We performed a comparison between Sentinel and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The tool is simple to use."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"The most valuable feature of Sentinel is the dashboard."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The product’s most valuable feature is log monitoring."
"The most valuable feature is the correlation rules."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"It has performed well and delivered the results that I have been looking for."
"It is easy to use and deploy. It comes with user-friendly manuals."
"Trellix ESM is very user-friendly."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"Compared to other solutions, the user interface is good."
"They only classify alerts into three categories: high, medium, and low. So, from the user's point of view, having another critical category would be awesome."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"While I appreciate the UI itself and the vast amount of information available on the platform, I'm finding the overall user experience to be frustrating due to frequent disconnections and the requirement to repeatedly re-authenticate."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Some of the data connectors are outdated, at least the ones that utilize Linux machines for log forwarding. I believe that Microsoft is already working on improving this."
"The only thing is sometimes you can have a false positive."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"There is no integration in the web-side of the tool."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"Log source integration with Sentinel needs to be improved."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"The dashboard and customer view should be improved"
"The solution does not allow outsourced authorizations."
"I would like to see a better reporting work structure on the dashboard."
"The only issue I have with McAfee is the amount of computer resources that it takes... it's definitely impacting some of the other applications that are running on a computer at the same time."
"We acquired the IBM product because McAfee is slightly confusing to use, and it's broader."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"The product's stability is an area of concern where improvements are required."
"It cannot integrate with our Next-Generation Firewall and few applications such as Cisco ACI."
"The support from McAfee ESM could improve. They could improve the speed."
"We cannot add new data sources to the most recent version."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
Sentinel is ranked 18th in Security Information and Event Management (SIEM) with 16 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. Sentinel is rated 7.6, while Trellix ESM is rated 7.4. The top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Sentinel is most compared with IBM Security QRadar, Splunk Enterprise Security, Google Chronicle Suite, Wazuh and LogRhythm SIEM, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and SQRRL. See our Sentinel vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.