Skip to main content
TrustRadius
Microsoft Sentinel

Microsoft Sentinel
Formerly Azure Sentinel

Overview

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Read more
Recent Reviews

Microsoft Sentinel

8 out of 10
September 12, 2023
Incentivized
So it's a lot around the correlation of different log systems within our customer systems to give us information and threat intelligence …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Centralized event and log data collection (14)
    8.6
    86%
  • Correlation (14)
    8.4
    84%
  • Event and log normalization/management (14)
    8.2
    82%
  • Custom dashboards and workspaces (14)
    7.4
    74%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Azure Sentinel

$2.46

Cloud
per GB ingested

100 GB per day

$123.00

Cloud
per day

200 GB per day

$221.40

Cloud
per day

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.microsoft.com/en…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

Microsoft Sentinel: Monitoring health and integrity of analytics rules

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.4
Avg 7.8
Return to navigation

Product Details

What is Microsoft Sentinel?

Microsoft Sentinel is a security operations center (SOC) solution used to uncover sophisticated threats and respond with a security information and event management (SIEM) solution for proactive threat detection, investigation, and response. It eliminates security infrastructure setup and maintenance, and elastically scales to meet the user's security needs.

Helps users to protect the digital estate: Secures the digital estate with scalable, integrated coverage for a hybrid, multicloud, multiplatform business.

Microsoft intelligence to Empower SOC: Optimizes SecOps with advanced AI, security expertise, and threat intelligence.

Detection, investigation and Response: A unified set of tools to monitor, manage, and respond to incidents.

Cost of ownership: A cloud-native SaaS solution to reduce infrastructural costs.

Microsoft Sentinel Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Host and network-based intrusion detection
  • Supported: Log retention
  • Supported: Data integration/API management
  • Supported: Behavioral analytics and baselining
  • Supported: Rules-based and algorithmic detection thresholds
  • Supported: Response orchestration and automation
  • Supported: Incident indexing/searching

Microsoft Sentinel Screenshots

Screenshot of Screenshot of Screenshot of Microsoft Sentinel Capabilities

Microsoft Sentinel Videos

Playlist for Microsoft Sentinel videos
Microsoft Sentinel: Monitoring health and integrity of analytics rules

Microsoft Sentinel Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Reviewers rate Deployment flexibility highest, with a score of 9.2.

The most common users of Microsoft Sentinel are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(70)

Attribute Ratings

Reviews

(1-21 of 21)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We are hybrid company that allow folks to work from anywhere, as for the flexibility, the security portion is becoming more exposed, this is where the Microsoft Sentinel has helped us to manage, there are over 200 end point devices that we managed by it, the management include automatic threat detection, automatic defined intelligent security and overall security issue, both from SIEM Perspective and SOAR Perspective, the dashboard is really eye catching and with such dashboard any deviations from our pre-defined values are captured in automated way, despite that we only use it for 200 out of 1000 devices, the result we have has been helping us in managing incidents and most importantly prevent them to harm our organization
November 13, 2023

SIEM means Sentinel

Yash Mudaliar | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Microsoft Sentinel is being used as the hero product in our MSSP offerings. Our clients use it as a cloud native SIEM (Security Information and Event Management) and SOAR (Security Orchestration and Automated Response) tool. While the mains use case still remains as 'Incident Management', some of our clients also use it as an event management tool to derive actionable insights from the logs ingested.
Rogier Dijkman | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We are using Microsoft Sentinel as our main SIEM solution at Nedscaper for managing out customers that are onboarded to our MXDR service. The main challenge is distributing analytics rules, playbooks, watchlists, and other artifacts at scale without implementing complex deployment pipelines in either GitHub or Azure DevOps. There are several options available, like Azure Lighthouse or using the Microsoft Sentinel Workspace Manager (Preview). Both have their pros and cons on both authentication levels, as scalability and support in artifacts that can be synchronized.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We were using an in-house SIEM solution in our organization wherein most of our log sources were placed in the cloud. We are using multiple services from Microsoft Cloud. Switching to a cloud-based SIEM provided by Microsoft itself has given us an excellent opportunity to parse and analyze our logs over the cloud itself. Hence, the transition from the traditional in-house SIEM to Sentinel occurred.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Sentinel is our SIEM solution that is used in our MSSP service where it is used to monitor security incidents for our customers. The integration and native support for all Microsoft products is really beneficial and helps customers with a quick onboarding. It is being used to monitor both cloud as on-premises workloads where different streams of logs are being ingested in the portal. The solution helps to centrally manage all Sentinel instances of customers where standardized solution can be distributed to the customers.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
One of our client-first enterprise clients recently faced a challenge of effectively detecting and responding to security threats across its multi-cloud and on-premises environments. The organization has a diverse tech infrastructure and were struggling with the lack of centralized visibility into security events across their multi cloud environment, Inability to detect and respond to security threats timely and the need to meet industry specific compliance requirements while handling sensitive customer data. Microsoft Sentinel came up with some solution to address these challenges:
1. Centralized Security Data Collection : Microsoft Sentinel team configured the tool to collect security data from all the different cloud providers, on-premises servers, and security tools used by the organization. Azure Sentinel's extensive connectors and integrations ensured comprehensive data collection.
2. Security Analytics and Threat Detection: The implemented platform used built-in and custom detection rules to analyze the collected data for signs of suspicious or malicious activities. Machine learning algorithms and threat intelligence integration enhanced the organization's ability to identify threats.
3. Incident Investigation and Response: Security analysts used the centralized dashboard to investigate security incidents. Automated playbooks were then created to streamline incident response, allowing the organization to respond to threats more efficiently.
4. Compliance and Reporting: Azure Sentinel provided out-of-the-box compliance reports and templates, which helped the organization demonstrate compliance with industry-specific regulations. Custom reports and queries were also created to address specific compliance requirements.
Namandeep Bhatia | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use it to addres various security-related challenges and streamline our security operations. We mainlu use it for : - Threat Detection and Analysis - Security Automation and Orchestration:
Glenn H. Miller | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
It enables us to route security information through a tool and set up alerts to respond to possible concerns; it also connects with analytical tools to track trends, among other things. Provides real-time warnings and threat detection so that the security team can work on occurrences as rapidly as possible. Logs are easy to search and analyze, allowing for quick judgments on key security issues. It supports all sorts of log sources, allowing you to manage all endpoints on a single platform and save a lot of time when dealing with major occurrences so that remedial measures can be made quickly.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Microsoft Sentinel is the SIEM (Security Information and Event Management), according to Microsoft. Entirely cloud-based, Microsoft Sentinel requires little to no effort in terms of on-premise hosting requirements. Very user-friendly and very powerful, Microsoft Sentinel takes an important step from a "simple" SIEM to a SOAR, integrating both SIEM and XDR functionalities in a cloud-based product that is covered by the Microsoft Azure cloud power.
September 13, 2023

Microsoft Sentinel Review

Score 10 out of 10
Vetted Review
Verified User
Incentivized
So as far as the Security Operations Center, they utilized it to protect the boundary to make sure no assets are getting hacked. If somebody does attempt to hack it or whatnot, quarantine that asset during the investigation, try to find out what happened with that asset and once they figure it out, remediate it and clear it up, making sure they continue to utilize the product to monitor that and other product within the organization.
September 13, 2023

Microsoft Sentinel Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use a centralized sim where we collect all the logs from our Microsoft SaaS products and from our environment network and endpoint. We also use Microsoft Defender 365 and Microsoft Defender Endpoint Security. Through the center we monitor the environment, and we have the rules in, so our security analyst watches the dashboard, and based on the alerts we built FI and incident response from the defender console, Sentinel console.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Microsoft Sentinel is a cloud-based comprehensive and robust SIEM (Security information and event management) that is used for a variety of company FW/VPN infrastructure security events tracking as well as end-user protection monitoring (it is easily connected to MS Defender). The huge list of built-in connectors for different solutions/hardware eliminates any deployment issues that we had with previous SIEM system deployments. With Microsoft Sentinel, we are able to centralize all the security operations at a single point.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Azure Sentinel was rolled out to the entire organization as part of a security initiative for our cloud environment. Being in a smaller IT group, but with lots of employees, it was important that we have a system that was awake when we weren't, and watching when we couldn't.
Flavio Pereira | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Azure Sentinel has been used by our headquarters as a SIEM solution. Easy to learn, set up and use. Because it is highly scalable and cloud based, it has become ideal for managing events and providing security automation by creating automated SOAR responses to different levels of incidents, from undiscovered, simple to more complex. It has collaborated a lot in making business decisions and providing more security for the team and the organization.
Return to navigation