The scope of our use case is we use it just as a SIEM, so alerting, triage, some logging. That's kind of the main gist of it.
Pros
I would be quite happy with the as code deployment through Bicep, being able to code up use cases and analytical rules has been quite good.
Cons
One thing I think recommendation that I've gotten from our team is adding a task section. So having a SOC analyst have certain tasks you can check off and have that be able to deploy through code as well.
Likelihood to Recommend
I suppose it's a serviceable SIEM. It's similar to most other ones really.
VU
Verified User
Engineer in Information Technology (Oil & Energy company, 1001-5000 employees)
It enables us to route security information through a tool and set up alerts to respond to possible concerns; it also connects with analytical tools to track trends, among other things. Provides real-time warnings and threat detection so that the security team can work on occurrences as rapidly as possible. Logs are easy to search and analyze, allowing for quick judgments on key security issues. It supports all sorts of log sources, allowing you to manage all endpoints on a single platform and save a lot of time when dealing with major occurrences so that remedial measures can be made quickly.
Pros
It interacts easily with Azure, Active Directory, and log analytics, and it can route data via Sentinel as well as establish alerts and other workflows to respond to possible security concerns.
It features a highly user-friendly UI that makes it simple to operate the platform, and the kql is simple to use while studying logs.
It is one of the greatest platforms for totally cloud deployment, which improves productivity. It can evaluate vast amounts of data quickly and is incredibly productive.
Cons
It takes some time to learn how to use and install it properly, and it does not connect effectively with external PaaS systems such as Salesforce CRM, Salesforce Commerce Cloud, and so on.
Microsoft can simplify the display of the logs to make them easier to study, and the user interface occasionally delays, which can also be enhanced.
Likelihood to Recommend
It is an excellent choice for a SIEM since it offers intriguing and intelligent features and functions, and it is extremely strong in terms of cloud information processing. I recommend it to my colleagues since it is simple to set up, configure, and use on a regular basis. It is ideal if you want built-in security and tracking, and it is compatible with various operating systems, but the amount of information and capabilities is limited.
