Skip to main content
TrustRadius
Microsoft Sentinel

Microsoft Sentinel
Formerly Azure Sentinel

Overview

What is Microsoft Sentinel?

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Read more
Recent Reviews

Microsoft Sentinel

8 out of 10
September 12, 2023
Incentivized
So it's a lot around the correlation of different log systems within our customer systems to give us information and threat intelligence …
Continue reading
Read all reviews

How Microsoft Sentinel Differs From Its Competitors

Sources

Sentinel pretty much supports logs from most of the well-known vendors. The key log sources that we have been using to pull data to Sentinel are 1. O365 and Azure logs. 2. EDR 3. IAM Stack including PAM, IAG, and SSO 4. Windows-based AD logs 5.Network Detection and Response (NDR).
An API …
Continue reading

AI and ML

Machine Learning at the core of innovation in Microsoft Sentinel. By analyzing your incidents over time and deducing patterns, Microsoft Sentinel can provide you with actionable recommendations and insights to significantly improve the quality of your detections so you can spend less time …
Continue reading

Investigation Tools

Just like other SIEM solutions, Sentinel also comes with its perks and features. The incident timeline widget by MS provides a key insight to the analyst about the major progress of the incident helping him to focus on important things. The similar incident widget again helps the analyst to …
Continue reading

Sources

Here are some of the primary sources from which Microsoft Sentinel can collect data:
  1. Microsoft 365 Services: Data from Microsoft 365 services, including Exchange Online, SharePoint, Teams, and Azure Active Directory, were ingested to monitor email, document, and user activities.
  2. Azure Services: Data …
Continue reading

Investigation Tools

1. Data Query and Search: Microsoft Sentinel provided a powerful query language that allowed analysts to search and filter security data from various sources.
Impact: Analysts quickly retrieved relevant data, which resulted in reducing the time it takes to gather evidence and establish the scope of …
Continue reading

Sources

We pull data from On-Premises Sources and also from Custom Data Sources (using API)
When setting up these connectors, the process was relatively straightforward and well-documented. Microsoft Sentinel provides a user-friendly interface within the Azure portal, making it easy to configure data …
Continue reading

AI and ML

I Feel this feature gives Microsoft Sentinel an advantage from competitors. Because of this feature Microsoft Sentinel becomes more expensive than its competitor. We are yet to use this feature widely.
Continue reading

Investigation Tools

Microsoft Sentinel's investigation tools have had a positive impact on our incident investigation process. It made our investigations faster, more accurate, and more proactive, ultimately strengthening our organization's ability to detect threats effectively.
Continue reading

Sources

We gather data from different data connectors such as Firewall, Endpoints, Servers, Amazon Web Services, Hypervisors, and more. There's a comprehensive list in the official documentation that helps to assess the possible integrations that can be made when it comes to deploying the product in the …
Continue reading

AI and ML

Threat detection in Microsoft Sentinel can be enhanced by AI and Machine Learning. It's something mainly based on the User Behaviour Analytics concept when it comes to machine learning, and it's heuristic counterpart helps to detect threats and respond to malicious behavior while correlating …
Continue reading

Investigation Tools

Microsoft Sentinel’s investigation tools really enhance the whole analysis process with its timeline bookmarks while not only correlating events just like any other SIEM but also integrating something that comes directly from the SOAR world, which means correlating incidents and highlighting …
Continue reading

Investigation Tools

The tool to look for any type of notification that anybody's trying to get into your boundary. When somebody gets a notification, they click on that notification and see what all systems were affected by the possible compromise. So being able to drill down to look at the root cause or whatever …
Continue reading

Sources

Multiple. We have email ingest, all of the O365 stuff and our firewalls, mainly.
It wasn't that hard. It was just dropping the data and then pipelining it in, so it's not that bad.
Continue reading

AI and ML

Yes, we're using it right now just on the Microsoft stuff, since that's all it does. So if it were to branch out, we'd love it to do more networking and add behavioral and machine learning analytics around all of their data sources, not just Microsoft agnostic. We've successfully deployed it into …
Continue reading

Investigation Tools

They're pretty good. Their workbooks are where they really live up to a lot of their consolidation of data, so it's really good. Definitely made it a little bit easier in some questions, it's been good.
Continue reading

Sources

Other than the Microsoft Suite, like the Defender, Azure and all these, they get fed. We got Meraki, we got Cisco Umbrella, we got Windows Locks, we got Azure Arc getting fed into Sentinel as well.
Continue reading

Investigation Tools

We use it whenever there's an incident with medium and high. If we get an alert a query or something, we just look it up and see what are the lock from source destination, IP port, it's very helpful. You have everything in one place. Saved me time.
Continue reading

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Popular Features

View all 13 features
  • Centralized event and log data collection (14)
    8.6
    86%
  • Correlation (14)
    8.4
    84%
  • Event and log normalization/management (14)
    8.2
    82%
  • Custom dashboards and workspaces (14)
    7.4
    74%

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing

Azure Sentinel

$2.46

Cloud
per GB ingested

100 GB per day

$123.00

Cloud
per day

200 GB per day

$221.40

Cloud
per day

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://www.microsoft.com/en…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

Microsoft Sentinel: Monitoring health and integrity of analytics rules

YouTube
Return to navigation

Features

Security Information and Event Management (SIEM)

Security Information and Event Management is a category of security software that allows security analysts to look at a more comprehensive view of security logs and events than would be possible by looking at the log files of individual, point security tools

8.4
Avg 7.8
Return to navigation

Product Details

What is Microsoft Sentinel?

Microsoft Sentinel is a security operations center (SOC) solution used to uncover sophisticated threats and respond with a security information and event management (SIEM) solution for proactive threat detection, investigation, and response. It eliminates security infrastructure setup and maintenance, and elastically scales to meet the user's security needs.

Helps users to protect the digital estate: Secures the digital estate with scalable, integrated coverage for a hybrid, multicloud, multiplatform business.

Microsoft intelligence to Empower SOC: Optimizes SecOps with advanced AI, security expertise, and threat intelligence.

Detection, investigation and Response: A unified set of tools to monitor, manage, and respond to incidents.

Cost of ownership: A cloud-native SaaS solution to reduce infrastructural costs.

Microsoft Sentinel Features

Security Information and Event Management (SIEM) Features

  • Supported: Centralized event and log data collection
  • Supported: Correlation
  • Supported: Event and log normalization/management
  • Supported: Deployment flexibility
  • Supported: Integration with Identity and Access Management Tools
  • Supported: Custom dashboards and workspaces
  • Supported: Host and network-based intrusion detection
  • Supported: Log retention
  • Supported: Data integration/API management
  • Supported: Behavioral analytics and baselining
  • Supported: Rules-based and algorithmic detection thresholds
  • Supported: Response orchestration and automation
  • Supported: Incident indexing/searching

Microsoft Sentinel Screenshots

Screenshot of Screenshot of Screenshot of Microsoft Sentinel Capabilities

Microsoft Sentinel Videos

Playlist for Microsoft Sentinel videos
Microsoft Sentinel: Monitoring health and integrity of analytics rules

Microsoft Sentinel Competitors

Microsoft Sentinel Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.

Splunk Enterprise Security (ES), IBM Security QRadar SIEM, and Securonix Next-Generation SIEM are common alternatives for Microsoft Sentinel.

Reviewers rate Deployment flexibility highest, with a score of 9.2.

The most common users of Microsoft Sentinel are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(66)

Attribute Ratings

Reviews

(1-10 of 10)
Companies can't remove reviews or game the system. Here's why
October 24, 2023

Sentinel: Your one stop SIEM for cloud for Bird's Eyes by MS.

Verified User
Analyst in Information Technology
Electrical & Electronic Manufacturing Company, 5001-10,000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We were using an in-house SIEM solution in our organization wherein most of our log sources were placed in the cloud. We are using multiple services from Microsoft Cloud. Switching to a cloud-based SIEM provided by Microsoft itself has given us an excellent opportunity to parse and analyze our logs over the cloud itself. Hence, the transition from the traditional in-house SIEM to Sentinel occurred.
Pros and Cons
  • Parsing and Normalization of cloud-based log sources provided by Microsoft
  • Cheaper license cost compared to the traditional SIEMs.
  • Interactive UI.
  • Searching for logs is a little tedious due to scripting commands.
  • Creating use cases can be a little bit more friendly.
  • Non-Microsoft product pairing can be made a little easier.
Likelihood to Recommend
Microsoft Sentinel is an amazing choice for an organization that is already consuming multiple services from Microsoft as the most tedious task for any SIEM admin is making the tool understand the log sources and creating use cases around it. Sentinel solves this problem for a large suite of MS products as the products are well known to SIEM. Also, if the organization is using other security controls from MS, then the security fabric built is very strong for the network.
October 19, 2023

Unleashing the Power of Data for Seamless Security Investigations

Verified User
Executive in Professional Services
Marketing & Advertising Company, 51-200 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
One of our client-first enterprise clients recently faced a challenge of effectively detecting and responding to security threats across its multi-cloud and on-premises environments. The organization has a diverse tech infrastructure and were struggling with the lack of centralized visibility into security events across their multi cloud environment, Inability to detect and respond to security threats timely and the need to meet industry specific compliance requirements while handling sensitive customer data. Microsoft Sentinel came up with some solution to address these challenges:
1. Centralized Security Data Collection : Microsoft Sentinel team configured the tool to collect security data from all the different cloud providers, on-premises servers, and security tools used by the organization. Azure Sentinel's extensive connectors and integrations ensured comprehensive data collection.
2. Security Analytics and Threat Detection: The implemented platform used built-in and custom detection rules to analyze the collected data for signs of suspicious or malicious activities. Machine learning algorithms and threat intelligence integration enhanced the organization's ability to identify threats.
3. Incident Investigation and Response: Security analysts used the centralized dashboard to investigate security incidents. Automated playbooks were then created to streamline incident response, allowing the organization to respond to threats more efficiently.
4. Compliance and Reporting: Azure Sentinel provided out-of-the-box compliance reports and templates, which helped the organization demonstrate compliance with industry-specific regulations. Custom reports and queries were also created to address specific compliance requirements.
Pros and Cons
  • Enhanced Threat Visibility: Centralized data collection provided a comprehensive view of security events and incidents across their entire environment, improving threat visibility.
  • Rapid Threat Detection and Response: The platform's analytics and automation capabilities enabled the organization to detect and respond to threats more quickly and effectively, reduced the impact of security incidents.
  • Improved Compliance: Azure Sentinel's reporting and compliance features assisted the organization in meeting industry-specific compliance requirements, also reduced the risk of regulatory fines and legal consequences.
  • Compelxity of the tool's query language
  • Unnecessary alerts and false positives
  • Rare issues with data ingestion
Likelihood to Recommend
Microsoft Sentinel helped the cloud-first enterprise overcome the challenges associated with managing security in a complex, multi-cloud environment. It provideed the tools and capabilities needed to detect, investigate, and respond to security threats, ultimately strengthening the organization's security posture and compliance efforts.
October 02, 2023

Review of Microsoft Sentinel

Verified User
Account Manager in Customer Service
Internet Company, 51-200 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Microsoft Sentinel is currently being used as our one stop where our team monitors all alerts we get on our Azure resources. Since everything is on a single platform it makes it easier to keep a track and prioritise on the alerts.
Pros and Cons
  • Threat Detection and faster Analysis
  • Security Automation and architecture improvement
  • Onboarding and integration with client/our system can be simplified so that it can be used by everyone.
  • Integration takes longer if software is hosted outside.
  • The logs of softwares hosted in-house has room for improvement
Likelihood to Recommend
It is good for real-time monitoring, detection of cyber threats. Microsoft Sentinel is not very recommended if you have the software hosted outside.
September 20, 2023

A big SIEM or a little SOAR?

Verified User
Analyst in Information Technology
Information Technology & Services Company, 11-50 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Microsoft Sentinel is the SIEM (Security Information and Event Management), according to Microsoft. Entirely cloud-based, Microsoft Sentinel requires little to no effort in terms of on-premise hosting requirements. Very user-friendly and very powerful, Microsoft Sentinel takes an important step from a "simple" SIEM to a SOAR, integrating both SIEM and XDR functionalities in a cloud-based product that is covered by the Microsoft Azure cloud power.
Pros and Cons
  • KQL Query language is easy to learn and very powerful once mastered.
  • A continuously growing list of connectors allows the integration of hundreds of technologies.
  • Microsoft Sentinel provides the best integrations with Microsoft's products.
  • Like many Microsoft products, the solution can lose its effectiveness in non-Microsoft environments.
  • It's not the most cost-effective solution out there.
  • False positives are something that really needs to be addressed when confronting Microsoft Sentinel.
Likelihood to Recommend
Microsoft Sentinel is a largely scalable product that can suit basically any infrastructure from the smallest to the huge international corporation (costs aside). The Microsoft infrastructure is the field of battle where Microsoft Sentinel can really express itself providing not only a great SIEM that enhances the whole security but also bringing a great tool to correct vulnerabilities and misconfigurations around the environment.
September 13, 2023

Microsoft Sentinel Review

Verified User
Employee in Information Technology
Information Technology & Services Company, 5001-10,000 employees
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
So as far as the Security Operations Center, they utilized it to protect the boundary to make sure no assets are getting hacked. If somebody does attempt to hack it or whatnot, quarantine that asset during the investigation, try to find out what happened with that asset and once they figure it out, remediate it and clear it up, making sure they continue to utilize the product to monitor that and other product within the organization.
Pros and Cons
  • It's pretty good. We're working with other Microsoft products for sure. If you got Outlook 365, it worked really well with that. You had the whole Microsoft Suite, if you got a property tuned up, it does pretty good at catching things. It's very intuitive. It's very quick at being able to quarantine assets that might've been compromised in a quick manner without having to go through a whole bunch of red tape and try to find a whole bunch of people or admins to be able to help you do your job or whatnot.
  • Making it able to talk with other tools outside of Microsoft would be something that would work really well with it. I know a lot of organizations utilize Splunk and it seems like trying to get the Microsoft product top to Splunk is always a big issue, especially with the Sentinel, the 365 defender, and stuff like that. So having it be able to be able to speak to other vendors' tools would definitely help out because nobody wants to just use one tool suite because one tool suite might miss one thing, then another one might pick up. They all talk to each other and they are all able to be automated would definitely be a big help any security-positive organization.
Likelihood to Recommend
I guess it's well suited for Security Operations Center, because its always sitting there pretty much monitoring the wire to see what type of attempts outside adversary might make to try to get into the organization. So it could be best in a security operations center. Where it wouldn't be useful is in a place where they don't have a security and focus. That's pretty much all it.
September 13, 2023

Microsoft Sentinel Review

Verified User
Analyst in Information Technology
Hospital & Health Care Company, 5001-10,000 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Well, it's our SIEM, so it does all our correlation engines and data gathering, and we do a lot of querying in it.
Pros and Cons
  • It really does do a very good job of collecting end user data or end user and device data to correlate against.
  • Their UEBA really needs to grow out of the Microsoft space.
  • I think they need to be a little bit more friendly using their workbooks, so that's probably where I see it should grow.
Likelihood to Recommend
I think it's well suited for the log collection, but I think it's also lacking in some of its connection or connectors and parsing. But that's pretty much it where I see it.
September 12, 2023

Microsoft Sentinel Review

Verified User
Engineer in Information Technology
Electrical & Electronic Manufacturing Company, 10,001+ employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We use it as our SOC tool for all the incidents, automation, and digging through logs, and connecting applications to Sentinel so we can see whatever logs come in from different applications.
Pros and Cons
  • Getting incidents from other applications like Cisco, Meraki, or Umbrella and then ingesting the logs, creating the incident and notification of course, like playbooks.
  • Data connectors, for example, Cisco Umbrella. It's either grab all the logs or nothing. We just want to grab certain logs from Umbrella. We can't do it. We have to do a custom data connector. It's just a lot of work for customers.
Likelihood to Recommend
If a company is a Microsoft shop, then I would recommend using Sentinel because Sentinel can connect to Defender, Azure AD and all the other stuff, so it's really good.
July 06, 2023

Excellent solution for attack detection and raising alarms

Verified User
Engineer in Information Technology
Leisure, Travel & Tourism Company, 1001-5000 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Microsoft Sentinel is a cloud-based comprehensive and robust SIEM (Security information and event management) that is used for a variety of company FW/VPN infrastructure security events tracking as well as end-user protection monitoring (it is easily connected to MS Defender). The huge list of built-in connectors for different solutions/hardware eliminates any deployment issues that we had with previous SIEM system deployments. With Microsoft Sentinel, we are able to centralize all the security operations at a single point.
Pros and Cons
  • Advanced analytics and machine learning algorithms
  • Easy to deploy, manage, and update
  • Huge list of out-of-the-box dashboards, reports and automation playbooks
  • Query language is quite difficult
  • Automation playbooks some times have false positives alerts/responses
Likelihood to Recommend
We are using Microsoft Sentinel in two different scenarios:
1. Network-based intrusion detection - monitoring security events on the company Edge environment (firewalls, VPN gateways) - this is easy to do with built-in content hubs that provide sets of analytics rules (unfortunately, not always), dashboards, and automation playbooks for almost all vendors
2. Host-based intrusion detection - end users desktops monitoring - here we use integration with cloud MS Defender deployment that provides all information from agents on local machines.
August 16, 2021

Sentinel Has Come A Long Way

MB
Michael Bobo
IT Director
Martin Retail Group (Marketing & Advertising, 201-500 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Azure Sentinel was rolled out to the entire organization as part of a security initiative for our cloud environment. Being in a smaller IT group, but with lots of employees, it was important that we have a system that was awake when we weren't, and watching when we couldn't.
Pros and Cons
  • Automated detection and response
  • Detailed user/device information
  • Part of the MS cloudsphere, so has a familiar feel.
  • In the WFH world sometimes it would be nice to have a local client version when speed isn't the best from home
  • The ability to alert on a mobile device
  • A mobile app to do an investigation while on the move
Likelihood to Recommend
It is well suited if you are in a mostly Microsoft shop and want integrated security and tracking. It does work with other OSs but the depth of information and abilities is not as robust.
July 22, 2021

One of the best cloud security solutions with intelligent analytics and automation.

Flavio Pereira | TrustRadius Reviewer
Flavio Pereira
Analista de sistemas
Nestlé (Food & Beverages, 10,001+ employees)
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Azure Sentinel has been used by our headquarters as a SIEM solution. Easy to learn, set up and use. Because it is highly scalable and cloud based, it has become ideal for managing events and providing security automation by creating automated SOAR responses to different levels of incidents, from undiscovered, simple to more complex. It has collaborated a lot in making business decisions and providing more security for the team and the organization.
Pros and Cons
  • Easy to deploy and learn to use.
  • Artificial intelligence.
  • Analysis of any type of threat, including those that have not yet been discovered.
  • Automation to respond to security incidents.
  • Reduction of false positives.
  • Easy to edit log analysis rules.
  • The reporting feature can be improved. I sometimes see problems with exportation, instability and compatibility.
  • Dependence on Microsoft Azure software.
Likelihood to Recommend
Azure Sentinel is an excellent option like SIEM. It has cool, smart features and functionality, and is quite powerful in terms of processing information in the cloud. I recommend it to colleagues because it is very easy to deploy and configure, and learn to use it on a daily basis. The panel is super intuitive and rich in details. When opening Sentinel, it is already possible to analyze the indices that happened and those that deserve further attention and treatment.
Return to navigation