Azure Sentinel

Azure Sentinel Reviews

Do you work for this company? Learn how we help vendors

Reviews
(1-6 of 6)

Companies can't remove reviews or game the system. Here's why
Flavio Pereira | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Azure Sentinel has been used by our headquarters as a SIEM solution. Easy to learn, set up and use. Because it is highly scalable and cloud based, it has become ideal for managing events and providing security automation by creating automated SOAR responses to different levels of incidents, from undiscovered, simple to more complex. It has collaborated a lot in making business decisions and providing more security for the team and the organization.
  • Easy to deploy and learn to use.
  • Artificial intelligence.
  • Analysis of any type of threat, including those that have not yet been discovered.
  • Automation to respond to security incidents.
  • Reduction of false positives.
  • Easy to edit log analysis rules.
  • The reporting feature can be improved. I sometimes see problems with exportation, instability and compatibility.
  • Dependence on Microsoft Azure software.
Azure Sentinel is an excellent option like SIEM. It has cool, smart features and functionality, and is quite powerful in terms of processing information in the cloud. I recommend it to colleagues because it is very easy to deploy and configure, and learn to use it on a daily basis. The panel is super intuitive and rich in details. When opening Sentinel, it is already possible to analyze the indices that happened and those that deserve further attention and treatment.
Microsoft support is one of the highest rated on the market. It has global and multilingual support. Calls can be made over the phone and the solution is virtually instantaneous with the help of Microsoft engineers. It's great!
Score 9 out of 10
Vetted Review
Verified User
Review Source
Azure Sentinel was rolled out to the entire organization as part of a security initiative for our cloud environment. Being in a smaller IT group, but with lots of employees, it was important that we have a system that was awake when we weren't, and watching when we couldn't.
  • Automated detection and response
  • Detailed user/device information
  • Part of the MS cloudsphere, so has a familiar feel.
  • In the WFH world sometimes it would be nice to have a local client version when speed isn't the best from home
  • The ability to alert on a mobile device
  • A mobile app to do an investigation while on the move
It is well suited if you are in a mostly Microsoft shop and want integrated security and tracking. It does work with other OSs but the depth of information and abilities is not as robust.
I haven't yet had to use support for Sentinel.
Aleksei Jegorov | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source
Azure Sentinel is just a great tool to work with different products of Microsoft 365.
It allows automating analysis for cloud data and authentication data that we used with MS. Data connectors get data from cloud applications.
In general, it provides the ability to detect threats and react to them in real-time.
Centralized location to control all the services.
  • Free of charge, because it is a tool to work with MS products
  • Easy to configure MS data sources
  • Edit rules of log analytics
  • KQL language is quite similar to SQL
  • Integration with other MS products
  • Adding new analytical rules
  • Nice data visualization
  • Saves our time, when everything is under one roof
  • Need some time to set up the services
  • Query system is confusing the first time
  • Response data is not easy to read
  • Sometimes rules cannot be linked with playbooks
  • Not every service can export data to XML / CSV
It is a MS Security log under one roof. In case you like to work with MS Cloud products.
Recommend it for developers who are looking to upgrade the organization's security without much setup and expenses.

In most cases everything is clear. Of course, it takes the time for initial steps, but this time is worth it.
KQL language is quite intuitive, similar to SQL, that every developer knows.
Also, MS provides its own training program.
To be honest, there are not many third-party forums where we can find discussion about Sentinel. But some communities exist on Reddit.
July 22, 2021

SIEM who?

Score 9 out of 10
Vetted Review
Verified User
Review Source
We mostly use it for our own data security, so I would say it's being used across the whole organization. We do have a few customers that have migrated over to it as well. Being an IT provider we store a lot of sensitive data and it helps us identify any threats.
  • We use Azure and Office 365 and it has helped us monitor our customers and provide the best service for their money as well as our own security.
  • It's nice having this automated which takes a lot of our technicians
  • We don't have any issues with it so far
  • Interface is very easy to use
Azure Sentinel and SecureSky have the flexibility we need for a company of our size. There's room for growth and the integration with our system was flawless. It's an amazing option as a SIEM and has so many features that it's allowed us to cut out other applications and save on cost. Their queries are lightning fast compared to what we were using in the past!
We haven't had to utilize the support so far, but I do know that the support we received for our integration was phenomenal!
Score 10 out of 10
Vetted Review
Verified User
Review Source
Azure Sentinel is currently being used as our single location where we check all the monitoring alerts we get on our Azure resources.
  • The UI-based analytics are excellent
  • Excellent tools for cleaning data, sorting out irrelevant log data, and even fixing log data.
  • There's not much that needs improvement, but the on-prem log sources still require a lot of development.
Azure Sentinel is your to go to software if you are using Azure as your cloud hosting partner. It can give you a lot of flexibility when in comes in your security dashboards.
Azure Sentinel is very easy to use and configure. If you are stuck somewhere, Microsoft support is excellent in assisting and solving your issue.
Score 10 out of 10
Vetted Review
Verified User
Review Source
Azure Sentinel is used across the organization to collect logs from on-premises servers but also to manage our cloud deployments (Azure subscriptions, Azure AD, Office 365, Intune/MDD). Currently are doing test/PoC to collect logs from endpoints (Windows workstations). We have tried collecting logs from our UTM devices as well, while it works, I require a Linux syslog server to send the logs initially and then send it to Log Analytics/Sentinel so have abandoned collecting UTM logs, decided to use the UTM vendor's own log management product to manage UTM logs.
  • Very easy to setup
  • Pay as you use--month-to-month subscription--no lengthily contracts
  • Works very well with other Microsoft tools as it has native integration
  • Cheaper then other SIEM products
  • No need to deploy any infrastructure on-premises to manage it
  • Very fast deployment
  • Better integration with third-party tools
  • More connectors for third-party tools
  • Better online training available
  • More built-in queries
If you are new to SIEM and have not invested in pre-exiting SIEM solutions, Azure Sentinel is a great way to start your SIEM journey. This is especially true if you are involved in other Microsoft products or are using Office 365 or Azure, it would be very easy to deploy and will have the logs in no time.
The support is standard Microsoft support. It's not bad, but far from best in the industry. Compared to not having too many online courses/training available, this can be a roadblock, but in all honesty, deployment and day-to-day operations are easy and the product is intuitive. If you know how to read and understand Windows logs and have basic knowledge in any query language, you won't have much difficulty getting around. If you have some urgent investigation to do and you are stuck in understanding what happened and have difficulty correlating logs from different systems, other products probably will have better support where you can call someone and have screen sharing session/assistance in finding what's going on, but you pay premium for that, so at the end it all depends on your budget, technical skills, and comfort level.

Azure Sentinel Scorecard Summary

Feature Scorecard Summary

Security Information and Event Management (SIEM) (13)
94%
9.4
Centralized event and log data collection (6)
98%
9.8
Correlation (6)
93%
9.3
Event and log normalization/management (5)
96%
9.6
Deployment flexibility (6)
84%
8.4
Integration with Identity and Access Management Tools (6)
92%
9.2
Custom dashboards and workspaces (6)
90%
9.0
Host and network-based intrusion detection (5)
92%
9.2
Data integration/API management (5)
98%
9.8
Behavioral analytics and baselining (4)
95%
9.5
Rules-based and algorithmic detection thresholds (5)
98%
9.8
Response orchestration and automation (4)
95%
9.5
Reporting and compliance management (5)
96%
9.6
Incident indexing/searching (5)
96%
9.6

What is Azure Sentinel?

Microsoft's Azure Sentinel is designed as a birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs.

Azure Sentinel Pricing

More Pricing Information

SaaS Editions Pricing
Pricing DetailsTerms
Azure Sentinel$2.46per GB ingested
100 GB per day$123.00per day
200 GB per day$221.40per day
300 GB per day$319.80per day
400 GB per day$410.00per day
500 GB per day$492.00per day
More than 500 GB per day$492.00 + $98.40per day/plus each additional 100 GB increment

Azure Sentinel Technical Details

Deployment TypesSaaS
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

What is Azure Sentinel?

Microsoft's Azure Sentinel is designed as a birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs.

What is Azure Sentinel's best feature?

Reviewers rate Centralized event and log data collection and Data integration/API management and Rules-based and algorithmic detection thresholds highest, with a score of 9.8.

Who uses Azure Sentinel?

The most common users of Azure Sentinel are from Mid-size Companies and the Information Technology & Services industry.