Azure Sentinel has been used by our headquarters as a SIEM solution. Easy to learn, set up and use. Because it is highly scalable and cloud based, it has become ideal for managing events and providing security automation by creating automated SOAR responses to different levels of incidents, from undiscovered, simple to more complex. It has collaborated a lot in making business decisions and providing more security for the team and the organization.
- Easy to deploy and learn to use.
- Artificial intelligence.
- Analysis of any type of threat, including those that have not yet been discovered.
- Automation to respond to security incidents.
- Reduction of false positives.
- Easy to edit log analysis rules.
- The reporting feature can be improved. I sometimes see problems with exportation, instability and compatibility.
- Dependence on Microsoft Azure software.
Azure Sentinel is an excellent option like SIEM. It has cool, smart features and functionality, and is quite powerful in terms of processing information in the cloud. I recommend it to colleagues because it is very easy to deploy and configure, and learn to use it on a daily basis. The panel is super intuitive and rich in details. When opening Sentinel, it is already possible to analyze the indices that happened and those that deserve further attention and treatment.
Microsoft support is one of the highest rated on the market. It has global and multilingual support. Calls can be made over the phone and the solution is virtually instantaneous with the help of Microsoft engineers. It's great!