Microsoft Sentinel Review
April 30, 2025

Microsoft Sentinel Review

Anonymous | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User

Overall Satisfaction with Microsoft Sentinel

The primary use case for us is as a managed service for our clients. We maintain dozens of instances in our client's Azure environments for them, and then we build detection rules, manage the configuration for them, and then respond to incidents with it.

Pros

  • It is extensible into other Azure services for customization, so it is very flexible towards adaptation and customization and support for building customizations.

Cons

  • I would like better capabilities and customizations. The UBA modules or behavioral analytics, there's some stuff there. It's not particularly well documented and we've had to figure it out on our own and it's continuing to get better, but it's been around for a long time without a lot of change. It's just recently been changing and improving, but I'd like to see UBA become more customizable and clear on how it operates.
  • A very positive one. I guess we've built an entire business line around it and have probably half of my 300 employees are working on that.
We pulled data from Azure natively using the default connectors, but our approach is we don't use the connectors. We use a third party product called Crile to curate the data and then push it in directly to log analytics.
We have sort of given up on the connectors because we want more fine green control over where we're putting our data and how we're storing it.
To answer that question very specifically as it's written. I don't see Microsoft AI actually driving threat detection. Security copilot does things like threat response, but actual raw detection. As I mentioned earlier, there's some stuff in UBA that is a black box that I don't know how it works that I guess we use, but besides that I don't really know what Microsoft is doing for true threat detection in their AI inside.
We use them pretty much exactly as they're designed. So we use logic apps to enrich data in incidents in Sentinel and just work with that as our system of record. It's pretty standard.

Do you think Microsoft Sentinel delivers good value for the price?

Yes

Are you happy with Microsoft Sentinel's feature set?

Yes

Did Microsoft Sentinel live up to sales and marketing promises?

Yes

Did implementation of Microsoft Sentinel go as expected?

Yes

Would you buy Microsoft Sentinel again?

Yes

I think for all medium and large organizations, I don't have any solutions where it doesn't make a lot of sense because of its flexibility. I work primarily in medium and very large size companies and it's very good there because it's flexible and adaptable as I mentioned previously. But for small companies, which I don't do a lot of business with, there's sort of easy buttons for a lot of things. So people are able to get comfortable with it pretty quickly. So I don't have a lot of problems in that sense.

Microsoft Sentinel Feature Ratings

Security Information and Event Management (SIEM)
Not Rated
Centralized event and log data collection
Not Rated
Correlation
Not Rated
Event and log normalization/management
Not Rated
Deployment flexibility
Not Rated
Integration with Identity and Access Management Tools
Not Rated
Custom dashboards and workspaces
Not Rated
Host and network-based intrusion detection
Not Rated
Log retention
Not Rated
Data integration/API management
Not Rated
Behavioral analytics and baselining
Not Rated
Rules-based and algorithmic detection thresholds
Not Rated
Response orchestration and automation
Not Rated
Incident indexing/searching
Not Rated

Comments

More Reviews of Microsoft Sentinel

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Microsoft Sentinel Reviews
  4. User Review of Microsoft Sentinel