Microsoft Sentinel vs SolarWinds Security Event Manager comparison

Microsoft Sentinel vs. SolarWinds Security Event Manager

Download the complete report

Helped 879,889 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Sentinel

Ranking in Security Information and Event Management (SIEM)

4th

Average Rating

8.2

Reviews Sentiment

7.0

Number of Reviews

103

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)

SolarWinds Security Event M...

Ranking in Security Information and Event Management (SIEM)

37th

Average Rating

7.8

Reviews Sentiment

5.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of January 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 5.0%, down from 7.5% compared to the previous year. The mindshare of SolarWinds Security Event Manager is 0.8%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Market Share Distribution
Product	Market Share (%)
Microsoft Sentinel	5.0%
SolarWinds Security Event Manager	0.8%
Other	94.2%

Security Information and Event Management (SIEM)

Featured Reviews

Rob Wille

Solutions Architect at a tech vendor with 201-500 employees

Creates value with advanced investigation capabilities while seeking improved integration with varied platforms

My primary improvement request would be for auxiliary logs, as they represent our biggest need. While we have automated deployments now, Microsoft Sentinel is fairly easy to deploy, although we face challenges with integrations related to AWS and GCP, particularly with Google. The integration challenges arise from both sides; Google tends to be noisy, and we find only ten analytic rules out of the box, necessitating the use of Defender for Cloud for alerts, which indicates a need for better documentation during deployment. The story between UEBA and Defender for Identity and Intra needs to be further explored and defined. There's some confusion on what is happening from a user and entity behavior.

Read full review

Yashokanth Partkunan

Managed Services Engineer at Loop1 Systems

Has supported client needs efficiently but requires deeper analysis features and faster support

The log analyzing capability of SolarWinds Security Event Manager should go into more depth than the current environment. More modification and enhancements are required on the dashboard side in order to make it closer to optimal performance. From observation and feedback from users, they need more functionality related to monitoring, and in-depth analyzing needs to be improved.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"It has a lot of great features."

"The best feature of Microsoft Sentinel is its ability to unify all dashboards or functions into one modern SecOps dashboard."

"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."

"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."

"The signal correlation and dashboards features of Microsoft Sentinel are fantastic because it correlates the signal logs with other products."

"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."

"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"

"The automation feature is valuable."

More Microsoft Sentinel pros

"It's extremely easy to deploy."

"The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."

"SolarWinds' stability is fine. I don't think we've had any software issues."

"User-friendly configuration is key, and the configurations are simple, not complex."

"Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network."

"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."

"SolarWinds Security Event Manager has been generally working well."

"The most valuable feature is the ease of use for the end user."

More SolarWinds Security Event Manager pros

Cons

"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."

"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."

"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."

"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."

"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."

"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."

"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."

"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."

More Microsoft Sentinel cons

"I would like to have a more customizable dashboard."

"We'd like more customization capabilities."

"SolarWinds should improve its correlation capabilities. The correlation does not automatically detect and reduce the events fast enough. You have to manually do a correlation report, which means the tool is not scalable in many ways."

"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."

"I would like to be able to dig deeper into the visibility of events or incidents to determine whether they are malicious, such as by doing behavior analysis."

"The only issue is the pricetag. SolarWinds is a costly solution."

"I think the customization area in the tool can be considered as an area of concern where improvements are required."

"We used the support from SolarWinds Security Event Manager and they are knowledgeable but challenging to get in contact with them."

More SolarWinds Security Event Manager cons

Pricing and Cost Advice

"It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."

"It is consumption-based pricing. It is an affordable solution."

"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

"Pricing for Microsoft Sentinel could always be lower, but it's workable. The ingestion costs for the data analytics is usually the highest cost, but the licensing per Microsoft Sentinel is fairly straightforward and transparent."

"The pricing is fair... With a traditional SIEM, you pay a lump sum for licenses. But with Sentinel, it's pay-as-you-go according to the amount of data you inject."

"It's costly to maintain and renew."

"Microsoft Sentinel can be costly, particularly for data management."

"It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"

More Microsoft Sentinel pricing and cost advice

"It is in the appropriate mid-range. It is not as expensive as some of the other solutions. It is also not cheap."

"The price of SolarWinds Security Event Manager is reasonable."

"We do a yearly license renewal. For a year, the solution costs roughly $500,000 USD. There are no costs beyond this yearly fee."

"Licensing is on devices, so if you have many, then this may be high."

"The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten."

"The pricing model would benefit from having package deals with other SolarWinds products."

"Licenses can only be purchased in blocks of fifty at a time."

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

879,889 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

10%

Manufacturing Company

Government

Financial Services Firm

13%

University

12%

Manufacturing Company

10%

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	38
Midsize Enterprise	22
Large Enterprise	44

By reviewers
Company Size	Count
Small Business	19
Midsize Enterprise	3
Large Enterprise	7

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

What do you like most about SolarWinds Security Event Manager ?

The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers.

What is your experience regarding pricing and costs for SolarWinds Security Event Manager ?

The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten.

What needs improvement with SolarWinds Security Event Manager ?

AWS Security Hub vs Microsoft Sentinel

Comparisons

Compared 17% of the time

Cortex XSIAM vs Microsoft Sentinel

Compared 6% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 5% of the time

Wazuh vs Microsoft Sentinel

Compared 4% of the time

CrowdStrike Falcon vs Microsoft Sentinel

Compared 4% of the time

More Microsoft Sentinel Competitors

Wazuh vs SolarWinds Security Event Manager

Compared 19% of the time

ManageEngine Log360 vs SolarWinds Security Event Manager

Compared 13% of the time

Splunk Enterprise Security vs SolarWinds Security Event Manager

Compared 13% of the time

IBM Security QRadar vs SolarWinds Security Event Manager

Compared 11% of the time

LogRhythm SIEM vs SolarWinds Security Event Manager

Compared 9% of the time

More SolarWinds Security Event Manager Competitors

Product Reports

Microsoft Sentinel

Download Microsoft Sentinel product report

SolarWinds Security Event Manager

Download SolarWinds Security Event Manager product report

SolarWinds Security Event Manager report

Also Known As

Azure Sentinel

SolarWinds LEM, Solarwinds SIEM, TriGeo, Log and Event Manager

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft

When TriGeo was acquired by SolarWinds, TriGeo SIM became known as SolarWinds Log & Event Manager. This product is a leading Security Information and Event Management (SIEM) product and log management solution, which provides log collection, analysis, and real-time correlation.

SolarWinds

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

NetSuite, EasyStreet, Legacy Texas Bank, and Energy Federal Credit Union, to name a few.

Microsoft Sentinel vs. SolarWinds Security Event Manager