We performed a comparison between ArcSight Intelligence and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The features that stand out are the detection engine and its integration with multiple data sources."
"What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The most valuable feature is the UEBA. It's very easy for a security operations analyst. It has a one-touch analysis where you can search for a particular entity, and you can get a complete overview of that entity or user."
"Free ingestion for Azure logs (with E5 licence)"
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The platform helps us improve threat detection capabilities."
"The ability to tailor an environment to suit our specific use cases is a major advantage of ArcSight compared to other logging servers such as Splunk."
"The product has a valuable interface."
"The most valuable feature of ArcSight Intelligence is a single console where the entire dashboard gives all the connected details in a single place."
"We found the correlation engine to be very good. It takes logs from different types of devices and does the correlation in a good way."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"The tool is simple to use."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"It makes everything easier by automating some tasks and growing with our needs."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The only thing is sometimes you can have a false positive."
"The reporting could be more structured."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The playbook is a bit difficult and could be improved."
"The product can be improved by reducing the cost to use AI machine learning."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"I would like to see more AI used in processes."
"The frequency of the updates that we are getting can be improved because the number and types of incidents that are happening at the global level are far more than what we are receiving. The frequency of updates feeds related to our rules should be increased. There should be more frequent information about the new rules that are coming and the global threats that are happening. There should be better options for dashboard creation. At present, the dashboards are good, but there is scope to make them better."
"We haven't found the product fully scalable."
"ArcSight Intelligence's pricing needs improvement."
"The dashboard is not user-friendly and is in black and white."
"ArcSight Intelligence is a bit slower, and its speed should be improved."
"Log source integration with Sentinel needs to be improved."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"I rate Sentinel a six out of ten for scalability."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"The dashboard and customer view should be improved"
"I would like to see a better reporting work structure on the dashboard."
"It is an ancient product."
"The solution does not allow outsourced authorizations."
ArcSight Intelligence is ranked 31st in Security Information and Event Management (SIEM) with 5 reviews while Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews. ArcSight Intelligence is rated 8.0, while Sentinel is rated 7.6. The top reviewer of ArcSight Intelligence writes "A user-friendly solution that can be used to integrate the logs properly with different connectors". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". ArcSight Intelligence is most compared with ArcSight Enterprise Security Manager (ESM), Exabeam Fusion SIEM and Splunk User Behavior Analytics, whereas Sentinel is most compared with Splunk Enterprise Security, IBM Security QRadar, Google Chronicle Suite, Wazuh and LogRhythm SIEM. See our ArcSight Intelligence vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.