Microsoft Sentinel vs SentinelOne Singularity AI SIEM comparison

Microsoft Sentinel vs. SentinelOne Singularity AI SIEM

Download the complete report

Helped 885,789 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Sentinel

Ranking in Security Information and Event Management (SIEM)

4th

Average Rating

8.2

Reviews Sentiment

6.9

Number of Reviews

107

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)

SentinelOne Singularity AI ...

Ranking in Security Information and Event Management (SIEM)

23rd

Average Rating

8.6

Reviews Sentiment

6.1

Number of Reviews

Ranking in other categories

AI Observability (22nd)

Mindshare comparison

As of April 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 4.6%, down from 7.5% compared to the previous year. The mindshare of SentinelOne Singularity AI SIEM is 1.6%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Mindshare Distribution
Product	Mindshare (%)
Microsoft Sentinel	4.6%
SentinelOne Singularity AI SIEM	1.6%
Other	93.8%

Security Information and Event Management (SIEM)

Featured Reviews

Kallamuddin Ansari

Cyber Security Consultant at ProTechmanize

Centralized monitoring has improved threat response but cost control still needs refinement

Based on real operations used in our corporate IT environment, the key features include log correlation and incident view. Microsoft Sentinel's biggest strength is how it correlates multiple related alerts into a single incident. This significantly reduces alert noise and helps the SOC focus on real threats instead of isolated events. Another valuable feature is KQL-based threat hunting with Kusto Query Language. The flexibility of this language allows us to build custom hunting queries based on our environment's behavior. This is extremely useful for detecting low and slow threats or hidden threats that default rules may miss. Cloud-native scalability and stability is another important feature. Being cloud-native, Microsoft Sentinel scales well for medium to large corporate environments without infrastructure management. Stability has been solid in day-to-day production. SOAR automation using playbooks is a feature we highly recommend. Microsoft Sentinel's SOAR functionality helps automate repetitive SOC tasks like alert enrichment and notification. This saves analyst time and improves response consistency.

Read full review

Prince Joseph

Group Chief Information Officer at NeST Information Technologies Pvt Ltd

Advanced AI-driven monitoring has strengthened investigations and now prioritizes critical threats

I would not say there is anything that could be better in SentinelOne Singularity AI SIEM; I think we have seen something unique in the product. This product has the potential to add more SOC functionality on top of its SIEM, which can automate a few more things because I have the information there. I need to do what I would call security agents or agentic AI to be built on top; it can take care of a lot more analysis and actions. Maybe licensing cost can also be looked at and reduced. We are still to see the automated feature work a little bit more; we are not really using it to the full extent.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Microsoft Sentinel has greatly increased our security."

"Sentinel has reduced the work involved in the event investigation by quite a lot."

"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."

"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."

"The product can integrate with any device."

"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."

"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"

"Microsoft Sentinel flags when admin credentials log in from an unusual location, automatically alerting the security team so they can investigate."

More Microsoft Sentinel pros

"AI-driven capabilities will give me real-time detection and will protect my autonomous AI interruption."

"After using SentinelOne Singularity AI SIEM, it has reduced our incident response time by forty to fifty percent compared to other tools."

"SentinelOne Singularity AI SIEM's AI-powered analytics does affect our SOC's ability to reduce false positives; that is one of the biggest advantages because the manpower that I have is limited."

"When they face attacks such as ransomware and are dissatisfied with their existing solutions, they switch to SentinelOne Singularity AI SIEM, which is quite good in detecting unknown threats, cleaning the system, and handling ransomware."

"Overall, I would assess the overall security posture after implementing SentinelOne Singularity AI SIEM as significantly better."

Cons

"Microsoft Sentinel is definitely costly. If we factor in the cost of other services, MCAS, MDI, and Microsoft Defender for Cloud, it gets seriously costly, to the extent that we cannot enable it across the organization."

"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities."

"There is room for improvement in entity behavior and the integration site."

"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."

"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."

"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."

"We have experienced some performance problems in the UK and, when we transferred to a different region, we lost some of our workspaces, which was shocking; if Microsoft needs to failover to another region, the customer should be informed because it affects many things."

"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."

More Microsoft Sentinel cons

"At the moment, I feel the pricing is a little bit on the higher side, but the tool is positioned in a place where risk is very high, and we do not want to take chances, so we are prepared to pay the premium."

"It is quite good, but the only downside is that it is costly."

"In AI SIEM, the areas that have room for improvement are the parsers for third-party integrated data or for third-party data sources that are not native integrations, which could be made a bit easier."

"Another area for improvement is that the product is somewhat expensive. Pricing could be improved as well."

"SentinelOne Singularity AI SIEM has some performance and reliability issues that need improvement."

Pricing and Cost Advice

"Currently, given our use case, the cost of Sentinel is justified, but it is expensive."

"The pricing isn't very high. It depends on the number of logs you have. If you're expecting to ingest 50 to 60G in a day, but you're only ingesting 20 to 25G per day at first and you have a good team to analyze the logs, then you can segregate the ingestion at under 15G."

"It is consumption-based pricing. It is an affordable solution."

"Sentinel's pricing is on the higher side, but you can get a discount if you can predict your usage. You have to pay ingestion and storage fees. There are also fees for Logic Apps and particular features. It seems heavily focused on microtransactions, but they may be slightly optional. By contrast, Splunk requires no additional fee for their equivalent of Logic. You have a little more flexibility, but Sentinel's costs add up."

"It is priced fairly given the value that you get from the use of the product. The biggest mistake people make with Microsoft Sentinel is not understanding the pricing model and the amount of data that they are going to be running through the tool because you are paying based on the flow. You are paying based on the amount of data that is moving through the tool. People do not plan, and therefore, they get surprised by the cost associated with using the tool. They connect everything because they want to know everything, but connecting everything is very expensive."

"Sentinel is a pay-as-you-go solution. To use it, you need a Log Analytics workspace. This is where the logs are stored and the cost of Log Analytics is based on gigabytes... On top of that, there is the cost of Sentinel, which is about €2 per gigabyte. If a customer has an M365 E5 license, the logs that come from Microsoft Defender are free."

"The price is reasonable because Sentinel includes features like user behavior analytics and SOAR that are typically sold separately. Overall, a standalone on-prem solution would require some high-end servers, and there's a different cost. It is a cloud-based solution, so there are backend cloud computing costs, but they are negligible."

"I don't know yet because they gave us a 30-day test window for free."

More Microsoft Sentinel pricing and cost advice

Information not available

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

885,789 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

12%

Financial Services Firm

10%

Manufacturing Company

Government

Construction Company

10%

Healthcare Company

Comms Service Provider

Media Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	41
Midsize Enterprise	22
Large Enterprise	46

No data available

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

What needs improvement with SentinelOne Singularity AI SIEM?

In AI SIEM, the areas that have room for improvement are the parsers for third-party integrated data or for third-party data sources that are not native integrations, which could be made a bit easi...

What is your primary use case for SentinelOne Singularity AI SIEM?

Our use case with SentinelOne Singularity AI SIEM is primarily AI observability for a large part. We are using it for SIEM purposes as well. Prior to the inclusion of Purple AI, it was exclusively ...

What advice do you have for others considering SentinelOne Singularity AI SIEM?

My impression of the AI-driven threat detection capabilities of SentinelOne Singularity AI SIEM is great. I am really looking forward to the upcoming feature with agentic incident investigation. If...

AWS Security Hub vs Microsoft Sentinel

Comparisons

Compared 16% of the time

Cortex XSIAM vs Microsoft Sentinel

Compared 4% of the time

CrowdStrike Falcon vs Microsoft Sentinel

Compared 4% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 4% of the time

Wazuh vs Microsoft Sentinel

Compared 3% of the time

More Microsoft Sentinel Competitors

Fortinet FortiSIEM vs SentinelOne Singularity AI SIEM

Compared 14% of the time

Huntress Managed SIEM vs SentinelOne Singularity AI SIEM

Compared 7% of the time

Huntress Managed EDR vs SentinelOne Singularity AI SIEM

Compared 7% of the time

Wazuh vs SentinelOne Singularity AI SIEM

Compared 6% of the time

Fluency vs SentinelOne Singularity AI SIEM

Compared 4% of the time

More SentinelOne Singularity AI SIEM Competitors

Product Reports

Microsoft Sentinel

Download Microsoft Sentinel product report

SentinelOne Singularity AI SIEM

Download SentinelOne Singularity AI SIEM product report

Also Known As

Azure Sentinel

No data available

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft

SentinelOne Singularity AI SIEM offers comprehensive security information and incident management designed to enhance threat detection, response, and investigation capabilities within enterprise environments.

SentinelOne Singularity AI SIEM is known for its robust capabilities in the realm of cybersecurity, providing organizations with an advanced tool to combat modern threats. The platform integrates machine learning and artificial intelligence to automate threat identification and streamline incident response processes. Its intuitive interface allows teams to manage security events efficiently, ensuring rapid reaction to potential vulnerabilities. As a scalable tool, it adapts to evolving security demands, providing valuable insights to safeguard critical business operations.

What are the important features of SentinelOne Singularity AI SIEM?

Automated Threat Detection: Uses AI to identify threats with minimal human intervention.
Comprehensive Data Analysis: Capable of processing extensive security-related data for informed decision-making.
Real-time Monitoring: Continuously tracks events for immediate alerts on suspicious activities.
Scalability: Adapts to the changing needs of enterprises, maintaining effectiveness at any scale.
Seamless Integration: Easily connects with existing security infrastructure to enhance overall protection.

What are the key benefits or ROI from SentinelOne Singularity AI SIEM?

Improved Security Posture: Enhances the ability to detect and respond to complex threats, minimizing risks.
Operational Efficiency: Automates routine processes, allowing security teams to focus on strategic tasks.
Cost-effectiveness: Reduces the need for extensive manual analysis, cutting down operational costs.
Business Continuity: Protects critical operations from disruptions, ensuring uninterrupted service delivery.
Scalability and Flexibility: Ensures ongoing adaptability to growing and dynamic security demands.

In industries such as finance and healthcare, implementation of SentinelOne Singularity AI SIEM often means tailored solutions to protect sensitive data, meeting regulatory compliance. These sectors appreciate its capability to provide detailed insights and reduce the risk of data breaches, thus preserving stakeholder trust.

SentinelOne

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Information Not Available

Microsoft Sentinel vs. SentinelOne Singularity AI SIEM