Microsoft Sentinel SIEM one of the evolving SIEM solution from Microsoft.
December 31, 2024

Microsoft Sentinel SIEM one of the evolving SIEM solution from Microsoft.

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Microsoft Sentinel

We have a distributed enviroment consisting various technologies including endpoints, servers, mobile devices and different network devices like firewall, router etc. And all these things generate lots of logs, and store all those logs, and manage them. We then run use case to search for anything suspicious then create an incident against it.

Pros

  • Microsoft Sentinel does a very great job in storing logs events efficiently.
  • Microsoft Sentinel does defined a proper way to search archival logs and get results quickly.
  • Microsoft Sentinel is easier to navigate as it follows the UI of Azure.

Cons

  • The automation capabilities are lacking features like creating good custom rules.
  • The dashboard features is very bad and look like a child made it.
  • Microsoft Sentinel has really made easy to store logs at centrailized system.
  • Microsoft Sentinel does a great job in indexing and searching the desired values.
  • Microsoft Sentinel Dashboard feature is very bad, the dashboard made are not professional.
We pull data from almost all the sources in our companies including almost everything, Like - Endpoints, Microsoft Windows server, Firewall, router, switches, and almost all the things. Inside Microsoft Windows Server we pull data from event viewer and it consists of logs from network , application and security logs.
Setting up the connector is easy for some solutions like intune and endpoints and but some solutions like Firewall from various vendor require, agents installed on the machine.
We use Microsoft Sentinel for Threat hunting we search Threat indicator against all the logs. And then we create incidents against it. After we got Microsoft Sentinel, this process is streamlined and can be done at scale, the Searching is fast and we can protect the organisation.
We use intune to protect endpoints and we pull logs from all the endpoints through the intune connector into the Microsoft Sentinel SIEM and that way we can run rules on those logs to find anomalies.

Do you think Microsoft Sentinel delivers good value for the price?

Yes

Are you happy with Microsoft Sentinel's feature set?

No

Did Microsoft Sentinel live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Microsoft Sentinel go as expected?

I wasn't involved with the implementation phase

Would you buy Microsoft Sentinel again?

Yes

Microsoft Sentinel does support various connectors but it still lacks connectors which efficently supports for linux machine. The logs which come from Linux server need special parsers, and still Microsoft Sentinel doesn't do a good job in managing the logs.

Microsoft Sentinel Feature Ratings

Security Information and Event Management (SIEM)
7.8
Centralized event and log data collection
8
Correlation
8
Event and log normalization/management
7
Custom dashboards and workspaces
7
Log retention
9
Data integration/API management
8
Behavioral analytics and baselining
8
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
7
Incident indexing/searching
8

Comments

More Reviews of Microsoft Sentinel

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Microsoft Sentinel Reviews
  4. User Review of Microsoft Sentinel