ManageEngine Log360 vs Microsoft Sentinel comparison

Cancel
You must select at least 2 products to compare!
Devo Logo
Read 16 Devo reviews
14,221 views|5,466 comparisons
ManageEngine Logo
4,232 views|3,241 comparisons
Microsoft Logo
26,136 views|16,730 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between ManageEngine Log360 and Microsoft Sentinel based on real PeerSpot user reviews.

Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed ManageEngine Log360 vs. Microsoft Sentinel Report (Updated: November 2022).
654,658 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most useful feature for us, because of some of the issues we had previously, was the simplicity of log integrations. It's much easier with this platform to integrate log sources that might not have standard logging and things like that.""The ability to have high performance, high-speed search capability is incredibly important for us. When it comes to doing security analysis, you don't want to be doing is sitting around waiting to get data back while an attacker is sitting on a network, actively attacking it. You need to be able to answer questions quickly. If I see an indicator of attack, I need to be able to rapidly pivot and find data, then analyze it and find more data to answer more questions. You need to be able to do that quickly. If I'm sitting around just waiting to get my first response, then it ends up moving too slow to keep up with the attacker. Devo's speed and performance allows us to query in real-time and keep up with what is actually happening on the network, then respond effectively to events.""The querying and the log-retention capabilities are pretty powerful. Those provide some of the biggest value-add for us.""The user interface is really modern. As an end-user, there are a lot of possibilities to tailor the platform to your needs, and that can be done without needing much support from Devo. It's really flexible and modular. The UI is very clean.""Devo provides a multi-tenant, cloud-native architecture. This is critical for managed service provider environments or multinational organizations who may have subsidiaries globally. It gives organizations a way to consolidate their data in a single accessible location, yet keep the data separate. This allows for global views and/or isolated views restricted by access controls by company or business unit.""The strength of Devo is not only in that it is pretty intuitive, but it gives you the flexibility and creativity to merge feeds. The prime examples would be using the synthesis or union tables that give you phenomenal capabilities... The ability to use a synthesis or union table to combine all those feeds and make heads or tails of what's going on, and link it to go down a thread, is functionality that I hadn't seen before.""It's very, very versatile.""In traditional BI solutions, you need to wait a lot of time to have the ability to create visualizations with the data and to do searches. With this kind of platform, you have that information in real-time."

More Devo Pros →

"It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect.""The solution could be improved by including XDR, remediation and Sandbox.""The reports that you can run are really nice.""We haven't had any stability issues.""It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy.""It is nice to be able to monitor and to have notifications."

More ManageEngine Log360 Pros →

"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises.""The initial setup is very simple and straightforward.""The UI-based analytics are excellent.""It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us.""It's pretty powerful and its performance is pretty good.""The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards.""The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases.""The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."

More Microsoft Sentinel Pros →

Cons
"One major area for improvement for Devo... is to provide more capabilities around pre-built monitoring. They're working on integrations with different types of systems, but that integration needs to go beyond just onboarding to the platform. It needs to include applications, out-of-the-box, that immediately help people to start monitoring their systems. Such applications would include dashboards and alerts, and then people could customize them for their own needs so that they aren't starting from a blank slate.""Some of the documentation could be improved a little bit. A lot of times it doesn't go as deep into some of the critical issues you might run into. They've been really good to shore us up with support, but some of the documentation could be a little bit better.""Some third-parties don't have specific API connectors built, so we had to work with Devo to get the logs and parse the data using custom parsers, rather than an out-of-the-box solution.""There is room for improvement in the ability to parse different log types. I would go as far as to say the product is deficient in its ability to parse multiple, different log types, including logs from major vendors that are supported by competitors. Additionally, the time that it takes to turn around a supported parser for customers and common log source types, which are generally accepted standards in the industry, is not acceptable. This has impacted customer onboarding and customer relationships for us on multiple fronts.""An admin who is trying to audit user activity usually cannot go beyond a day in the UI. I would like to have access to pages and pages of that data, going back as far as the storage we have, so I could look at every command or search or deletion or anything that a user has run. As an admin, that would really help. Going back just a day in the UI is not going to help, and that means I have to find a different way to do that.""There's room for improvement within the GUI. There is also some room for improvement within the native parsers they support. But I can say that about pretty much any solution in this space.""Technical support could be better.""Some basic reporting mechanisms have room for improvement. Customers can do analysis by building Activeboards, Devo’s name for interactive dashboards. This capability is quite nice, but it is not a reporting engine. Devo does provide mechanisms to allow third-party tools to query data via their API, which is great. However, a lot of folks like or want a reporting engine, per se, and Devo simply doesn't have that. This may or may not be by design."

More Devo Cons →

"On the logging system, there's a local on-client side that is encrypted, and there's one that is not encrypted. It is only for diagnostical purposes. However, both being encrypted would be very valuable for some audits.""It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system.""The support needs improvement.""It is not expensive compared to other solutions.""It takes a little bit of time for Log360 to actually learn your environment.""Their technical support should be improved."

More ManageEngine Log360 Cons →

"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter.""They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization.""There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds.""Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field.""Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language.""If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies.""We'd like to see more connectors.""Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."

More Microsoft Sentinel Cons →

Pricing and Cost Advice
  • "I'm not involved in the financial aspect, but I think the licensing costs are similar to other solutions. If all the solutions have a similar cost, Devo provides more for the money."
  • "Devo is definitely cheaper than Splunk. There's no doubt about that. The value from Devo is good. It's definitely more valuable to me than QRadar or LogRhythm or any of the old, traditional SIEMs."
  • "[Devo was] in the ballpark with at least a couple of the other front-runners that we were looking at. Devo is a good value and, given the quality of the product, I would expect to pay more."
  • "Be cautious of metadata inclusion for log types in pricing, as there are some "gotchas" with that."
  • "Devo was very cost-competitive... Devo did come with that 400 days of hot data, and that was not the case with other products."
  • "Our licensing fees are billed annually and per terabyte."
  • "I like the pricing very much. They keep it simple. It is a single price based on data ingested, and they do it on an average. If you get a spike of data that flows in, they will not stick it to you or charge you for that. They are very fair about that."
  • "Pricing is based on the number of gigabytes of ingestion by volume, and it's on a 30-day average. If you go over one day, that's not a big deal as long as the average is what you expected it to be."
  • More Devo Pricing and Cost Advice →

  • "Its pricing is definitely huge compared to some of the other SIEMs. Its price should be improved."
  • "My client has a yearly license. I think the cost is not expensive compared to that of other SIEMs, given the service it is providing."
  • More ManageEngine Log360 Pricing and Cost Advice →

  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
  • More Microsoft Sentinel Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
    654,658 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Devo, like other vendors, doesn't charge extra for playbooks and automation. That way, you are only paying for the side… more »
    Top Answer:I need more empowerment in reporting. For example, when I'm using Qlik or Power BI in terms of reporting for the… more »
    Top Answer:The reports that you can run are really nice.
    Top Answer:Because I haven't been using it long enough, I am not too sure what's missing. I am comparing it with Varonis. The two… more »
    Top Answer:Overall, on a scale from one to ten, I would give ManageEngine a rating of eight. It gives me a lot of information… more »
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Comparisons
    Also Known As
    Azure Sentinel
    Learn More
    Overview

    Devo is the only cloud-native logging and security analytics platform that releases the full potential of all your data to empower bold, confident action when it matters most. Only the Devo platform delivers the powerful combination of real-time visibility, high-performance analytics, scalability, multitenancy, and low TCO crucial for monitoring and securing business operations as enterprises accelerate their shift to the cloud.

    Log360 is your one-stop solution for all log management and network security challenges. It is an integrated solution that combines EventLog Analyzer and ADAudit Plus into a single console to help you manage your Active Directory auditing and network security easily.

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Offer
    See Devo in Action

    See how Devo allows you to free yourself from data management, and make machine data and insights accessible.

    Learn more about ManageEngine Log360
    Learn more about Microsoft Sentinel
    Sample Customers
    United States Air Force, Rubrik, SentinelOne, Critical Start, NHL, Panda Security, Telefonica, CaixaBank, OpenText, IGT, OneMain Financial, SurveyMonkey, FanDuel, H&R Block, Ulta Beauty, Manulife, Moneylion, Chime Bank, Magna International, American Express Global Business Travel
    First Mountain Bank, TRA, Citadel Group, OnPoint Financial Corp, Florida Dept. of Transportation
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Top Industries
    REVIEWERS
    Computer Software Company50%
    Recreational Facilities/Services Company10%
    Recruiting/Hr Firm10%
    Insurance Company10%
    VISITORS READING REVIEWS
    Computer Software Company21%
    Comms Service Provider12%
    Financial Services Firm9%
    Government9%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Comms Service Provider12%
    Government10%
    Financial Services Firm8%
    REVIEWERS
    Financial Services Firm19%
    Computer Software Company14%
    Cloud Provider5%
    Marketing Services Firm5%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Comms Service Provider10%
    Government10%
    Financial Services Firm8%
    Company Size
    REVIEWERS
    Small Business21%
    Midsize Enterprise21%
    Large Enterprise58%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise16%
    Large Enterprise62%
    REVIEWERS
    Small Business89%
    Midsize Enterprise11%
    VISITORS READING REVIEWS
    Small Business28%
    Midsize Enterprise22%
    Large Enterprise50%
    REVIEWERS
    Small Business29%
    Midsize Enterprise22%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise15%
    Large Enterprise63%
    Buyer's Guide
    ManageEngine Log360 vs. Microsoft Sentinel
    November 2022
    Find out what your peers are saying about ManageEngine Log360 vs. Microsoft Sentinel and other solutions. Updated: November 2022.
    654,658 professionals have used our research since 2012.

    ManageEngine Log360 is ranked 26th in Security Information and Event Management (SIEM) with 6 reviews while Microsoft Sentinel is ranked 3rd in Security Information and Event Management (SIEM) with 47 reviews. ManageEngine Log360 is rated 6.6, while Microsoft Sentinel is rated 8.2. The top reviewer of ManageEngine Log360 writes "Well-priced, user-friendly, and exceptional support". On the other hand, the top reviewer of Microsoft Sentinel writes "A straightforward solution that provides comprehensiveness and coverage of multiple different on-prem, and cloud solutions". ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Splunk, Wazuh, SolarWinds Security Event Manager and Fortinet FortiSIEM, whereas Microsoft Sentinel is most compared with AWS Security Hub, Splunk, IBM QRadar, Elastic Security and AT&T AlienVault USM. See our ManageEngine Log360 vs. Microsoft Sentinel report.

    See our list of best Security Information and Event Management (SIEM) vendors.

    We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.