Try our new research platform with insights from 80,000+ expert users

Microsoft Sentinel vs Rapid7 InsightIDR comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 18, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Microsoft Sentinel
Ranking in Security Information and Event Management (SIEM)
3rd
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
97
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)
Rapid7 InsightIDR
Ranking in Security Information and Event Management (SIEM)
14th
Average Rating
8.4
Reviews Sentiment
7.4
Number of Reviews
32
Ranking in other categories
User Entity Behavior Analytics (UEBA) (5th), Endpoint Detection and Response (EDR) (25th), Threat Deception Platforms (5th), Extended Detection and Response (XDR) (16th)
 

Mindshare comparison

As of July 2025, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 6.8%, down from 8.7% compared to the previous year. The mindshare of Rapid7 InsightIDR is 2.6%, down from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)
 

Featured Reviews

Ivan Angelov - PeerSpot reviewer
Threat detection and response capabilities enhance investigation processes
My security team has been using Microsoft Sentinel for around two years. We also have Bastion and SolarWinds as part of our monitoring tools. We use a three-way tool, alongside Microsoft Sentinel, in our environment The most valuable features for us include threat collection, threat detection,…
Asim Naeem - PeerSpot reviewer
Providing comprehensive insight into alerts while working towards AI enhancement
I definitely recommend Rapid7 InsightIDR. It is becoming better, with improvements being continuously made to the product. Right now, I do not have any advice about Rapid7 for other users because every organization or user has different criteria or multiple use cases, so I refrain from commenting on that. I rate the overall solution seven out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Azure Application Gateway makes things a lot easier. You can create dashboards, alert rules, hunting and custom queries, and functions with it."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"It's pretty powerful and its performance is pretty good."
"It has a lot of great features."
"It's a great product."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"I definitely recommend Rapid7 InsightIDR."
"InsightIDR helps us investigate an environment to discover information about incidents."
"Simple configuration and automatically syncs to the cloud platform."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"I like that it's a cloud-based solution."
"Great coverage of all systems within our network from endpoint to firewall."
"Integration with threat modeling from the Metasploit and InsightIDR repositories."
 

Cons

"The integration challenges arise from both sides; Google tends to be noisy, and we find only ten analytic rules out of the box, necessitating the use of Defender for Cloud for alerts, which indicates a need for better documentation during deployment."
"As of now, there have been only benefits. However, I am curious about potential AI integration and whether it will be affordable for us because all the compliance costs are rising with all the new features."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"I would like to see more AI used in processes."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The ability to tune the collector for custom logs would greatly help."
"Lacks a mobile application."
"The solution's XDR agents cannot compete with the XDR solutions out there yet."
"Sometimes, it is hard to get the right queries to use. Currently, the tool lacks a pre-made set of queries."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"Currently, it lacks the functionalities provided by Rapid7's User Behavior Analytics (UBA)."
"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
"Needs a better ability to customize the check within the console."
 

Pricing and Cost Advice

"I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
"The are two native advantages for customers that use M365 Security and Sentinel. The first advantage is that the log or security-event ingestion into Sentinel is free. Cost-wise, they're saving a lot and that is a major advantage."
"From a cost perspective, Microsoft Sentinel is quite costly."
"I have worked with a lot of SIEMs. We are using Sentinel three to four times more than other SIEMs that we have used. Azure Sentinel's only limitation is its price point. Sentinel costs a lot if your ingestion goes up to a certain point."
"Currently, given our use case, the cost of Sentinel is justified, but it is expensive."
"The current licensing is based on the logs that are being ingested on the platform. Most of the SIEM solutions utilize that pricing model, but Microsoft should give us a customization option for controlling the kind of logs that we feed into Microsoft Sentinel. That will be much better. Otherwise, the pricing is a bit higher."
"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
"Microsoft Sentinel's pricing is relatively expensive and extremely confusing."
"The pricing is good, and it is not very expensive."
"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"
"​I am sure that there are cheaper products out there, but none that meet so many of our needs whilst maintaining stability and usability.​"
"​Accurately predict your licensing counts as this is a subscription based product.​"
"It is a reasonably priced solution."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"The pricing and licensing are competitive."
"Rapid7 InsightIDR is priced very well and is cost-effective."
report
Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.
860,825 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Manufacturing Company
8%
Government
8%
Computer Software Company
15%
Financial Services Firm
8%
Manufacturing Company
8%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is asking to miss details that are critical, and ending up a statistic. Also, rememb...
What do you like most about Rapid7 InsightIDR?
During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an applicati...
 

Also Known As

Azure Sentinel
InsightIDR
 

Overview

 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Liberty Wines, Pioneer Telephone, Visier
Find out what your peers are saying about Microsoft Sentinel vs. Rapid7 InsightIDR and other solutions. Updated: June 2025.
860,825 professionals have used our research since 2012.