No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Sentinel vs ThreatConnect Threat Intelligence Platform (TIP) comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
5.6
Torq users reported reduced alert management time with automation, enhancing productivity and showing potential for $600,000 annual ROI.
Sentiment score
6.8
Microsoft Sentinel enhances ROI with faster incident response, automation, and cost efficiency, providing significant operational and security improvements.
Sentiment score
7.5
Organizations improved trust, sales, and efficiency with ThreatConnect, reducing costs and response times while mitigating false positives.
Since we started working with Torq, I am handling much fewer alerts. It is becoming really easy for me to handle an alert.
SOC Analyst at AppsFlyer
We have seen a return on investment, targeting a $600,000 ROI for the year.
Cyber Security Engineer at a real estate/law firm with 5,001-10,000 employees
By the time we officially bought Torq, we already had two workflows that were very helpful to us.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
If a customer is already using Microsoft’s ecosystem, the ROI can be positive due to seamless integration.
senior cyber security at a tech services company with 201-500 employees
Our MTTR, mean time to response, improved by forty to fifty percent. Earlier, medium-severity incidents took two to three hours to resolve. Now, after Microsoft Sentinel, it is forty to fifty-five minutes.
Cyber Security Consultant at HR Software Solution
We attribute our growth to Sentinel.
Chief Commercial Officer at defend
We have reduced manual analyst effort by thirty to forty percent.
Technical Consultant at ProTechmanize Solutions (P) Ltd.
This trust has led to an increase in sales because customers are confident we can protect their data.
Program associate at IMAGINE HER
 

Customer Service

Sentiment score
6.5
Torq offers highly rated customer service, known for quick, effective responses and knowledgeable support, though feature requests may delay.
Sentiment score
6.4
Microsoft Sentinel customer service is praised for staff expertise, but premium support is quicker; communication consistency could improve.
Sentiment score
7.5
ThreatConnect TIP customer service is responsive and knowledgeable, providing highly rated support despite occasional time zone delays.
My impression of their technical support during the initial setup was that they were helpful, responded within a reasonable timeframe, and provided exactly what we needed.
Security Consultant at Integrity360
The speed and quality of their answers have been pretty good, as I usually get a response within 24 hours, and they follow up well.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
We can always get an answer, and the support team are experts in their own system.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
Microsoft invests significantly in support, which is crucial for companies.
Director de Microsoft y Transformación Digital at Compucad
I believe Microsoft could improve by keeping customer service within the US for Microsoft Sentinel customers who are within state and federal government sectors.
Infosec at a government with 10,001+ employees
Working with a Sentinel engineer helped us tune settings effectively.
Systems Emgineer at a non-profit with 1-10 employees
They have been responsive, knowledgeable, and helpful.
Technical Consultant at ProTechmanize Solutions (P) Ltd.
I just like their customer support because, within a short period of contacting them, they are able to help navigate issues.
Program associate at IMAGINE HER
 

Scalability Issues

Sentiment score
6.3
Torq is praised for impressive scalability, adaptability, and effective workflow management, though requires careful management with large workflows.
Sentiment score
7.7
Microsoft Sentinel is highly scalable, cloud-native, and integrates easily, but users should consider data ingestion costs.
Sentiment score
7.5
ThreatConnect TIP scales efficiently, managing data and users seamlessly, ensuring robust performance and flexibility for growing organizations.
Our case management is super scalable.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
In terms of scalability, you can do as long as you can build it, and they can support it.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
Regarding the ability of the solution to grow in your work environment, if it is scalable, if it fits your business requirements, and if there is room to scale up, the answer is yes, for sure.
Global IT Director at OpenWeb
There is no need to add hardware or redesign infrastructure because it is cloud-native.
Cyber Security Consultant at HR Software Solution
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
Systems Emgineer at a non-profit with 1-10 employees
Being a SaaS solution, the scalability of Microsoft Sentinel is robust.
senior cyber security at a tech services company with 201-500 employees
ThreatConnect supports scalability by allowing us to identify threats and share information within our team networks.
Program associate at IMAGINE HER
 

Stability Issues

Sentiment score
7.2
Torq offers high stability and reliability with minimal downtime, quickly resolved issues, and significant improvements over other solutions.
Sentiment score
7.8
Microsoft Sentinel is reliable with high uptime, minor outages, and strong security, despite some customization challenges.
Sentiment score
7.3
ThreatConnect TIP offers stable, reliable performance with high availability, effectively integrating with tools, despite occasional performance slowdowns.
We have been using Torq for one and a half years, but we have experienced no downtime.
Angular Developer at Flourish Software
Most of the time, the system is stable as long as the components that they integrate with are stable.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
I have never faced any downtime or issues.
Senior Information Technology Security Consultant at Mideast Data Systems
I have never experienced any downtime, crashes, or performance issues with Microsoft Sentinel because it is SOC as a Service, so it maintains 100% uptime and scaling.
Infosec at a government with 10,001+ employees
In the past two years, our team hasn't encountered any issues with the stability of Microsoft Sentinel from an operations perspective.
Project Executive at synergyc
I need to be aware of deprecated connectors as they may disconnect, but the data continues to be sent with a need for quick adaptation.
senior cyber security at a tech services company with 201-500 employees
Sometimes, when using the solution, it slows down, affecting our ability to mitigate threats.
Program associate at IMAGINE HER
 

Room For Improvement

Torq users request improved AI integration, search functionalities, dashboards, transparency, templates, data manipulation, bulk editing, and playbooks.
Microsoft Sentinel needs enhancements in integration, usability, performance, automation, and cost management to better serve users and organizations.
ThreatConnect TIP's integration, pricing, and usability challenges hinder accessibility, with users seeking improved features and easier access.
Torq should offer default templates that can directly scan firewall data and automate actions.
Senior Information Technology Security Consultant at Mideast Data Systems
The AI value depends on maturity. Real value depends heavily on telemetry, integration depth, and workflow design, all of which rely on how mature customers are in their SOC department.
Security Consultant at Integrity360
It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet.
Senior Consultant at a university with 10,001+ employees
Log ingestion and retention costs can grow quickly, and understanding which data source is driving cost is not always straightforward.
Cyber Security Consultant at HR Software Solution
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Systems Emgineer at a non-profit with 1-10 employees
There are complexities in calculating the right pricing tier for different customers, which makes it difficult for me as a consultant during upfront pricing.
senior cyber security at a tech services company with 201-500 employees
The pricing is high for smaller organizations, so it would be beneficial to have tiered pricing.
Program associate at IMAGINE HER
ThreatConnect Threat Intelligence Platform (TIP) could be improved by simplifying the user interface to better fit day-to-day analyst workflow.
Technical Consultant at ProTechmanize Solutions (P) Ltd.
 

Setup Cost

Torq's pricing is seen as affordable by some, costly by others, but enterprises value its modern features.
Microsoft Sentinel's flexible pricing can be costly, but cost-effective within the Microsoft ecosystem with optimization strategies in place.
ThreatConnect TIP is priced mid-range, potentially costly for small firms, with costs based on deployment, support, and features.
When they bring more and more value into the platform, it makes more sense to pay that price, but still, it is expensive.
Senior Cyber Architect at a manufacturing company with 10,001+ employees
Before deciding to implement Torq, I considered that compared to our old case management platform, Torq was a much better price and had a lot better value for what you get out of the platform, which was a key consideration for the company.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
It is an expensive solution, not an inexpensive solution, but we get through the flexibility.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
It has been beneficial that Microsoft Sentinel is included as part of the Microsoft package, making it more cost-effective.
Senior System Administrator at a university with 5,001-10,000 employees
Microsoft Sentinel is not a low-cost SIEM.
Cyber Security Consultant at HR Software Solution
Microsoft Sentinel is provided at no cost, so we didn't have any issues with the cost.
Vice President, Sales, Cybersecurity at a computer software company with 51-200 employees
The pricing seems a bit high for smaller companies.
Program associate at IMAGINE HER
Generally, the pricing and setup cost are on the higher side.
Technical Consultant at ProTechmanize Solutions (P) Ltd.
 

Valuable Features

Torq enhances efficiency by streamlining workflows with AI, automation, and seamless integrations, offering user-friendly customization and scalability.
Microsoft Sentinel enhances security with AI-driven threat detection, automated responses, seamless integration, and efficient threat management through playbooks and analytics.
ThreatConnect TIP simplifies threat management with ease of use, automation, integrations, and improved detection and response capabilities.
Torq's unified platform approach to AI SOC automation and case management has significantly benefited us by integrating the case management platform with the automation, which saves time compared to managing multiple point solutions across our security stack.
CyberSecurity Engineer at a real estate/law firm with 10,001+ employees
The fact that I can build whatever I want within my own imagination and skills without relying on code is the best thing about Torq.
Director Of Cyber Security at a tech vendor with 501-1,000 employees
You can copy and paste a cURL command. If you have documentation or APIs, you usually have an example on the side. You basically have all the information on how the API call should be. You can just copy that and paste it into a step, and it will just build the step for you.
Global IT Director at OpenWeb
Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.
Cost Engineer at a tech vendor with 10,001+ employees
Microsoft Sentinel has improved cost efficiency, which is one of the key areas we're able to win business against the ability to have threat intelligence.
Chief Commercial Officer at defend
Microsoft Sentinel's ability to correlate data from multiple sources enhances our threat detection capabilities beyond what is a simple data lake solution by filtering out the noise and consolidating the signal down to a meaningful level that is easier to investigate and see.
Solutions Architect at a tech vendor with 201-500 employees
The features are simple to use, and the interface is user-friendly, making it easy to navigate and apply the solutions.
Program associate at IMAGINE HER
The API-first architecture that enables us to perform custom integration with other products and real-time distribution.
Technical Consultant at ProTechmanize Solutions (P) Ltd.
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.8
Reviews Sentiment
6.5
Number of Reviews
14
Ranking in other categories
AI-SOC (1st), AI-Powered Security Automation (1st)
Microsoft Sentinel
Ranking in Security Orchestration Automation and Response (SOAR)
2nd
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
108
Ranking in other categories
Security Information and Event Management (SIEM) (4th), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (6th)
ThreatConnect Threat Intell...
Ranking in Security Orchestration Automation and Response (SOAR)
15th
Average Rating
8.2
Reviews Sentiment
6.5
Number of Reviews
7
Ranking in other categories
Threat Intelligence Platforms (TIP) (7th)
 

Mindshare comparison

As of July 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.8%, down from 5.7% compared to the previous year. The mindshare of Microsoft Sentinel is 9.7%, down from 17.5% compared to the previous year. The mindshare of ThreatConnect Threat Intelligence Platform (TIP) is 3.1%, up from 1.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Microsoft Sentinel9.7%
Torq3.8%
ThreatConnect Threat Intelligence Platform (TIP)3.1%
Other83.4%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

AD
Solutions Architect at ProArch
Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency
Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.
Kallamuddin Ansari - PeerSpot reviewer
Cyber Security Consultant at HR Software Solution
Centralized monitoring has improved threat response but cost control still needs refinement
Based on real operations used in our corporate IT environment, the key features include log correlation and incident view. Microsoft Sentinel's biggest strength is how it correlates multiple related alerts into a single incident. This significantly reduces alert noise and helps the SOC focus on real threats instead of isolated events. Another valuable feature is KQL-based threat hunting with Kusto Query Language. The flexibility of this language allows us to build custom hunting queries based on our environment's behavior. This is extremely useful for detecting low and slow threats or hidden threats that default rules may miss. Cloud-native scalability and stability is another important feature. Being cloud-native, Microsoft Sentinel scales well for medium to large corporate environments without infrastructure management. Stability has been solid in day-to-day production. SOAR automation using playbooks is a feature we highly recommend. Microsoft Sentinel's SOAR functionality helps automate repetitive SOC tasks like alert enrichment and notification. This saves analyst time and improves response consistency.
Nikhil Jethwa - PeerSpot reviewer
Technical Consultant at ProTechmanize Solutions (P) Ltd.
Centralized threat intelligence has streamlined IOC workflows and now improves response time
ThreatConnect Threat Intelligence Platform (TIP) has positively impacted our organization by significantly reducing response times and improving detection accuracy by ensuring only high-confidence, context-rich indicators are pushed to security controls. From an operational standpoint, ThreatConnect Threat Intelligence Platform (TIP) has helped us reduce IOC handling and response time from hours to minutes by automating injection, enrichment, and distribution workflows.
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
11%
Manufacturing Company
11%
Computer Software Company
10%
Government
7%
Financial Services Firm
15%
Comms Service Provider
8%
Retailer
7%
Construction Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise24
Large Enterprise46
By reviewers
Company SizeCount
Small Business8
Midsize Enterprise23
Large Enterprise5
 

Questions from the Community

What needs improvement with Torq?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...
What is your primary use case for Torq?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...
What advice do you have for others considering Torq?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
What is your experience regarding pricing and costs for ThreatConnect Threat Intelligence Platform (TIP)?
My experience with ThreatConnect Threat Intelligence Platform (TIP) pricing, setup cost, and licensing indicates that...
What needs improvement with ThreatConnect Threat Intelligence Platform (TIP)?
Based on my experience, ThreatConnect Threat Intelligence Platform (TIP) is already doing a great job in the market b...
What is your primary use case for ThreatConnect Threat Intelligence Platform (TIP)?
Our main use case for ThreatConnect Threat Intelligence Platform (TIP) is to centralize, analyze, and operationalize ...
 

Also Known As

No data available
Azure Sentinel
No data available
 

Interactive Demo

Demo not available
Demo not available
 

Overview

 

Sample Customers

Information Not Available
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Customer Case Studies & Use Cases
Find out what your peers are saying about Microsoft Sentinel vs. ThreatConnect Threat Intelligence Platform (TIP) and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.