Microsoft Sentinel Review Insights

Score8.6 out of 10

155 Reviews and Ratings

Back to Reviews

Insights from Microsoft Sentinel Reviewers

Based on 16 verified reviews published in the last 18 months

What other products like Microsoft Sentinel have you used or evaluated?

16 answered

When discussing products similar to Microsoft Sentinel, reviewers frequently identify other security information and event management (SIEM) solutions that they have used or evaluated. Splunk is the most commonly cited alternative, mentioned by 3 of 16 reviewers. This suggests that Splunk, encompassing offerings such as Splunk Enterprise Security and Splunk Cloud Platform, is a significant competitor or complementary tool in the security operations landscape, often considered for its comprehensive capabilities. Another notable alternative is IBM Security QRadar SIEM, which 2 of 16 reviewers have either used or evaluated, sometimes alongside other platforms like LogRhythm. The consistent mention of these established SIEM platforms indicates that organizations often consider a range of robust solutions to meet their security monitoring, threat detection, and incident response needs, highlighting a competitive market for these critical tools.

Splunk

3 mentions

Splunk is frequently cited as a primary alternative or comparable solution to Microsoft Sentinel, with 3 of 16 reviewer…

Splunk is frequently cited as a primary alternative or comparable solution to Microsoft Sentinel, with 3 of 16 reviewers indicating prior experience or evaluation. Reviewers specifically mentioned various Splunk offerings, including Splunk Enterprise Security and Splunk Cloud Platform, suggesting its broad presence in the SIEM market as a robust option for security operations.

IBM Security QRadar SIEM

2 mentions

IBM Security QRadar SIEM is another established platform that reviewers have used or evaluated in contexts similar to M…

IBM Security QRadar SIEM is another established platform that reviewers have used or evaluated in contexts similar to Microsoft Sentinel, cited by 2 of 16 reviewers. Its mention, sometimes alongside other SIEM products like LogRhythm, indicates its standing as a recognized enterprise-grade solution for security information and event management.

Do you use Microsoft Sentinel’s AI, machine learning, and analytics for threat detections? How do you use these features? What have you accomplished with these features?

16 answered

A significant majority of reviewers, representing 69% of the sample, utilize Microsoft Sentinel's AI, machine learning, and analytics capabilities primarily for enhanced threat detection and response. These features are frequently credited with enabling faster identification of suspicious activities and providing deeper insights into potential threats, which in turn supports proactive mitigation strategies. Reviewers frequently highlight the system's ability to detect anomalous patterns that might otherwise be missed by traditional rules-based systems. This advanced detection capability contributes to notable operational efficiencies, with 19% of reviewers specifically citing time savings and a reduction in the impact of security incidents. However, a segment of the user base, comprising 31% of reviewers, reports limited or no current use of these specific AI and machine learning features, often due to reliance on alternative tools, ongoing implementation plans, or a lack of direct experience in their current roles.

Threat Detection and Response

11 mentions

Reviewers largely leverage Microsoft Sentinel's AI and analytics for improving threat detection, with 69% of the sample…

Reviewers largely leverage Microsoft Sentinel's AI and analytics for improving threat detection, with 69% of the sample noting its benefits. These capabilities are valued for their ability to quickly identify unusual or suspicious activities, often leading to automated responses and a better understanding of threat landscapes. The advanced features are reported to enhance overall security posture by detecting scenarios beyond regular detection rules and preventing issues like data loss.

Limited or No Usage

5 mentions

A notable portion of the review base, 31%, indicates limited or no current utilization of Microsoft Sentinel's AI, mach…

A notable portion of the review base, 31%, indicates limited or no current utilization of Microsoft Sentinel's AI, machine learning, and analytics features. Reasons for this vary, including reliance on existing security tools or partners, personal inexperience with the features, or the features being part of a future roadmap rather than current deployment. Some reviewers also expressed uncertainty about the tangible benefits or impact of these features in their environments.

Efficiency and Time Savings

3 mentions

The application of AI and analytics within Microsoft Sentinel is reported to yield significant efficiency gains for sec…

The application of AI and analytics within Microsoft Sentinel is reported to yield significant efficiency gains for security operations. Reviewers highlight substantial reductions in the time and effort required from security personnel, with 19% of the sample specifically mentioning these benefits. These features are credited with accelerating the identification, investigation, and resolution of security incidents, thereby preventing potential issues such as data loss.

How do you use Microsoft Sentinel’s investigation tools? How has it impacted your investigation process?

16 answered

Microsoft Sentinel's investigation tools are primarily valued for significantly enhancing the speed and efficiency of threat analysis, a benefit highlighted by 9 of 16 reviewers. The platform's ability to streamline the investigation process and enable quicker responses to incidents is a key advantage, often cited in comparison to other Security Information and Event Management (SIEM) solutions. Additionally, 3 of 16 reviewers praised the tool for its robust incident aggregation and detailed entity analysis capabilities, which provide a consolidated view of security events and deep insights into affected assets. While 4 of 16 reviewers expressed mixed sentiment regarding the ease of use, noting a learning curve for beginners, particularly with KQL, the overall sentiment points to a powerful tool that, once mastered, greatly improves security operations. Furthermore, 2 of 16 reviewers noted the value of its integration with other Microsoft tools like Logic Apps and Security Co-pilot, which further enrich data and automate workflows.

Investigation speed and efficiency

9 mentions

Reviewers consistently report that Microsoft Sentinel's investigation tools significantly reduce the time required to c…

Reviewers consistently report that Microsoft Sentinel's investigation tools significantly reduce the time required to conduct security investigations and react to incidents. This efficiency is attributed to its powerful analytical capabilities and fast searching functionality, which allow security teams to understand threats more quickly and respond effectively.

Ease of use and learning curve

4 mentions

The ease of use for Microsoft Sentinel's investigation tools elicits mixed reactions from reviewers. While some feature…

The ease of use for Microsoft Sentinel's investigation tools elicits mixed reactions from reviewers. While some features, such as the graph view for incident investigation, are noted for simplifying complex problems, the initial learning curve, particularly for mastering Kusto Query Language (KQL), can be challenging for new users.

Incident aggregation and entity analysis

3 mentions

Reviewers appreciate Microsoft Sentinel's ability to aggregate related alerts into comprehensive incidents, offering a…

Reviewers appreciate Microsoft Sentinel's ability to aggregate related alerts into comprehensive incidents, offering a unified interface for all relevant details. The tool also provides detailed profiles for entities involved in an incident, such as users, hosts, or IP addresses, which assists in understanding attack paths and conducting deeper event analysis.

Integration with other tools

2 mentions

The integration capabilities of Microsoft Sentinel with other tools are seen as beneficial for enhancing investigation…

The integration capabilities of Microsoft Sentinel with other tools are seen as beneficial for enhancing investigation processes. Reviewers specifically mention leveraging Logic Apps for enriching incident data and utilizing Security Co-pilot to further support their security operations.

What are the different sources from which you pull data into Microsoft Sentinel?

16 answered

Microsoft Sentinel users integrate data from a diverse array of sources, with a strong emphasis on Microsoft's own ecosystem and traditional IT infrastructure. A significant portion of reviewers, 38%, specifically highlight the integration of Microsoft 365 services, including SharePoint and Office 365, noting their utility in identifying and responding to threats due to comprehensive activity logging. Beyond Microsoft's cloud offerings, on-premises and server data are also frequently imported, with 31% of reviewers mentioning sources such as Windows and Linux servers, and various on-premise devices. Network and firewall data, including logs from Palo Alto and other firewalls, are cited by 25% of the reviewers as essential for security monitoring. Similarly, cloud infrastructure and services, particularly Azure and other hosting environments, are integrated by 25% of the user base. While most data ingestion is direct, a smaller segment of reviewers, 13%, leverages third-party connectors or APIs, sometimes with mixed results regarding scope and visibility, to curate and push data into Sentinel.

Microsoft 365 Sources

6 mentions

Reviewers frequently integrate data from Microsoft 365 services into Sentinel, finding it particularly useful for secur…

Reviewers frequently integrate data from Microsoft 365 services into Sentinel, finding it particularly useful for security monitoring. The extensive logging of user activity within these services, such as SharePoint and Office 365, helps identify unusual behavior and respond to potential threats. This integration is highlighted by 38% of reviewers as a key benefit.

On-Premises and Server Data

5 mentions

A substantial number of reviewers, 31%, incorporate data from traditional on-premises infrastructure and various server…

A substantial number of reviewers, 31%, incorporate data from traditional on-premises infrastructure and various server types. This includes logs from Windows and Linux servers, as well as other on-site data devices and endpoints. The ability to pull data from these diverse systems ensures comprehensive security coverage across hybrid environments.

Firewall and Network Data

4 mentions

Data from firewalls and other network devices are a common input for Microsoft Sentinel, as noted by 25% of reviewers.…

Data from firewalls and other network devices are a common input for Microsoft Sentinel, as noted by 25% of reviewers. This includes logs from specific vendors like Palo Alto, as well as general firewall and network logs. These sources are critical for monitoring network traffic and identifying security incidents at the perimeter.

Cloud Infrastructure and Services

4 mentions

Reviewers frequently integrate data from various cloud infrastructure and services, with 25% specifically mentioning th…

Reviewers frequently integrate data from various cloud infrastructure and services, with 25% specifically mentioning these sources. Azure is a primary source, along with other hosting environments and cloud applications. This allows for centralized security monitoring across an organization's cloud footprint.

Third-Party Connectors/APIs

2 mentions

Some reviewers, 13% of the sample, utilize third-party products or APIs to ingest data into Microsoft Sentinel. While t…

Some reviewers, 13% of the sample, utilize third-party products or APIs to ingest data into Microsoft Sentinel. While these methods can facilitate data curation and integration, one reviewer noted limitations in scope and visibility when using internally developed third-party applications. This suggests that direct integration or established connectors may offer more comprehensive insights.

What positive or negative impact (i.e. Return on Investment or ROI) has Microsoft Sentinel had on your overall business objectives?

16 answered

Microsoft Sentinel primarily demonstrates a positive impact on business objectives through enhanced security capabilities, particularly in threat detection and response. Reviewers frequently highlight its ability to provide fast and accurate threat detection, often leveraging AI features, which helps prevent data loss and improve overall security posture, as noted by 10 of 16 reviewers. While the return on investment (ROI) is perceived as positive by some, 7 of 16 reviewers express mixed sentiment, citing challenges in quantifying security ROI and concerns regarding the product's cost. However, the platform also contributes to operational efficiency by automating threat responses and reducing manual work, a benefit observed by a quarter of reviewers. Furthermore, it supports business growth by enabling organizations to scale services and improve visibility into the threat landscape, as indicated by 4 of 16 reviewers.

Threat Detection and Response

10 mentions

Reviewers consistently commend Microsoft Sentinel for its robust capabilities in identifying and responding to security…

Reviewers consistently commend Microsoft Sentinel for its robust capabilities in identifying and responding to security threats. The platform's AI features are frequently cited for ensuring fast and accurate detection, leading to a reduced number of false positives and improved response times. This proactive approach helps organizations secure their infrastructure and enhance their overall security posture.

Cost and ROI

7 mentions

The perceived return on investment (ROI) for Microsoft Sentinel elicits mixed reactions from reviewers. While some repo…

The perceived return on investment (ROI) for Microsoft Sentinel elicits mixed reactions from reviewers. While some report a good ROI and profitability, particularly for service providers, others find it challenging to quantify the exact financial benefits of a security product. Concerns about the overall cost are also present, although some reviewers note potential savings through reduced personnel requirements for monitoring.

Business Growth and Opportunities

4 mentions

Microsoft Sentinel is seen as a positive enabler for business growth and new service opportunities, particularly for or…

Microsoft Sentinel is seen as a positive enabler for business growth and new service opportunities, particularly for organizations offering managed security services. It helps in scaling business operations and provides improved visibility into the threat landscape, which in turn reduces overall business risk. This capability allows for faster mitigation and action compared to other products.

Operational Efficiency

4 mentions

The platform significantly enhances operational efficiency by automating threat responses, which minimizes potential da…

The platform significantly enhances operational efficiency by automating threat responses, which minimizes potential damage from security incidents. Reviewers appreciate the reduction in manual work required for security investigations and triaging, leading to more streamlined processes. The ease of integrating Microsoft solutions into the SIEM also contributes to a more efficient security operation.

Integration and Environment Support

4 mentions

Microsoft Sentinel is valued for its strong integration capabilities, particularly in complex IT environments. Reviewer…

Microsoft Sentinel is valued for its strong integration capabilities, particularly in complex IT environments. Reviewers highlight its effectiveness in protecting both on-premises and multi-cloud business environments, making it a versatile all-in-one tool. The platform's seamless integration with standard Microsoft components is also a key benefit, simplifying deployment and management.

Besides Microsoft Sentinel, what other software do you regularly use? How likely would you be to recommend it to a friend or colleague?

16 answered

Reviewers frequently utilize a range of security and business productivity software in conjunction with Microsoft Sentinel, with a strong positive sentiment towards these tools. Microsoft Defender solutions are prominently mentioned, with five reviewers (31%) highlighting various components such as Defender for Endpoint, Cloud, Business, and XDR. This indicates a preference for integrating within the broader Microsoft ecosystem for security operations. Beyond Microsoft's offerings, Splunk is a notable security information and event management (SIEM) and security orchestration, automation, and response (SOAR) platform, cited by three reviewers (19%). Similarly, Palo Alto Networks' security products, including Cortex XSOAR and XDR, are in use by two reviewers (13%), suggesting a diversified approach to advanced threat protection. Furthermore, productivity and collaboration tools from Zoho, such as Assist, Meeting, and Forms, are also part of the software stack for three reviewers (19%), demonstrating a blend of security and operational support systems. The consistent positive sentiment across all mentioned software implies a high likelihood of recommendation among users.

Microsoft Defender

5 mentions

Reviewers frequently integrate various components of Microsoft Defender into their security operations, with five revie…

Reviewers frequently integrate various components of Microsoft Defender into their security operations, with five reviewers (31%) specifically mentioning its use. This indicates a strong preference for leveraging Microsoft's unified security suite, including solutions like Defender for Endpoint, Cloud, Business, and XDR, to complement Microsoft Sentinel. The consistent mention of these tools highlights their perceived value in providing comprehensive protection.

Splunk

3 mentions

Splunk is another significant security platform used by reviewers, with three individuals (19%) citing its capabilities…

Splunk is another significant security platform used by reviewers, with three individuals (19%) citing its capabilities. Specifically, Splunk Enterprise Security and Splunk SOAR are mentioned, indicating its role in advanced security information and event management, as well as orchestration and automation within their environments. Its inclusion alongside Microsoft Sentinel suggests its utility in complex security architectures.

Zoho

3 mentions

Beyond core security tools, Zoho's suite of productivity and business applications is utilized by three reviewers (19%)…

Beyond core security tools, Zoho's suite of productivity and business applications is utilized by three reviewers (19%). Specific mentions include Zoho Assist, Zoho Meeting, and Zoho Forms, highlighting their use for various operational and collaborative tasks. This demonstrates that reviewers integrate a diverse set of tools to support their overall business functions alongside security.

Palo Alto Networks

2 mentions

Palo Alto Networks' security products are also part of the software ecosystem for two reviewers (13%). Reviewers specif…

Palo Alto Networks' security products are also part of the software ecosystem for two reviewers (13%). Reviewers specifically mention Cortex XSOAR and Cortex XDR, indicating their reliance on these tools for security orchestration, automation, response, and extended detection and response capabilities. This suggests a strategic choice for robust, enterprise-grade security solutions.