Microsoft Sentinel vs. Rapid7 InsightVM

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
Microsoft Sentinel
Score 8.6 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
$2.46
per GB ingested
Rapid7 InsightVM
Score 8.1 out of 10
N/A
InsightVM is presented as the next evolution of Nexpose, by Rapid7. This Insight cloud-based solution features everything included in Nexpose, such as Adaptive Security and the proprietary Real Risk score, and extends visibility into cloud and containerized infrastructure. InsightVM also offers advanced remediation, tracking, and reporting capabilities not included in Nexpose.
$19
per GB
Pricing
Microsoft SentinelRapid7 InsightVM
Editions & Modules
Azure Sentinel
$2.46
per GB ingested
100 GB per day
$123.00
per day
200 GB per day
$221.40
per day
300 GB per day
$319.80
per day
400 GB per day
$410.00
per day
500 GB per day
$492.00
per day
More than 500 GB per day
$492.00 + $98.40
per day/plus each additional 100 GB increment
Log Management
$19
per GB
Vulnerability Management
$22
per asset
insightIDR
$52
per asset
Application Security
$2,000
per app
insignConnect
Contact sales team
Offerings
Pricing Offerings
Microsoft SentinelRapid7 InsightVM
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
Microsoft SentinelRapid7 InsightVM
Considered Both Products
Microsoft Sentinel
Chose Microsoft Sentinel
Compared to platforms such as Splunk, LogRhythm, and Devo, Microsoft Sentinel’s cloud‑native, consumption‑based pricing model and reduced infrastructure overhead tend to offer better overall cost efficiency. This is especially true for organizations already invested in the …
Chose Microsoft Sentinel
These are all the Microsoft products. We have used Splunk. And again, I would say Microsoft Sentinel stacks up because it's a native tool that is more like an ecosystem. It's not a standalone tool. It's like if you're in the Microsoft stack, Microsoft Sentinel will stack up …
Chose Microsoft Sentinel
Microsoft Sentinel gave us the opportunity to move to pay as you go model. This allows us to determine the value of a log source rather than paying a flat rate for data ingested or hosting a server ourself.
Chose Microsoft Sentinel
Most of our landscape, both on prem and cloude, is based in Microsoft technologies, while the unification of tools implies some risk, decreasing the vendor levels simplify integrations, and by scale, help us to reduce costs too. Yes, the tool itself is a good contender, but the …
Chose Microsoft Sentinel
They are for different use cases, field effect helps us monitor network traffic and decide what to do with it while Microsoft Defender Threat Intelligence allows more robust monitoring and control over 365 variables such as emails that come in and out and Entra ID information.
Chose Microsoft Sentinel
Microsoft Sentinel feels on another different level from these solutions , all in the cloud . No need for troubleshooting , deployment or upgrades. Constant updates from the vendor and good support
Chose Microsoft Sentinel
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and …
Chose Microsoft Sentinel
We decided to go with Microsoft Sentinel because it works really well with Microsoft tools we are already using. Microsoft Sentinel's intelligent features detect and resolve problems more quickly than Sumo Logic. It also allows us to pay for what we use and grow as we need. …
Chose Microsoft Sentinel
Well, primarily we use different stuff like CrowdStrike. We use different sign-on features. We primarily use those different products because we support a wider ecosystem.
Chose Microsoft Sentinel
Splunk, Google, SecOps. I look at how it stacks up based on the fact that it's the primary solution that we sell. So I think it stacks up really well. Why do we select it? Well, we selected it primarily because we're a very large Microsoft partner. The technology is very good …
Chose Microsoft Sentinel
Well before there was Microsoft Sentinel, you had other competing products like ArcSight or Splunk, et cetera. I think they have their own qualities, but the Microsoft integration story is really why we're using it.
Chose Microsoft Sentinel
In my opinion, Microsoft Sentinel is much more reliable and Trustworthy. They are a bigger name with bigger scope of use.
Chose Microsoft Sentinel
We use intune to protect endpoints and we pull logs from all the endpoints through the intune connector into the Microsoft Sentinel SIEM and that way we can run rules on those logs to find anomalies.
Chose Microsoft Sentinel
it is easy to use Microsoft Sentinel and has faster deployment and advanced artificial intelligence than splunk
Chose Microsoft Sentinel
Elastic seems to have a much better interface for log search and is able to filter out noise. Microsoft Sentinel also appears to generate a lot of false positives.
Chose Microsoft Sentinel
Elastic is some carbon for various use cases. So because Elastic is a very, very wrong history in the market. So Sentinel is very recent for products from my understanding.
Chose Microsoft Sentinel
Well, we didn't select, we selected Sentinel for our Azure stuff, our Microsoft stuff, but we do use a different SIEM for the other stuff still.
Chose Microsoft Sentinel
Prior to using Sentinel, we were using Splunk specifically Splunk Enterprise Security and Splunk Cloud, so their on-prem and their cloud-based products. We switched originally for cost reasons, specifically cost control, but I have found that the ability to create reports, the …
Chose Microsoft Sentinel
We've used Splunk before, but it really is just pick your poison. They're all very similar.
Chose Microsoft Sentinel
Based on the overall infrastructure configuration that we have and also after analysing various solutions provided by Microsoft Sentinel, we came to a conclusion that the Microsoft Sentinel is the best option for us to help us in overall threat detection on our custom servers, …
Chose Microsoft Sentinel
Sentinel AI makes it a better choice. Also, its flexibility and customization make it a bit more costly than other competitors.
Chose Microsoft Sentinel
I use most of the Sims that are out there, but RSAs, old Sim Log, logic, elastic, a lot of them. Sumo, we checked out Sumo too. We're a Microsoft shop and live almost entirely on top of a Microsoft ecosystem. We are considering other Microsoft security products to integrate …
Chose Microsoft Sentinel
The SecureWorks product is a more mature product. We prefer the SecureWorks product over Microsoft Sentinel at this point.
Chose Microsoft Sentinel
As mentioned, the product was part of the purchase of several Microsoft Suites that we did earlier last year and with 200 licenses included, we can exclude those from the other SIEM and SOAR product, it just work well with the Microsoft's environment that we partially have
Is …
Chose Microsoft Sentinel
The key advantage of using Sentinel lies in Microsoft already being a renowned name in cloud services. Hence, the Collection of data at the cloud scale across all users, devices, applications, and infrastructure, both on-premises and especially in the MS Cloud, is super easy. …
Rapid7 InsightVM
Chose Rapid7 InsightVM
Product functionality and performance
Financial/organizational viability
Product roadmap and future vision
Chose Rapid7 InsightVM
I think Tenable is very comparable and they are both leaders in this space. I evaluated both of them side-by-side and ultimately decided to go with Rapid7. Tenable did have a slight edge on the amount of information I was getting from the machines, but I landed on R7 because I …
Chose Rapid7 InsightVM
Rapid7 InsightVM is more cost effective than the other solution on the market. It is easy to deploy and the user interface is easy to use and intuative. We select Rapid7 InsightVM mainly because it integrates well with ServiceNow compared to the other solution that were …
Chose Rapid7 InsightVM
There is not major changes but I would like to say Remediation process is far organised then Qualys. Easy UI and Live dashboarding is add-on.
Chose Rapid7 InsightVM
Rapid7 InsightVM is a more professional tool than NESSUS because historically, it was based on metasploit which is a powerful pentesting and exploiting tool. InsightVM covers more attacking scenarios and vulnerabilities than competitors and still a leader in this domain.cloud …
Chose Rapid7 InsightVM
I personally like Qualys much better. Out of the box, and the overall configuration is more natural, and the system itself is more stable.
Chose Rapid7 InsightVM
Qualys Cloud Platform (formerly Qualysguard)
Chose Rapid7 InsightVM
Nessus Pro does scans, but does not maintain an inventory from scan to scan. There is no history for a specific device, you have to look inside the results of each scan. Search across inventory is non-existent. There are no dashboards for data analysis. This is no tracking …
Chose Rapid7 InsightVM
Tenable has a more refined look for the reporting that it provides as a result of scanning events, but Nexpose seems to have a better ability to help quantify risk and help prioritize the work needed to get the quickest security result for the team and the company. The Nessus …
Chose Rapid7 InsightVM
Selection was made by my manager. We have used Nessus before and switched to Rapid7 Nexpose.
Features
Microsoft SentinelRapid7 InsightVM
Security Information and Event Management (SIEM)
Comparison of Security Information and Event Management (SIEM) features of Product A and Product B
Microsoft Sentinel
8.1
Ratings
3% above category average
Rapid7 InsightVM
-
Ratings
Centralized event and log data collection8.70 Ratings00 Ratings
Correlation8.60 Ratings00 Ratings
Event and log normalization/management8.10 Ratings00 Ratings
Deployment flexibility6.90 Ratings00 Ratings
Integration with Identity and Access Management Tools8.40 Ratings00 Ratings
Custom dashboards and workspaces8.00 Ratings00 Ratings
Host and network-based intrusion detection8.30 Ratings00 Ratings
Data integration/API management8.00 Ratings00 Ratings
Behavioral analytics and baselining8.10 Ratings00 Ratings
Rules-based and algorithmic detection thresholds8.40 Ratings00 Ratings
Response orchestration and automation8.40 Ratings00 Ratings
Reporting and compliance management7.30 Ratings00 Ratings
Incident indexing/searching8.40 Ratings00 Ratings
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
Microsoft Sentinel
-
Ratings
Rapid7 InsightVM
7.4
Ratings
8% below category average
Network Analytics00 Ratings5.30 Ratings
Threat Recognition00 Ratings7.00 Ratings
Vulnerability Classification00 Ratings9.30 Ratings
Automated Alerts and Reporting00 Ratings9.30 Ratings
Threat Analysis00 Ratings7.40 Ratings
Threat Intelligence Reporting00 Ratings7.00 Ratings
Automated Threat Identification00 Ratings6.70 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
Microsoft Sentinel
-
Ratings
Rapid7 InsightVM
8.3
Ratings
1% above category average
IT Asset Realization00 Ratings9.00 Ratings
Authentication00 Ratings8.60 Ratings
Configuration Monitoring00 Ratings8.60 Ratings
Web Scanning00 Ratings7.00 Ratings
Vulnerability Intelligence00 Ratings8.30 Ratings
Best Alternatives
Microsoft SentinelRapid7 InsightVM
Small Businesses
LevelBlue USM Anywhere
LevelBlue USM Anywhere
Score 8.0 out of 10
Action1
Action1
Score 9.5 out of 10
Medium-sized Companies
Sumo Logic
Sumo Logic
Score 8.8 out of 10
Action1
Action1
Score 9.5 out of 10
Enterprises
Sumo Logic
Sumo Logic
Score 8.8 out of 10
CrowdStrike Falcon
CrowdStrike Falcon
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
Microsoft SentinelRapid7 InsightVM
Likelihood to Recommend
8.3
(0 ratings)
9.0
(0 ratings)
Likelihood to Renew
6.6
(0 ratings)
-
(0 ratings)
Usability
7.0
(0 ratings)
9.0
(0 ratings)
Support Rating
8.0
(0 ratings)
7.2
(0 ratings)
User Testimonials
Microsoft SentinelRapid7 InsightVM
Likelihood to Recommend
It's certainly well-suited in environments that rely heavily on Microsoft products, and it's well-suited for environments where you have other business drivers to go to the E5 license. If I were to say where I would not and why, I only gave it a seven on the recommendation, that answer would probably vary if you already owned E5 or not. It's extremely expensive. And if there are other alternatives, if you don't have any other driving reason to go to E5, I would coach you not to go to Microsoft Sentinel. But if you're there, it's a fantastic property. It's certainly part of the cost argument for moving to E5, but it's only a part. It can't by itself justify the move to E5.
Read full review
I think Rapid7 InsightVM is well suited for large enterprise customers with a lot of assets. It integrates well with a number of different ITSM solutions which I think is very good. There are not many CIS benchmarking tools on the market and Rapid7 InsightVM does a very good job at benchmarking. I think where Rapid7 InsightVM falls down a little is on false positive vulnerabilities. Sometime you there a few positive results on vulnerabily discovery. Tuning the settings for scan engines can sometimes be trick as well.
Read full review
Pros
  • It's mainly the data correlation. For example, in the Microsoft ecosystem, Microsoft Entra ID is a primary component of the authentication and authorization mechanism. So whenever you're using tools like Microsoft Intune, Defender for Endpoint, Entra ID is the key signal, right? So Microsoft Sentinel correlates the logs from all these devices and services very well, so I can see a very detailed attack shape to figure out what's going on.
Read full review
  • The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL.
  • Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team.
  • SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.
Read full review
Cons
  • I think it should include more third party integration with non microsoft products as well as with other cloud providers. These integrations should be native.
  • It should improve ML and AI capabilities.
  • I find its documentation a little bit difficult to understand at the start. So the words should be simple.
Read full review
  • Devices found and scanned are never removed. Removal must be done manually with no option for automation.
  • The database can be fragile. Ours quietly corrupted and progressively degraded until we had to restore and lose 6 months of data. Still didn't fix it and had to be rebuilt again losing all data.
  • Workflow for delegating remediation is supposed to be helpful, but can also become cumbersome.
  • Scheduling can become a nightmare if not monitored closely. We found jobs had failed to run because the server had gone offline. When the server came online, it did not try to run missed jobs. Running missed jobs all at once can overload the server, but searching for and launching a large number of missed jobs manually is a pain.
Read full review
Likelihood to Renew
it does the job reasonably well
Read full review
No answers on this topic
Usability
The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Read full review
While I think it is a great tool and platform, I believe it (like all tools and solutions) is always evolving and the needs for clients are changing as the industry evolves and threats are upgraded. Cost is good, and support is helpful. Some things could be more granular and others could be easier to understand
Read full review
Support Rating
Azure Sentinel is very easy to use and configure. If you are stuck somewhere, Microsoft support is excellent in assisting and solving your issue.
Read full review
I gave it a seven due to the functionality and general ease of use after the initial setup headaches, but compared to Qualys, Rapid7 Nexpose falls short on features and ease of use. Their support drags this rating down a point as well. I have gone weeks with no update on semi-critical issues and typically have to make call after call to get a semi-coherent response.
Read full review
Alternatives Considered
Compared to platforms such as Splunk, LogRhythm, and Devo, Microsoft Sentinel’s cloud‑native, consumption‑based pricing model and reduced infrastructure overhead tend to offer better overall cost efficiency. This is especially true for organizations already invested in the Microsoft ecosystem, where Sentinel can deliver strong capabilities with a lower total cost of ownership.
Read full review
I think Tenable is very comparable and they are both leaders in this space. I evaluated both of them side-by-side and ultimately decided to go with Rapid7. Tenable did have a slight edge on the amount of information I was getting from the machines, but I landed on R7 because I found the features of the InsightVM tool to be more useful. They both get the job done, but I found InsightVM a better experience to use on a day-to-day basis and had better quality of life features that I was looking for.
Read full review
Return on Investment
  • It's probably neutral. We see value, but it's, again, tick that kind of expense stuff. We're getting more insight and value into what is going on in that cloud workspace, but just noting the cost. So it's probably neutral. I'm not directly responsible, so the full kind of return on investment kind of cycle, that's someone else's problem. I'm like the end user. It's my team that will look at the data and look at the output of Microsoft Sentinel. So the ROI, someone else can worry about that.
Read full review
  • It certainly has a more positive impact than negative impact while performing the scans. Nexpose can find report vulnerabilities that our other scanner fails to identify during the scan because of its defined scan templates.
  • Also, even if the scan is not being performed due to some issues like reachability, whitelisting, etc. it will try to give scan results unlike QualysGuard which just marks the asset as unreachable.
Read full review
ScreenShots

Microsoft Sentinel Screenshots

Screenshot of Screenshot of Screenshot of Microsoft Sentinel Capabilities