• Home
  • Elastic Security vs. Microsoft Sentinel

Elastic Security vs Microsoft Sentinel comparison

Cancel
You must select at least 2 products to compare!
Elastic Logo

Elastic Security

Read 58 Elastic Security reviews
15,439 views|12,697 comparisons
86% willing to recommend
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
32,763 views|18,195 comparisons
92% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Elastic Security vs. Microsoft Sentinel
March 2024
Executive Summary
Updated on Aug 31, 2022

We performed a comparison between Elastic Security and Microsoft Sentinel based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both solutions indicate that deployment is easy and straightforward.
  • Features: Elastic Security users appreciate that the solution is very comprehensive and allows for many tasks to be performed simultaneously. It is very fast and quick to respond and users can check suspicious behavior or anomalies as often as desired. Many users feel the solution could be more user friendly and should offer better integrations with other products.

    Microsoft Sentinel users feel the solution has helped to improve overall processes across their organizations. The solution allows users to actively hunt for threats, so they do not always have to be on the defensive. Machine learning and AI are value-added additions. Users would like to see better third-party integration options and more seamless integration and faster communication with other Microsoft products.
  • Pricing: Elastic Security is an open-source solution. They do have many different licensing options, which can get expensive. Microsoft Sentinel users feel the solution can be very expensive.
  • Service and Support: Many Elastic Security users feel service and support has room for improvement. Microsoft Sentinel users feel the support is good.

Comparison Results: Both solutions are extremely reliable. Elastic Security is very flexible and very customizable. Microsoft Sentinel is a more comprehensive solution, provides more user options, and is very easy to use. Additionally, Microsoft Sentinel is the best option for organizations that are heavily vested in a Microsoft ecosystem.

To learn more, read our detailed Elastic Security vs. Microsoft Sentinel Report (Updated: March 2024).
Download the complete report
768,578 professionals have used our research since 2012.
Featured Review
Haroon Khand
Enables users to know about the downtime and the errors in the code
There are many benefits. It provides log monitoring, synthetic monitoring, real user monitoring, and application performance monitoring. These are... Read more →
Joseph Messina
Helps save us time, streamlines event investigations, and improves our visibility
Sentinel provides us with a unified set of tools for detecting, investigating, and responding to incidents. This centralized approach offers both... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The visualization is very good.""The most valuable features of the solution are the prevention methods and the incident alerts.""Stability-wise, I rate the solution a ten out of ten.""I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong.""The solution is compatible with the cloud-native environment and they can adapt to it faster.""One of the most valuable features of this solution is that it is more flexible than AlienVault.""It's very stable and reliable.""The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."

More Elastic Security Pros →

"The UI of Sentinel is very good and easy to use, even for beginners.""In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store""Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing""Microsoft Sentinel comes preloaded with templates for teaching and analytics rules.""The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities.""The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards.""Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually.""We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."

More Microsoft Sentinel Pros →

Cons
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow.""There should be a simulation environment to check whether my Elastic implementation is functioning perfectly fine. Other solutions have their own Android and iOS applications that I can install on my mobile so that I am continuously connected to the SIEM.""The solution could also use better dashboards. They need to be more graphical, more matrix-like.""I would like more ways to manage permissions and restrict access to certain users.""The problem with ELK is it's difficult to administer. When you have a problem, it can be very, very difficult to rebuild indexes.""The tool should improve its scalability.""I think because we are a cybersecurity company, the thing that can be improved is the prebuilt tools, especially quality. Compared to its competitor, they still have fewer prebuilt security rules. Elastic Security, in terms of generating alerts, cannot group the same products into one another. Even though the alerts are the same, they still generate them one by one. So, it is very noisy in our dashboard. I would like the Elastic Security admin to group all the same alarms into one alarm so that our dashboard is not noisy.""The process of designing dashboards is a little cumbersome in Kibana. Unless you are an expert, you will not be able to use it. The process should be pretty straightforward. The authentication feature is what we are looking for. We would love to have a central authentication system in the open-source edition without the need for a license or an enterprise license. If they can give at least a simple authentication system within a company. In a large organization, authentication is very essential for security because logs can contain a lot of confidential data. Therefore, an authentication feature for who accesses it should be there."

More Elastic Security Cons →

"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything...""It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more.""For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons.""If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details.""The data connectors for third-party tools could be improved, as some aren't available in Sentinel. They need to be available in the data connector panel.""If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable.""Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect.""We'd like also a better ticketing system, which is older."

More Microsoft Sentinel Cons →

Pricing and Cost Advice
  • "We use the open-source version, so there is no charge for this solution."
  • "We are using the free, open-source version of this solution."
  • "Elastic Stack is an open-source tool. You don't have to pay anything for the components."
  • "There is no charge for using the open-source version."
  • "This is an open-source product, so there are no costs."
  • "It's a monthly cost with Elastic SIEM, but I am not sure of the exact cost."
  • "It is easy to deploy, easy to use, and you get everything you need to become operational with it, and have nothing further to pay unless you want the OLED plugin."
  • "Compared to other products such as Dynatrace, this is one of the cheaper options."

    • More Elastic Security Pricing and Cost Advice →

  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    See Recommendations
    768,578 professionals have used our research since 2012.
    Questions from the Community
    Datadog vs ELK: which one is good in terms of performance, cost and effic...
    Top Answer:With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good core… more »
    Read all 7 answers   →
    What do you like most about Elastic Security?
    Top Answer:It is an extremely stable solution. Stability-wise, I rate the solution a ten out of ten.
    Read all 26 answers   →
    What is your experience regarding pricing and costs for Elastic Security?
    Top Answer:The product offers an amazing pricing structure. Price-wise, the product is very competitive.
    Read all 18 answers   →
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will… more »
    Read all 2 answers   →
    Ranking
    5th
    out of 80 in Security Information and Event Management (SIEM)
    Views
    15,439
    Comparisons
    12,697
    Reviews
    26
    Average Words per Review
    483
    Rating
    7.7
    1st
    out of 80 in Security Information and Event Management (SIEM)
    Views
    32,763
    Comparisons
    18,195
    Reviews
    60
    Average Words per Review
    1,620
    Rating
    8.4
    Comparisons
    Also Known As
    Elastic SIEM, ELK Logstash
    Azure Sentinel
    Learn More
    Elastic
    Microsoft
    Overview
    Elastic Security is a robust, open-source security solution designed to offer integrated threat prevention, detection, and response capabilities across an organization's entire digital estate. Part of the Elastic Stack (which includes Elasticsearch, Logstash, and Kibana), Elastic Security leverages the power of search, analytics, and data aggregation to provide real-time insight into threats and vulnerabilities. It is a comprehensive platform that supports a wide range of security needs, from endpoint protection to cloud and network security, making it a versatile choice for organizations looking to enhance their cybersecurity posture.


    Elastic Security combines the features of a security information and event management (SIEM) system with endpoint protection, allowing organizations to detect, investigate, and respond to threats in real time. This unified approach helps reduce complexity and improve the efficiency of security operations.

    Additional offerings and benefits:

    • The platform utilizes advanced analytics, machine learning algorithms, and anomaly detection to identify threats and suspicious activities.
    • It offers extensive integration options with other tools and platforms, facilitating a more cohesive and comprehensive security ecosystem.
    • With Kibana, users gain access to powerful visualization tools and dashboards that provide real-time insight into security data.

    Finally, Elastic Security benefits from a global community of users who contribute to its threat intelligence, helping to enhance its detection capabilities. This collaborative approach ensures that the solution remains on the cutting edge of cybersecurity, with up-to-date information on the latest threats and vulnerabilities.

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Sample Customers
    Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Top Industries
    REVIEWERS
    Financial Services Firm29%
    Computer Software Company25%
    Healthcare Company13%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm10%
    Government9%
    Comms Service Provider7%
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Comms Service Provider8%
    Manufacturing Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business60%
    Midsize Enterprise18%
    Large Enterprise23%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise17%
    Large Enterprise57%
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    Buyer's Guide
    Elastic Security vs. Microsoft Sentinel
    March 2024
    Free Report: Elastic Security vs. Microsoft Sentinel
    Find out what your peers are saying about Elastic Security vs. Microsoft Sentinel and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,578 professionals have used our research since 2012.

    Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 58 reviews while Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews. Elastic Security is rated 7.6, while Microsoft Sentinel is rated 8.2. The top reviewer of Elastic Security writes "A stable and scalable tool that provides visibility along with the consolidation of logs to its users". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender for Endpoint and CrowdStrike Falcon, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Wazuh. See our Elastic Security vs. Microsoft Sentinel report.

    See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.