Try our new research platform with insights from 80,000+ expert users
Microsoft Sentinel Logo

Microsoft Sentinel pros and cons

Vendor: Microsoft
4.1 out of 5
Badge Ranked 1
307 followers
Post review

Pros & Cons summary

Microsoft Sentinel offers powerful AI and machine learning for efficient threat detection and response. It integrates with Microsoft services, enhancing user experience and operational continuity. Kusto Query Language supports detailed data analysis. Automation through Azure Logic Apps streamlines incident response. It is cost-effective for Microsoft platform users, yet challenging documentation and integration with third-party solutions remain. An alternative to KQL is needed for users lacking query language expertise, affecting functionality.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Microsoft Sentinel offers a comprehensive set of features that enhance security, such as seamless integration with other Microsoft products, advanced threat detection capabilities, and automated response playbooks.
The tool streamlines security operations by offering a unified approach to managing incidents, reducing the need for multiple platforms.
Microsoft Sentinel provides powerful analytics and machine learning capabilities, helping organizations efficiently predict and address potential security threats.
The usability and accessibility of Microsoft Sentinel are enhanced due to its cloud-based nature, facilitating easy setup and scalability without the burdens of managing physical infrastructure.
Microsoft Sentinel is highly integrative, supporting a wide range of data connectors from various vendors, which enables a more extensive monitoring and security framework.

CONS

Microsoft Sentinel could improve its integration with third-party security products and SIEM solutions, as some essential connectors and capabilities are missing.
The cost and pricing model of Microsoft Sentinel are areas that require improvement, as clients find it confusing and expensive.
Documentation for Microsoft Sentinel, especially around the Kusto Query Language, should be enhanced to assist users lacking Microsoft certification or expertise.
There is a need for more out-of-the-box connectors and analytics rules tailored to specific industries within Microsoft Sentinel.
Ingestion of logs and data from various sources in Microsoft Sentinel can be delayed and inconsistent, impacting performance and transparency.
 

Microsoft Sentinel Pros review quotes

AG
Jul 18, 2023
It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment.
Read full review
reviewer6632 - PeerSpot reviewer
Oct 19, 2022
Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself.
Read full review
reviewer1954005 - PeerSpot reviewer
Sep 3, 2022
The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us.
Read full review
Buyer's Guide
Microsoft Sentinel
November 2024
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
816,192 professionals have used our research since 2012.
KrishnanKartik - PeerSpot reviewer
Aug 17, 2022
You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer.
Read full review
reviewer2269308 - PeerSpot reviewer
Sep 1, 2023
The automation feature is valuable.
Read full review
Lowie Daniels - PeerSpot reviewer
May 9, 2023
It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions.
Read full review
reviewer2034450 - PeerSpot reviewer
Jan 25, 2023
Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment.
Read full review
FA
Nov 13, 2022
I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box.
Read full review
Nitin Arora - PeerSpot reviewer
Nov 2, 2022
Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible.
Read full review
AidanMcLaughlin - PeerSpot reviewer
Aug 8, 2022
The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one.
Read full review
Show 10 more reviews (out of 89)
 

Microsoft Sentinel Cons review quotes

AG
Jul 18, 2023
Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems.
Read full review
reviewer6632 - PeerSpot reviewer
Oct 19, 2022
I think the number one area of improvement for Sentinel would be the cost.
Read full review
reviewer1954005 - PeerSpot reviewer
Sep 3, 2022
Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities.
Read full review
Buyer's Guide
Microsoft Sentinel
November 2024
Free Report: Microsoft Sentinel Reviews and More
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
DOWNLOAD NOW
816,192 professionals have used our research since 2012.
KrishnanKartik - PeerSpot reviewer
Aug 17, 2022
Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider.
Read full review
reviewer2269308 - PeerSpot reviewer
Sep 1, 2023
The playbook is a bit difficult and could be improved.
Read full review
Lowie Daniels - PeerSpot reviewer
May 9, 2023
It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more.
Read full review
reviewer2034450 - PeerSpot reviewer
Jan 25, 2023
The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress.
Read full review
FA
Nov 13, 2022
We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules.
Read full review
Nitin Arora - PeerSpot reviewer
Nov 2, 2022
They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work.
Read full review
AidanMcLaughlin - PeerSpot reviewer
Aug 8, 2022
Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language.
Read full review
Show 10 more reviews (out of 88)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite

Popular Comparisons

Popular Comparisons
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
LogRhythm SIEM vs Microsoft Sentinel Logo
LogRhythm SIEM vs Microsoft Sentinel
Sumo Logic Security vs Microsoft Sentinel Logo
Sumo Logic Security vs Microsoft Sentinel
Rapid7 InsightIDR vs Microsoft Sentinel Logo
Rapid7 InsightIDR vs Microsoft Sentinel
Fortinet FortiSIEM vs Microsoft Sentinel Logo
Fortinet FortiSIEM vs Microsoft Sentinel
Devo vs Microsoft Sentinel Logo
Devo vs Microsoft Sentinel
AlienVault OSSIM vs Microsoft Sentinel Logo
AlienVault OSSIM vs Microsoft Sentinel
Securonix Next-Gen SIEM vs Microsoft Sentinel Logo
Securonix Next-Gen SIEM vs Microsoft Sentinel
Cortex XSIAM vs Microsoft Sentinel Logo
Cortex XSIAM vs Microsoft Sentinel
USM Anywhere vs Microsoft Sentinel Logo
USM Anywhere vs Microsoft Sentinel
Exabeam vs Microsoft Sentinel Logo
Exabeam vs Microsoft Sentinel
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Security Orchestration Automation and Response (SOAR)
Microsoft Security Suite

Popular Comparisons

Popular Comparisons
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
LogRhythm SIEM vs Microsoft Sentinel Logo
LogRhythm SIEM vs Microsoft Sentinel
Sumo Logic Security vs Microsoft Sentinel Logo
Sumo Logic Security vs Microsoft Sentinel
Rapid7 InsightIDR vs Microsoft Sentinel Logo
Rapid7 InsightIDR vs Microsoft Sentinel
Fortinet FortiSIEM vs Microsoft Sentinel Logo
Fortinet FortiSIEM vs Microsoft Sentinel
Devo vs Microsoft Sentinel Logo
Devo vs Microsoft Sentinel
AlienVault OSSIM vs Microsoft Sentinel Logo
AlienVault OSSIM vs Microsoft Sentinel
Securonix Next-Gen SIEM vs Microsoft Sentinel Logo
Securonix Next-Gen SIEM vs Microsoft Sentinel
Cortex XSIAM vs Microsoft Sentinel Logo
Cortex XSIAM vs Microsoft Sentinel
USM Anywhere vs Microsoft Sentinel Logo
USM Anywhere vs Microsoft Sentinel
Exabeam vs Microsoft Sentinel Logo
Exabeam vs Microsoft Sentinel
See all alternatives
Related questions
  • 184
What are your approaches on Azure Sentinel content deployment automation?
  • 642
Which is better - Azure Sentinel or AWS Security Hub?
  • 152
What is a better choice, Splunk or Azure Sentinel?
  • 124
Which solution do you prefer: Microsoft Sentinel or Palo Alto Networks Cortex XSOAR?
  • 447
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 100
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 217
What are the main differences between Nessus and Arcsight?
  • 345
Which is the best SIEM solution for a government organization?
  • 1,800
What is the difference between IT event correlation and aggregation?
  • 295
What Is SIEM Used For?