Try our new research platform with insights from 80,000+ expert users
Sherif Salama - PeerSpot reviewer
Sr. Cloud & Security Consultant at EJADA
Consultant
It gives us good visibility into our whole environment
Pros and Cons
  • "We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
  • "If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."

What is our primary use case?

We use Sentinel to monitor events and incidents that occur on our tenant. It covers all the servers and applications in the cloud, too. 

What is most valuable?

We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility.  

What needs improvement?

If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable. 

For how long have I used the solution?

We've been using Microsoft Sentinel for nearly 20 years. 

Buyer's Guide
Microsoft Sentinel
November 2024
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.

How was the initial setup?

Sentinel isn't very easy to set up, especially when we're trying to connect to a server at the entry point. We run into some configuration issues when connecting. 

What other advice do I have?

I rate Microsoft Sentinel eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Harsimran Sidhu - PeerSpot reviewer
Security Analyst at SecureOps
Real User
Has a fast log query feature and can detect what type of attack is occurring
Pros and Cons
  • "The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
  • "If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."

What is our primary use case?

We actually use it for queuing logs and checking log systems that we have downloading from other devices to see if there are any issues. For example, if we get an alert, then we triage it and query the logs and the devices that we're looking for.

How has it helped my organization?

Microsoft Sentinel has greatly increased our security. We can quickly complete our investigation by using Sentinel and get to the results and escalation points.

What is most valuable?

The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases.

Microsoft Sentinel is able to figure out what type of attack is occurring. It will tell you whether it is a DDoS attack, whether someone's trying to scam the site, or if someone is doing a group force attack. That is, Microsoft Sentinel will actually tell you what it is based on the type of activities it's seeing on the web server. It's a smart tool.

If I'm typing queries, it knows what I'm looking for.

What needs improvement?

If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have.

For how long have I used the solution?

I just started using Microsoft Sentinel and have used it for two months.

What do I think about the stability of the solution?

As for availability, I haven't seen any downtime or any issues with the services yet. The stability looks like it's 99.9% and is great.

What do I think about the scalability of the solution?

I believe that Sentinel is good at scaling up their database or services. We are a large company with big data and have thousands of users.

Which solution did I use previously and why did I switch?

I have used Splunk, which has similar log type of queries. I feel that Sentinel is smarter. It is able to detect what type of attacks are occurring, unlike Splunk, which is just a query log tool.

There's Elastic ELK, which is similar to Splunk, but it isn't a smart tool like Sentinel is. 

Sentinel is at the top of the tools that I've used so far in terms of smart tools.

What's my experience with pricing, setup cost, and licensing?

Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect.

What other advice do I have?

If you're using the cloud and Azure, I would really recommend Sentinel as it will keep making sure that the devices that you have in your environment are safe. Sentinel is very smart at detecting what type of attack is occurring and is actually able to detect and tell us the type of hash file. It is is able to go on the internet, look at the virus total, and see if this is a virus, scam, or phishing. I like how it's able to detect it and how we can make it learn what type of spam or email issue query it is. So, it's a very adaptive type of tool.

I would rate Microsoft Sentinel at ten on a scale from one to ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Microsoft Sentinel
November 2024
Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Principal Cloud Architect at Viria Security Oy
Real User
UI-based analytics are excellent; great tools for cleaning data
Pros and Cons
  • "The UI-based analytics are excellent."
  • "The on-prem log sources still require a lot of development."

What is our primary use case?

We use this solution for analyzing Microsoft cloud-based log services and for security data. The services include Microsoft 365, Azure Security Center logs and Microsoft cache logs. We are gold security partners with Azure. 

What is most valuable?

The UI-based analytics are excellent, it's something I haven't seen with any other SIEM products. Microsoft has excellent tools for cleaning data, sorting out irrelevant log data and even fixing log data.

What needs improvement?

There's not much that needs improvement but the on-prem log sources still require a lot of development. It's clear that there are limitations there. I also think that the implementation and on-prem data sources could be done in a better way. We've used some functions with Python and whole scripting on FortiSIEM, which is something that Microsoft could easily provide, but so far hasn't.

What do I think about the stability of the solution?

The product has been very reliable. I don't know that there have been any service outbreaks. We haven't had any problems. 

What do I think about the scalability of the solution?

We have 700 users and from our perspective, it has unlimited processing power, but this is quite common for cloud services. I think the scalability has to be some kind of ABM and feeding all of the log stats, which could possibly have limits, but Azure has huge computing power behind it.

How are customer service and technical support?

The support is good, the only issue is getting past the level one people who ask if you've tried rebooting. If you have Microsoft's Unified Support, the most expensive support, then you'll be very happy. It's not the best support in the industry, but it's pretty good and they also support Sentinel. 

How was the initial setup?

The initial setup was extremely straightforward. It was the easiest I have seen because it's an SaaS service. I think anybody can do it by just clicking and clicking and saying yes. Straight out of the box and that's the strength of the SaaS service because there's no installation, you just use it. 

Which other solutions did I evaluate?

We compared Azure to Splunk and to our current mainstream implementation, FortiSIEM. If you have a lot of security data, then you feel that Azure is quite expensive but it's nowhere near as costly as Splunk which is four or five times more expensive. FortiSIEM wasn't good enough and Splunk was way to expensive. 

What other advice do I have?

I would definitely recommend this solution. If you have cloud-based workloads and different cloud or cloud lookalike services that require security data, or if you are looking for SOAR functionalities, then it's a no brainer. It's the best in that market. On the other hand, if you are mainly working and operating with on-prem stuff then there's no advantage over FortiSIEM or other solutions. 

I rate this solution a nine out of 10. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
reviewer1537419 - PeerSpot reviewer
Domain Architect at a government with 5,001-10,000 employees
Real User
Really good SIEM technology for Microsoft-centric organisations
Pros and Cons
  • "Free ingestion for Azure logs (with E5 licence)"
  • "It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
  • "It has basic out-of-the-box integrations with multiple log sources."
  • "They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
  • "Add more out-of-the-box connectors with other SaaS platforms/applications."
  • "They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
  • "There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."

What is our primary use case?

Security incident and event management. Threat detection and automated response.

It is a software as a service from Microsoft.

How has it helped my organization?

Reduced mean time to detect and resolve

Quickly able to cover a majority of mitre att&ck techniques

Free to ingest Azure logs with E5 license

What is most valuable?

Free ingestion for Azure logs (with E5 licence)

It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks.

It has basic out-of-the-box integrations with multiple log sources.

What needs improvement?

Add more out-of-the-box connectors with other SaaS platforms/applications.

For how long have I used the solution?

12 months

What do I think about the stability of the solution?

No stability issues encountered.

What do I think about the scalability of the solution?

It is scalable as a SaaS offering, but there is a consumption cost to consider.

Cybersecurity team uses this on a daily basis.

How are customer service and technical support?

We work together very well with local MS Team.

How was the initial setup?

The initial setup was simple. All that was needed was to put agents onto our infrastructure.

Integration more complex for non-MS SaaS and OS, but do-able using middleware.

What about the implementation team?

It was done in-house.

It is an evergreen service.

What was our ROI?

What is the cost of lack of visibility?  Average cost of breach = $$$

What's my experience with pricing, setup cost, and licensing?

It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure

Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit.

Which other solutions did I evaluate?

Others were considered however being an E5 M365 and Azure user this was by far the preferred solution.

What other advice do I have?

It is fairly new but making a charge up the market anayses.  Should be considered if you have E5 licence due to native and 'free' ingestion of M365 logs.

We haven't used all of its capability yet because we haven't had the time yet to implement it all, and it appears that the MS roadmap for Sentinel is being actively invested in.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1404306 - PeerSpot reviewer
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Real User
Scalable and offers good pricing but needs a better user interface
Pros and Cons
  • "The pricing of the product is excellent."
  • "The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."

What is our primary use case?

The primary use case is the same use case as Splunk.

Requirements differ. We're still doing fine-tuning. However, lots of users are added to its security group to note activities.

What is most valuable?

So far, the solution has been perfect. 

The pricing of the product is excellent.

So far, we have found the stability to be very good.

The solution, as a SIEM tool, has very good integration capabilities, at least, according to our needs.

What needs improvement?

We have just recently migrated to this product. We haven't used it long enough to note all of the features. Therefore, it would be impossible to note what is lacking just yet.

The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.

For how long have I used the solution?

We've recently migrated to this solution. We've only been using it for a month.

What do I think about the stability of the solution?

The stability of the product is very good. It doesn't have bugs. It's not glitchy. It doesn't crash or freeze. It's been reliable so far.

What do I think about the scalability of the solution?

As a Microsoft product, customers get scalability and elasticity. We have policies in place, and, based on them, we can upgrade if we need to. A company shouldn't have issues scaling should they have the need to expand. 

Only the security team uses this product. It's not accessible for every user. We have a team of about 20.

We have just invested in the solution, and therefore we have plans to use it for the foreseeable future.

How are customer service and technical support?

We do have access to support, and if we need them, we can call on them. However, the solution is so new, we have yet to need their services. Therefore, I can't speak to their level of responsiveness or knowledgeability just yet.

How was the initial setup?

The installation is very straightforward and easy. It's not complex. It's a cloud deployment, and therefore, it is very quick. You just connect the APIs to the data center.

What's my experience with pricing, setup cost, and licensing?

The product is extremely cost-effective and affordable for customers.

I'm more on the technical side. Therefore, I don't have any insights into the actual cost or the structure of the license.

Which other solutions did I evaluate?

We looked at Splunk as well and compared to that solution, this one is less expensive.

What other advice do I have?

We're using the latest version of the solution.

Choosing this solution was a management decision. Due to cost-effectiveness, they opted for Azure Sentinel.

Whether this product would work for another organization or not depends on the company's requirements.

As it is still very early in terms of our experience with the solution, I would rate the product at a six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1768875 - PeerSpot reviewer
Cyber Security Engineer at a performing arts with 1,001-5,000 employees
Real User
A straightforward solution that is helpful for an overview of the security fabric, but its implementation could be simpler
Pros and Cons
  • "We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
  • "Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."

What is our primary use case?

It is for tracking the logs. I'm working on automation. So, the use case basically includes logs, incidents, automation, UEBA, and endpoint integration with Office 365 Defender.

What is most valuable?

We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable.

What needs improvement?

Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex. 

For how long have I used the solution?

I just started using it. I have just set it up.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

I haven't dealt with Microsoft's tech support. I haven't reached out to them.

How was the initial setup?

It was of medium complexity. It wasn't too bad, but it can be complex because of the connectors.

What's my experience with pricing, setup cost, and licensing?

I don't know yet because they gave us a 30-day test window for free. 

What other advice do I have?

Because it is mainly artificial intelligence and machine learning, you would need some time to learn it. It is a good solution, and it is straightforward.

I would rate it a six out of 10. I haven't really dealt with other ones.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Clement Olaosebikan - PeerSpot reviewer
Network Security Engineer at a tech services company with 201-500 employees
Real User
Shows users who are exposed to phishing attacks so you make some mitigation on that particular account
Pros and Cons
  • "The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
  • "It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."

What is our primary use case?

For users that have been observing some malicious actions with their product and getting malicious mail, Azure Sentinel allows them to create a rule, which will show who exactly among their users is exposed to phishing attacks so that they can make some mitigation on that particular account.

There are about five people using this solution in my organization.

How has it helped my organization?

It helps to implement connectors for Microsoft solutions, available out of the box and providing real-time integration, including Microsoft 365 Defender (formerly Microsoft Threat Protection) solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for Identity (formerly Azure ATP), and Microsoft Defender for Cloud Apps, and more. In addition, there are built-in connectors to the broader security ecosystem for non-Microsoft solutions

What is most valuable?

The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards.

What needs improvement?

It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall.

For how long have I used the solution?

I have been using this solution for three years.

What do I think about the stability of the solution?

It's quite stable compared to other automation SIEM and SOAR solutions.

What do I think about the scalability of the solution?

It's very scalable.

How are customer service and support?

Technical support is good. Microsoft has engineers that are readily available to help you with a challenge.

How was the initial setup?

Initial setup was user friendly. I would rate it a 4 out of 5. 

It's deployed by you onboarding your deliverables on the workload. For example, if you're using Office 365 or another third-party solution, you're going to upload those onto the server and have it protected with your Azure Sentinel.

It will draw logs from those your activities, and then bring it up as a workbook, where you can see into the actions on those programs you have onboarded on the Azure Sentinel.

What about the implementation team?

We use a third-party for implementation.

What was our ROI?

For ROI, I would rate it 4 out of 5.

What's my experience with pricing, setup cost, and licensing?

It's costly to maintain and renew.

It depends on how you want to pay for the solution. You can pay it on an annual basis or pay as you go, but I feel it's better to just keep it running as a product on your Azure subscription. If you have a $500 subscription, it will take part of your subscription.

What other advice do I have?

I would rate this solution 7 out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
CEO at Danastar Professional Services, LLC
Real User
Included with Microsoft, and we have no complaints about functionality
Pros and Cons
  • "We have no complaints about the features or functionality."
  • "I would like to be able to monitor applications outside of the Azure Cloud."

What is our primary use case?

We are security system integrators. 

What is most valuable?

We have no complaints about the features or functionality.

What needs improvement?

Azure Sentinel, the Microsoft Azure product is, from what I understand, used for the Microsoft applications. I don't know if it works outside of the Microsoft Azure cloud.

I would like to be able to monitor applications outside of the Azure Cloud. That is one of the reasons one of the customers has multiple tools.

For how long have I used the solution?

I have been using Azure Sentinel for approximately one year.

What's my experience with pricing, setup cost, and licensing?

It's free. It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else. That'd be great if it was supporting other things.

What other advice do I have?

If it's a security integrator like us, quite often people push the client into buying different vendors' products and the client already has the tool in-house. Microsoft is one of those tools that most clients already have.

Many vendors, or integrators, that we know of, are not familiar with Microsoft Sentinel product classification security. So that's one thing I would encourage both potential customers, and users, to look into what suite of products do they have with existing Microsoft accounts that they have. 

Also, the integrators should be quite familiar with all the things that are available to their clients, so they don't have to invest tons of money in other tools.

Based on having no complaints, I would rate Azure Sentinel an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Microsoft Sentinel Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free Microsoft Sentinel Report and get advice and tips from experienced pros sharing their opinions.