We performed a comparison between Microsoft Sentinel and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We are able to deploy within half an hour and we only require one person to complete the implementation."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The pricing of the product is excellent."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"Free ingestion for Azure logs (with E5 licence)"
"It's pretty powerful and its performance is pretty good."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"Trellix ESM is very user-friendly."
"The most valuable feature for us is that it comes with many correlations, reports, and dashboards already available. It's also very easy to use."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"The solution's technical support is great."
"It has performed well and delivered the results that I have been looking for."
"The support I have received from the vendor has been great."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"The on-prem log sources still require a lot of development."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Sentinel's reporting is complex and can be more user-friendly."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The initial setup is difficult and could improve."
"There should be support for multitenancy in the product."
"We cannot add new data sources to the most recent version."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"Product currently requires Flash."
"I would like to see improvements to the user interface."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Microsoft Sentinel is rated 8.2, while Trellix ESM is rated 7.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Elastic Security, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our Microsoft Sentinel vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.