Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs Tines comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Orchestration Automation and Response (SOAR)
1st
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
90
Ranking in other categories
Security Information and Event Management (SIEM) (3rd), Microsoft Security Suite (5th), AI-Powered Cybersecurity Platforms (6th)
Tines
Ranking in Security Orchestration Automation and Response (SOAR)
12th
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
4
Ranking in other categories
Threat Intelligence Platforms (18th)
 

Mindshare comparison

As of March 2025, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Microsoft Sentinel is 19.6%, down from 20.6% compared to the previous year. The mindshare of Tines is 5.9%, up from 3.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

KrishnanKartik - PeerSpot reviewer
Every rule enriched at triggering stage, easing the job of SOC analyst
It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free
VikramSingh8 - PeerSpot reviewer
Automation simplifies workflows with no code and excellent support
Reporting and dashboards could be more advanced for deeper analysis. Tines has its own dashboard, which displays information like how many stories have been created and how many automations have taken place. However, the reporting and dashboard are not advanced; they are quite basic, with fewer customizable options. The look and feel of the dashboard could be enhanced. Another area for improvement is in terms of documentation, as every tool and company has its own knowledge base.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The machine learning and artificial intelligence on offer are great."
"Free ingestion for Azure logs (with E5 licence)"
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"Sentinel pricing is good"
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The most valuable features for us include threat collection, threat detection, response, and the knowledge base for investigation."
"The best thing is that it's no code, so it doesn't require coding knowledge."
"One of the most valuable features is that it’s a low-code solution."
"The best advantage is the no-code automation, excellent customer support services, and ease of integration with other tools."
"The tool was vendor-neutral."
 

Cons

"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"There is room for improvement in terms of integrations."
"We do see continuous improvement all the time, however, I haven't got a specific feature that is lacking or not well designed."
"Reporting and dashboards could be more advanced for deeper analysis."
"They started implementing some AI, and their AI is isolated."
"Tines was a little bit more expensive than Torq."
"Maybe Tines can add more features and demonstrations, like videos on how to use the features within the tool."
 

Pricing and Cost Advice

"The pricing isn't very high. It depends on the number of logs you have. If you're expecting to ingest 50 to 60G in a day, but you're only ingesting 20 to 25G per day at first and you have a good team to analyze the logs, then you can segregate the ingestion at under 15G."
"Microsoft Sentinel is included in our E5 license."
"It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."
"The price is reasonable because Sentinel includes features like user behavior analytics and SOAR that are typically sold separately. Overall, a standalone on-prem solution would require some high-end servers, and there's a different cost. It is a cloud-based solution, so there are backend cloud computing costs, but they are negligible."
"I don't know yet because they gave us a 30-day test window for free."
"From a cost point of view, it is not a cheap product. It's, like, an enterprise-level application. So if you compare it with a low-level application, it's expensive, but if you compare it with the same-level application, it's pretty much cost-effective, I think."
"Sentinel's price is comparable to pretty much everything out there. None of it is cheap, but we didn't think we could save money by going a different route. Sentinel was part of our Azure expenditures, so it was easier to add the expense instead of having a completely separate vendor."
"Microsoft Sentinel is pretty expensive, and they recently announced that they will increase the price of all Microsoft services running in Azure by 11 percent. Luckily, I'm not responsible for the financial side. For one of my clients, the estimated cost is 880,000 euros for one year. There are additional costs for the service agreement."
Information not available
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
842,651 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
Computer Software Company
15%
Financial Services Firm
12%
Manufacturing Company
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What needs improvement with Tines?
Reporting and dashboards could be more advanced for deeper analysis. Tines has its own dashboard, which displays information like how many stories have been created and how many automations have ta...
What is your primary use case for Tines?
I am Vikram Singh, I work for top service based multinational brand and I am responsible for delivering Tines services. Essentially, I am working on it, and I am leading one of the source services ...
What advice do you have for others considering Tines?
When you start working with Tines, ensure you pursue the Tines certifications. They offer these free certifications when they become your partner. Overall, I would rate Tines a nine out of ten.
 

Comparisons

 

Also Known As

Azure Sentinel
No data available
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Information Not Available
Find out what your peers are saying about Microsoft Sentinel vs. Tines and other solutions. Updated: March 2025.
842,651 professionals have used our research since 2012.