No more typing reviews! Try our Samantha, our new voice AI agent.

Microsoft Sentinel vs ThreatQ comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Dec 5, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Torq
Sponsored
Ranking in Security Orchestration Automation and Response (SOAR)
4th
Average Rating
8.8
Reviews Sentiment
6.5
Number of Reviews
14
Ranking in other categories
AI-SOC (1st), AI-Powered Security Automation (1st)
Microsoft Sentinel
Ranking in Security Orchestration Automation and Response (SOAR)
2nd
Average Rating
8.2
Reviews Sentiment
6.9
Number of Reviews
108
Ranking in other categories
Security Information and Event Management (SIEM) (4th), Microsoft Security Suite (6th), AI-Powered Cybersecurity Platforms (6th)
ThreatQ
Ranking in Security Orchestration Automation and Response (SOAR)
25th
Average Rating
7.0
Reviews Sentiment
6.6
Number of Reviews
2
Ranking in other categories
Threat Intelligence Platforms (TIP) (23rd)
 

Mindshare comparison

As of July 2026, in the Security Orchestration Automation and Response (SOAR) category, the mindshare of Torq is 3.8%, down from 5.7% compared to the previous year. The mindshare of Microsoft Sentinel is 9.7%, down from 17.5% compared to the previous year. The mindshare of ThreatQ is 1.4%, up from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Security Orchestration Automation and Response (SOAR) Mindshare Distribution
ProductMindshare (%)
Microsoft Sentinel9.7%
Torq3.8%
ThreatQ1.4%
Other85.1%
Security Orchestration Automation and Response (SOAR)
 

Featured Reviews

AD
Solutions Architect at ProArch
Automation has streamlined multi-tenant SOC workflows and improves alert handling efficiency
Although the reporting within Torq is not that great, we did ask for many features regarding reporting in Torq, but due to some platform constraints, they could not make the whole dataset available for us to be used in reporting. Except for that, we used some basic reporting. When I used Torq, it was indeed in the early stages of AI capabilities. Only a few customers were allowed to use it, and we were among them. It functioned well as long as we summarized the data properly. If you input garbage, you would get garbage out. Thus, we had to do significant fine-tuning regarding what data context we provided to the AI orchestrator to get meaningful results. In terms of Torq's unified platform approach to AI SOC automation and case management compared to managing multiple point solutions across my security stack, I find it case-centric. The unified view in case management is good since it provides clarity, although there are limitations regarding how many items in case management can be modified at once. Bulk operations are very limited, potentially due to their back-end database or data retrieval processes that can be improved. Regarding improvements for Torq, when we were onboarded, there were aspects we were uncertain about, such as the number of cases that could be generated, what data we could bring in, how many clients we could onboard, and similar concerns. Initially, we also lacked clarity about the number of playbooks or workflows we could build. Different triggers like system triggers, case-based triggers, and others can be employed without restrictions, but when it comes to on-demand and scheduled jobs, there is a limitation based on the subscription and pricing tier that notably caps the number of workflows we can create. No bulk editing across cases was one issue, along with limited filtering related to single grouping constraints. Additionally, the out-of-the-box case templates provided require substantial modifications before they become usable. There is also a feature in the cases for notes that cannot be searched. They are only visible through the UI, which is another area for improvement. The workflow and execution-based charges seem misleading as this was not discussed initially. I am not sure if new customers are made aware of this. It seems that workflows revolving around cases hinder functionality outside of case management, as we have many use cases needing on-demand triggers and schedules for functions like reporting or polling devices. Creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers. While they facilitate optimization and scaling, the support received tends to be very basic. Improvements can be made in that area as well.
Kallamuddin Ansari - PeerSpot reviewer
Cyber Security Consultant at HR Software Solution
Centralized monitoring has improved threat response but cost control still needs refinement
Based on real operations used in our corporate IT environment, the key features include log correlation and incident view. Microsoft Sentinel's biggest strength is how it correlates multiple related alerts into a single incident. This significantly reduces alert noise and helps the SOC focus on real threats instead of isolated events. Another valuable feature is KQL-based threat hunting with Kusto Query Language. The flexibility of this language allows us to build custom hunting queries based on our environment's behavior. This is extremely useful for detecting low and slow threats or hidden threats that default rules may miss. Cloud-native scalability and stability is another important feature. Being cloud-native, Microsoft Sentinel scales well for medium to large corporate environments without infrastructure management. Stability has been solid in day-to-day production. SOAR automation using playbooks is a feature we highly recommend. Microsoft Sentinel's SOAR functionality helps automate repetitive SOC tasks like alert enrichment and notification. This saves analyst time and improves response consistency.
Yasir Akram - PeerSpot reviewer
Software Engineer at Freelancer
Good reporting and pretty stable but needs to be simpler to use
The support team of ThreatQ set up a VM on our VPN, which was SlashNext's private VPN. Then we just initiated some system calls and ThreatQ provided us the configuration file with our settings (like our email, our API key, our URL, our category, etc.). They set up a VM on our private VPN cloud. And then they provided us the configuration file in which we just entered our details like our company URL, our API category, and API keys et cetera. We could just add it on the configuration file. We just uploaded it to the ThreatQ server. After running the system calls, we just initiated the ThreatQ and then performed tasks on the UI, such as categorizing the reports. If we only wanted the report for phishing, then we just manipulated the data on the UI and just extracted the reports. That's all. The deployment was complex. We used high hardware specifications. I don't remember the exact specifications, however, I recall them being high. There were some services that had some compatibility errors. That's why we had our VMs - to make sure that the customer would not face any errors. Everything's deployed with high specifications and custom specifications. That was the biggest challenge for us - to deploy on the customer VMs. On average, deployment takes 15-20 minutes if it's deployed without any errors. I was with one of the NetOps network admin during deployment. We were only two people and we just deployed and installed all services and we executed the deployment.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Using that one piece of AI, we auto-closed 511 cases in quarter four alone."
"If I review about 100 vendors that I might work with, Torq is definitely in the top five that gave me personally investment back, just because every bit of effort I put into Torq eventually became a workflow that gave it back to me."
"According to positive outcomes, Torq reduced manual work and made incident response more efficient."
"Since we started working with Torq, I am handling much fewer alerts, it is becoming really easy for me to handle an alert, I have all the information that I need, I do not need to connect to different vendors to receive this information, and the main thing I got from Torq is time, which now helps me to build another automated system and learn."
"What I liked the most about Torq is the actual workflow builder, which is really great because they offer a lot of features and convenience features that are useful for any automation engineer."
"What I appreciate most about Torq is that it is an essential part of our system."
"Any request that comes in, regardless of how complex it is, I can accomplish it with Torq."
"As an analyst, it has demonstrated potential to reduce workforce requirements and time needed for related activities."
"Having your logs put all in one place with machine learning working on those logs is a good feature."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Azure Sentinel is actually quite handy, and very adaptive to the market trends."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"The biggest feature we've got out of it is visibility into our environment and what's going on across our estate."
"The initial setup is very simple and straightforward."
"The product is extremely cost-effective and affordable for customers."
"For any customers who are either looking at Azure or already have Azure or Microsoft 365, this is a great service to look at because it does provide an additional layer of protection and security for all of their data points, whether they are on-prem or in the cloud."
"The reporting services are great. With reporting services, if you have customers that just visit a URL you can see the result - including why it's blocked and how and how the URL was first recognized as malicious."
"Integrating the solution with our existing security tools and workflows was easy."
 

Cons

"The initial deployment of Torq was not easy."
"Even now, we have workflows that are in production that use AI steps and I get different results, making it unusable to some degree."
"It was able to capture data but was unable to differentiate between the agent hostname we are using and the hostname that resides on the back end of the Internet."
"The workflow and execution-based charges seem misleading as this was not discussed initially, and creating additional workflows to achieve basic functionalities raises costs significantly, which disadvantages customers."
"We have MCP that we are working with our cloud security platform, and we wanted to connect this MCP to the case management."
"Additionally, the documentation for Torq is not very clear. Most of the information is presented in videos, which are not ideal for reading; there are mostly paragraphs and other text-based content."
"Torq does extensive marketing saying that SOAR is dead and markets itself as an all-in-one solution, but this is not actually true."
"Torq can probably use more ML and look at what can be closed and what cannot be closed in terms of data classification."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"The solution has not saved any money because it is still expensive."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"The tool is not user-friendly."
"The solution should be simpler for the end-user in terms of reporting and navigating the product."
 

Pricing and Cost Advice

Information not available
"Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
"The combination of the ease of accessibility and the free cost of the service is great. But we buy storage based on our events per second and on how many sources are integrated into the solution."
"The pricing is reasonable, and we think Sentinel is worth what we pay for it."
"The solution is expensive and there is a daily usage fee."
"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
"It varies on a case-by-case basis. It is about $2,000 per month. The cost is very low in comparison to other SIEMs if you are already a Microsoft customer. If you are using the complete Microsoft stack, the cost reduces by almost 42% to 50%. Its cost depends on the number of logs and the type of subscription you have. You need to have an Azure subscription, and there are charges for log ingestion, and there are charges for the connectors."
"There are no additional costs other than the initial costs of Sentinel."
"Sentinel is a pay-as-you-go solution. To use it, you need a Log Analytics workspace. This is where the logs are stored and the cost of Log Analytics is based on gigabytes... On top of that, there is the cost of Sentinel, which is about €2 per gigabyte. If a customer has an M365 E5 license, the logs that come from Microsoft Defender are free."
Information not available
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
13%
Construction Company
10%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
11%
Manufacturing Company
11%
Computer Software Company
10%
Government
7%
Financial Services Firm
21%
Construction Company
8%
Manufacturing Company
8%
Educational Organization
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business44
Midsize Enterprise24
Large Enterprise46
No data available
 

Questions from the Community

What needs improvement with Torq?
I do not dislike anything about Torq because it has satisfied all of our use cases and requirements. We contacted sup...
What is your primary use case for Torq?
Initially, we were using Slack for small automations, such as creating pipelines or shutting down servers. For exampl...
What advice do you have for others considering Torq?
I have been working for five years with experience in the IT field. Torq is very good. It manages everything. I would...
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
Ask a question
Earn 20 points
 

Comparisons

 

Also Known As

No data available
Azure Sentinel
No data available
 

Overview

 

Sample Customers

Information Not Available
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Radar, Bitdefender, Crowdstrike, FireEye, IBM Security
Find out what your peers are saying about Microsoft Sentinel vs. ThreatQ and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.