TrustRadius

Elastic Security vs. Microsoft Sentinel

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Elastic Security
Score 9.9 out of 10
N/A
Elastic Security equips analysts to prevent, detect, and respond to threats. The free and open solution delivers SIEM, endpoint security, threat hunting, and cloud monitoring. The solution encompasses Elastic SIEM, which brings Elasticsearch to SIEM and threat hunting. The Elastic Agent (or Elastic Endpoint Security based on the former Endgame security product acquired by Elastic in late 2019) brings signatureless malware prevention to endpoints, as well as security data collection for…N/A
Microsoft Sentinel
Score 8.7 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Pricing
Elastic SecurityMicrosoft Sentinel
Editions & Modules
No answers on this topic
Azure Sentinel
$2.46
per GB ingested
100 GB per day
$123.00
per day
200 GB per day
$221.40
per day
300 GB per day
$319.80
per day
400 GB per day
$410.00
per day
500 GB per day
$492.00
per day
More than 500 GB per day
$492.00 + $98.40
per day/plus each additional 100 GB increment
Offerings
Pricing Offerings
Elastic SecurityMicrosoft Sentinel
Free Trial
NoYes
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Elastic SecurityMicrosoft Sentinel
Features
Elastic SecurityMicrosoft Sentinel
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Elastic Security
-
Ratings
Microsoft Sentinel
8.0
30 Ratings
2% above category average
Centralized event and log data collection00 Ratings8.629 Ratings
Correlation00 Ratings8.330 Ratings
Event and log normalization/management00 Ratings7.930 Ratings
Deployment flexibility00 Ratings6.928 Ratings
Integration with Identity and Access Management Tools00 Ratings8.228 Ratings
Custom dashboards and workspaces00 Ratings7.930 Ratings
Host and network-based intrusion detection00 Ratings8.025 Ratings
Data integration/API management00 Ratings7.828 Ratings
Behavioral analytics and baselining00 Ratings7.926 Ratings
Rules-based and algorithmic detection thresholds00 Ratings8.328 Ratings
Response orchestration and automation00 Ratings8.327 Ratings
Reporting and compliance management00 Ratings7.35 Ratings
Incident indexing/searching00 Ratings8.428 Ratings
Best Alternatives
Elastic SecurityMicrosoft Sentinel
Small Businesses
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 7.6 out of 10
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 7.6 out of 10
Medium-sized Companies
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Enterprises
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Sumo Logic
Sumo Logic
Score 8.8 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Elastic SecurityMicrosoft Sentinel
Likelihood to Recommend
9.0
(1 ratings)
8.7
(53 ratings)
Likelihood to Renew
-
(0 ratings)
6.8
(2 ratings)
Usability
-
(0 ratings)
6.5
(7 ratings)
Support Rating
7.0
(1 ratings)
8.0
(3 ratings)
Professional Services
-
(0 ratings)
5.0
(1 ratings)
User Testimonials
Elastic SecurityMicrosoft Sentinel
Likelihood to Recommend
Elastic
I believe Endgame is well suited to organizations that have their own Cybersecurity department. Its not well suited for organizations that don't have a Cybersecurity department.
Verified User
Anonymous
Read full review
Microsoft
Specifically for Microsoft Sentinel, it's going to have what's next to no value if you're not on Azure. You have to be in as your customer. If you want greater insight into what is going on in your cloud environment, turn Microsoft Sentinel on, but focus on where you enable it. You're not going to turn it on to see everything because it's not like focus on the areas where you are at risk or you believe you're at risk or something that you're, depending on your environment, do you have multiple subscriptions? Do you have a Microsoft Sentinel subscription that you just turned on, but it's not getting the visibility, and then you can alert on stuff that goes out of trend, etc.?
Verified User
Anonymous
Read full review
Pros
Elastic
  • Identify 0-day malware.
  • Provides a few forensic details on endpoints.
  • Very easy to administer.
Verified User
Anonymous
Read full review
Microsoft
  • Strong integration with the Microsoft security ecosystem allows seamless connection to services such as Microsoft Defender, Microsoft 365, and Azure. This makes it easy to bring together identity, endpoint, and cloud signals to support investigation and detection scenarios.
  • Effective correlation of alerts and incidents in collaboration with Microsoft Defender XDR helps combine related signals into higher‑fidelity incidents. This reduces noise and improves visibility into attack context, making investigations more efficient.
  • High scalability for data ingestion and processing enables large volumes of security telemetry to be handled efficiently.
Verified User
Anonymous
Read full review
Cons
Elastic
  • I would love that it provided more memory analysis details.
  • Being able to edit sensor profiles after creating them.
  • I would love it if it provided more automation features.
Verified User
Anonymous
Read full review
Microsoft
  • I think it's primarily going to be cost, since Microsoft Sentinel uses Microsoft Log Analytics as its base, right? So storing the logs and log retention is very expensive. That might result in users not adopting it as quickly. Second, I think Copilot for security can just do summarization and not many remediation tasks. In the future, we would like to see Copilot create many playbooks, including all box playbooks, to remediate many security issues.
Verified User
Anonymous
Read full review
Likelihood to Renew
Elastic
No answers on this topic
Microsoft
it does the job reasonably well
Verified User
Anonymous
Read full review
Usability
Elastic
No answers on this topic
Microsoft
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Flavio Pereira | TrustRadius Reviewer
Flavio Pereira
Analista de sistemas
Read full review
Support Rating
Elastic
Even though their support is good, I think there are some areas where they need to provide more thorough solutions to issues, some of their solutions are pretty basic and have already been tried.
Verified User
Anonymous
Read full review
Microsoft
Azure Sentinel is very easy to use and configure. If you are stuck somewhere, Microsoft support is excellent in assisting and solving your issue.
Verified User
Anonymous
Read full review
Alternatives Considered
Elastic
Endgame is based on the MITRE framework which has proven to be a successful framework to identify various attack patterns that attackers use. Also, compared to the others it's easier to administer and manage.
Verified User
Anonymous
Read full review
Microsoft
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
Verified User
Anonymous
Read full review
Professional Services
Elastic
No answers on this topic
Microsoft
Did not use professional services
MB
Michael Bobo
IT Director
Read full review
Return on Investment
Elastic
  • Being able to identify threats we couldn't identify before.
  • Easier management of endpoints.
  • Being able to immediately isolate endpoints remotely that have high severity threats.
Verified User
Anonymous
Read full review
Microsoft
  • As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
Verified User
Anonymous
Read full review
ScreenShots

Microsoft Sentinel Screenshots

Screenshot of Screenshot of Screenshot of Microsoft Sentinel Capabilities