Microsoft Sentinel vs SolarWinds Security Event Manager comparison

Microsoft Sentinel vs. SolarWinds Security Event Manager

Download the complete report

Helped 885,837 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Microsoft Sentinel

Ranking in Security Information and Event Management (SIEM)

4th

Average Rating

8.2

Reviews Sentiment

6.9

Number of Reviews

107

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (5th)

SolarWinds Security Event M...

Ranking in Security Information and Event Management (SIEM)

35th

Average Rating

7.8

Reviews Sentiment

5.7

Number of Reviews

Ranking in other categories

No ranking in other categories

Mindshare comparison

As of April 2026, in the Security Information and Event Management (SIEM) category, the mindshare of Microsoft Sentinel is 4.6%, down from 7.5% compared to the previous year. The mindshare of SolarWinds Security Event Manager is 1.0%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Security Information and Event Management (SIEM) Mindshare Distribution
Product	Mindshare (%)
Microsoft Sentinel	4.6%
SolarWinds Security Event Manager	1.0%
Other	94.4%

Security Information and Event Management (SIEM)

Featured Reviews

Kallamuddin Ansari

Cyber Security Consultant at ProTechmanize

Centralized monitoring has improved threat response but cost control still needs refinement

Based on real operations used in our corporate IT environment, the key features include log correlation and incident view. Microsoft Sentinel's biggest strength is how it correlates multiple related alerts into a single incident. This significantly reduces alert noise and helps the SOC focus on real threats instead of isolated events. Another valuable feature is KQL-based threat hunting with Kusto Query Language. The flexibility of this language allows us to build custom hunting queries based on our environment's behavior. This is extremely useful for detecting low and slow threats or hidden threats that default rules may miss. Cloud-native scalability and stability is another important feature. Being cloud-native, Microsoft Sentinel scales well for medium to large corporate environments without infrastructure management. Stability has been solid in day-to-day production. SOAR automation using playbooks is a feature we highly recommend. Microsoft Sentinel's SOAR functionality helps automate repetitive SOC tasks like alert enrichment and notification. This saves analyst time and improves response consistency.

Read full review

Yashokanth Partkunan

Managed Services Engineer at Loop1 Systems

Has supported client needs efficiently but requires deeper analysis features and faster support

The log analyzing capability of SolarWinds Security Event Manager should go into more depth than the current environment. More modification and enhancements are required on the dashboard side in order to make it closer to optimal performance. From observation and feedback from users, they need more functionality related to monitoring, and in-depth analyzing needs to be improved.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."

"The features that stand out are the detection engine and its integration with multiple data sources."

"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."

"Microsoft Sentinel helps us understand the areas that we have to improve and provides information on our current coverage."

"For the people who are on the cloud, I would suggest they go for Sentinel regardless of any other SIEM, as it will do a good integration with other solutions and with other cloud providers while providing a holistic view as well."

"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."

"Microsoft Sentinel does give me a unified set of tools to detect, investigate, and respond to incidents, and this unified approach is important to me because in today's world with numerous tools available, it's quite important."

"Log aggregation and data connectors are the most valuable features."

More Microsoft Sentinel pros

"We did previously use a different solution, but SolarWinds is much better. It's easy to interact with SolarWinds. It's easy to operate, easy to configure and is generally easier compared to what we were working with before."

"SolarWinds' stability is fine. I don't think we've had any software issues."

"The File Integrity Monitoring is great, giving you visibility into who has changed a file, when that file was changed, and more, with easy out-of-the-box reporting and customization for reports and alerts that help maintain compliance and security."

"SolarWinds is effective for server, network, and log monitoring. It's also good for IP address management. We also have a patch manager, but we're still working on getting that operational."

"The most valuable feature is the ease of use for the end user."

"The product's most effective part in improving security stems from the fact that the solution is deployed for event management, log viewing, and information management."

"It performs network behavior monitoring, log monitoring, and disaster recovery monitoring."

"The pricing was low, around 30K so ROI is less than one year."

More SolarWinds Security Event Manager pros

Cons

"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."

"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."

"I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet."

"The solution has not saved any money because it is still expensive."

"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."

"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."

"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."

"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."

More Microsoft Sentinel cons

"The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."

"The main area that would mean a big improvement for me would be for the product to include multiple dashboards."

"We have automated threat detection in the Alliance Security, Antoinette. However, if these features could be further enhanced, it would simplify my work, potentially allowing me to allocate more time to address complex issues."

"I think the customization area in the tool can be considered as an area of concern where improvements are required."

"I would like to have a more customizable dashboard."

"There are no multiple dashboards which would allow you to see information side-by-side."

"We'd like more customization capabilities."

"It can be difficult for users who are inexperienced with the solution."

More SolarWinds Security Event Manager cons

Pricing and Cost Advice

"It is priced fairly given the value that you get from the use of the product. The biggest mistake people make with Microsoft Sentinel is not understanding the pricing model and the amount of data that they are going to be running through the tool because you are paying based on the flow. You are paying based on the amount of data that is moving through the tool. People do not plan, and therefore, they get surprised by the cost associated with using the tool. They connect everything because they want to know everything, but connecting everything is very expensive."

"Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."

"We must have saved some money with this product. It is a cloud-native product, and the ingestion is per GB. Every GB costs a certain amount of money. That is how the license of Microsoft Sentinel works."

"In comparison to other security solutions, Microsoft Sentinel offers a reasonable price for the features included."

"The pricing is reasonable, and we think Sentinel is worth what we pay for it."

"Microsoft Sentinel can be costly, particularly for data management."

"Microsoft Sentinel requires an E5 license."

"I am not involved on the financial side, but from an enterprise-wide use perspective, I think the price is good enough."

More Microsoft Sentinel pricing and cost advice

"The price of SolarWinds Security Event Manager is reasonable."

"It is in the appropriate mid-range. It is not as expensive as some of the other solutions. It is also not cheap."

"Licenses can only be purchased in blocks of fifty at a time."

"Licensing is on devices, so if you have many, then this may be high."

"We do a yearly license renewal. For a year, the solution costs roughly $500,000 USD. There are no costs beyond this yearly fee."

"The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten."

"The pricing model would benefit from having package deals with other SolarWinds products."

See which vendors are best for you

Use our free recommendation engine to learn which Security Information and Event Management (SIEM) solutions are best for your needs.

See recommendations

885,837 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

12%

Financial Services Firm

10%

Manufacturing Company

Government

Financial Services Firm

16%

Manufacturing Company

10%

Construction Company

10%

University

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	41
Midsize Enterprise	22
Large Enterprise	46

By reviewers
Company Size	Count
Small Business	19
Midsize Enterprise	3
Large Enterprise	7

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?

Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...

What is a better choice, Splunk or Azure Sentinel?

It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...

Which is better - Azure Sentinel or AWS Security Hub?

We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...

What is your experience regarding pricing and costs for SolarWinds Security Event Manager ?

The tool is available at a good price for customers compared to other solutions in the market. I rate the product's price as an eight out of ten.

What needs improvement with SolarWinds Security Event Manager ?

What is your primary use case for SolarWinds Security Event Manager ?

I work with all SolarWinds products mostly, including Network Configuration Manager and NPM. I am a reseller. I usually recommend SolarWinds products for Loop1. It's for the bigger ones; we are the...

AWS Security Hub vs Microsoft Sentinel

Comparisons

Compared 16% of the time

SentinelOne Singularity AI SIEM vs Microsoft Sentinel

Compared 5% of the time

Cortex XSIAM vs Microsoft Sentinel

Compared 4% of the time

CrowdStrike Falcon vs Microsoft Sentinel

Compared 4% of the time

IBM Security QRadar vs Microsoft Sentinel

Compared 4% of the time

More Microsoft Sentinel Competitors

Splunk Enterprise Security vs SolarWinds Security Event Manager

Compared 13% of the time

IBM Security QRadar vs SolarWinds Security Event Manager

Compared 8% of the time

ManageEngine Log360 vs SolarWinds Security Event Manager

Compared 6% of the time

Coralogix vs SolarWinds Security Event Manager

Compared 6% of the time

Wazuh vs SolarWinds Security Event Manager

Compared 5% of the time

More SolarWinds Security Event Manager Competitors

Product Reports

Microsoft Sentinel

Download Microsoft Sentinel product report

SolarWinds Security Event Manager

Download SolarWinds Security Event Manager product report

SolarWinds Security Event Manager report

Also Known As

Azure Sentinel

SolarWinds LEM, Solarwinds SIEM, TriGeo, Log and Event Manager

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Microsoft

When TriGeo was acquired by SolarWinds, TriGeo SIM became known as SolarWinds Log & Event Manager. This product is a leading Security Information and Event Management (SIEM) product and log management solution, which provides log collection, analysis, and real-time correlation.

SolarWinds

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

NetSuite, EasyStreet, Legacy Texas Bank, and Energy Federal Credit Union, to name a few.

Microsoft Sentinel vs. SolarWinds Security Event Manager