Microsoft Sentinel

Microsoft Sentinel

Microsoft Sentinel

157 Reviews and Ratings

Overview
Product	Rating	Most Used By	Product Summary	Starting Price
Microsoft Sentinel	Score 8.6 out of 10	N/A	Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.	$2.46 per GB ingested

Pricing

Microsoft Sentinel

Editions & Modules

Azure Sentinel: $2.46
per GB ingested
100 GB per day: $123.00
per day
200 GB per day: $221.40
per day
300 GB per day: $319.80
per day
400 GB per day: $410.00
per day
500 GB per day: $492.00
per day
More than 500 GB per day: $492.00 + $98.40
per day/plus each additional 100 GB increment

Offerings

Pricing Offerings
Microsoft Sentinel
Free Trial
Yes
Free/Freemium Version
No
Premium Consulting/Integration Services
No

Entry-level Setup Fee

No setup fee

Additional Details

—

More Pricing Information

Community Pulse
	Microsoft Sentinel
Considered Both Products	Microsoft Sentinel Verified User Team Lead Chose Microsoft Sentinel Compared to platforms such as Splunk, LogRhythm, and Devo, Microsoft Sentinel’s cloud‑native, consumption‑based pricing model and reduced infrastructure overhead tend to offer better overall cost efficiency. This is especially true for organizations already invested in the … Incentivized Helpful? Verified User Vice-President Chose Microsoft Sentinel These are all the Microsoft products. We have used Splunk. And again, I would say Microsoft Sentinel stacks up because it's a native tool that is more like an ecosystem. It's not a standalone tool. It's like if you're in the Microsoft stack, Microsoft Sentinel will stack up … Incentivized Helpful? Verified User Manager Chose Microsoft Sentinel Microsoft Sentinel gave us the opportunity to move to pay as you go model. This allows us to determine the value of a log source rather than paying a flat rate for data ingested or hosting a server ourself. Incentivized Helpful? Verified User Manager Chose Microsoft Sentinel Most of our landscape, both on prem and cloude, is based in Microsoft technologies, while the unification of tools implies some risk, decreasing the vendor levels simplify integrations, and by scale, help us to reduce costs too. Yes, the tool itself is a good contender, but the … Incentivized Helpful? Harshit Lal security consultant Chose Microsoft Sentinel it is easy to use Microsoft Sentinel and has faster deployment and advanced artificial intelligence than splunk Incentivized Helpful? Verified User Technician Chose Microsoft Sentinel They are for different use cases, field effect helps us monitor network traffic and decide what to do with it while Microsoft Defender Threat Intelligence allows more robust monitoring and control over 365 variables such as emails that come in and out and Entra ID information. Incentivized Helpful? Mohamad Islam Hamadieh SOC Engineer Chose Microsoft Sentinel Microsoft Sentinel feels on another different level from these solutions , all in the cloud . No need for troubleshooting , deployment or upgrades. Constant updates from the vendor and good support Incentivized Helpful? Verified User Consultant Chose Microsoft Sentinel Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and … Incentivized Helpful? IS Ian Stuebe Project Manager Chose Microsoft Sentinel We decided to go with Microsoft Sentinel because it works really well with Microsoft tools we are already using. Microsoft Sentinel's intelligent features detect and resolve problems more quickly than Sumo Logic. It also allows us to pay for what we use and grow as we need. … Helpful? Verified User Analyst Chose Microsoft Sentinel Well, primarily we use different stuff like CrowdStrike. We use different sign-on features. We primarily use those different products because we support a wider ecosystem. Incentivized Helpful? RD Richard Dornhart National Security Practice Manager Chose Microsoft Sentinel Splunk, Google, SecOps. I look at how it stacks up based on the fact that it's the primary solution that we sell. So I think it stacks up really well. Why do we select it? Well, we selected it primarily because we're a very large Microsoft partner. The technology is very good … Incentivized Helpful? Verified User Director Chose Microsoft Sentinel Well before there was Microsoft Sentinel, you had other competing products like ArcSight or Splunk, et cetera. I think they have their own qualities, but the Microsoft integration story is really why we're using it. Incentivized Helpful? HP Himanshu Pawar Manager Chose Microsoft Sentinel In my opinion, Microsoft Sentinel is much more reliable and Trustworthy. They are a bigger name with bigger scope of use. Incentivized Helpful? Verified User Analyst Chose Microsoft Sentinel We use intune to protect endpoints and we pull logs from all the endpoints through the intune connector into the Microsoft Sentinel SIEM and that way we can run rules on those logs to find anomalies. Helpful? Verified User Engineer Chose Microsoft Sentinel Elastic seems to have a much better interface for log search and is able to filter out noise. Microsoft Sentinel also appears to generate a lot of false positives. Incentivized Helpful? Verified User Manager Chose Microsoft Sentinel Prior to using Sentinel, we were using Splunk specifically Splunk Enterprise Security and Splunk Cloud, so their on-prem and their cloud-based products. We switched originally for cost reasons, specifically cost control, but I have found that the ability to create reports, the … Incentivized Helpful? Verified User Employee Chose Microsoft Sentinel Elastic is some carbon for various use cases. So because Elastic is a very, very wrong history in the market. So Sentinel is very recent for products from my understanding. Incentivized Helpful? Verified User Engineer Chose Microsoft Sentinel Well, we didn't select, we selected Sentinel for our Azure stuff, our Microsoft stuff, but we do use a different SIEM for the other stuff still. Incentivized Helpful? Verified User Engineer Chose Microsoft Sentinel We've used Splunk before, but it really is just pick your poison. They're all very similar. Incentivized Helpful? Verified User Engineer Chose Microsoft Sentinel Based on the overall infrastructure configuration that we have and also after analysing various solutions provided by Microsoft Sentinel, we came to a conclusion that the Microsoft Sentinel is the best option for us to help us in overall threat detection on our custom servers, … Incentivized Helpful? Verified User Analyst Chose Microsoft Sentinel The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. … Incentivized Helpful? Namandeep Bhatia Co Founder & Chief Technology Officer Chose Microsoft Sentinel We checked, McAfee Enterprise Security Manager (ESM). In my opinion, Microsoft Sentinel is beter wit AI capacity and good community. Incentivized Helpful? Ajay Sehgal Project Manager Chose Microsoft Sentinel Sentinel AI makes it a better choice. Also, its flexibility and customization make it a bit more costly than other competitors. Incentivized Helpful? EB Edward Broderick CISO Chose Microsoft Sentinel I use most of the Sims that are out there, but RSAs, old Sim Log, logic, elastic, a lot of them. Sumo, we checked out Sumo too. We're a Microsoft shop and live almost entirely on top of a Microsoft ecosystem. We are considering other Microsoft security products to integrate … Incentivized Helpful? Verified User Director Chose Microsoft Sentinel The SecureWorks product is a more mature product. We prefer the SecureWorks product over Microsoft Sentinel at this point. Incentivized Helpful?

Features

Microsoft Sentinel

Security Information and Event Management (SIEM)

Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
	Microsoft Sentinel 8.0 31 Ratings 2% above category average
Centralized event and log data collection	8.630 Ratings
Correlation	8.431 Ratings
Event and log normalization/management	8.031 Ratings
Deployment flexibility	6.929 Ratings
Integration with Identity and Access Management Tools	8.329 Ratings
Custom dashboards and workspaces	8.031 Ratings
Host and network-based intrusion detection	8.126 Ratings
Data integration/API management	7.829 Ratings
Behavioral analytics and baselining	8.027 Ratings
Rules-based and algorithmic detection thresholds	8.429 Ratings
Response orchestration and automation	8.428 Ratings
Reporting and compliance management	7.35 Ratings
Incident indexing/searching	8.429 Ratings

Best Alternatives
	Microsoft Sentinel
Small Businesses	LevelBlue USM Anywhere Score 7.7 out of 10
Medium-sized Companies	Sumo Logic Score 8.8 out of 10
Enterprises	Sumo Logic Score 8.8 out of 10
All Alternatives	View all alternatives

User Ratings
	Microsoft Sentinel
Likelihood to Recommend	8.7 (53 ratings)
Likelihood to Renew	6.8 (2 ratings)
Usability	6.5 (7 ratings)
Support Rating	8.0 (3 ratings)
Professional Services	5.0 (1 ratings)

User Testimonials
	Microsoft Sentinel
Likelihood to Recommend	Microsoft It's certainly well-suited in environments that rely heavily on Microsoft products, and it's well-suited for environments where you have other business drivers to go to the E5 license. If I were to say where I would not and why, I only gave it a seven on the recommendation, that answer would probably vary if you already owned E5 or not. It's extremely expensive. And if there are other alternatives, if you don't have any other driving reason to go to E5, I would coach you not to go to Microsoft Sentinel. But if you're there, it's a fantastic property. It's certainly part of the cost argument for moving to E5, but it's only a part. It can't by itself justify the move to E5. Incentivized Verified User Anonymous Read full review
Pros	Microsoft It's the scale. Having built-in detections and vulnerabilities and the ability to see into the traffic flows is absolutely key. Look at it from my perspective as network security. We want to see what's going on east, west, between all the kinds of subscriptions and the tenants. We don't have that. We don't have that with any other product. Microsoft Sentinel gives us that kind of visibility. Incentivized Verified User Anonymous Read full review
Cons	Microsoft An area for improvement is how case management is surfaced within the Microsoft Sentinel experience, as clearer integration into Sentinel workflows would reduce context switching and improve incident handling. There is an opportunity to further expand agentic, autonomous investigation and response capabilities. Incentivized Verified User Anonymous Read full review
Likelihood to Renew	Microsoft it does the job reasonably well Incentivized Verified User Anonymous Read full review
Usability	Microsoft Because, as I said, it still lacks a lot of things, like many playbooks outside the Copilot integrations and the actual remediation. For example, for Microsoft Sentinel and SAP, I would want to see Copilot doing a lot of remediations in Microsoft Sentinel at SAPN, like executing the transaction code, maybe creating certain increases, or remediating stuff like that, which is all customized. Incentivized Verified User Anonymous Read full review
Support Rating	Microsoft Microsoft support is one of the highest rated on the market. It has global and multilingual support. Calls can be made over the phone and the solution is virtually instantaneous with the help of Microsoft engineers. It's great! Incentivized Flavio Pereira Analista de sistemas Read full review
Alternatives Considered	Microsoft Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively. Incentivized Verified User Anonymous Read full review
Professional Services	Microsoft Did not use professional services Incentivized MB Michael Bobo IT Director Read full review
Return on Investment	Microsoft As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team. Incentivized Verified User Anonymous Read full review
ScreenShots	Microsoft Sentinel Screenshots