Likelihood to Recommend I'll go with where it's very suited in certain industries, including ours where the data resides or where it's being sent is incredibly important. So because the data stays within Microsoft World Garden, we are able to piggyback off of a lot of those certifications and meet certain requirements that allow us to expand where we sell our product to outside of scopes that we couldn't reach ourselves.
Read full review SumoLogic is a fantastic log aggregator and analysis tool, a fine alternative to
Splunk . Searching is powerful and mostly intuitive and results come fast. If you have application logs in clusters or Kubernetes pods that lose their logs every time they're restarted, Sumo is the solution for you
Read full review Pros It is a good tool for threat detection and analysis of the threats. We are using this tool for real time threat detection on our employee machines as well as some servers. It provides various options for collecting data sources by leveraging multiple sources using data connectors. This helps us in gathering data from multiple sources such as our servers as well as our employee machines. One good thing about this tool is automated incident response thereby increasing the security of servers. Read full review Sumo Logic allowed for our InfoSec team to ingest logs from our CDN directly, in real-time, instead of massive compressed archives that were sent every two-hours (the only alternative at the time). Sumo Logic had an app for these logs, that allowed us to easily get an immediate payoff from the data, with canned dashboard and saved searches. Sumo Logic has a fairly extensive REST API when it comes to log sources, source configurations, dashboard data, searches, etc. Their wiki for the API is usually kept up to date. Sumo Logic, during the period of time I had used their product, had added the ability to configure agents via configuration files. This allowed customers to configure their endpoints, and modify the endpoints, with configuration management tools like Chef / Puppet / Salt. Beforehand, the only option was to always make changes either via the web portal or REST API. The solutions engineers were extremely helpful, and easily reachable when issues would occur. Users at our company found it easy to get started, working on new dashboards, scheduled searches, and alerting. The alerting worked well with our third-party paging tool. Read full review Cons 'Notebook' has always been a very hard to use feature for me in Sentinel. From my experience, there have been a very selective use cases for this feature across the industry. 'Entity Behavior' has some scope to be improved further since it is a feature that gives some useful insights but needs to be accessed separately. I think it should be re-worked in a way to be used within the incident investigation page. I'd like to see a more user-friendly version of the 'Content Hub' menu which was the earlier version! The new UI is somewhat confusing to use and is dependent on a lot of filters being applied which do not even lasts for a single session. With each refresh, we have to apply the filters again. Read full review I like the help center, but I think if it had more GUI tools, it could help new users. Pulling out data is sometimes hard to read, (Maybe if I knew how to export data better, this would not be an issue for me). I would like better know-how on how to create reports that will help our business. Read full review Usability The Microsoft Azure Sentinel solution is very good and even better if you use Azure. It's easy to implement and learn how to use the tool with an intuitive and simple interface. New updates are happening to always bring new news and improve the experience and usability. The solution brings reliability as it is from a very reliable manufacturer.
Read full review Sumo Logic is very powerful but definitely requires some configuration work to get the most out of it. You can get a certification related to this, but it is definitely not something you can just throw together.
Read full review Support Rating Azure Sentinel is very easy to use and configure. If you are stuck somewhere, Microsoft support is excellent in assisting and solving your issue.
Read full review I would give this rating because I attended a free Sumo Logic training at a WeWork in Chicago. I found the training very useful, and I learned a lot of features that I was not aware of before I went to the training. I like the idea that SumoLogic provides free training seminars. I am certified in level1, and I plan on certifying to level2.
Read full review Implementation Rating I was satisfied with the implementation, as at the time, it was the best way to implement the product with the available feature sets in Sumo Logic. User creation and management became more of an issue during continued use, instead of it being an issue related to deploying the product in our environment.
Read full review Alternatives Considered I use most of the Sims that are out there, but RSAs, old Sim Log, logic, elastic, a lot of them. Sumo, we checked out Sumo too. We're a Microsoft shop and live almost entirely on top of a Microsoft ecosystem. We are considering other Microsoft security products to integrate with it. So it made a lot of sense to really drive as hard as we could Microsoft Sim at least for a few years to make sure it would fit us.
Read full review Sumo Logic works very well out of the gate. For a small business it has given us what we need. I worked at a larger company previously, and we produced so many logs we had to create a custom logging service to handle them all. Cost and availability are big issues when deciding between the different services, whether self maintained and hosted, or provided by another company.
Read full review Professional Services Did not use professional services
Read full review I've assisted several OneLogin customers with partner accounts to Sumo Logic. It has always been pleasant.
Read full review Return on Investment Log Management is a little difficult in-house as everything is situated on the cloud. Paying according to the throughput of the data can be costlier for some organizations. Excellent integration and log parsing for Microsoft products save many man-hours for the SIEM admin to focus on other things. Read full review I can't think of any negative side effects other than it being SO slow sometimes, but compared to Splunk everything is slow It's SO much cheaper than Splunk that the time it takes to query information is well worth it In the times that we've had Sumo go down or stop logging information, we've found that we'd be absolutely lost without Sumo Read full review ScreenShots Microsoft Sentinel Screenshots