No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Sentinel vs NNT Log Tracker Enterprise comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
4th
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
108
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (2nd), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (6th)
NNT Log Tracker Enterprise
Ranking in Security Information and Event Management (SIEM)
53rd
Average Rating
8.2
Number of Reviews
4
Ranking in other categories
Log Management (54th)
 

Mindshare comparison

As of July 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 3.9%, down from 6.8% compared to the previous year. The mindshare of NNT Log Tracker Enterprise is 0.8%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Mindshare Distribution
ProductMindshare (%)
Microsoft Sentinel3.9%
NNT Log Tracker Enterprise0.8%
Other95.3%
Security Information and Event Management (SIEM)
 

Featured Reviews

Kallamuddin Ansari - PeerSpot reviewer
Cyber Security Consultant at HR Software Solution
Centralized monitoring has improved threat response but cost control still needs refinement
Based on real operations used in our corporate IT environment, the key features include log correlation and incident view. Microsoft Sentinel's biggest strength is how it correlates multiple related alerts into a single incident. This significantly reduces alert noise and helps the SOC focus on real threats instead of isolated events. Another valuable feature is KQL-based threat hunting with Kusto Query Language. The flexibility of this language allows us to build custom hunting queries based on our environment's behavior. This is extremely useful for detecting low and slow threats or hidden threats that default rules may miss. Cloud-native scalability and stability is another important feature. Being cloud-native, Microsoft Sentinel scales well for medium to large corporate environments without infrastructure management. Stability has been solid in day-to-day production. SOAR automation using playbooks is a feature we highly recommend. Microsoft Sentinel's SOAR functionality helps automate repetitive SOC tasks like alert enrichment and notification. This saves analyst time and improves response consistency.
JT
Senior Infra Manager at a tech vendor with 10,001+ employees
Great for PCI compliance but issues with stability and large amounts of data
I mainly use this solution to meet PCI compliance The automation of compliance reports and the correlation of the log have been major improvements.  The most valuable feature is the predefined reports for PCI compliance. The correlation suite needs to be improved. I also think they need to…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product is extremely cost-effective and affordable for customers."
"Having to analyze threats every day, as a person, can be stressful, however, when you have something like Sentinel, which uses threat intelligence to be able to help you respond and remediate against threats at scale, it takes the pressure off."
"From a visibility and compatibility perspective, it's really a nice product to have as a SIEM solution for your cloud environment."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"If you want to deploy a SIEM and you want it to be simple, and not deal with much maintenance or help from the OEM, then I would say that NNT is the one."
"The most valuable feature is the predefined reports for PCI compliance."
"Customer Service: The service we've seen from NNT to date has been extraordinarily good."
"File integrity monitoring is a very important function."
"The Change Tracker tool is very good and will reduce your overall workload."
"The automation of compliance reports and the correlation of the log have been major improvements."
"The FIM features in the Change Tracker and the Log Tracker are the most valuable."
"This is a very easy-to-use interface with a quick ramp-up time."
 

Cons

"Most of the time, their technical support is very good and very supportive, but sometimes we feel that they don't want to help us."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"The product can be improved by reducing the cost to use AI machine learning."
"For the NNT Log Tracker and Change Tracker, they have to make their knowledge base available online because there is very little information available on the internet."
"Only one minor deployment issue came up and it was resolved quickly. No other areas of improvement come to mind yet."
"It is able to identify the vulnerability, however, they need an option to auto-mitigate."
"I would like to see the integration of AI technology, so rather than manually monitoring the logs, the tool will understand it and take care of it."
"The correlation suite needs to be improved."
"There are some issues with the stability - the correlation engine has failed multiple times, and the reports sometimes take too long, so we have to involve the tech team to get them."
 

Pricing and Cost Advice

"Sentinel is fairly priced and pretty cost-effective."
"No license is required to make use of Sentinel, but you need to buy products to get the data. In general, the price of those products is comparable to similar products."
"The pricing isn't very high. It depends on the number of logs you have. If you're expecting to ingest 50 to 60G in a day, but you're only ingesting 20 to 25G per day at first and you have a good team to analyze the logs, then you can segregate the ingestion at under 15G."
"Sentinel is costly."
"Currently, given our use case, the cost of Sentinel is justified, but it is expensive."
"It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."
"Microsoft Sentinel can be costly, particularly for data management."
"It varies on a case-by-case basis. It is about $2,000 per month. The cost is very low in comparison to other SIEMs if you are already a Microsoft customer. If you are using the complete Microsoft stack, the cost reduces by almost 42% to 50%. Its cost depends on the number of logs and the type of subscription you have. You need to have an Azure subscription, and there are charges for log ingestion, and there are charges for the connectors."
"NNT's pricing is moderate - I would rate their pricing two-and-a-half out of ten."
"We have selected a perpetual license along with support."
"Consider both their on-premises solution and their hosted solution. Both are reasonably priced."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
11%
Manufacturing Company
11%
Computer Software Company
10%
Government
7%
Construction Company
23%
Manufacturing Company
10%
Outsourcing Company
7%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise24
Large Enterprise46
No data available
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
Ask a question
Earn 20 points
 

Also Known As

Azure Sentinel
No data available
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Wonga, WHSmith
Find out what your peers are saying about Microsoft Sentinel vs. NNT Log Tracker Enterprise and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.