Microsoft Sentinel Reviews & Product Details

What I appreciate most about Microsoft Sentinel is its seamless combination of SIEM and SOAR within a truly cloud-native environment. Its strong integration with the Microsoft ecosystem—particularly Azure, Entra ID, Defender, and M365—delivers immediate visibility and requires very little onboarding effort. The platform’s use of KQL empowers flexible and robust threat hunting, while the built-in analytics rules and UEBA features help to significantly reduce alert fatigue. Additionally, automation via Logic Apps enables security teams to respond more quickly and consistently, making Sentinel a highly scalable and cost-effective solution for today’s SOC operations. Review collected by and hosted on G2.com.

One aspect I find challenging about Microsoft Sentinel is managing costs, particularly as usage grows, because the pricing model relies heavily on the amount of data ingested and retained. While KQL is a powerful tool, it presents a learning curve for teams who are new to it, which can slow down the adoption process. In addition, implementing advanced SOAR use cases often demands considerable customization through Logic Apps, and troubleshooting these automations can be quite complex. Lastly, Sentinel tends to work best within the Microsoft ecosystem, which can be a drawback for organizations that rely on a variety of non-Microsoft security tools. Review collected by and hosted on G2.com.

We have both logs and incidents visible in MS Sentinel unlike our previous SIEM tool. Also, it is an advantage to have the visibility of other services of Azure in the Sentinel and many more. Review collected by and hosted on G2.com.

We don't have an RBAC option to the tables in the Sentinel like we have in the ADX. It would be great if we have these RBAC option so that we can grant permissions to specific user or group to specific tables Review collected by and hosted on G2.com.

There bunch of SIEM tools available in market like Splunk, MS Sentinel and IBM QRadar. Let's see pros of MS Sentinel today:-

1. This tool is completely build on Azure and does not require on-prem infrastructure.

2. As it is deployed on Azure, it scales automatically based on the data ingestion.

3. Integration with Azure AD, Defender for Cloud and MS tools is very easy and quick.

4. It has multiple features, one of them is AI which automatically detects anomalies and correlates signals across data sources.

5. It makes use of KQL which helps in reporting and getting deep analytics with custom queries.

6. It has very large community rules, workbooks, and playbooks available on the GitHub and Sentinel communit which makes things much easier when compared with other SIEM tools. Review collected by and hosted on G2.com.

1. Sentinel has a "pay as you go" pricing model which makes it really expensive if you are ingesting lot of data.

2. Sentinel makes use of KQL (Kusto Query Language) is powerful but not intuitive for beginners needs good amount of training for a kick start.

3. Sentinel has a good amount of prebuilt connectors but when it comes to integration with legacy system it is complex process and take good amount of time.

4. When dealing with large, complex queries it may take time and consume high compute resources.

5. Once completely set up the tool and has been used over a long period they switching to another SIEM platform becomes a tedious task. Review collected by and hosted on G2.com.

Integrations with multiple cybersecurity tools Review collected by and hosted on G2.com.

The cost of monthly intake is a high price that is paid Review collected by and hosted on G2.com.

Microsoft sentinel has very good capabilities to integrate the data. It is easy to connet with the ongoing security softwares and other tools also. This helps organizations to improve their security at different level. Review collected by and hosted on G2.com.

To generate custom reports using Microsoft Sentinel sometimes may be time consuming due to its dependency on KQLscript writing. If we want to combine the non microsoft data in order to generate log anaysis, it will be difficult. Additionally, learning KQL is also difficult for the new comers. Review collected by and hosted on G2.com.

Integration with almost all tools and applications. Ease of use, Implementation, migration from other solutions, User friendly and lot much capable Review collected by and hosted on G2.com.

Whenever you need to search for a rule or use case, you first need to find the proper alert name (proper naming convention) from analytics; after that, you can search for it. Review collected by and hosted on G2.com.

Microsoft Sentinel seamlessly integrates with Azure security services, capturing data from different sources like VMs using the Azure monitor agent, Azure Activity log, and Azure event hub. Its built on cloud native architecture. Its a centralized monitoring system. Azure sentinel uses playbooks for automated threat response, streamlining incident handeling. Review collected by and hosted on G2.com.

Some users find the user interface challenging to navigate, understanding its features may take time. This conprehensive soltuin comes with a price tag. Review collected by and hosted on G2.com.

It's easy intergration with Azure Services and the Microsoft Security Tools. Also the pay-as-you-go model. Review collected by and hosted on G2.com.

The high costs at scale and the alert fatigue that it gets. Review collected by and hosted on G2.com.

This tool has a very good platform and user friendly to all new user as well.It is a easy to use platform and a soc monitoring tool. it's ease of implementaion makes user to use it. It has a good customer support and I have been using this tool since past years .I am frequently using this .It has good integration with other tools. Review collected by and hosted on G2.com.

The cost of this platform is little bit higher and the complexity of the tool is there. Review collected by and hosted on G2.com.

The best features of Microsoft Sentinel includes scalability, seamless integration with Microsoft products, automated incident response etc. Review collected by and hosted on G2.com.

So far there is nothing to dislike instead of the integration challenges with third party tool which are non-Microsoft tools. But it can be doable with guides or plugins. Review collected by and hosted on G2.com.