We performed a comparison between Elastic Security and Microsoft Sentinel based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Both solutions are extremely reliable. Elastic Security is very flexible and very customizable. Microsoft Sentinel is a more comprehensive solution, provides more user options, and is very easy to use. Additionally, Microsoft Sentinel is the best option for organizations that are heavily vested in a Microsoft ecosystem.
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for."
"I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong."
"What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results."
"Elastic is straightforward, easy to integrate, and highly customizable."
"It is scalable."
"One of the most valuable features of this solution is that it is more flexible than AlienVault."
"The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology."
"I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."
"The Log analytics are useful."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"It has a lot of great features."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"It is difficult to anticipate and understand the space utilization, so more clarity there would be great."
"One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow."
"Their visuals and graphs need to be better."
"There isn't really a very good user experience. You need a lot of training."
"With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data."
"Technical support could respond faster."
"An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot."
"There is room for improvement in the Kibana dashboard and in the asset management for the program."
"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"We'd like to see more connectors."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"The solution could be more user-friendly; some query languages are required to operate it."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:
- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds
- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft
- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft
- Respond to incidents rapidly with built-in orchestration and automation of common tasks
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 29 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 62 reviews. Elastic Security is rated 7.6, while Microsoft Sentinel is rated 8.4. The top reviewer of Elastic Security writes "A highly flexible and customizable tool that needs to improve automation and integration". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Defender for Endpoint, IBM Security QRadar and AlienVault OSSIM, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Rapid7 InsightIDR. See our Elastic Security vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.