How I use Microsoft Sentinel to keep up in a Multi-client SOC
December 16, 2025
How I use Microsoft Sentinel to keep up in a Multi-client SOC
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Sentinel
We support a mix of enterprise clients: banks, retail chains with weird legacy systems. So Microsoft Sentinel helps us wrangle all their logs into one place without losing our minds. My main day to day is triaging incidents coming from Microsoft Sentinel analytics and running KQL queries.
Pros
- We get clean unified views across multiple clients
- Built in hunting queries and analytics
Cons
- As a junior analyst, I've struggled a lot with the learning curve. I had to pull off all-nighters at the start, just to wrap my head around Microsoft Sentinel
- I can't imagine a world without Microsoft Sentinel for investigations and triaging. The manual hours that would take is bogus
- Peace of mind for our financial clients who make up the majority of our client base
Cloud identity and productivity logs. Endpoint and EDR data Firewall and network logs Cloud infrastructure logs
As a junior, my experience with these is insignificant at the moment, but it's something I'm looking to explore in the coming months.
Do you think Microsoft Sentinel delivers good value for the price?
Yes
Are you happy with Microsoft Sentinel's feature set?
No
Did Microsoft Sentinel live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Microsoft Sentinel go as expected?
I wasn't involved with the implementation phase
Would you buy Microsoft Sentinel again?
Yes
Comments
Please log in to join the conversation