Microsoft Sentinel Reviews

We use this solution for analyzing Microsoft cloud-based log services and for security data. The services include Microsoft 365, Azure Security Center logs and Microsoft cache logs. We are gold security partners with Azure. 

The UI-based analytics are excellent, it's something I haven't seen with any other SIEM products. Microsoft has excellent tools for cleaning data, sorting out irrelevant log data and even fixing log data.

There's not much that needs improvement but the on-prem log sources still require a lot of development. It's clear that there are limitations there. I also think that the implementation and on-prem data sources could be done in a better way. We've used some functions with Python and whole scripting on FortiSIEM, which is something that Microsoft could easily provide, but so far hasn't.

The product has been very reliable. I don't know that there have been any service outbreaks. We haven't had any problems. 

We have 700 users and from our perspective, it has unlimited processing power, but this is quite common for cloud services. I think the scalability has to be some kind of ABM and feeding all of the log stats, which could possibly have limits, but Azure has huge computing power behind it.

The support is good, the only issue is getting past the level one people who ask if you've tried rebooting. If you have Microsoft's Unified Support, the most expensive support, then you'll be very happy. It's not the best support in the industry, but it's pretty good and they also support Sentinel. 

The initial setup was extremely straightforward. It was the easiest I have seen because it's an SaaS service. I think anybody can do it by just clicking and clicking and saying yes. Straight out of the box and that's the strength of the SaaS service because there's no installation, you just use it. 

We compared Azure to Splunk and to our current mainstream implementation, FortiSIEM. If you have a lot of security data, then you feel that Azure is quite expensive but it's nowhere near as costly as Splunk which is four or five times more expensive. FortiSIEM wasn't good enough and Splunk was way to expensive. 

I would definitely recommend this solution. If you have cloud-based workloads and different cloud or cloud lookalike services that require security data, or if you are looking for SOAR functionalities, then it's a no brainer. It's the best in that market. On the other hand, if you are mainly working and operating with on-prem stuff then there's no advantage over FortiSIEM or other solutions. 

I rate this solution a nine out of 10. 

Security incident and event management. Threat detection and automated response.

It is a software as a service from Microsoft.

Reduced mean time to detect and resolve

Quickly able to cover a majority of mitre att&ck techniques

Free to ingest Azure logs with E5 license

Free ingestion for Azure logs (with E5 licence)

It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks.

It has basic out-of-the-box integrations with multiple log sources.

Add more out-of-the-box connectors with other SaaS platforms/applications.

12 months

No stability issues encountered.

It is scalable as a SaaS offering, but there is a consumption cost to consider.

Cybersecurity team uses this on a daily basis.

We work together very well with local MS Team.

The initial setup was simple. All that was needed was to put agents onto our infrastructure.

Integration more complex for non-MS SaaS and OS, but do-able using middleware.

It was done in-house.

It is an evergreen service.

What is the cost of lack of visibility?  Average cost of breach = $$$

It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure

Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit.

Others were considered however being an E5 M365 and Azure user this was by far the preferred solution.

It is fairly new but making a charge up the market anayses.  Should be considered if you have E5 licence due to native and 'free' ingestion of M365 logs.

We haven't used all of its capability yet because we haven't had the time yet to implement it all, and it appears that the MS roadmap for Sentinel is being actively invested in.

We primarily use the solution for security operations. 

It has a lot of great features. 

The integrations on offer are very good. They have a lot of frequent updates on the integrations as well. 

We also use other Microsoft products with it, such as Active Directory and Defender for Endpoint and Identity. Everything is well integrated together. The integration itself is seamless.

Its connectors are helpful.

We get good logs from the solution.

Threat visibility is good so far. We are able to prioritize threats based on many factors.

The comprehensiveness of the solution is good. 

The alert response could be better. We'd also like a better ticketing system, which is older.

I've been using the solution for two years.

I'd rate the solution nine out of ten.

It is for tracking the logs. I'm working on automation. So, the use case basically includes logs, incidents, automation, UEBA, and endpoint integration with Office 365 Defender.

We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable.

Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex. 

I just started using it. I have just set it up.

It is stable.

It is scalable.

I haven't dealt with Microsoft's tech support. I haven't reached out to them.

It was of medium complexity. It wasn't too bad, but it can be complex because of the connectors.

I don't know yet because they gave us a 30-day test window for free. 

Because it is mainly artificial intelligence and machine learning, you would need some time to learn it. It is a good solution, and it is straightforward.

I would rate it a six out of 10. I haven't really dealt with other ones.

We actually use it for queuing logs and checking log systems that we have downloading from other devices to see if there are any issues. For example, if we get an alert, then we triage it and query the logs and the devices that we're looking for.

Microsoft Sentinel has greatly increased our security. We can quickly complete our investigation by using Sentinel and get to the results and escalation points.

The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases.

Microsoft Sentinel is able to figure out what type of attack is occurring. It will tell you whether it is a DDoS attack, whether someone's trying to scam the site, or if someone is doing a group force attack. That is, Microsoft Sentinel will actually tell you what it is based on the type of activities it's seeing on the web server. It's a smart tool.

If I'm typing queries, it knows what I'm looking for.

If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have.

I just started using Microsoft Sentinel and have used it for two months.

As for availability, I haven't seen any downtime or any issues with the services yet. The stability looks like it's 99.9% and is great.

I believe that Sentinel is good at scaling up their database or services. We are a large company with big data and have thousands of users.

I have used Splunk, which has similar log type of queries. I feel that Sentinel is smarter. It is able to detect what type of attacks are occurring, unlike Splunk, which is just a query log tool.

There's Elastic ELK, which is similar to Splunk, but it isn't a smart tool like Sentinel is. 

Sentinel is at the top of the tools that I've used so far in terms of smart tools.

Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect.

If you're using the cloud and Azure, I would really recommend Sentinel as it will keep making sure that the devices that you have in your environment are safe. Sentinel is very smart at detecting what type of attack is occurring and is actually able to detect and tell us the type of hash file. It is is able to go on the internet, look at the virus total, and see if this is a virus, scam, or phishing. I like how it's able to detect it and how we can make it learn what type of spam or email issue query it is. So, it's a very adaptive type of tool.

I would rate Microsoft Sentinel at ten on a scale from one to ten.

We use it on a public cloud. We have integrated Azure Lighthouse with Azure Sentinel Security. By integrating all of these, Azure Security Center and Azure Defender, we are providing an MSSP platform to our customers.

With other solutions, you see some restrictions for collecting the log from custom connectors. With Azure Sentinel, we do have some restrictions or sometimes we need to struggle with the connection, but there is no need to struggle with the log connection. There is 100% integration to your enterprise environment. This makes it easy to monitor and keep a track record for vulnerabilities and track whatever things are lurking in your network. They also have their custom alert tools, alerting the analytics team, where we can receive custom alerts based on our custom requirements. This has helped our organization a lot. Then with Azure Lighthouse, we can manage multiple customers with one platform, so on a single interface, we manage a number of customers that are using the Lighthouse service from the Azure.

In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store With Azure it is a built-in thing, so there is no need to go and search for another vendor or integrate your solution for the store with a third-party.

They could use some kind of workbook. There is some limitation doing the editing and creating the workbook. That would improve it. Sometimes you will find some network issue, and network error with the Azure Sentinel portal. That's the biggest drawback I found with the Sentinel. It would be great if would provide PIP platforms. They do have PI platforms but they don't have PIP.

My organization partners with Microsoft, so we are working on an MSSP with Azure.

The technical support for Azure Sentinel is quite good. You have one level up from the basic support so you will definitely get to Microsoft support directly and actually have a conversation with Microsoft technical guys for the support team and they will resolve your issues very quickly.

The setup for Azure Sentinel is very straightforward. You only need a subscription and for that subscription, you just need the admin roles. So if you are an admin and if you do have the Microsoft certification, you can make a Microsoft Azure account then it's very easy to setup and it's very easy to onboard the Sentinel.

Azure Sentinel s actually quite handy, and very adaptive to the market trends. Anyone who is looking for the same store, creating their complete security solution for their enterprise, for the effective security solution, and for data integration, they must go with the Azure Sentinel as they are going to get everything in one place. I would rate Azure Sentinel at an eight on a scale of ten.

The primary use case is the same use case as Splunk.

Requirements differ. We're still doing fine-tuning. However, lots of users are added to its security group to note activities.

So far, the solution has been perfect. 

The pricing of the product is excellent.

So far, we have found the stability to be very good.

The solution, as a SIEM tool, has very good integration capabilities, at least, according to our needs.

We have just recently migrated to this product. We haven't used it long enough to note all of the features. Therefore, it would be impossible to note what is lacking just yet.

The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.

We've recently migrated to this solution. We've only been using it for a month.

The stability of the product is very good. It doesn't have bugs. It's not glitchy. It doesn't crash or freeze. It's been reliable so far.

As a Microsoft product, customers get scalability and elasticity. We have policies in place, and, based on them, we can upgrade if we need to. A company shouldn't have issues scaling should they have the need to expand. 

Only the security team uses this product. It's not accessible for every user. We have a team of about 20.

We have just invested in the solution, and therefore we have plans to use it for the foreseeable future.

We do have access to support, and if we need them, we can call on them. However, the solution is so new, we have yet to need their services. Therefore, I can't speak to their level of responsiveness or knowledgeability just yet.

The installation is very straightforward and easy. It's not complex. It's a cloud deployment, and therefore, it is very quick. You just connect the APIs to the data center.

The product is extremely cost-effective and affordable for customers.

I'm more on the technical side. Therefore, I don't have any insights into the actual cost or the structure of the license.

We looked at Splunk as well and compared to that solution, this one is less expensive.

We're using the latest version of the solution.

Choosing this solution was a management decision. Due to cost-effectiveness, they opted for Azure Sentinel.

Whether this product would work for another organization or not depends on the company's requirements.

As it is still very early in terms of our experience with the solution, I would rate the product at a six out of ten.

We are security system integrators. 

We have no complaints about the features or functionality.

Azure Sentinel, the Microsoft Azure product is, from what I understand, used for the Microsoft applications. I don't know if it works outside of the Microsoft Azure cloud.

I would like to be able to monitor applications outside of the Azure Cloud. That is one of the reasons one of the customers has multiple tools.

I have been using Azure Sentinel for approximately one year.

It's free. It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else. That'd be great if it was supporting other things.

If it's a security integrator like us, quite often people push the client into buying different vendors' products and the client already has the tool in-house. Microsoft is one of those tools that most clients already have.

Many vendors, or integrators, that we know of, are not familiar with Microsoft Sentinel product classification security. So that's one thing I would encourage both potential customers, and users, to look into what suite of products do they have with existing Microsoft accounts that they have. 

Also, the integrators should be quite familiar with all the things that are available to their clients, so they don't have to invest tons of money in other tools.

Based on having no complaints, I would rate Azure Sentinel an eight out of ten.