TrustRadius: an HG Insights company

Microsoft Sentinel

Score8.5 out of 10

102 Reviews and Ratings

Free Trial

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Categories & Use Cases

Media

Microsoft Sentinel
Microsoft Sentinel
Screenshot of Microsoft Sentinel Capabilities

1 / 3

Microsoft Sentinel Key Features

Learn about the best (and worst!) features Microsoft Sentinel has to offer, as determined by TrustRadius' reviewers.
Based on 102 ratings of Microsoft Sentinel's features
View all Microsoft Sentinel features

Top Performing Features

  • Reporting and compliance management

    Ease and quality of reporting and compliance functions

    Category average: 8.3

  • Incident indexing/searching

    Effectiveness of searching across structured and unstructured events and incidents within SIEM

    Category average: 8.8

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 9

Areas for Improvement

  • Integration with Identity and Access Management Tools

    Integration with access control tools like Active Directory and LDAP

    Category average: 7.7

  • Data integration/API management

    Ease and quality of data integrations between SIEM and other systems

    Category average: 8.1

  • Host and network-based intrusion detection

    Ability to detect both endpoint intrusion and network ingress detection

    Category average: 7.4

Most Frequent Users

Top 3 industries using Microsoft Sentinel.
Based on HG Insights installation data
Powered by
View all Reviews
#1 most frequent

Professional, Scientific, and Technical Services

25.0%

1,584 installations of 6,338

Again, it's reduced the time it takes to do an investigation.

Verified Review
#2 most frequent

Finance and Insurance

12.9%

820 installations of 6,338

#3 most frequent

Manufacturing

11.5%

732 installations of 6,338

Microsoft Sentinel Reviews

What users are saying about Microsoft Sentinel.
View all Microsoft Sentinel reviews

Microsoft Sentinel review

Incentivized
Harshit LalView profile
security consultant in Information Technology at wipro (10,001+ employees employees)

Use Cases and Deployment Scope

Microsoft Sentinel is used both as siem and soar solution in our customer environment . We are also sending logs from Microsoft Sentinel to prisma. We are running kql queries on Microsoft Sentinel to do threat hunting

Pros

  • siem solution
  • automation with runbooks
  • soar solution
  • compatible with other vendor solution
  • providing compliance

Cons

  • ticketing system
  • other third party app should also be compatible
  • pricing
  • better features for hybrid cloud

Return on Investment

  • reduced cost occured for legacy system and saving 50000 dollar upto 1 year
  • reduced false positive incidents up to 90 percent
  • faster deployment over 100000 dollar up to 1 year

Alternatives Considered

Splunk Cloud

Other Software Used

Splunk Cloud, IBM Security QRadar EDR, LogRhythm NetworkXDR

Microsoft Sentinel feels so futuristic

Incentivized
Mohamad Islam HamadiehView profile
SOC Engineer in Engineering at Dell technology (10,001+ employees employees)

Use Cases and Deployment Scope

Microsoft Sentinel is used as log management and SIEM tool , the tool replaces legacy on prem SIEMs having all your logs in the cloud.
the tool solves security monitoring and threat hunting problems.
it also enables an integrated automation solution (logic apps) from within the solution it self .
the connectors (log source integrations )usually comes with multiple detection rules and dashboards

Pros

  • Very good UI
  • Very good support to MS log sources
  • Good Threat hunting module
  • Automation through logic apps

Cons

  • Having less rapid changes of terminologies
  • Having less rapid changes in documentation
  • Having better documentation for connectors

Return on Investment

  • Made it so easy to integrate MS solutions into SIEM

Alternatives Considered

LogRhythm NextGen SIEM Platform and IBM Security QRadar SIEM

Other Software Used

IBM Security QRadar SOAR, Palo Alto Networks Cortex XSOAR, Splunk Enterprise Security

Well done Microsoft Sentinel - great Product

Incentivized
Verified User
Consultant in Information Technology (201-500 employees employees)

Use Cases and Deployment Scope

Its integrated into a SOC to provide real-time visibility, reduce alert fatigue, and improve mean time to resolution (MTTR) - which we are achieving via custom playbooks. Monitor login activities, network traffic, and endpoint behavior to detect anomalies like brute-force attacks or compromised accounts. We have also found that our posture improved by 30% within the first month.

Pros

  • Single pane view to monitor and respond
  • Easy way to do Threat hunting
  • ease of investigating findings

Cons

  • More templates for customers
  • Cost is an issue - complex licensing
  • Bring the community more into the ecosystem

Return on Investment

  • Improved security posture
  • Improved response times
  • reduced false positives
  • could also say alert fatigue improved

Alternatives Considered

Splunk Enterprise Security and SentinelOne Singularity

Other Software Used

Fortinet FortiExtender, Palo Alto Networks Cortex XDR, SentinelOne Singularity

Microsoft Defender Threat Intelligence

Incentivized
Verified User
Technician in Information Technology (1-10 employees employees)

Use Cases and Deployment Scope

We use it to get an overview of our overall security posture and for an easy way to apply Microsoft best practices.

The main use of it is also to find and report phishing and bad actor emails that we receive in our organization.

It is very easy to open defender and immediately see if something has been compromised or if a certain user is not up to date with security standards.

Pros

  • Easy interface to immediately look at security posture
  • Many different tools to use and many blades of features
  • Email reporting

Cons

  • There is so many features that sometimes it is hard to find what you need as you need to dig deep and get redirected
  • There could be better training or more intuitive design
  • I do not like how I get redirected sometimes and if there are multiple accounts logged into the browser sometimes it opens the wrong account and I get stuck in a loop that I must sign out of all accounts and try again

Return on Investment

  • It allows us to show clients that we are actively reporting and seeing phishing emails, we can show clients the number of phishing emails that we catch and to which users
  • We can show clients that we have a good security posture and easily show them numbers on how we have improved or not
  • Allows us to more easily push security like multifactor authentication by showing the effectiveness

Usability

Alternatives Considered

Field Effect MDR

Other Software Used

Field Effect MDR, Webroot Endpoint Protection, Datto RMM

Microsoft Sentinel Review

Incentivized
Verified User
Employee (10,001+ employees employees)

Use Cases and Deployment Scope

A lot of things related to what can be installed. Emails pretty much to make sure that bad actors don't add up within our perimeter.

Pros

  • Every time when I try to install something I really like it doesn't let me do it. So it's a pro.

Cons

  • The biggest con I can tell that it's actually consumes quite a lot of CPU power and energy on my laptop.

Return on Investment

  • definitely positive

Microsoft Sentinel Alternatives

Products similar to Microsoft Sentinel that may also meet your needs.
View all Microsoft Sentinel alternatives
IBM Security QRadar SIEM
CompareLearn more
Securonix Next-Generation SIEM
CompareLearn more
Splunk Enterprise Security
CompareLearn more