No more typing reviews! Try our Samantha, our new voice AI agent.

Graylog Security vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Graylog Security
Ranking in Security Information and Event Management (SIEM)
60th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
2
Ranking in other categories
No ranking in other categories
Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
108
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (2nd), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (6th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Graylog Security is 0.6%, up from 0.5% compared to the previous year. The mindshare of Microsoft Sentinel is 3.9%, down from 6.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Microsoft Sentinel3.9%
Graylog Security0.6%
Other95.5%
Security Information and Event Management (SIEM)
 

Featured Reviews

Tony Zafiropoulos - PeerSpot reviewer
Owner/ Chief Engineer at Fixvirus.com
Aggregates logs in one place and helps to review data points
We tried Graylog Security, starting with their inexpensive open-source version. We tested it out and continued using it for a while. As for the main differences between Graylog Security and other vendors, some users might prefer cloud-based platforms over on-premises solutions. It isn't inherently cloud-native, but that might not matter much for some.
Kallamuddin Ansari - PeerSpot reviewer
Cyber Security Consultant at HR Software Solution
Centralized monitoring has improved threat response but cost control still needs refinement
Based on real operations used in our corporate IT environment, the key features include log correlation and incident view. Microsoft Sentinel's biggest strength is how it correlates multiple related alerts into a single incident. This significantly reduces alert noise and helps the SOC focus on real threats instead of isolated events. Another valuable feature is KQL-based threat hunting with Kusto Query Language. The flexibility of this language allows us to build custom hunting queries based on our environment's behavior. This is extremely useful for detecting low and slow threats or hidden threats that default rules may miss. Cloud-native scalability and stability is another important feature. Being cloud-native, Microsoft Sentinel scales well for medium to large corporate environments without infrastructure management. Stability has been solid in day-to-day production. SOAR automation using playbooks is a feature we highly recommend. Microsoft Sentinel's SOAR functionality helps automate repetitive SOC tasks like alert enrichment and notification. This saves analyst time and improves response consistency.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We use the solution to collect logs."
"The tool aggregates logs. We can see the logs in one place."
"Overall, per week, Sentinel saves us 40 to 45 hours, per person."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"The Log analytics are useful."
"We have no complaints about the features or functionality."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"Microsoft Sentinel helps us understand the areas that we have to improve and provides information on our current coverage."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
 

Cons

"Graylog Security needs to incorporate security scorecards."
"However, we are not using it for some features, mainly for cost-related reasons and our company policy."
"Microsoft Sentinel can be improved in that the way it is built today means if you have a third party and you pay for ingestion, this is different than how some of the traditional SIEMs work."
"They take too long to respond, but sometimes they are great."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"When compared to other industry standard SIEM solutions like Splunk or Palo Alto, Microsoft Sentinel can improve a lot."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities."
 

Pricing and Cost Advice

"I rate the tool's pricing a one out of ten."
"It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
"Sentinel is fairly priced and pretty cost-effective."
"The pricing is fair... With a traditional SIEM, you pay a lump sum for licenses. But with Sentinel, it's pay-as-you-go according to the amount of data you inject."
"Sentinel is expensive relative to other products of the class, so it often isn't affordable for small-scale businesses. However, considering the solution has more extensive capabilities than others, the price is not so high. Pricing is based on GBs of ingested daily data, either by a pay-as-you-go or subscription model."
"Microsoft Sentinel is expensive."
"I don't know yet because they gave us a 30-day test window for free."
"I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
"From a cost point of view, it is not a cheap product. It's, like, an enterprise-level application. So if you compare it with a low-level application, it's expensive, but if you compare it with the same-level application, it's pretty much cost-effective, I think."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
903,871 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
14%
Comms Service Provider
10%
Construction Company
7%
Manufacturing Company
7%
Financial Services Firm
11%
Manufacturing Company
10%
Computer Software Company
10%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise24
Large Enterprise46
 

Questions from the Community

Ask a question
Earn 20 points
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

No data available
Azure Sentinel
 

Overview

 

Sample Customers

Information Not Available
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about Graylog Security vs. Microsoft Sentinel and other solutions. Updated: June 2026.
903,871 professionals have used our research since 2012.