Really experienced tool from Microsoft
July 22, 2021

Really experienced tool from Microsoft

Aleksei Jegorov | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with Azure Sentinel

Azure Sentinel is just a great tool to work with different products of Microsoft 365.
It allows automating analysis for cloud data and authentication data that we used with MS. Data connectors get data from cloud applications.
In general, it provides the ability to detect threats and react to them in real-time.
Centralized location to control all the services.
  • Free of charge, because it is a tool to work with MS products
  • Easy to configure MS data sources
  • Edit rules of log analytics
  • KQL language is quite similar to SQL
  • Integration with other MS products
  • Adding new analytical rules
  • Nice data visualization
  • Saves our time, when everything is under one roof
  • Need some time to set up the services
  • Query system is confusing the first time
  • Response data is not easy to read
  • Sometimes rules cannot be linked with playbooks
  • Not every service can export data to XML / CSV
  • In case you [are] using Microsoft cloud products [and] you need a response about security incidents.
  • Most tasks can be automated, you just need to visit the collected logs to see what's happened.
  • Alerts appear on the dashboard, signaling about threats and violations - constant monitoring of the incidents.
In most cases everything is clear. Of course, it takes the time for initial steps, but this time is worth it.
KQL language is quite intuitive, similar to SQL, that every developer knows.
Also, MS provides its own training program.
To be honest, there are not many third-party forums where we can find discussion about Sentinel. But some communities exist on Reddit.

Do you think Azure Sentinel delivers good value for the price?


Are you happy with Azure Sentinel's feature set?


Did Azure Sentinel live up to sales and marketing promises?


Did implementation of Azure Sentinel go as expected?


Would you buy Azure Sentinel again?


Glad to see that new features and analytical tools/rules appear in the system constantly.
It is a MS Security log under one roof. In case you like to work with MS Cloud products.
Recommend it for developers who are looking to upgrade the organization's security without much setup and expenses.

Azure Sentinel Feature Ratings

Centralized event and log data collection
Event and log normalization/management
Deployment flexibility
Integration with Identity and Access Management Tools
Custom dashboards and workspaces
Host and network-based intrusion detection
Log retention
Data integration/API management
Behavioral analytics and baselining
Rules-based and algorithmic detection thresholds
Response orchestration and automation
Reporting and compliance management
Incident indexing/searching