TrustRadius: an HG Insights company

Microsoft Sentinel

Score8.5 out of 10

102 Reviews and Ratings

Free Trial

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Categories & Use Cases

Media

Microsoft Sentinel
Microsoft Sentinel
Screenshot of Microsoft Sentinel Capabilities

1 / 3

Key Features

Learn about the best (and worst!) features Microsoft Sentinel has to offer, as determined by TrustRadius' reviewers.
Based on 102 ratings of Microsoft Sentinel's features
View all features

Top Performing Features

  • Reporting and compliance management

    Ease and quality of reporting and compliance functions

    Category average: 8.3

  • Incident indexing/searching

    Effectiveness of searching across structured and unstructured events and incidents within SIEM

    Category average: 8.8

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 9

Areas for Improvement

  • Integration with Identity and Access Management Tools

    Integration with access control tools like Active Directory and LDAP

    Category average: 7.7

  • Data integration/API management

    Ease and quality of data integrations between SIEM and other systems

    Category average: 8.1

  • Host and network-based intrusion detection

    Ability to detect both endpoint intrusion and network ingress detection

    Category average: 7.4

Reviews

What users are saying about Microsoft Sentinel.
View all reviews

Smart features that save time

Ian Stuebe
Project Manager in Information Technology at Apex Warehouse Systems (51-200 employees employees)

Use Cases and Deployment Scope

We track all our systems to protect them from any threats with Microsoft Sentinel. Before Microsoft Sentinel, it was challenging to monitor our systems and fix security issues and threats fast and in time to keep our data safe. Faster alerts are easy to obtain, and we can react and correct them more quickly to protect our data.

Pros

  • Keeps Everything in one place
  • Smart threat detection
  • Automatic response to threats
  • Clear visuals and reports

Cons

  • Setting up automation is complicated
  • Too many alerts at first
  • complicated permissions setup

Return on Investment

  • We catch problems faster
  • Everything is in one place
  • Less manual work for the team
  • Good return on investment

Alternatives Considered

Sumo Logic

Other Software Used

Miro, SAP Sales Cloud, Webex Meetings

Microsoft Sentinel review

Incentivized
Harshit LalView profile
security consultant in Information Technology at wipro (10,001+ employees employees)

Use Cases and Deployment Scope

Microsoft Sentinel is used both as siem and soar solution in our customer environment . We are also sending logs from Microsoft Sentinel to prisma. We are running kql queries on Microsoft Sentinel to do threat hunting

Pros

  • siem solution
  • automation with runbooks
  • soar solution
  • compatible with other vendor solution
  • providing compliance

Cons

  • ticketing system
  • other third party app should also be compatible
  • pricing
  • better features for hybrid cloud

Return on Investment

  • reduced cost occured for legacy system and saving 50000 dollar upto 1 year
  • reduced false positive incidents up to 90 percent
  • faster deployment over 100000 dollar up to 1 year

Alternatives Considered

Splunk Cloud

Other Software Used

Splunk Cloud, IBM Security QRadar EDR, LogRhythm NetworkXDR

Microsoft Sentinel Review

Incentivized
Richard Dornhart
National Security Practice Manager in Sales at Data#3 (1001-5000 employees employees)

Use Cases and Deployment Scope

Internally we use it to gain visibility around threats within the organization, but primarily we consult with other organizations to deploy and implement Sentinel. We have a managed service built around Sentinel. So we use Sentinel as part of our managed XDR solution that we've developed with Microsoft.

Pros

  • Well, that's a good question. It does a lot, well, probably my engineers would be better positioned to answer that question, but it correlates really well. Security orchestration, it highlights risks in the organization, provides insights to our analysts to respond to threats and it implements well.

Cons

  • The licensing could be a little bit simpler

Return on Investment

  • Probably one of my main business objectives is to drive services for our organization. Sentinel provides numerous opportunities for us to drive those services. Implementation, ongoing management, and I think because of our customer base, so interested in SOC services and our focus on Sentinel. Yeah, profitability is our objective and it helps us achieve that.

Other Software Used

Microsoft Defender for Endpoint

Usability

Microsoft Sentinel feels so futuristic

Incentivized
Mohamad Islam HamadiehView profile
SOC Engineer in Engineering at Dell technology (10,001+ employees employees)

Use Cases and Deployment Scope

Microsoft Sentinel is used as log management and SIEM tool , the tool replaces legacy on prem SIEMs having all your logs in the cloud.
the tool solves security monitoring and threat hunting problems.
it also enables an integrated automation solution (logic apps) from within the solution it self .
the connectors (log source integrations )usually comes with multiple detection rules and dashboards

Pros

  • Very good UI
  • Very good support to MS log sources
  • Good Threat hunting module
  • Automation through logic apps

Cons

  • Having less rapid changes of terminologies
  • Having less rapid changes in documentation
  • Having better documentation for connectors

Return on Investment

  • Made it so easy to integrate MS solutions into SIEM

Alternatives Considered

LogRhythm NextGen SIEM Platform and IBM Security QRadar SIEM

Other Software Used

IBM Security QRadar SOAR, Palo Alto Networks Cortex XSOAR, Splunk Enterprise Security

Well done Microsoft Sentinel - great Product

Incentivized
Verified User
Consultant in Information Technology (201-500 employees employees)

Use Cases and Deployment Scope

Its integrated into a SOC to provide real-time visibility, reduce alert fatigue, and improve mean time to resolution (MTTR) - which we are achieving via custom playbooks. Monitor login activities, network traffic, and endpoint behavior to detect anomalies like brute-force attacks or compromised accounts. We have also found that our posture improved by 30% within the first month.

Pros

  • Single pane view to monitor and respond
  • Easy way to do Threat hunting
  • ease of investigating findings

Cons

  • More templates for customers
  • Cost is an issue - complex licensing
  • Bring the community more into the ecosystem

Return on Investment

  • Improved security posture
  • Improved response times
  • reduced false positives
  • could also say alert fatigue improved

Alternatives Considered

Splunk Enterprise Security and SentinelOne Singularity

Other Software Used

Fortinet FortiExtender, Palo Alto Networks Cortex XDR, SentinelOne Singularity

Related Products

Products similar to Microsoft Sentinel that may also meet your needs.
All comparisons
IBM Security QRadar SIEM
CompareLearn more
Securonix Next-Generation SIEM
CompareLearn more
Splunk Enterprise Security
CompareLearn more