Well done Microsoft Sentinel - great Product
July 14, 2025
Well done Microsoft Sentinel - great Product
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Sentinel
Its integrated into a SOC to provide real-time visibility, reduce alert fatigue, and improve mean time to resolution (MTTR) - which we are achieving via custom playbooks. Monitor login activities, network traffic, and endpoint behavior to detect anomalies like brute-force attacks or compromised accounts. We have also found that our posture improved by 30% within the first month.
Pros
- Single pane view to monitor and respond
- Easy way to do Threat hunting
- ease of investigating findings
Cons
- More templates for customers
- Cost is an issue - complex licensing
- Bring the community more into the ecosystem
- Improved security posture
- Improved response times
- reduced false positives
- could also say alert fatigue improved
We mainly pull and collate data from within Azure and our hosting environments. Other sources are as follow: Fortinet Palo Alto AWS environment We have 3rd party apps developed inhouse, but find that we have limited scope and visibility - it may be the application currently and getting useful events from the applications.
Within Azure was easy - the 3rd party was already supported and relatively easy to get going.
Yes we make use of the full stack. For example - A machine learning model might detect a sudden spike in data transfers to an external IP, indicating potential data exfiltration. We are also combining Entra ID sign-in logs with endpoint data to identify a potential brute-force attack followed by privilege escalation.
Microsoft Sentinel aggregates related alerts into incidents, providing a single interface to view all relevant details, such as severity, status, affected entities, and timeline of events. Analysts prioritize incidents based on AI-assigned severity scores or risk levels. Microsoft Sentinel’s entity pages provide detailed profiles for entities like users, hosts, or IPs involved in an incident. These pages aggregate data such as login history, recent activities, and associated alerts, allowing analysts to drill down into specific behaviors.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
Do you think Microsoft Sentinel delivers good value for the price?
Yes
Are you happy with Microsoft Sentinel's feature set?
Yes
Did Microsoft Sentinel live up to sales and marketing promises?
Yes
Did implementation of Microsoft Sentinel go as expected?
Yes
Would you buy Microsoft Sentinel again?
Yes
Comments
Please log in to join the conversation