Microsoft Sentinel vs. OpenSearch

Microsoft Sentinel excels in centralized monitoring, AI-driven threat detection, and automation, but improvements in cost transparency, user experience, third-party integrations, and support for emerging technologies could make it even more effective. Addressing these areas would enhance its appeal for small-to-medium businesses, large enterprises, and organizations with complex or specialized IT environments.

Incentivized

OpenSearch Service presents a cost-effective pricing model, allowing users to pay solely for their usage without being burdened by minimum fees or upfront commitments. Its seamless integration with various AWS services enhances its adaptability for a wide range of data analysis requirements and also I love using it isn't it enough.

• I appreciate that it keeps the data within our, what we call our, authorization boundary. The fact that the data remains within Microsoft's, I guess, walled garden if you will, is very helpful for certain compliance needs in particular.
• The large library of ingestion: ability to ingest is basically as easy as I can basically get it to be most of the time. There's occasionally some vendors that it's a little bit more challenging for, but given the ease of integration for a lot of things, basically it's become one of my requirements when I am looking at other tools is how easily do they integrate with Sentinel.

Incentivized

• Gives us millisecond response times
• Mainly open-source
• Integration Seamlessly with AWS
• Has a very big community so problems are fixes sooner then later

• I think it should include more third party integration with non microsoft products as well as with other cloud providers. These integrations should be native.
• It should improve ML and AI capabilities.
• I find its documentation a little bit difficult to understand at the start. So the words should be simple.

Incentivized

• Needs more descriptive documentation
• The UI feels a bit old
• Some functionality still doesn't work correctly

it does the job reasonably well

Incentivized

The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.

Incentivized

Azure Sentinel is very easy to use and configure. If you are stuck somewhere, Microsoft support is excellent in assisting and solving your issue.

Incentivized

We decided to go with Microsoft Sentinel because it works really well with Microsoft tools we are already using. Microsoft Sentinel's intelligent features detect and resolve problems more quickly than Sumo Logic. It also allows us to pay for what we use and grow as we need. While Sumo Logic is good at analyzing data, Microsoft Sentinel fits our needs.

Well as I said, Elastic is behind paywall now and managing OpenSearch through AWS is so seamless that we just love it. It gets updates faster we don't have to manage separate infra and many other settings to work with elastic search and some of the tools that it provides are better then them.

Did not use professional services

Incentivized

• As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.

Incentivized

• Well we had 200 ms response times which decreased to 100ms while using OpenSearch
• Easy to use security plugins we dont need external IAM
• Super Easy Integration with many AWS Services such as kinsesi data stream and dynamoDB