Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs SolarWinds Security Event Manager comparison

Microsoft and SolarWinds are both solutions in the Security Information and Event Management (SIEM) category. Microsoft is ranked #4 with an average rating of 8.4, while SolarWinds is ranked #35 with an average rating of 7.7. Microsoft holds a 4.6% mindshare in SIEM, compared to SolarWinds’s 1.0% mindshare. Additionally, 94% of Microsoft users are willing to recommend the solution, compared to 82% of SolarWinds users who would recommend it.
Microsoft Sentinel
Read 104 Microsoft Sentinel reviews
  • 16,593 Views
  • 9,292 Comparison Views
94% willing to recommend
SolarWinds Security Event M...
Read 27 SolarWinds Security Event Manager reviews
  • 1,775 Views
  • 1,704 Comparison Views
82% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Sep 18, 2024

SolarWinds Security Event Manager and Microsoft Sentinel are leading security information and event management solutions with distinct strengths. Based on user reviews and data comparisons, Microsoft Sentinel has the upper hand in features, while SolarWinds excels in pricing and customer support.

Features: SolarWinds is known for its log management, real-time event correlation, and automated threat detection. Microsoft Sentinel stands out with its integration capabilities, advanced analytics, and scalability.

Room for Improvement: SolarWinds users desire better cloud integration and enhanced reporting capabilities. Microsoft Sentinel users seek improvements in alert accuracy and customization options.

Ease of Deployment and Customer Service: SolarWinds benefits from a straightforward deployment process and strong customer support. Microsoft Sentinel has a more complex deployment but offers extensive documentation and support resources.

Pricing and ROI: SolarWinds offers a cost-effective solution with a satisfactory ROI for smaller businesses. Microsoft Sentinel has a higher upfront cost but delivers better long-term ROI due to its advanced features and scalability.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Microsoft Sentinel vs. SolarWinds Security Event Manager Report (Updated: February 2026).
Buyer's Guide
Microsoft Sentinel vs. SolarWinds Security Event Manager
February 2026
Download the complete report
Helped 883,692 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.2
Reviews Sentiment
7.0
Number of Reviews
104
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)
SolarWinds Security Event M...
Ranking in Security Information and Event Management (SIEM)
35th
Average Rating
7.8
Reviews Sentiment
5.7
Number of Reviews
27
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of March 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 4.6%, down from 7.5% compared to the previous year. The mindshare of SolarWinds Security Event Manager is 1.0%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Microsoft Sentinel4.6%
SolarWinds Security Event Manager1.0%
Other94.4%
Security Information and Event Management (SIEM)
 

Featured Reviews

Kallamuddin Ansari - PeerSpot reviewer
Kallamuddin Ansari
Cyber Security Consultant at ProTechmanize
Centralized monitoring has improved threat response but cost control still needs refinement
Based on real operations used in our corporate IT environment, the key features include log correlation and incident view. Microsoft Sentinel's biggest strength is how it correlates multiple related alerts into a single incident. This significantly reduces alert noise and helps the SOC focus on real threats instead of isolated events. Another valuable feature is KQL-based threat hunting with Kusto Query Language. The flexibility of this language allows us to build custom hunting queries based on our environment's behavior. This is extremely useful for detecting low and slow threats or hidden threats that default rules may miss. Cloud-native scalability and stability is another important feature. Being cloud-native, Microsoft Sentinel scales well for medium to large corporate environments without infrastructure management. Stability has been solid in day-to-day production. SOAR automation using playbooks is a feature we highly recommend. Microsoft Sentinel's SOAR functionality helps automate repetitive SOC tasks like alert enrichment and notification. This saves analyst time and improves response consistency.
Read full review
Yashokanth Partkunan - PeerSpot reviewer
Yashokanth Partkunan
Managed Services Engineer at Loop1 Systems
Has supported client needs efficiently but requires deeper analysis features and faster support
The log analyzing capability of SolarWinds Security Event Manager should go into more depth than the current environment. More modification and enhancements are required on the dashboard side in order to make it closer to optimal performance. From observation and feedback from users, they need more functionality related to monitoring, and in-depth analyzing needs to be improved.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"It's a great product."
"The main benefit is the ease of integration."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Microsoft Sentinel's ability to correlate data from multiple sources has improved our capability significantly."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The machine learning and artificial intelligence on offer are great."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
More Microsoft Sentinel pros
"SolarWinds is effective for server, network, and log monitoring. It's also good for IP address management. We also have a patch manager, but we're still working on getting that operational."
"SolarWinds Security Event Manager has been generally working well."
"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."
"We had to integrate with other teams, and the infrastructure deployment didn't take long. The integration involves learning with different teams, networking, and configuring various network devices and servers. Infrastructure deployment only took one or two days."
"SolarWinds is easy to configure, and it provides timely alerts."
"It has in-depth monitoring capabilities and an easy way for setting up dashboards. I can expand in various areas, or I can reduce areas. It supports different types of breakdowns, filters, and rules. It is very simple for an out-of-the-box type of product. It doesn't take a lot of time to figure it out, which is unlike some of the solutions that I have looked at. It meets all the aspects."
"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."
"The product's most effective part in improving security stems from the fact that the solution is deployed for event management, log viewing, and information management."
More SolarWinds Security Event Manager pros
 

Cons

"From a client perspective, they'd like to see more cost savings."
"In terms of improvements, pricing, licensing, and overall cost could be better."
"The solution could improve the playbooks."
"The costs and pricing of Microsoft Sentinel are expensive. That's my biggest complaint, especially from customers who are concerned about the significant expense."
"The SOC optimization feature of Microsoft Sentinel does not appear applicable at the moment in terms of data management and cost efficiency."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
More Microsoft Sentinel cons
"I think the customization area in the tool can be considered as an area of concern where improvements are required."
"Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month."
"There are no multiple dashboards which would allow you to see information side-by-side."
"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."
"The only issue is the pricetag. SolarWinds is a costly solution."
"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."
"SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways."
"We have automated threat detection in the Alliance Security, Antoinette. However, if these features could be further enhanced, it would simplify my work, potentially allowing me to allocate more time to address complex issues."
More SolarWinds Security Event Manager cons
 

Pricing and Cost Advice

"The pricing is based on how much you ingest, so it's pretty straightforward. There are no tiers, and you pay for what you use unlike with other types of SIEM solutions that are usually based on tiers."
"I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
"Sentinel is costly compared to other solutions, but it's fair. SIEM solutions like CrowdStrike charge based on daily log volume. They generally process a set number of logs for free before they start charging. Microsoft's pricing is clearer. It's free under five gigabytes. Some of these logs we ingest have a cost, so they don't hide it. I believe the tenant pays the price, and Microsoft helps create awareness of the cost."
"The combination of the ease of accessibility and the free cost of the service is great. But we buy storage based on our events per second and on how many sources are integrated into the solution."
"Microsoft Sentinel is included in our E5 license."
"Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
"Sentinel is costly."
"I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
More Microsoft Sentinel pricing and cost advice
"Licensing is on devices, so if you have many, then this may be high."
"The pricing model would benefit from having package deals with other SolarWinds products."
"We do a yearly license renewal. For a year, the solution costs roughly $500,000 USD. There are no costs beyond this yearly fee."
"It is in the appropriate mid-range. It is not as expensive as some of the other solutions. It is also not cheap."
"The price of SolarWinds Security Event Manager is reasonable."
"The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten."
"Licenses can only be purchased in blocks of fifty at a time."
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
See recommendations
883,692 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Financial Services Firm
10%
Manufacturing Company
9%
Government
7%
Financial Services Firm
12%
Manufacturing Company
11%
University
10%
Comms Service Provider
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business38
Midsize Enterprise22
Large Enterprise45
By reviewers
Company SizeCount
Small Business19
Midsize Enterprise3
Large Enterprise7
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
See all answers
What is your experience regarding pricing and costs for SolarWinds Security Event Manager ?
The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten.
See all answers
What needs improvement with SolarWinds Security Event Manager ?
The log analyzing capability of SolarWinds Security Event Manager should go into more depth than the current environment. More modification and enhancements are required on the dashboard side in or...
See all answers
What is your primary use case for SolarWinds Security Event Manager ?
I work with all SolarWinds products mostly, including Network Configuration Manager and NPM. I am a reseller. I usually recommend SolarWinds products for Loop1. It's for the bigger ones; we are the...
See all answers
 

Comparisons

AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 18% of the time
SentinelOne Singularity AI SIEM vs Microsoft Sentinel Logo
SentinelOne Singularity AI SIEM vs Microsoft Sentinel
Compared 5% of the time
Cortex XSIAM vs Microsoft Sentinel Logo
Cortex XSIAM vs Microsoft Sentinel
Compared 5% of the time
CrowdStrike Falcon vs Microsoft Sentinel Logo
CrowdStrike Falcon vs Microsoft Sentinel
Compared 4% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 4% of the time
More Microsoft Sentinel Competitors
Splunk Enterprise Security vs SolarWinds Security Event Manager Logo
Splunk Enterprise Security vs SolarWinds Security Event Manager
Compared 13% of the time
Wazuh vs SolarWinds Security Event Manager Logo
Wazuh vs SolarWinds Security Event Manager
Compared 9% of the time
ManageEngine Log360 vs SolarWinds Security Event Manager Logo
ManageEngine Log360 vs SolarWinds Security Event Manager
Compared 8% of the time
Coralogix vs SolarWinds Security Event Manager Logo
Coralogix vs SolarWinds Security Event Manager
Compared 8% of the time
Fortinet FortiSIEM vs SolarWinds Security Event Manager Logo
Fortinet FortiSIEM vs SolarWinds Security Event Manager
Compared 7% of the time
More SolarWinds Security Event Manager Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
February 2026
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
SolarWinds Security Event Manager
February 2026
SolarWinds Security Event Manager reportDownload SolarWinds Security Event Manager product report
 

Also Known As

Azure Sentinel
SolarWinds LEM, Solarwinds SIEM, TriGeo, Log and Event Manager
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft

When TriGeo was acquired by SolarWinds, TriGeo SIM became known as SolarWinds Log & Event Manager. This product is a leading Security Information and Event Management (SIEM) product and log management solution, which provides log collection, analysis, and real-time correlation.

SolarWinds
 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
NetSuite, EasyStreet, Legacy Texas Bank, and Energy Federal Credit Union, to name a few.
Buyer's Guide
Microsoft Sentinel vs. SolarWinds Security Event Manager
February 2026
Free Report: Microsoft Sentinel vs. SolarWinds Security Event Manager
Find out what your peers are saying about Microsoft Sentinel vs. SolarWinds Security Event Manager and other solutions. Updated: February 2026.
DOWNLOAD NOW
883,692 professionals have used our research since 2012.
See our Microsoft Sentinel vs. SolarWinds Security Event Manager report.

We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.