We performed a comparison between Elastic Security and Microsoft Sentinel based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions are extremely reliable. Elastic Security is very flexible and very customizable. Microsoft Sentinel is a more comprehensive solution, provides more user options, and is very easy to use. Additionally, Microsoft Sentinel is the best option for organizations that are heavily vested in a Microsoft ecosystem.
"Elastic provides the capability to index quickly due to the reverse indexes it offers. This data is crucial as it contains critical information. The reverse index allows fast data indexing because of Elastic's efficient search engine."
"The product has huge integration varieties available."
"ELK Logstash is easy and fast, at least for the initial setup with the out of box uses."
"It is scalable."
"Elastic is straightforward, easy to integrate, and highly customizable."
"The visualization is very good."
"The feature that we have found the most valuable is scalability."
"The intelligence of the system has been very impressive. It's not quite AI, but the technical bit where it correlates information, based on the seen attacks within an organization is good."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The UI of Sentinel is very good and easy to use, even for beginners."
"One thing they could add is a quick step to enable users who don't have a solid background to build a dashboard and quickly search, without difficulty."
"There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM."
"Elastic Security could improve the documentation. It would help if they were more simple and clean."
"Elastic Security's maintenance is hard and its scalability is a challenge. There are complications in scaling and upgrading. The solution needs to also provide periodic upgrade checks."
"There are connectors to gather logs for Windows PCs and Linux PCs, but if we have to get the logs from Syslog then we have to do it manually, and this should be automated."
"It would be better if Elastic Security had less storage for data. My customers do not like this. Other vendors have local support in different countries, but Elastic Security doesn't. I would like to have Operational Technology (OT) security in the next release."
"I would like more ways to manage permissions and restrict access to certain users."
"Better integration with third-party APMs would be really good."
"The AI capabilities must be improved."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The on-prem log sources still require a lot of development."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The playbook is a bit difficult and could be improved."
"I would like to see more AI used in processes."
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 59 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews. Elastic Security is rated 7.6, while Microsoft Sentinel is rated 8.2. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Wazuh. See our Elastic Security vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.