Really experienced tool from Microsoft
July 22, 2021

Really experienced tool from Microsoft

Aleksei Jegorov | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Azure Sentinel

Azure Sentinel is just a great tool to work with different products of Microsoft 365.
It allows automating analysis for cloud data and authentication data that we used with MS. Data connectors get data from cloud applications.
In general, it provides the ability to detect threats and react to them in real-time.
Centralized location to control all the services.
  • Free of charge, because it is a tool to work with MS products
  • Easy to configure MS data sources
  • Edit rules of log analytics
  • KQL language is quite similar to SQL
  • Integration with other MS products
  • Adding new analytical rules
  • Nice data visualization
  • Saves our time, when everything is under one roof
  • Need some time to set up the services
  • Query system is confusing the first time
  • Response data is not easy to read
  • Sometimes rules cannot be linked with playbooks
  • Not every service can export data to XML / CSV
  • In case you [are] using Microsoft cloud products [and] you need a response about security incidents.
  • Most tasks can be automated, you just need to visit the collected logs to see what's happened.
  • Alerts appear on the dashboard, signaling about threats and violations - constant monitoring of the incidents.
In most cases everything is clear. Of course, it takes the time for initial steps, but this time is worth it.
KQL language is quite intuitive, similar to SQL, that every developer knows.
Also, MS provides its own training program.
To be honest, there are not many third-party forums where we can find discussion about Sentinel. But some communities exist on Reddit.

Do you think Azure Sentinel delivers good value for the price?

Yes

Are you happy with Azure Sentinel's feature set?

Yes

Did Azure Sentinel live up to sales and marketing promises?

Yes

Did implementation of Azure Sentinel go as expected?

Yes

Would you buy Azure Sentinel again?

Yes

Glad to see that new features and analytical tools/rules appear in the system constantly.
It is a MS Security log under one roof. In case you like to work with MS Cloud products.
Recommend it for developers who are looking to upgrade the organization's security without much setup and expenses.

Azure Sentinel Feature Ratings

Centralized event and log data collection
10
Correlation
9
Event and log normalization/management
9
Deployment flexibility
9
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
9
Host and network-based intrusion detection
9
Log retention
10
Data integration/API management
10
Behavioral analytics and baselining
10
Rules-based and algorithmic detection thresholds
10
Response orchestration and automation
9
Reporting and compliance management
9
Incident indexing/searching
10