My experience with Microsoft Sentinel
Updated February 17, 2025

My experience with Microsoft Sentinel

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Microsoft Sentinel

I use SIEM Microsoft Sentinel as a security operations center analyst. It has been very useful on a daily basis, as it allows me to view information about incidents, customize rules, and have access to dashboards that help me understand the health of the cloud environment. With the KQL language, I can quickly query various log sources.

Pros

  • Incident Management
  • Log Query
  • Easy to use

Cons

  • Some types of query are slow
  • It's hard to find data about ingestedGB
  • Provides easy visibility into key threats
Different XDR and EDR tools, Logs coming from the Web server and Load Balancer, Login information provided by Azure and Active Directory on premise related to user login activities and file modifications, Firewalls from different locations, Information about VPN usage and other types of access. Application logs, HTTP Proxy logs
The process varies greatly from person to person, but the documentation is comprehensive and makes the process much easier.
I haven't had the opportunity to use these tools yet, as I use the same feature in other products and know how valuable they are. I've used Microsoft Machine Learning tools for other tasks and they've been very useful and have performed spectacularly. I believe that these same threat detection tools will perform as well as expected.
I use Microsoft Sentinel's investigation tools to handle tickets and incidents, from those related to cybersecurity to helping other teams in the company solve network and connectivity problems. They are also important tools for managing access within the company. The impact on my investigations was very positive as it facilitated the obtaining of information that helped me in the treatment and closing of alerts.

Do you think Microsoft Sentinel delivers good value for the price?

Yes

Are you happy with Microsoft Sentinel's feature set?

Yes

Did Microsoft Sentinel live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Microsoft Sentinel go as expected?

Yes

Would you buy Microsoft Sentinel again?

Yes

If you use Microsoft Azure, or have services with this provider, then Microsoft Sentinel will be the best SIEM option for your business. It is also a good alternative for those who do not have the infrastructure to run a SIEM on premise, and mainly, its ease of use makes it an excellent option for those who have a security operations center that is newly formed and some of its analysts still have little experience, due to its ease of use.

Microsoft Sentinel Feature Ratings

Security Information and Event Management (SIEM)
7.4
Centralized event and log data collection
9
Correlation
7
Event and log normalization/management
7
Deployment flexibility
9
Integration with Identity and Access Management Tools
6
Custom dashboards and workspaces
9
Host and network-based intrusion detection
5
Log retention
6
Data integration/API management
5
Rules-based and algorithmic detection thresholds
8
Incident indexing/searching
10

Comments

More Reviews of Microsoft Sentinel

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Microsoft Sentinel Reviews
  4. User Review of Microsoft Sentinel