Try our new research platform with insights from 80,000+ expert users

Google Chronicle Suite vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
4.5
Google Chronicle Suite enhanced threat detection, automated processes, improved analytics, and increased operational efficiency with cost savings and scalability.
Sentiment score
7.3
Users find Microsoft Sentinel offers positive ROI through improved visibility, automation, and efficiency, despite initial costs and quantification challenges.
 

Customer Service

Sentiment score
8.0
Google Chronicle Suite's customer service is well-regarded, with effective support teams and improvements in recent technical staff hiring.
Sentiment score
6.7
Microsoft Sentinel support is mixed; premium plans and better Microsoft relationships yield favorable experiences despite some challenges.
The technical support I’ve received is rated an eight out of ten.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Working with a Sentinel engineer helped us tune settings effectively.
 

Scalability Issues

Sentiment score
8.2
Google Chronicle Suite is praised for its exceptional scalability and performance, efficiently handling large data volumes and diverse business needs.
Sentiment score
8.1
Microsoft Sentinel's cloud architecture ensures scalable, flexible data handling with minimal management, supporting large user bases and easy integration.
Chronicle Suite is fully scalable with a rating of seven or eight out of ten in scalability.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
 

Stability Issues

Sentiment score
7.8
Google Chronicle Suite is viewed as stable with minor issues, rated highly by most users after two years of testing.
Sentiment score
7.8
Microsoft Sentinel is highly stable and reliable, with users praising its performance and noting rare, minor configuration issues.
So far, we have not experienced any issues, and it has been stable from the beginning.
Sentinel's stability is great.
 

Room For Improvement

Google Chronicle Suite faces usability challenges with setup, configuration, and interface, needing better integration and user experience.
Microsoft Sentinel users seek improved third-party integration, user-friendly features, enhanced threat intelligence, and streamlined data management to reduce costs.
The graphical user interface could be improved to enhance user experience.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
 

Setup Cost

Google Chronicle Suite's pricing is variable; costs depend on usage, potentially cheaper than competitors, with extra fees possible.
Microsoft Sentinel offers cost-effective, consumption-based pricing, benefiting from Azure integration with careful data management to control expenses.
I experience Chronicle as less expensive and less complicated than Azure.
We already had the necessary licensing for Sentinel, so we didn't need to spend extra money.
 

Valuable Features

Google Chronicle Suite offers fast threat hunting, AI intelligence, and seamless integration with scalable design and user-friendly interface.
Microsoft Sentinel offers seamless integration, AI-driven threat detection, and automation, providing comprehensive security and ease of setup for organizations.
They also combine their source solution into one product, allowing for out-of-the-box playbook creation and incident response.
It is also cost-effective, charged based on use per second rather than data volume.
Custom workbooks are valuable. It is one of the crucial points in dealing with potential security threats in an automated way without requiring too much manpower.
 

Categories and Ranking

Google Chronicle Suite
Ranking in Security Information and Event Management (SIEM)
12th
Average Rating
8.0
Reviews Sentiment
7.1
Number of Reviews
11
Ranking in other categories
No ranking in other categories
Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
89
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th), AI-Powered Cybersecurity Platforms (6th)
 

Mindshare comparison

As of February 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Google Chronicle Suite is 3.4%, up from 1.0% compared to the previous year. The mindshare of Microsoft Sentinel is 7.7%, down from 9.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Rene Schouten. - PeerSpot reviewer
Harnesses anomaly detection and automated response for efficient threat management
I really appreciate the anomaly detection and machine learning capabilities that identify unusual patterns without needing signatures. The automated response feature allows for immediate actions like isolating infected machines or blocking malicious IP addresses. It is also cost-effective, charged based on use per second rather than data volume. Additionally, the solution supports annual audits and ensures compliance.
KrishnanKartik - PeerSpot reviewer
Every rule enriched at triggering stage, easing the job of SOC analyst
It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
838,640 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
13%
Retailer
9%
Manufacturing Company
7%
Computer Software Company
16%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Google Chronicle Suite?
Google Chronicle Suite is a highly scalable solution with good search capabilities.
What is your experience regarding pricing and costs for Google Chronicle Suite?
I experience Chronicle as less expensive and less complicated than Azure. While Azure is rated at an eight out of ten in terms of pricing, Chronicle is at a six out of ten.
What needs improvement with Google Chronicle Suite?
It is still not mature enough. If I create some content, there might be roadblocks, although this could change in the future. As of now, it is an immature solution with potential for improvement. I...
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

No data available
Azure Sentinel
 

Overview

 

Sample Customers

Information Not Available
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about Google Chronicle Suite vs. Microsoft Sentinel and other solutions. Updated: February 2025.
838,640 professionals have used our research since 2012.