This reviewer's identity has been verified by our review moderation team. They have asked not to show their name, job title, or picture.
There bunch of SIEM tools available in market like Splunk, MS Sentinel and IBM QRadar. Let's see pros of MS Sentinel today:-
1. This tool is completely build on Azure and does not require on-prem infrastructure.
2. As it is deployed on Azure, it scales automatically based on the data ingestion.
3. Integration with Azure AD, Defender for Cloud and MS tools is very easy and quick.
4. It has multiple features, one of them is AI which automatically detects anomalies and correlates signals across data sources.
5. It makes use of KQL which helps in reporting and getting deep analytics with custom queries.
6. It has very large community rules, workbooks, and playbooks available on the GitHub and Sentinel communit which makes things much easier when compared with other SIEM tools. Review collected by and hosted on G2.com.
1. Sentinel has a "pay as you go" pricing model which makes it really expensive if you are ingesting lot of data.
2. Sentinel makes use of KQL (Kusto Query Language) is powerful but not intuitive for beginners needs good amount of training for a kick start.
3. Sentinel has a good amount of prebuilt connectors but when it comes to integration with legacy system it is complex process and take good amount of time.
4. When dealing with large, complex queries it may take time and consume high compute resources.
5. Once completely set up the tool and has been used over a long period they switching to another SIEM platform becomes a tedious task. Review collected by and hosted on G2.com.
Validated through LinkedIn
This reviewer was offered a nominal incentive as thanks for completing this review.
Invitation from G2. This reviewer was offered a nominal incentive as thanks for completing this review.
