Elastic Security vs Microsoft Sentinel comparison

You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary
Updated on Aug 31, 2022

We performed a comparison between Elastic Security and Microsoft Sentinel based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.

  • Ease of Deployment: Users of both solutions indicate that deployment is easy and straightforward.
  • Features: Elastic Security users appreciate that the solution is very comprehensive and allows for many tasks to be performed simultaneously. It is very fast and quick to respond and users can check suspicious behavior or anomalies as often as desired. Many users feel the solution could be more user friendly and should offer better integrations with other products.

    Microsoft Sentinel users feel the solution has helped to improve overall processes across their organizations. The solution allows users to actively hunt for threats, so they do not always have to be on the defensive. Machine learning and AI are value-added additions. Users would like to see better third-party integration options and more seamless integration and faster communication with other Microsoft products.
  • Pricing: Elastic Security is an open-source solution. They do have many different licensing options, which can get expensive. Microsoft Sentinel users feel the solution can be very expensive.
  • Service and Support: Many Elastic Security users feel service and support has room for improvement. Microsoft Sentinel users feel the support is good.

Comparison Results: Both solutions are extremely reliable. Elastic Security is very flexible and very customizable. Microsoft Sentinel is a more comprehensive solution, provides more user options, and is very easy to use. Additionally, Microsoft Sentinel is the best option for organizations that are heavily vested in a Microsoft ecosystem.

To learn more, read our detailed Elastic Security vs. Microsoft Sentinel Report (Updated: November 2023).
746,635 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"The most valuable feature is the search function, which allows me to go directly to the target to see the specific line a customer is searching for.""I can look at events from more than one source across multiple different locations and find patterns or anomalies. The machine learning capabilities are helpful, and I can create rules for notifications to be more proactive rather than responding after something has gone wrong.""What customers found most valuable in Elastic Security feature-wise is the search capability, in particular, the way of writing the search query and the speed of searching for results.""Elastic is straightforward, easy to integrate, and highly customizable.""It is scalable.""One of the most valuable features of this solution is that it is more flexible than AlienVault.""The most valuable thing is that this solution is widely used for work management and research. It's easy to jump into the security use case with the same technology.""I like that it's a SIEM platform. I like that I can sell Elastic Security quickly. Elastic Security has a large community that can support users."

More Elastic Security Pros →

"The Log analytics are useful.""The solution offers a lot of data on events. It helps us create specific detection strategies.""The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities.""The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc.""Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible.""The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware.""It has a lot of great features.""Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."

More Microsoft Sentinel Pros →

"It is difficult to anticipate and understand the space utilization, so more clarity there would be great.""One limitation of Elastic Security is that it does not have built-in workflows for all tasks. For example, if you need a workflow for compliance, you will need to create a custom workflow.""Their visuals and graphs need to be better.""There isn't really a very good user experience. You need a lot of training.""With Elastic Security, the challenge arises from the fact that there is a learning curve in relation to queries and understanding the query language provided to extract usable data.""Technical support could respond faster.""An area for improvement in Elastic Security is the pricing. It could be better. Right now, when you increase the volume of logs to be collected, the price also increases a lot.""There is room for improvement in the Kibana dashboard and in the asset management for the program."

More Elastic Security Cons →

"The following would be a challenge for any product in the market, but we have some in-house apps in our environment... our apps were built with different parameters and the APIs for them are not present in Sentinel. We are working with Microsoft to build those custom APIs that we require. That is currently in progress.""We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft.""We'd like to see more connectors.""We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days.""The solution could be more user-friendly; some query languages are required to operate it.""Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter.""If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have.""I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."

More Microsoft Sentinel Cons →

Pricing and Cost Advice
  • "Affordable but with additional costs"
  • "When compared to other products, the price is average or on the low side."
  • "The licensing cost of Elastic Security is based on the daily ingestion rate. I can't recall the exact figure, but for 10GB of log action daily, it would cost around $20,000."
  • "The price is reasonable. It probably costs the same as ArcSight and LogRhythm SIEM. FortiSIEM might cost less than Elastic Security. There are no hidden or additional costs."
  • "The tool's pricing is flexible and comes at unit cost. You don't have to pay for everything."
  • "The base product is open-source but if you need advanced security features then you need to pay for the subscription. Elastic Security's price is reasonable in some cases and in other cases it's not."
  • "The pricing is in the middle. I think it is not an expensive experience if we compare it with big names, for example, QRadar, and also Oxide. I think Elastic Security is quite cheap. I would rate the pricing of this solution a five out of ten."
  • "Elastic Security is free to use."
  • More Elastic Security Pricing and Cost Advice →

  • "Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."
  • "For us, it is not expensive at this time, but if we start to collect all logs from our on-premise SIEM solutions, it will cost more than QRadar. If we calculate its cost over the next five or ten years, it will cost more than what we paid for QRadar."
  • "I don't know yet because they gave us a 30-day test window for free."
  • "It's costly to maintain and renew."
  • "Microsoft Sentinel is expensive."
  • "Sentinel is pretty competitive. The pricing is at the level of other SIEM solutions."
  • "It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."
  • "There are no additional costs other than the initial costs of Sentinel."
  • More Microsoft Sentinel Pricing and Cost Advice →

    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    746,635 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:With Datadog, we have near-live visibility across our entire platform. We have seen APM metrics impacted several times lately using the dashboards we have created with Datadog; they are very good core… more »
    Top Answer:Stability-wise, I rate the solution a ten out of ten.
    Top Answer:The pricing is fine. But the basic pricing should cover all the features you need. Elastic needs to add more features, which are available as subscription-based add-ons. So more features may need to… more »
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized by… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    Elastic SIEM, ELK Logstash
    Azure Sentinel
    Learn More
    Unify SIEM, endpoint security, and cloud security
    Elastic Security modernizes security operations — enabling analytics across years of data, automating key processes, and bringing native endpoint security to every host.
    Elastic Security equips teams to prevent, detect, and respond to threats at cloud speed and scale — securing business operations with a unified, open platform.

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Learn more about Elastic Security
    Learn more about Microsoft Sentinel
    Sample Customers
    Texas A&M, U.S. Air Force, NuScale Power, Martin's Point Health Care
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Top Industries
    Financial Services Firm32%
    Computer Software Company27%
    Healthcare Company14%
    Comms Service Provider9%
    Computer Software Company17%
    Financial Services Firm10%
    Comms Service Provider7%
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Real Estate/Law Firm6%
    Computer Software Company17%
    Financial Services Firm10%
    Manufacturing Company7%
    Company Size
    Small Business57%
    Midsize Enterprise19%
    Large Enterprise24%
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise58%
    Small Business33%
    Midsize Enterprise20%
    Large Enterprise47%
    Small Business24%
    Midsize Enterprise16%
    Large Enterprise60%
    Buyer's Guide
    Elastic Security vs. Microsoft Sentinel
    November 2023
    Find out what your peers are saying about Elastic Security vs. Microsoft Sentinel and other solutions. Updated: November 2023.
    746,635 professionals have used our research since 2012.

    Elastic Security is ranked 5th in Security Information and Event Management (SIEM) with 29 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 62 reviews. Elastic Security is rated 7.6, while Microsoft Sentinel is rated 8.4. The top reviewer of Elastic Security writes "A highly flexible and customizable tool that needs to improve automation and integration". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Elastic Security is most compared with Wazuh, Splunk Enterprise Security, Microsoft Defender for Endpoint, IBM Security QRadar and AlienVault OSSIM, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Rapid7 InsightIDR. See our Elastic Security vs. Microsoft Sentinel report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.