Microsoft Sentinel vs SolarWinds Security Event Manager comparison

Microsoft Sentinel vs. SolarWinds Security Event Manager

Download the complete report

Helped 814,649 peers since 2012

Categories and Ranking

Microsoft Sentinel

Ranking in Security Information and Event Management (SIEM)

2nd

Average Rating

8.2

Reviews Sentiment

7.1

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th)

SolarWinds Security Event M...

Ranking in Security Information and Event Management (SIEM)

20th

Average Rating

7.8

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of November 2024, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 10.8%, down from 12.8% compared to the previous year. The mindshare of SolarWinds Security Event Manager is 0.6%, down from 0.8% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM)

Featured Reviews

Nitin Arora

Security Delivery Senior Analyst at Accenture

Nov 2, 2022

Gives us one place to investigate and respond to threats, and automation eliminates manual work

They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.

Read full review

Alex Kinyanjui

Enterprise Cloud Infrastructure Engineer at Safaricom

May 24, 2024

A stable and scalable solution that provide 24/7 monitoring

We have to protect customer data, including any PII, accessed via the internet terminal. Additionally, we need to monitor events from network devices and servers that may raise suspicion, allowing us to analyze them and determine what is occurring. SolarWinds affected your overall security costs. Considering the nature of our traffic, it has been very effective. We have proactively identified and addressed issues before they escalate into incidents. I've noticed a reduced investment in handling event-related cases with SolarWinds Security Event Manager. This reduction includes reducing human resources and the time required for teams to provide 24/7 monitoring. Consequently, there has been a significant decrease in costs. Additionally, the platform enables us to address issues before they escalate into incidents, thus preventing revenue leakage. As a result, the organization experiences reduced costs and avoids revenue leakage. Since the SolarWinds Security Event Manager implementation, the total budget allocated to security has been reduced by close to five percent. Initially, there was a heavy investment in that aspect, but we have observed this reduction in the allocated budget for the security team. Since implementing SolarWinds Security Event Manager, the team members' pressure has been reduced. They can now concentrate on more critical tasks and development, promoting growth within their department rather than solely focusing on incident monitoring. I recommend the solution. Overall, I rate the solution an eight out of ten.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The connectivity and analytics are great."

"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."

"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."

"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."

"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."

"The in-built SOAR of Sentinel is valuable. Kusto Query Language is also valuable for the ease of writing queries and ease of getting insights from the logs. Schedule-based queries within Sentinel are also valuable. I found these three features most useful for my projects."

"Log aggregation and data connectors are the most valuable features."

"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."

More Microsoft Sentinel pros

"It supports high availability, which is very helpful."

"It's easy to build rules and actions based on the logs and event types we collect with the software."

"SolarWinds' stability is fine. I don't think we've had any software issues."

"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."

"The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers."

"It's extremely easy to deploy."

"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."

"The most valuable feature is the reporting."

More SolarWinds Security Event Manager pros

Cons

"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."

"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."

"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."

"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."

"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."

"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."

"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."

"There is room for improvement in entity behavior and the integration site."

More Microsoft Sentinel cons

"We have automated threat detection in the Alliance Security, Antoinette. However, if these features could be further enhanced, it would simplify my work, potentially allowing me to allocate more time to address complex issues."

"There are no multiple dashboards which would allow you to see information side-by-side."

"There is no correlation made between log entries, so no threat information is presented."

"The reporting could be more robust. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment."

"The product should improve the ease with which you can create event alerts. They are not as hard now but you need to have an easier way."

"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."

"We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them."

"One of the drawbacks of being so flexible is that it is also a fairly complicated software application to install, configure, and maintain."

More SolarWinds Security Event Manager cons

Pricing and Cost Advice

"The are two native advantages for customers that use M365 Security and Sentinel. The first advantage is that the log or security-event ingestion into Sentinel is free. Cost-wise, they're saving a lot and that is a major advantage."

"The pricing isn't very high. It depends on the number of logs you have. If you're expecting to ingest 50 to 60G in a day, but you're only ingesting 20 to 25G per day at first and you have a good team to analyze the logs, then you can segregate the ingestion at under 15G."

"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."

"Microsoft Sentinel can be costly, particularly for data management."

"Microsoft Sentinel is pretty expensive, and they recently announced that they will increase the price of all Microsoft services running in Azure by 11 percent. Luckily, I'm not responsible for the financial side. For one of my clients, the estimated cost is 880,000 euros for one year. There are additional costs for the service agreement."

"I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."

"Sentinel is expensive relative to other products of the class, so it often isn't affordable for small-scale businesses. However, considering the solution has more extensive capabilities than others, the price is not so high. Pricing is based on GBs of ingested daily data, either by a pay-as-you-go or subscription model."

"Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."

More Microsoft Sentinel pricing and cost advice

"It is in the appropriate mid-range. It is not as expensive as some of the other solutions. It is also not cheap."

"The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten."

"Licenses can only be purchased in blocks of fifty at a time."

"We do a yearly license renewal. For a year, the solution costs roughly $500,000 USD. There are no costs beyond this yearly fee."

"The pricing model would benefit from having package deals with other SolarWinds products."

"The price of SolarWinds Security Event Manager is reasonable."

"Licensing is on devices, so if you have many, then this may be high."

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

814,649 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

16%

Financial Services Firm

10%

Government

Manufacturing Company

Educational Organization

75%

Computer Software Company

Financial Services Firm

University

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

What do you like most about SolarWinds Security Event Manager ?

The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers.

What is your experience regarding pricing and costs for SolarWinds Security Event Manager ?

The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten.

What needs improvement with SolarWinds Security Event Manager ?

I think the customization area in the tool can be considered as an area of concern where improvements are required In the future, I want to see the tool have better customization abilities with som...

AWS Security Hub vs Microsoft Sentinel

Comparisons

Compared 20% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 10% of the time

Cortex XSIAM vs Microsoft Sentinel

Compared 7% of the time

Wazuh vs Microsoft Sentinel

Compared 6% of the time

Google Chronicle Suite vs Microsoft Sentinel

Compared 5% of the time

More Microsoft Sentinel Competitors

Wazuh vs SolarWinds Security Event Manager

Compared 25% of the time

Splunk Enterprise Security vs SolarWinds Security Event Manager

Compared 17% of the time

Microsoft Defender XDR vs SolarWinds Security Event Manager

Compared 13% of the time

IBM Security QRadar vs SolarWinds Security Event Manager

Compared 10% of the time

ManageEngine Log360 vs SolarWinds Security Event Manager

Compared 9% of the time

More SolarWinds Security Event Manager Competitors

Product Reports

Microsoft Sentinel

Download Microsoft Sentinel product report

SolarWinds Security Event Manager

Download SolarWinds Security Event Manager product report

SolarWinds Security Event Manager report

Also Known As

Azure Sentinel

SolarWinds LEM, Solarwinds SIEM, TriGeo, Log and Event Manager

Learn More

Microsoft

SolarWinds

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

When TriGeo was acquired by SolarWinds, TriGeo SIM became known as SolarWinds Log & Event Manager. This product is a leading Security Information and Event Management (SIEM) product and log management solution, which provides log collection, analysis, and real-time correlation.

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

NetSuite, EasyStreet, Legacy Texas Bank, and Energy Federal Credit Union, to name a few.

Microsoft Sentinel vs. SolarWinds Security Event Manager