Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs SolarWinds Security Event Manager comparison

Microsoft and SolarWinds are both solutions in the Security Information and Event Management (SIEM) category. Microsoft is ranked #4 with an average rating of 8.4, while SolarWinds is ranked #37 with an average rating of 7.5. Microsoft holds a 5.0% mindshare in SIEM, compared to SolarWinds’s 0.8% mindshare. Additionally, 94% of Microsoft users are willing to recommend the solution, compared to 82% of SolarWinds users who would recommend it.
Microsoft Sentinel
Read 103 Microsoft Sentinel reviews
  • 16,259 Views
  • 9,105 Comparison Views
94% willing to recommend
SolarWinds Security Event M...
Read 27 SolarWinds Security Event Manager reviews
  • 1,409 Views
  • 1,339 Comparison Views
82% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 18, 2024

SolarWinds Security Event Manager and Microsoft Sentinel are leading security information and event management solutions with distinct strengths. Based on user reviews and data comparisons, Microsoft Sentinel has the upper hand in features, while SolarWinds excels in pricing and customer support.

Features: SolarWinds is known for its log management, real-time event correlation, and automated threat detection. Microsoft Sentinel stands out with its integration capabilities, advanced analytics, and scalability.

Room for Improvement: SolarWinds users desire better cloud integration and enhanced reporting capabilities. Microsoft Sentinel users seek improvements in alert accuracy and customization options.

Ease of Deployment and Customer Service: SolarWinds benefits from a straightforward deployment process and strong customer support. Microsoft Sentinel has a more complex deployment but offers extensive documentation and support resources.

Pricing and ROI: SolarWinds offers a cost-effective solution with a satisfactory ROI for smaller businesses. Microsoft Sentinel has a higher upfront cost but delivers better long-term ROI due to its advanced features and scalability.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Sentinel vs. SolarWinds Security Event Manager Report (Updated: December 2025).
Buyer's Guide
Microsoft Sentinel vs. SolarWinds Security Event Manager
December 2025
Download the complete report
Helped 879,986 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
103
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)
SolarWinds Security Event M...
Ranking in Security Information and Event Management (SIEM)
37th
Average Rating
7.8
Reviews Sentiment
5.7
Number of Reviews
27
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of January 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 5.0%, down from 7.5% compared to the previous year. The mindshare of SolarWinds Security Event Manager is 0.8%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
Microsoft Sentinel5.0%
SolarWinds Security Event Manager0.8%
Other94.2%
Security Information and Event Management (SIEM)
 

Featured Reviews

RW
Rob Wille
Solutions Architect at a tech vendor with 201-500 employees
Creates value with advanced investigation capabilities while seeking improved integration with varied platforms
My primary improvement request would be for auxiliary logs, as they represent our biggest need. While we have automated deployments now, Microsoft Sentinel is fairly easy to deploy, although we face challenges with integrations related to AWS and GCP, particularly with Google. The integration challenges arise from both sides; Google tends to be noisy, and we find only ten analytic rules out of the box, necessitating the use of Defender for Cloud for alerts, which indicates a need for better documentation during deployment. The story between UEBA and Defender for Identity and Intra needs to be further explored and defined. There's some confusion on what is happening from a user and entity behavior.
Read full review
Yashokanth Partkunan - PeerSpot reviewer
Yashokanth Partkunan
Managed Services Engineer at Loop1 Systems
Has supported client needs efficiently but requires deeper analysis features and faster support
The log analyzing capability of SolarWinds Security Event Manager should go into more depth than the current environment. More modification and enhancements are required on the dashboard side in order to make it closer to optimal performance. From observation and feedback from users, they need more functionality related to monitoring, and in-depth analyzing needs to be improved.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"Microsoft Sentinel's ability to correlate data from multiple sources has enhanced my threat detection capabilities beyond what simple data lake solutions offer."
"Microsoft Sentinel does give me a unified set of tools to detect, investigate, and respond to incidents, and this unified approach is important to me because in today's world with numerous tools available, it's quite important."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
More Microsoft Sentinel pros
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"It's easy to build rules and actions based on the logs and event types we collect with the software."
"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
"SolarWinds is easy to configure, and it provides timely alerts."
"SolarWinds is effective for server, network, and log monitoring. It's also good for IP address management. We also have a patch manager, but we're still working on getting that operational."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network."
"The most valuable feature is the reporting."
More SolarWinds Security Event Manager pros
 

Cons

"The three challenges we have are outside of the Microsoft ecosystem. In New Zealand, there are customers that run dual stack, running Microsoft but also competitor products, EDR software, cloud security software, and other tooling."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
More Microsoft Sentinel cons
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."
"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."
"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."
"I would like to have a more customizable dashboard."
"We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them."
"SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways."
"One of the drawbacks of being so flexible is that it is also a fairly complicated software application to install, configure, and maintain."
More SolarWinds Security Event Manager cons
 

Pricing and Cost Advice

"It varies on a case-by-case basis. It is about $2,000 per month. The cost is very low in comparison to other SIEMs if you are already a Microsoft customer. If you are using the complete Microsoft stack, the cost reduces by almost 42% to 50%. Its cost depends on the number of logs and the type of subscription you have. You need to have an Azure subscription, and there are charges for log ingestion, and there are charges for the connectors."
"It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."
"Sentinel's price is comparable to pretty much everything out there. None of it is cheap, but we didn't think we could save money by going a different route. Sentinel was part of our Azure expenditures, so it was easier to add the expense instead of having a completely separate vendor."
"The combination of the ease of accessibility and the free cost of the service is great. But we buy storage based on our events per second and on how many sources are integrated into the solution."
"We only pay for the amount of data we bring in, which is fair."
"For us, it is not expensive at this time, but if we start to collect all logs from our on-premise SIEM solutions, it will cost more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than what we paid for QRadar."
"The pay-as-you-go model is beneficial to customers."
More Microsoft Sentinel pricing and cost advice
"The pricing model would benefit from having package deals with other SolarWinds products."
"The price of SolarWinds Security Event Manager is reasonable."
"Licensing is on devices, so if you have many, then this may be high."
"We do a yearly license renewal. For a year, the solution costs roughly $500,000 USD. There are no costs beyond this yearly fee."
"Licenses can only be purchased in blocks of fifty at a time."
"It is in the appropriate mid-range. It is not as expensive as some of the other solutions. It is also not cheap."
"The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten."
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
879,986 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
10%
Manufacturing Company
8%
Government
7%
Financial Services Firm
13%
University
12%
Manufacturing Company
10%
Computer Software Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise22
Large Enterprise44
By reviewers
Company SizeCount
Small Business19
Midsize Enterprise3
Large Enterprise7
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
See all answers
What do you like most about SolarWinds Security Event Manager ?
The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers.
See all answers
What is your experience regarding pricing and costs for SolarWinds Security Event Manager ?
The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten.
See all answers
What needs improvement with SolarWinds Security Event Manager ?
The log analyzing capability of SolarWinds Security Event Manager should go into more depth than the current environment. More modification and enhancements are required on the dashboard side in or...
See all answers
 

Comparisons

AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 17% of the time
Cortex XSIAM vs Microsoft Sentinel Logo
Cortex XSIAM vs Microsoft Sentinel
Compared 6% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 5% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 4% of the time
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Compared 4% of the time
More Microsoft Sentinel Competitors
Wazuh vs SolarWinds Security Event Manager Logo
Wazuh vs SolarWinds Security Event Manager
Compared 17% of the time
ManageEngine Log360 vs SolarWinds Security Event Manager Logo
ManageEngine Log360 vs SolarWinds Security Event Manager
Compared 13% of the time
Splunk Enterprise Security vs SolarWinds Security Event Manager Logo
Splunk Enterprise Security vs SolarWinds Security Event Manager
Compared 12% of the time
IBM Security QRadar vs SolarWinds Security Event Manager Logo
IBM Security QRadar vs SolarWinds Security Event Manager
Compared 10% of the time
LogRhythm SIEM vs SolarWinds Security Event Manager Logo
LogRhythm SIEM vs SolarWinds Security Event Manager
Compared 9% of the time
More SolarWinds Security Event Manager Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
December 2025
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
SolarWinds Security Event Manager
December 2025
SolarWinds Security Event Manager reportDownload SolarWinds Security Event Manager product report
 

Also Known As

Azure Sentinel
SolarWinds LEM, Solarwinds SIEM, TriGeo, Log and Event Manager
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft

When TriGeo was acquired by SolarWinds, TriGeo SIM became known as SolarWinds Log & Event Manager. This product is a leading Security Information and Event Management (SIEM) product and log management solution, which provides log collection, analysis, and real-time correlation.

SolarWinds
 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
NetSuite, EasyStreet, Legacy Texas Bank, and Energy Federal Credit Union, to name a few.
Buyer's Guide
Microsoft Sentinel vs. SolarWinds Security Event Manager
December 2025
Free Report: Microsoft Sentinel vs. SolarWinds Security Event Manager
Find out what your peers are saying about Microsoft Sentinel vs. SolarWinds Security Event Manager and other solutions. Updated: December 2025.
DOWNLOAD NOW
879,986 professionals have used our research since 2012.
See our Microsoft Sentinel vs. SolarWinds Security Event Manager report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.