linux and different versions of Windows. We also integrate some network devices like firewalls to integrate firewalls and logs. So, the amount of logs and firewalls is too much. I have to engage too many employees for deployment. So there are those for Linux servers, others for Windows servers, and the rest for network devices. One for SIEM policy creation and one for SIEM management administration is also required.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The machine learning and artificial intelligence on offer are great."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"We developed around this solution and received excellent support from the company."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The most valuable feature of this solution is the reporting."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
 

Cons

"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"I think the number one area of improvement for Sentinel would be the cost."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The pricing could be improved."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Licensing could be improved to be more oriented towards Managed Service Providers (MSPs)."
"In general, the solution currently isn't user-friendly."
"The integration could be easier, it should support more products."
"RSA enVision log manager is out of date and is not in use anymore."
 

Pricing and Cost Advice

"Microsoft Sentinel is expensive."
"It is priced fairly given the value that you get from the use of the product. The biggest mistake people make with Microsoft Sentinel is not understanding the pricing model and the amount of data that they are going to be running through the tool because you are paying based on the flow. You are paying based on the amount of data that is moving through the tool. People do not plan, and therefore, they get surprised by the cost associated with using the tool. They connect everything because they want to know everything, but connecting everything is very expensive."
"The pricing isn't very high. It depends on the number of logs you have. If you're expecting to ingest 50 to 60G in a day, but you're only ingesting 20 to 25G per day at first and you have a good team to analyze the logs, then you can segregate the ingestion at under 15G."
"I don't know yet because they gave us a 30-day test window for free."
"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
"The product is costly compared to Splunk."
"Microsoft can enhance the licensing side. I feel there is confusion sometimes... They should have a single license in which we have the opportunity to use the EDR or CASB solution."
"It is consumption-based pricing. It is an affordable solution."
"We no longer pay a licensing fee because it is out of date and don't pay for support."
"On a scale of one to ten, where one is low, and ten is high price, I rate the pricing a six."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
865,384 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
11%
Manufacturing Company
8%
Government
8%
Manufacturing Company
21%
Comms Service Provider
11%
Retailer
7%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What needs improvement with RSA enVision?
Licensing could be improved to be more oriented towards Managed Service Providers (MSPs). Perhaps offering different types of licensing would be beneficial, as it can be expensive for industries wi...
What advice do you have for others considering RSA enVision?
Overall, I would rate it a nine out of ten. I recommend using it, but it also depends on the needs and the budget. If I still had my company, I think we would continue using RSA enVision. However, ...
What is your experience regarding pricing and costs for RSA enVision?
It's competitive, but they need to adapt to MSPs. Maybe that's not their target market, though.
 

Also Known As

Azure Sentinel
No data available
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
BPS (SUISSE), Hypovereinsbank Germany, MAX Hamburgers, Infoplex, Neotel, Telus
Find out what your peers are saying about Microsoft Sentinel vs. RSA enVision and other solutions. Updated: July 2025.
865,384 professionals have used our research since 2012.