Great SIEM
December 22, 2025

Great SIEM

Anonymous | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User

Overall Satisfaction with Microsoft Sentinel

Microsoft Sentinel is utilized as our SIEM for all security event processing. This includes data from our on premise servers to the flow logs in our cloud environments. It provides us with a central way to correlated events and quickly gain contextual data on events taking place in our network. The Microsoft Security dashboard gives analysts a easy to use launch point to dive deeper into any alerts generated.

Pros

  • Cost
  • Easy M365 Data Ingestion
  • Central Management

Cons

  • Onboarding Instructions
  • More Third Party Use Cases
  • Additional Default Dashboards
  • Sentinel is Agentless for any Azure hosted service
  • Low on premise footprint for local log ingestion.
  • High Learning curve for any custom detection rules
We utilize Sentinel to pull in all security events. This is primarily windows security events, but includes syslog from 6 to 8 applications. All Cisco and NSX network events.
The process to setup a connector is often easy. If you utilize their log forwarder it is not difficult to get any syslog source onboarded. Most data connectors give a step by step set of instructions to configure the log ingestion.
We are not currently utilizing this feature but it on our roadmap to get configured in the next year.
Microsoft Sentinel is great if you are using popular platforms and focused on a windows operating system. If you are attempting to create specific queries and correlations the learning curve is on the higher side. As more people start using Sentinel, I believe there will be more data connectors and it could become more standard to expect a connector.
We utilize Microsoft Sentinel's investigation tools to dive deeper into events and see the attack path that was used to generate the event. This data is invaluable to our hardening process.
Microsoft Sentinel gave us the opportunity to move to pay as you go model. This allows us to determine the value of a log source rather than paying a flat rate for data ingested or hosting a server ourself.

Do you think Microsoft Sentinel delivers good value for the price?

Yes

Are you happy with Microsoft Sentinel's feature set?

Yes

Did Microsoft Sentinel live up to sales and marketing promises?

Yes

Did implementation of Microsoft Sentinel go as expected?

Yes

Would you buy Microsoft Sentinel again?

Yes

Microsoft Sentinel is a great choice for any customer who is entirely rooted in the Microsoft and windows environments. Sentinel has many data connectors to quickly get most log sources connected, but if you utilize various third party SaaS applications it may be difficult to ingest the data into Sentinel and it may not be the best pick for you.

Microsoft Sentinel Feature Ratings

Security Information and Event Management (SIEM)
8.1
Centralized event and log data collection
8
Correlation
9
Event and log normalization/management
8
Deployment flexibility
5
Integration with Identity and Access Management Tools
9
Custom dashboards and workspaces
7
Host and network-based intrusion detection
8
Log retention
9
Data integration/API management
10
Behavioral analytics and baselining
8
Rules-based and algorithmic detection thresholds
8
Response orchestration and automation
9
Incident indexing/searching
7

Comments

More Reviews of Microsoft Sentinel

  1. Home
  2. Security Information and Event Management (SIEM) Software
  3. Microsoft Sentinel Reviews
  4. User Review of Microsoft Sentinel