Item: Microsoft Sentinel
Rating: 8
Author: Verified User

Overall Satisfaction with Microsoft Sentinel

Use Cases and Deployment Scope

The scope of our use case is we use it just as a SIEM, so alerting, triage, some logging. That's kind of the main gist of it.

Pros and Cons

Pros

I would be quite happy with the as code deployment through Bicep, being able to code up use cases and analytical rules has been quite good.

Cons

One thing I think recommendation that I've gotten from our team is adding a task section. So having a SOC analyst have certain tasks you can check off and have that be able to deploy through code as well.

Return on Investment

It's been average. We've chosen it because of the cost reduction.

Sources

We pull data mainly from the office 365 stack end user devices.

Pretty easy.

AI and ML

No, so I can't answer the rest.

Investigation Tools

Don't really, it's mostly manual

Alternatives Considered

We've used Splunk before, but it really is just pick your poison. They're all very similar.

Key Insights

Do you think Microsoft Sentinel delivers good value for the price?

Are you happy with Microsoft Sentinel's feature set?

Yes

Did Microsoft Sentinel live up to sales and marketing promises?

Yes

Did implementation of Microsoft Sentinel go as expected?

Yes

Would you buy Microsoft Sentinel again?

Yes

Likelihood to Recommend

I suppose it's a serviceable SIEM. It's similar to most other ones really.

Microsoft Sentinel Feature Ratings

Comments

Please log in to join the conversation

Sentinel Review