No more typing reviews! Try our Samantha, our new voice AI agent.

Graylog Security vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Graylog Security
Ranking in Security Information and Event Management (SIEM)
60th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
108
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (2nd), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (6th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Graylog Security is 0.6%, up from 0.5% compared to the previous year. The mindshare of Microsoft Sentinel is 3.9%, down from 6.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Microsoft Sentinel3.9%
Graylog Security0.6%
Other95.5%
Security Information and Event Management (SIEM)
 

Featured Reviews

Tony Zafiropoulos - PeerSpot reviewer
Owner/ Chief Engineer at Fixvirus.com
Aggregates logs in one place and helps to review data points
We tried Graylog Security, starting with their inexpensive open-source version. We tested it out and continued using it for a while. As for the main differences between Graylog Security and other vendors, some users might prefer cloud-based platforms over on-premises solutions. It isn't inherently cloud-native, but that might not matter much for some.
Kallamuddin Ansari - PeerSpot reviewer
Cyber Security Consultant at HR Software Solution
Centralized monitoring has improved threat response but cost control still needs refinement
Based on real operations used in our corporate IT environment, the key features include log correlation and incident view. Microsoft Sentinel's biggest strength is how it correlates multiple related alerts into a single incident. This significantly reduces alert noise and helps the SOC focus on real threats instead of isolated events. Another valuable feature is KQL-based threat hunting with Kusto Query Language. The flexibility of this language allows us to build custom hunting queries based on our environment's behavior. This is extremely useful for detecting low and slow threats or hidden threats that default rules may miss. Cloud-native scalability and stability is another important feature. Being cloud-native, Microsoft Sentinel scales well for medium to large corporate environments without infrastructure management. Stability has been solid in day-to-day production. SOAR automation using playbooks is a feature we highly recommend. Microsoft Sentinel's SOAR functionality helps automate repetitive SOC tasks like alert enrichment and notification. This saves analyst time and improves response consistency.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use the solution to collect logs."
"The tool aggregates logs. We can see the logs in one place."
"Sentinel is the best solution that we use."
"The UI-based analytics are excellent."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"If you have cloud-based workloads and different cloud or cloud lookalike services that require security data, or if you are looking for SOAR functionalities, then it's a no brainer."
"Microsoft Sentinel is an awesome SIEM/SOAR tool for customers with active Cloud presence."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
 

Cons

"Graylog Security needs to incorporate security scorecards."
"The playbook is a bit difficult and could be improved."
"The reporting could be more structured."
"Professional support is not that great. Often, I'd rather not involve them."
"The product can be improved by reducing the cost to use AI machine learning."
"Driving deeper integration with the Defender XDR portal within Microsoft Sentinel, which is being done, and continuing to increase the number of third-party data connectors available is important."
"The troubleshooting has room for improvement."
"Microsoft Sentinel should continue adding support for several other security brands because sometimes you have a firewall from a different brand and if you cannot correlate or integrate that seamlessly, it creates multiple points of checking information, which diminishes efficiency."
"However, I do have challenges with KQL, and I believe they could work on making the language more user-friendly."
 

Pricing and Cost Advice

"I rate the tool's pricing a one out of ten."
"Microsoft Sentinel's pricing is relatively expensive and extremely confusing."
"Microsoft is costlier. Some organizations may not be able to afford the cost of Sentinel orchestration and the Log Analytics workspace. The transaction hosting cost is also a little bit on the high side, compared to AWS and GCP."
"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."
"Microsoft Sentinel is expensive."
"Sentinel is fairly priced and pretty cost-effective."
"The product is costly compared to Splunk."
"It is priced fairly given the value that you get from the use of the product. The biggest mistake people make with Microsoft Sentinel is not understanding the pricing model and the amount of data that they are going to be running through the tool because you are paying based on the flow. You are paying based on the amount of data that is moving through the tool. People do not plan, and therefore, they get surprised by the cost associated with using the tool. They connect everything because they want to know everything, but connecting everything is very expensive."
"Cost-wise, Sentinel is based on the volume of information being ingested, so it can be quite pricey. The ability to use strategies to control what data is being ingested is important."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
904,016 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
14%
Comms Service Provider
10%
Construction Company
7%
Manufacturing Company
7%
Financial Services Firm
11%
Manufacturing Company
11%
Computer Software Company
10%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise24
Large Enterprise46
 

Questions from the Community

Ask a question
Earn 20 points
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

No data available
Azure Sentinel
 

Overview

 

Sample Customers

Information Not Available
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about Graylog Security vs. Microsoft Sentinel and other solutions. Updated: June 2026.
904,016 professionals have used our research since 2012.