Skip to main content
TrustRadius
Microsoft Sentinel

Microsoft Sentinel
Formerly Azure Sentinel

Overview

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Read more
Recent Reviews

Microsoft Sentinel

8 out of 10
September 12, 2023
Incentivized
So it's a lot around the correlation of different log systems within our customer systems to give us information and threat intelligence …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Centralized event and log data collection (14)
    8.6
    86%
  • Correlation (14)
    8.4
    84%
  • Event and log normalization/management (14)
    8.2
    82%
  • Custom dashboards and workspaces (14)
    7.4
    74%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Azure Sentinel

$2.46

Cloud
per GB ingested

100 GB per day

$123.00

Cloud
per day

200 GB per day

$221.40

Cloud
per day

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.microsoft.com/en…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

Microsoft Sentinel: Monitoring health and integrity of analytics rules

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.4
Avg 7.8
Return to navigation

Product Details

What is Microsoft Sentinel?

Microsoft Sentinel is a security operations center (SOC) solution used to uncover sophisticated threats and respond with a security information and event management (SIEM) solution for proactive threat detection, investigation, and response. It eliminates security infrastructure setup and maintenance, and elastically scales to meet the user's security needs.

Helps users to protect the digital estate: Secures the digital estate with scalable, integrated coverage for a hybrid, multicloud, multiplatform business.

Microsoft intelligence to Empower SOC: Optimizes SecOps with advanced AI, security expertise, and threat intelligence.

Detection, investigation and Response: A unified set of tools to monitor, manage, and respond to incidents.

Cost of ownership: A cloud-native SaaS solution to reduce infrastructural costs.

Microsoft Sentinel Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Host and network-based intrusion detection
  • Supported: Log retention
  • Supported: Data integration/API management
  • Supported: Behavioral analytics and baselining
  • Supported: Rules-based and algorithmic detection thresholds
  • Supported: Response orchestration and automation
  • Supported: Incident indexing/searching

Microsoft Sentinel Screenshots

Screenshot of Screenshot of Screenshot of Microsoft Sentinel Capabilities

Microsoft Sentinel Videos

Playlist for Microsoft Sentinel videos
Microsoft Sentinel: Monitoring health and integrity of analytics rules

Microsoft Sentinel Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Reviewers rate Deployment flexibility highest, with a score of 9.2.

The most common users of Microsoft Sentinel are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(68)

Attribute Ratings

Reviews

(1-21 of 21)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We are hybrid company that allow folks to work from anywhere, as for the flexibility, the security portion is becoming more exposed, this is where the Microsoft Sentinel has helped us to manage, there are over 200 end point devices that we managed by it, the management include automatic threat detection, automatic defined intelligent security and overall security issue, both from SIEM Perspective and SOAR Perspective, the dashboard is really eye catching and with such dashboard any deviations from our pre-defined values are captured in automated way, despite that we only use it for 200 out of 1000 devices, the result we have has been helping us in managing incidents and most importantly prevent them to harm our organization
  • Integration with intune is out of the box
  • Integration with Microsoft Defender for End Point
  • As we don't use the egress data, but this could be a very expensive cloud cost for other organization out there
  • The popularity is increasing but you might be ending up in vendor lock down
This tool will be just awesome if all of your environments (be it OS and Applications) are in Microsoft's family, as the integration with other suite like Microsoft Sentinel, M365, Defender for end point are just clicks away, for those who are able to pay such cost, this will be something that being implemented

For those that are in mixed environment, you might have to think the YoY cost, especially as this is cloud native applications, if the application is being used to consume data, then there will be nothing to worry about, but once the data is being transport for other purposes, this is where the overall cost needs to be calculated meticulously
November 13, 2023

SIEM means Sentinel

Yash Mudaliar | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Microsoft Sentinel is being used as the hero product in our MSSP offerings. Our clients use it as a cloud native SIEM (Security Information and Event Management) and SOAR (Security Orchestration and Automated Response) tool. While the mains use case still remains as 'Incident Management', some of our clients also use it as an event management tool to derive actionable insights from the logs ingested.
  • Sentinel is by far the most efficient tool in supporting the highest number of solutions and products when it comes to data connection (or ingestion) and that too in the least complex manner possible. Most of the data connectors in Sentinel are very easy to configure and deploy.
  • Incident Management is undoubtedly one of the main USPs of Sentinel. With an easy-to-use UI, variety of utilities (adding tasks, manual triggering of playbooks, activity logs etc.) and provision of having an investigation map from the incident details page, Sentinel clearly stands out in this area.
  • I personally love the feature of integrating 'Threat Intelligence' to Sentinel from a free and one of the most reliable sources, Microsoft itself. This not only saves time for an analyst in checking the reputation of an entity but also allows to take actions on the suspicious entities at earliest.
  • 'Notebook' has always been a very hard to use feature for me in Sentinel. From my experience, there have been a very selective use cases for this feature across the industry.
  • 'Entity Behavior' has some scope to be improved further since it is a feature that gives some useful insights but needs to be accessed separately. I think it should be re-worked in a way to be used within the incident investigation page.
  • I'd like to see a more user-friendly version of the 'Content Hub' menu which was the earlier version! The new UI is somewhat confusing to use and is dependent on a lot of filters being applied which do not even lasts for a single session. With each refresh, we have to apply the filters again.
Sentinel is the best "cloud-native" in the market yet, so if the organization has a cloud presence (which almost everyone has) then Sentinel is the right choice for having a single pane of glass for all your security monitoring needs.
Sentinel is a very good tool for log analysis and event management purposes as well. With KQL and ASIM parsers, organizations can retrieve invaluable insights even from the most complex data.
And of course, Sentinel is a great choice for automating the incident response process to a very good extent.
Rogier Dijkman | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We are using Microsoft Sentinel as our main SIEM solution at Nedscaper for managing out customers that are onboarded to our MXDR service. The main challenge is distributing analytics rules, playbooks, watchlists, and other artifacts at scale without implementing complex deployment pipelines in either GitHub or Azure DevOps. There are several options available, like Azure Lighthouse or using the Microsoft Sentinel Workspace Manager (Preview). Both have their pros and cons on both authentication levels, as scalability and support in artifacts that can be synchronized.
  • Correlating Security Data.
  • Automated response.
  • Threat Intelligence mapping.
  • Performance on data ingestion.
  • Performance on query data.
  • Normalizing data.
Microsoft Sentinel is a great fit for any environment running Microsoft systems, either on-premises or cloud The integration between the Microsoft SaaS products and Sentinel is great and easy to configure. Nowadays, more and more 3rd solution providers are creating an integration with Microsoft Sentinel to easily onboard their products through the Content Hub.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We were using an in-house SIEM solution in our organization wherein most of our log sources were placed in the cloud. We are using multiple services from Microsoft Cloud. Switching to a cloud-based SIEM provided by Microsoft itself has given us an excellent opportunity to parse and analyze our logs over the cloud itself. Hence, the transition from the traditional in-house SIEM to Sentinel occurred.
  • Parsing and Normalization of cloud-based log sources provided by Microsoft
  • Cheaper license cost compared to the traditional SIEMs.
  • Interactive UI.
  • Searching for logs is a little tedious due to scripting commands.
  • Creating use cases can be a little bit more friendly.
  • Non-Microsoft product pairing can be made a little easier.
Microsoft Sentinel is an amazing choice for an organization that is already consuming multiple services from Microsoft as the most tedious task for any SIEM admin is making the tool understand the log sources and creating use cases around it. Sentinel solves this problem for a large suite of MS products as the products are well known to SIEM. Also, if the organization is using other security controls from MS, then the security fabric built is very strong for the network.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Sentinel is our SIEM solution that is used in our MSSP service where it is used to monitor security incidents for our customers. The integration and native support for all Microsoft products is really beneficial and helps customers with a quick onboarding. It is being used to monitor both cloud as on-premises workloads where different streams of logs are being ingested in the portal. The solution helps to centrally manage all Sentinel instances of customers where standardized solution can be distributed to the customers.
  • It has a native integration with all Microsoft products, from Entra to Azure, Microsoft 365
  • Being built upon native Azure functionality benefits in automation and infrastructual solutions
  • The KQL language is relatively easy to learn and powerful.
  • Microsoft is listening very careful to the customers and develops new functionality at a fast pace
  • The solution can become very expensive when not used in an effective way
  • The SOAR functionality can be more powerful compared to other products
  • Ingestions delays are not often clear and have to be taken care of thoroughly
For most customers that have a cloud native workload that is based on Microsoft products it is an excellent product. Because of the integration it can be used pretty cost efficient and it works pretty good across the different products. This is very much the case when Azure AD/Entra is being used for authentication which will benefit with UEBA and Fusion.
When companies have no Microsoft footprint it still can be an excellent product, but it lacks integration and UEBA/Fusion have none or less additional value.
Compared with other SIEM solutions it is a very good product, but keep in mind that using Microsoft products will get you on the right track out of the box
Score 8 out of 10
Vetted Review
Verified User
Incentivized
One of our client-first enterprise clients recently faced a challenge of effectively detecting and responding to security threats across its multi-cloud and on-premises environments. The organization has a diverse tech infrastructure and were struggling with the lack of centralized visibility into security events across their multi cloud environment, Inability to detect and respond to security threats timely and the need to meet industry specific compliance requirements while handling sensitive customer data. Microsoft Sentinel came up with some solution to address these challenges:
1. Centralized Security Data Collection : Microsoft Sentinel team configured the tool to collect security data from all the different cloud providers, on-premises servers, and security tools used by the organization. Azure Sentinel's extensive connectors and integrations ensured comprehensive data collection.
2. Security Analytics and Threat Detection: The implemented platform used built-in and custom detection rules to analyze the collected data for signs of suspicious or malicious activities. Machine learning algorithms and threat intelligence integration enhanced the organization's ability to identify threats.
3. Incident Investigation and Response: Security analysts used the centralized dashboard to investigate security incidents. Automated playbooks were then created to streamline incident response, allowing the organization to respond to threats more efficiently.
4. Compliance and Reporting: Azure Sentinel provided out-of-the-box compliance reports and templates, which helped the organization demonstrate compliance with industry-specific regulations. Custom reports and queries were also created to address specific compliance requirements.
  • Enhanced Threat Visibility: Centralized data collection provided a comprehensive view of security events and incidents across their entire environment, improving threat visibility.
  • Rapid Threat Detection and Response: The platform's analytics and automation capabilities enabled the organization to detect and respond to threats more quickly and effectively, reduced the impact of security incidents.
  • Improved Compliance: Azure Sentinel's reporting and compliance features assisted the organization in meeting industry-specific compliance requirements, also reduced the risk of regulatory fines and legal consequences.
  • Compelxity of the tool's query language
  • Unnecessary alerts and false positives
  • Rare issues with data ingestion
Microsoft Sentinel helped the cloud-first enterprise overcome the challenges associated with managing security in a complex, multi-cloud environment. It provideed the tools and capabilities needed to detect, investigate, and respond to security threats, ultimately strengthening the organization's security posture and compliance efforts.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Microsoft Sentinel is currently being used as our one stop where our team monitors all alerts we get on our Azure resources. Since everything is on a single platform it makes it easier to keep a track and prioritise on the alerts.
  • Threat Detection and faster Analysis
  • Security Automation and architecture improvement
  • Onboarding and integration with client/our system can be simplified so that it can be used by everyone.
  • Integration takes longer if software is hosted outside.
  • The logs of softwares hosted in-house has room for improvement
It is good for real-time monitoring, detection of cyber threats. Microsoft Sentinel is not very recommended if you have the software hosted outside.
Namandeep Bhatia | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We use it to addres various security-related challenges and streamline our security operations. We mainlu use it for : - Threat Detection and Analysis - Security Automation and Orchestration:
  • Detection of cyber threts, malware, and suspicious activities etc. across whole IT environment.
  • Streamlining the process of identifying and responding to security incidents, minimizing their impact
  • Real-time monitoring
  • Price is on higher side as compared to competitive products
  • Process of Onboarding and connecting with system can be simplified
  • If software is hosted anywhere else from Azure then integration is bit time taking.
  • Difficult to work with KQL. Enhanced support for more standard query languages, like SQL, could be beneficial.
As stated earlier, it might uses some sort of advanced analytics and machine learning to detect threats and anomalies in real-time. It can identify suspicious activities, potential security breaches, and other security incidents very well. So it is beneficial if you don't want to keep a team for real time threats detection. It only takes one time integration process and then good to go.
Glenn H. Miller | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
It enables us to route security information through a tool and set up alerts to respond to possible concerns; it also connects with analytical tools to track trends, among other things. Provides real-time warnings and threat detection so that the security team can work on occurrences as rapidly as possible. Logs are easy to search and analyze, allowing for quick judgments on key security issues. It supports all sorts of log sources, allowing you to manage all endpoints on a single platform and save a lot of time when dealing with major occurrences so that remedial measures can be made quickly.
  • It interacts easily with Azure, Active Directory, and log analytics, and it can route data via Sentinel as well as establish alerts and other workflows to respond to possible security concerns.
  • It features a highly user-friendly UI that makes it simple to operate the platform, and the kql is simple to use while studying logs.
  • It is one of the greatest platforms for totally cloud deployment, which improves productivity. It can evaluate vast amounts of data quickly and is incredibly productive.
  • It takes some time to learn how to use and install it properly, and it does not connect effectively with external PaaS systems such as Salesforce CRM, Salesforce Commerce Cloud, and so on.
  • Microsoft can simplify the display of the logs to make them easier to study, and the user interface occasionally delays, which can also be enhanced.
It is an excellent choice for a SIEM since it offers intriguing and intelligent features and functions, and it is extremely strong in terms of cloud information processing. I recommend it to my colleagues since it is simple to set up, configure, and use on a regular basis. It is ideal if you want built-in security and tracking, and it is compatible with various operating systems, but the amount of information and capabilities is limited.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Microsoft Sentinel is the SIEM (Security Information and Event Management), according to Microsoft. Entirely cloud-based, Microsoft Sentinel requires little to no effort in terms of on-premise hosting requirements. Very user-friendly and very powerful, Microsoft Sentinel takes an important step from a "simple" SIEM to a SOAR, integrating both SIEM and XDR functionalities in a cloud-based product that is covered by the Microsoft Azure cloud power.
  • KQL Query language is easy to learn and very powerful once mastered.
  • A continuously growing list of connectors allows the integration of hundreds of technologies.
  • Microsoft Sentinel provides the best integrations with Microsoft's products.
  • Like many Microsoft products, the solution can lose its effectiveness in non-Microsoft environments.
  • It's not the most cost-effective solution out there.
  • False positives are something that really needs to be addressed when confronting Microsoft Sentinel.
Microsoft Sentinel is a largely scalable product that can suit basically any infrastructure from the smallest to the huge international corporation (costs aside). The Microsoft infrastructure is the field of battle where Microsoft Sentinel can really express itself providing not only a great SIEM that enhances the whole security but also bringing a great tool to correct vulnerabilities and misconfigurations around the environment.
September 13, 2023

Microsoft Sentinel Review

Score 10 out of 10
Vetted Review
Verified User
Incentivized
So as far as the Security Operations Center, they utilized it to protect the boundary to make sure no assets are getting hacked. If somebody does attempt to hack it or whatnot, quarantine that asset during the investigation, try to find out what happened with that asset and once they figure it out, remediate it and clear it up, making sure they continue to utilize the product to monitor that and other product within the organization.
  • It's pretty good. We're working with other Microsoft products for sure. If you got Outlook 365, it worked really well with that. You had the whole Microsoft Suite, if you got a property tuned up, it does pretty good at catching things. It's very intuitive. It's very quick at being able to quarantine assets that might've been compromised in a quick manner without having to go through a whole bunch of red tape and try to find a whole bunch of people or admins to be able to help you do your job or whatnot.
  • Making it able to talk with other tools outside of Microsoft would be something that would work really well with it. I know a lot of organizations utilize Splunk and it seems like trying to get the Microsoft product top to Splunk is always a big issue, especially with the Sentinel, the 365 defender, and stuff like that. So having it be able to be able to speak to other vendors' tools would definitely help out because nobody wants to just use one tool suite because one tool suite might miss one thing, then another one might pick up. They all talk to each other and they are all able to be automated would definitely be a big help any security-positive organization.
I guess it's well suited for Security Operations Center, because its always sitting there pretty much monitoring the wire to see what type of attempts outside adversary might make to try to get into the organization. So it could be best in a security operations center. Where it wouldn't be useful is in a place where they don't have a security and focus. That's pretty much all it.
September 13, 2023

Microsoft Sentinel Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use a centralized sim where we collect all the logs from our Microsoft SaaS products and from our environment network and endpoint. We also use Microsoft Defender 365 and Microsoft Defender Endpoint Security. Through the center we monitor the environment, and we have the rules in, so our security analyst watches the dashboard, and based on the alerts we built FI and incident response from the defender console, Sentinel console.
  • It's good in form of the integration with the Microsoft native products like Defender or Office 365 and some of the queue, the complete visibility because if we are using the Microsoft product suite as the operating system on the endpoint and the Microsoft Defender and those things, so its is a complete end to end visibility, not just for as a sim but complete visibility of our identity. We are also having Azure ready. It gives more visibility, the users, the endpoint, and my SaaS services like the teams or I can say Outlook. I get a good visibility and the next good thing is I can mitigate the threat in real time. I can write the playbook and I can do the hunting. One of the good things Defender, I see the hunting in the playbooks. So my form analyst where from one place where I could do the monitoring, triage response, and mitigation.
  • Some of the integration though it provides integration to most of the technologies, but I still think it is a scope of integration, scope for implementing the integration area so that I can integrate all the design sources to the central. Right now I experienced some challenges with my team with that.
For example, if some identities are compromised, it works well where I get as I told, it gives me complete visibility of the user of the endpoint and the SaaS exposure. We can say containment time is much less if I'm using this. With the playbook I can automate everything if I have the Microsoft suite of products in, that does pretty well.
September 13, 2023

Microsoft Sentinel Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
Well, it's our SIEM, so it does all our correlation engines and data gathering, and we do a lot of querying in it.
  • It really does do a very good job of collecting end user data or end user and device data to correlate against.
  • Their UEBA really needs to grow out of the Microsoft space.
  • I think they need to be a little bit more friendly using their workbooks, so that's probably where I see it should grow.
I think it's well suited for the log collection, but I think it's also lacking in some of its connection or connectors and parsing. But that's pretty much it where I see it.
September 13, 2023

Microsoft Sentinel Review

Score 10 out of 10
Vetted Review
Verified User
Incentivized
I use it to test detections, create detections, make alerts, help other customers use it, ingest data, create alerts, create automation. Almost all the possibilities I use to help myself and other companies.
  • It handles a lot of data. It works fast, it's easy to understand. It's the integrations with all the products, the APIs defender with Office 365 with Azure ad. It's got some great integrations.
  • I think that the handling of ingestion delays and time generated, I think that's currently the main issue because you get some data that comes in later, and some data comes way later, so you have to correlate it and it can be a bit of a hassle to make sure to align the right data with each other.
I think it can be well suited at all environments. Just if you have really large loads of data, then there are companies who aren't using the data and you can better ingested in a DX. But for the rest, if you want to do detections or ing, then Sentinel is perfect.
September 12, 2023

Microsoft Sentinel

Score 8 out of 10
Vetted Review
ResellerIncentivized
So it's a lot around the correlation of different log systems within our customer systems to give us information and threat intelligence about what their systems are facing.
  • Ability to correlate data in near real-time and then provide that to our SOC team to then take that information and verify whether or not there's an actual active threat within the organization or a customer's organizations. So that's something that does particularly well.
  • I think some of it is just around the clarity of the information. Sometimes it's not super specific, so having the ability to get more information from the links provided I think would help.
So it's well suited at the enterprise level as a service provider. It helps because we've got the scale. Where it's less suited is going to be in small business environments just because of the cost of implementation.
September 12, 2023

Microsoft Sentinel Review

Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use it as our SOC tool for all the incidents, automation, and digging through logs, and connecting applications to Sentinel so we can see whatever logs come in from different applications.
  • Getting incidents from other applications like Cisco, Meraki, or Umbrella and then ingesting the logs, creating the incident and notification of course, like playbooks.
  • Data connectors, for example, Cisco Umbrella. It's either grab all the logs or nothing. We just want to grab certain logs from Umbrella. We can't do it. We have to do a custom data connector. It's just a lot of work for customers.
If a company is a Microsoft shop, then I would recommend using Sentinel because Sentinel can connect to Defender, Azure AD and all the other stuff, so it's really good.
September 12, 2023

Microsoft Sentinel Review

Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use it to collect our logs and then correlate it with security intelligence, so we get alerts.
  • I think what it does the best is the community aspect of it which means it's already integrated in the platform. You can just click and select stuff you like and it is created by other professionals. I think that's what it does the best and it's really easy to integrate into your existing interment.
  • I think it has room for improvement in its ease of use. It's not hard to use, but for someone who doesn't even add someone that shows you everything, at first it could be hard because you don't know what some of the names are. If you don't know it, you could get confused like a playbook. If you don't know what the playbook is, you could be mistaken.
On the Microsoft shop, it's very well suited. If you have all your environment. In Microsoft Azure, it's very well suited. If you don't have much, that's where it lacked. I think if someone does not have a Microsoft shop, I don't see the point in getting it.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Microsoft Sentinel is a cloud-based comprehensive and robust SIEM (Security information and event management) that is used for a variety of company FW/VPN infrastructure security events tracking as well as end-user protection monitoring (it is easily connected to MS Defender). The huge list of built-in connectors for different solutions/hardware eliminates any deployment issues that we had with previous SIEM system deployments. With Microsoft Sentinel, we are able to centralize all the security operations at a single point.
  • Advanced analytics and machine learning algorithms
  • Easy to deploy, manage, and update
  • Huge list of out-of-the-box dashboards, reports and automation playbooks
  • Query language is quite difficult
  • Automation playbooks some times have false positives alerts/responses
We are using Microsoft Sentinel in two different scenarios:
1. Network-based intrusion detection - monitoring security events on the company Edge environment (firewalls, VPN gateways) - this is easy to do with built-in content hubs that provide sets of analytics rules (unfortunately, not always), dashboards, and automation playbooks for almost all vendors
2. Host-based intrusion detection - end users desktops monitoring - here we use integration with cloud MS Defender deployment that provides all information from agents on local machines.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Azure Sentinel was rolled out to the entire organization as part of a security initiative for our cloud environment. Being in a smaller IT group, but with lots of employees, it was important that we have a system that was awake when we weren't, and watching when we couldn't.
  • Automated detection and response
  • Detailed user/device information
  • Part of the MS cloudsphere, so has a familiar feel.
  • In the WFH world sometimes it would be nice to have a local client version when speed isn't the best from home
  • The ability to alert on a mobile device
  • A mobile app to do an investigation while on the move
It is well suited if you are in a mostly Microsoft shop and want integrated security and tracking. It does work with other OSs but the depth of information and abilities is not as robust.
Flavio Pereira | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Azure Sentinel has been used by our headquarters as a SIEM solution. Easy to learn, set up and use. Because it is highly scalable and cloud based, it has become ideal for managing events and providing security automation by creating automated SOAR responses to different levels of incidents, from undiscovered, simple to more complex. It has collaborated a lot in making business decisions and providing more security for the team and the organization.
  • Easy to deploy and learn to use.
  • Artificial intelligence.
  • Analysis of any type of threat, including those that have not yet been discovered.
  • Automation to respond to security incidents.
  • Reduction of false positives.
  • Easy to edit log analysis rules.
  • The reporting feature can be improved. I sometimes see problems with exportation, instability and compatibility.
  • Dependence on Microsoft Azure software.
Azure Sentinel is an excellent option like SIEM. It has cool, smart features and functionality, and is quite powerful in terms of processing information in the cloud. I recommend it to colleagues because it is very easy to deploy and configure, and learn to use it on a daily basis. The panel is super intuitive and rich in details. When opening Sentinel, it is already possible to analyze the indices that happened and those that deserve further attention and treatment.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Azure Sentinel is currently being used as our single location where we check all the monitoring alerts we get on our Azure resources.
  • The UI-based analytics are excellent
  • Excellent tools for cleaning data, sorting out irrelevant log data, and even fixing log data.
  • There's not much that needs improvement, but the on-prem log sources still require a lot of development.
Azure Sentinel is your to go to software if you are using Azure as your cloud hosting partner. It can give you a lot of flexibility when in comes in your security dashboards.
Return to navigation