TrustRadius: an HG Insights company

Microsoft Sentinel

Score8.6 out of 10

155 Reviews and Ratings

Free Trial

Top Performing Features

+2%

Centralized event and log data collection

Effectiveness of real-time centralized event and log data collection

Cat avg: 8.5

+2%

Correlation

Correlation of logs and events to pinpoint significant threats

Cat avg: 8.4

+1%

Rules-based and algorithmic detection thresholds

Effectiveness of manually-established rules and algorithmically-determined detection thresholds

Cat avg: 8.3

+11%

Response orchestration and automation

Quality of built-in response orchestration and automation in Next-Gen SIEM

Cat avg: 7.6

Worst Performing Features

-7%

Deployment flexibility

Ability to tune system to maximize threat detection and minimize false positives

Cat avg: 7.4

-14%

Reporting and compliance management

Ease and quality of reporting and compliance functions

Cat avg: 8.5

0%

Data integration/API management

Ease and quality of data integrations between SIEM and other systems

Cat avg: 8

Microsoft Sentinel Features from Reviews

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.10%

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

    Category average: 8.5

  • Correlation

    Correlation of logs and events to pinpoint significant threats

    Category average: 8.4

  • Event and log normalization/management

    Ability to normalize event syntax so that logs can be compared and are machine-understandable

    Category average: 8.6

  • Deployment flexibility

    Ability to tune system to maximize threat detection and minimize false positives

    Category average: 7.4

  • Integration with Identity and Access Management Tools

    Integration with access control tools like Active Directory and LDAP

    Category average: 8.1

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

    Category average: 8.4

  • Host and network-based intrusion detection

    Ability to detect both endpoint intrusion and network ingress detection

    Category average: 8.1

  • Data integration/API management

    Ease and quality of data integrations between SIEM and other systems

    Category average: 8

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

    Category average: 7.6

  • Rules-based and algorithmic detection thresholds

    Effectiveness of manually-established rules and algorithmically-determined detection thresholds

    Category average: 8.3

  • Response orchestration and automation

    Quality of built-in response orchestration and automation in Next-Gen SIEM

    Category average: 7.6

  • Reporting and compliance management

    Ease and quality of reporting and compliance functions

    Category average: 8.5

  • Incident indexing/searching

    Effectiveness of searching across structured and unstructured events and incidents within SIEM

    Category average: 8.2

Microsoft Sentinel Features from the Vendor

Security Information and Event Management (SIEM)

Vendor-reviewed

  • Centralized event and log data collection

    Effectiveness of real-time centralized event and log data collection

  • Correlation

    Correlation of logs and events to pinpoint significant threats

  • Event and log normalization/management

    Ability to normalize event syntax so that logs can be compared and are machine-understandable

  • Deployment flexibility

    Ability to tune system to maximize threat detection and minimize false positives

  • Integration with Identity and Access Management Tools

    Integration with access control tools like Active Directory and LDAP

  • Custom dashboards and workspaces

    dashboards that can be customized to meet the needs of specific groups

  • Host and network-based intrusion detection

    Ability to detect both endpoint intrusion and network ingress detection

  • Log retention

    Length and quality of log storage and archiving over time

  • Data integration/API management

    Ease and quality of data integrations between SIEM and other systems

  • Behavioral analytics and baselining

    How effectively activity and behavior baselines are established and maintained

  • Rules-based and algorithmic detection thresholds

    Effectiveness of manually-established rules and algorithmically-determined detection thresholds

  • Response orchestration and automation

    Quality of built-in response orchestration and automation in Next-Gen SIEM

  • Incident indexing/searching

    Effectiveness of searching across structured and unstructured events and incidents within SIEM