Microsoft Sentinel Reviews

It is for tracking the logs. I'm working on automation. So, the use case basically includes logs, incidents, automation, UEBA, and endpoint integration with Office 365 Defender.

We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable.

Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex. 

I just started using it. I have just set it up.

It is stable.

It is scalable.

I haven't dealt with Microsoft's tech support. I haven't reached out to them.

It was of medium complexity. It wasn't too bad, but it can be complex because of the connectors.

I don't know yet because they gave us a 30-day test window for free. 

Because it is mainly artificial intelligence and machine learning, you would need some time to learn it. It is a good solution, and it is straightforward.

I would rate it a six out of 10. I haven't really dealt with other ones.

We are security system integrators. 

We have no complaints about the features or functionality.

Azure Sentinel, the Microsoft Azure product is, from what I understand, used for the Microsoft applications. I don't know if it works outside of the Microsoft Azure cloud.

I would like to be able to monitor applications outside of the Azure Cloud. That is one of the reasons one of the customers has multiple tools.

I have been using Azure Sentinel for approximately one year.

It's free. It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else. That'd be great if it was supporting other things.

If it's a security integrator like us, quite often people push the client into buying different vendors' products and the client already has the tool in-house. Microsoft is one of those tools that most clients already have.

Many vendors, or integrators, that we know of, are not familiar with Microsoft Sentinel product classification security. So that's one thing I would encourage both potential customers, and users, to look into what suite of products do they have with existing Microsoft accounts that they have. 

Also, the integrators should be quite familiar with all the things that are available to their clients, so they don't have to invest tons of money in other tools.

Based on having no complaints, I would rate Azure Sentinel an eight out of ten.

We use it on a public cloud. We have integrated Azure Lighthouse with Azure Sentinel Security. By integrating all of these, Azure Security Center and Azure Defender, we are providing an MSSP platform to our customers.

With other solutions, you see some restrictions for collecting the log from custom connectors. With Azure Sentinel, we do have some restrictions or sometimes we need to struggle with the connection, but there is no need to struggle with the log connection. There is 100% integration to your enterprise environment. This makes it easy to monitor and keep a track record for vulnerabilities and track whatever things are lurking in your network. They also have their custom alert tools, alerting the analytics team, where we can receive custom alerts based on our custom requirements. This has helped our organization a lot. Then with Azure Lighthouse, we can manage multiple customers with one platform, so on a single interface, we manage a number of customers that are using the Lighthouse service from the Azure.

In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store With Azure it is a built-in thing, so there is no need to go and search for another vendor or integrate your solution for the store with a third-party.

They could use some kind of workbook. There is some limitation doing the editing and creating the workbook. That would improve it. Sometimes you will find some network issue, and network error with the Azure Sentinel portal. That's the biggest drawback I found with the Sentinel. It would be great if would provide PIP platforms. They do have PI platforms but they don't have PIP.

My organization partners with Microsoft, so we are working on an MSSP with Azure.

The technical support for Azure Sentinel is quite good. You have one level up from the basic support so you will definitely get to Microsoft support directly and actually have a conversation with Microsoft technical guys for the support team and they will resolve your issues very quickly.

The setup for Azure Sentinel is very straightforward. You only need a subscription and for that subscription, you just need the admin roles. So if you are an admin and if you do have the Microsoft certification, you can make a Microsoft Azure account then it's very easy to setup and it's very easy to onboard the Sentinel.

Azure Sentinel s actually quite handy, and very adaptive to the market trends. Anyone who is looking for the same store, creating their complete security solution for their enterprise, for the effective security solution, and for data integration, they must go with the Azure Sentinel as they are going to get everything in one place. I would rate Azure Sentinel at an eight on a scale of ten.

We are developing our security signals for Microsoft Sentinel, so we are making a connector for Microsoft Sentinel. We try to use several features.

When using mobile devices, if there is an attacker or malware, the signal goes to the Microsoft Sentinel console from there. Our IT admin looks at those incidents.

The importance of that for our organization is because we are using our mobile devices for work. Mobile devices are not safe enough.

I focus on mobile devices while using Microsoft Sentinel. Mainly we want to expand our Identity performers. 

The signal correlation and dashboards features of Microsoft Sentinel are fantastic because it correlates the signal logs with other products. The customizable dashboards are also valuable.

Microsoft Sentinel's ability to correlate data from multiple sources and its detection capabilities are essential.

Microsoft Sentinel can be improved in terms of automation or connecting with security products so that it is easier to use for general IT admins.

I started using Microsoft Sentinel last June, so it has been about a year.

I was not using any other solutions for this specific task before Microsoft Sentinel. We ultimately chose Microsoft Sentinel because we have partnerships.

We have not yet seen a return on investment with Microsoft Sentinel. We expect to see a return on investment this year. 

We try to use the security incidents feature in Microsoft Sentinel, but I have not seen the actual incident yet. I could not find good use cases. My experience with the collaboration capabilities of Microsoft Sentinel is limited, as I am still getting used to it.

I would rate Microsoft Sentinel a seven out of ten. 

We're an MDR provider, so we utilize Microsoft Sentinel in deployments into our customers' environments to protect their environments and detect any type of security threats. We offer 24/7 support.

Microsoft Sentinel helps our company generate revenue directly from supplying these security services and managing them for our customers on a monthly basis. Along with the SOC services that we provide on top, there is a holistic coverage for customers.

It has enabled our team to triage security incidents faster and remediate them to get back to business quicker after customer incidents. Because we're able to reduce the number of incidents and the time per incident with Microsoft Sentinel, we can handle more incidents. Additionally, through rule tuning within Microsoft Sentinel, we reduce the number of incidents that have to be reviewed.

Microsoft Sentinel has increased efficiency and allowed our team to do more proactive work. We have seen at least a 60% increase in efficiency with Microsoft Sentinel and the ability to reduce the MTTD down to under five minutes and MTTR down to under fifteen.

A part of what we do within Microsoft Sentinel for our customers, and for ourselves, is the rule tuning. We're able to only ingest the logs that are going to provide additional security value. With that, we're able to utilize the SOC automation features. We're able to reduce the amount of log ingestion that takes place and reduce the customers' costs.

The integration of security functionalities, such as SIEM, SOAR, TIP, and EUBA, in Microsoft Sentinel is definitely beneficial. It's definitely a benefit of Microsoft Sentinel to be able to have a holistic deployment and a best-of-breed tool set that can integrate with each other. We can utilize the components from each of the tools to gain additional insight, additional access, and additional steps.

Microsoft Sentinel has not directly affected our compliance reporting, but it has been utilized for audit evidence collection to be able to do SOX compliance from Microsoft Sentinel logs.

Microsoft Sentinel has the ability to enhance some of the features that we already have. It allows our team to see some additional threat vectors.

The MITRE ATT&CK-based recommendations within Microsoft Sentinel are paramount for helping our customers understand where they're seeing threats and the part of the framework. We are able to catch threats faster instead of waiting for breach notifications. Microsoft Sentinel drastically reduces the impact of any type of breach.

Microsoft Sentinel is cloud native, which is a significant advantage. The data connectors that provide the ability to connect third-party log sources are highly valuable. The overall visibility that Microsoft Sentinel provides into the environments across multiple clouds and platforms on the ground is beneficial. It's a comprehensive solution and ties back into the Defender XDR holistic security platform.

A great thing with Microsoft Sentinel is that we have the ability to pull in third-party log sources as well as the Microsoft native logs. With that, we can create a complete story for the customers. We can see, with full transparency, the attack path and the movements that the bad actors have made. We can see not only what was impacted, but what has the potential to be impacted at a later date, and create additional hardening steps.

Driving deeper integration with the Defender XDR portal within Microsoft Sentinel, which is being done, and continuing to increase the number of third-party data connectors available is important. Multi-tenancy is also a current focus.

They should continue to integrate the components of Microsoft Sentinel and work to make a holistic component. They should continue to improve log ingestion across multi-cloud platforms.

We've been utilizing Microsoft Sentinel for a little over three years.

It has been working very smoothly irrespective of different uses.

We have been able to scale Microsoft Sentinel as our needs grow.

Their support can be challenging at times, particularly around unique experiences or circumstances with Microsoft Sentinel. The documentation requires specific knowledge to locate. Once familiar with the system, it becomes very straightforward, though the documentation could be streamlined and made easier to navigate.

Neutral

Before choosing Microsoft Sentinel, we had used QRadar. With Microsoft Sentinel, we're able to utilize multi-tenancy better. It's in a single instance within our environment, which doesn't necessarily correlate to transparency and data ownership for our customers. By allowing us to use Microsoft Sentinel within the customer's environments and utilize Lighthouse access to gain visibility into that, it allows our customers to have full transparency into what our team is doing, along with their existing staff, and it also retains data ownership for the customer.

We were able to deploy Microsoft Sentinel through infrastructure as code, and we do a Terraform deployment which allows us to deploy and configure the main components of Microsoft Sentinel, all of them managed for our customers.

The biggest return on investment when using Microsoft Sentinel is customer stickiness, customer engagement, and the ability to leverage existing Microsoft investments that the customer already owns to be able to deploy Microsoft Sentinel in their environments.

Pricing for Microsoft Sentinel could always be lower, but it's workable. The ingestion costs for the data analytics is usually the highest cost, but the licensing per Microsoft Sentinel is fairly straightforward and transparent.

We did consider other solutions before choosing Microsoft Sentinel. We wanted to make sure that we chose a cloud-native solution, and we feel that with the hyperscale data, it provides the best value for price by far.

I would rate Microsoft Sentinel an eight out of ten.