The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going.
Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly.
Senior Cyber Security Operations Analyst at a financial services firm with 5,001-10,000 employees
Real User
Top 20
2023-05-09T16:57:00Z
May 9, 2023
Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases.
There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection.
Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment.
Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment.
Consultant Expert Microsoft at a tech services company with 1,001-5,000 employees
Real User
2022-11-11T19:42:00Z
Nov 11, 2022
Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything.
Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible.
Senior Cyber Security Consultant at a financial services firm with 10,001+ employees
Real User
2022-10-08T05:40:00Z
Oct 8, 2022
Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions.
Senior Cloud Infrastructure Consultant at a tech services company with 201-500 employees
Consultant
2022-09-03T21:49:00Z
Sep 3, 2022
The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us.
Consultant at a tech services company with 11-50 employees
Real User
2022-08-23T11:28:00Z
Aug 23, 2022
I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response.
SIEM Engineer at a tech services company with 501-1,000 employees
Real User
2022-08-08T10:38:00Z
Aug 8, 2022
The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one.
The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware.
Senior Security Specialist at a healthcare company with 1,001-5,000 employees
Real User
2022-06-23T20:06:00Z
Jun 23, 2022
The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user.
Cyber Security Engineer at a performing arts with 1,001-5,000 employees
Real User
2022-02-17T20:20:08Z
Feb 17, 2022
We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable.
The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases.
There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive.
Cloud and DevOps Architect at a financial services firm with 11-50 employees
Real User
2021-10-25T16:21:00Z
Oct 25, 2021
Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage.
If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications.
Director - Technology Risk & Cyber at a financial services firm with 10,001+ employees
Real User
2021-08-23T13:12:00Z
Aug 23, 2021
It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.
In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and...
The features that stand out are the
detection engine and its integration with multiple data sources.
The analytic rule is the most valuable feature.
The product can integrate with any device.
The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high.
It has a lot of great features.
The main benefit is the ease of integration.
The Log analytics are useful.
The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going.
The solution offers a lot of data on events. It helps us create specific detection strategies.
Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly.
The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities.
Log aggregation and data connectors are the most valuable features.
Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases.
The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent.
There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection.
Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment.
Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment.
Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything.
Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible.
Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions.
The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us.
I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response.
The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one.
The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware.
The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user.
What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part.
The initial setup is very simple and straightforward.
We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable.
The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases.
Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it.
There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive.
Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage.
If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications.
The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance.
It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things.
Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents.
Free ingestion for Azure logs (with E5 licence)
In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store
The pricing of the product is excellent.
We have no complaints about the features or functionality.