Sentinel's GUI design is similar to Microsoft Windows. If you are comfortable with using Windows, you will be comfortable using Sentinel because their icons are similar. Sentinel's integration is pretty easy.
Sentinel's management is very easy because Microsoft guides everything through icons, design, and documentation. The solution's model is pretty good. The solution's Kusto Query Language (KQL) execution time is pretty good.
One good thing I like about Sentinel is its automation. You can automatically respond to the incident via the logic app. You don't need to know about coding and complexity. Everyone who uses Sentinel in my circle has been praising the solution.
Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar.
I have been working with Sentinel for almost three years.
Sentinel is a very, very scalable solution. People are now migrating towards Sentinel. Around seven to eight of our customers are using Sentinel.
Since Sentinel is under Microsoft's management, they are responsible for scaling the solution. Sentinel is very scalable. It will automatically scale up, and it will automatically scale down when there is no requirement.
Sometimes, you come across people unfamiliar with the solution, but most of the time, Microsoft support is pretty good.
Sentinel's initial setup is not very easy. You will have to perform some steps, but everything is guided properly. They will tell you what is your next step.
It is a little bit complex when it comes to custom integrations, and you need to understand a little bit of Azure architecture to meet those integrations. However, it is easier for basic integration with well-known devices like Windows and Linux.
I haven't been in those situations where I had to deploy Sentinel, but I know from experience that deploying the solution will take one to two days.
You have to buy your subscription on Azure since it's a cloud-based solution. After getting your subscription, you will need to make sure that you are also subscribing to Sentinel Service, which is on Azure.
Then, you have to create the log analytics workspace, include that workspace under the subscription, and start integrating the log sources via data connectors. You will see those logs in the Sentinel. It takes 15 to 20 minutes to get your Sentinels, and then you can use those data connectors to integrate the logs.
Sentinel is a subscription-based solution. You will have to pay weekly or monthly costs based on your deal with your Azure cloud provider.
Sentinel is a cloud-based solution.
I would recommend users to use Sentinel. If users are paying for the service, they should make sure to use each and everything they know about it. Users should not pay for things that they are not using. Sentinel has a lot of potential that people don't know.
Overall, I rate Sentinel eight and a half out of ten.
