Microsoft Sentinel and its drawbacks
August 21, 2024
Microsoft Sentinel and its drawbacks
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Sentinel
It assists with consolidating logs for streamlined threat hunting l, monitoring, and alerting. We use it to collect all Azure and windows based logs with integrations with various other solutions, including application gateway and front door WAFs. Microsoft Sentinel serves the purpose of a SIEM allowing teams to easily detect and respond to threats.
Pros
- Visualization
- Threat hunting
- Integration with cloud services
Cons
- 3rd party integrations, e.g. Cisco ESA and WSA
- Automated actions using logic apps that are deployed securely within a virtual network (currently requires manual configuration to secure)
- Great integrations with native Azure services
- Not so good with 3rd party integrations
- Too costly for data ingestion and storage, especially for network threat detection and monitoring
AMA agent event logs. Entra, azure activity logs, Defender for Endpoint.
Simple
Not used as much.
Haven't used it as much as we would like to. There is far too much noise in the system based on all the data coming through making it difficult to sift through the threats and landscape.
Elastic seems to have a much better interface for log search and is able to filter out noise. Microsoft Sentinel also appears to generate a lot of false positives.
Do you think Microsoft Sentinel delivers good value for the price?
No
Are you happy with Microsoft Sentinel's feature set?
Yes
Did Microsoft Sentinel live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Microsoft Sentinel go as expected?
Yes
Would you buy Microsoft Sentinel again?
Yes
Comments
Please log in to join the conversation