2021-01-23T00:28:35Z

What is your primary use case for Microsoft Sentinel?

Miriam Tover - PeerSpot reviewer
  • 0
  • 1178
PeerSpot user
39

39 Answers

Sachin Paul - PeerSpot reviewer
Real User
Top 20
2023-12-11T07:58:00Z
Dec 11, 2023

We use it for our security operations center. We have private and multi-cloud environments.

Search for a product comparison
JM
Real User
Top 20
2023-11-10T18:27:00Z
Nov 10, 2023

My role thus far has been to integrate security log sources into the platform. This includes developing or troubleshooting some of the data connectors for different sources, such as web application firewall interfaces. Sentinel is a SOAR platform. It represents the next generation beyond traditional SIM and SIEM platforms. Its powerful SOAR functionality orchestrates and automates responses to security events, eliminating the need for manual intervention. Instead of relying on human analysts to monitor events and react, Microsoft Sentinel leverages pre-defined automation rules. These rules correlate relevant events, generating a holistic understanding of the situation. Based on this analysis, automated responses are triggered, expediting the resolution process and eliminating any delays associated with manual identification and decision-making.

Nagendra Nekkala - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-11-08T07:32:00Z
Nov 8, 2023

I use the solution to ensure proper security analytics and threat intelligence across the enterprise. The tool helps me to know the type of attack detection that happens and the kind of visibility, proactive hunting, and threat response we have.

Harman Saggu - PeerSpot reviewer
Real User
Top 10
2023-10-31T11:30:00Z
Oct 31, 2023

Microsoft Sentinel serves as a centralized hub for collecting and analyzing logs from various Microsoft tools and other sources. It eliminates the need to develop custom toolsets for detecting malicious activities across different Microsoft tools. Instead, Microsoft Sentinel provides standardized rules and playbooks to streamline the process of identifying and responding to potential threats. For instance, consider a scenario where an employee clicks on a phishing link in an email, leading to the installation of malware on their system. While the endpoint detection and response tool on the endpoint might not detect malicious activity, Microsoft Sentinel, acting as a central log collector, receives the EDR logs and triggers an event based on pre-defined rules. Upon detecting the suspicious activity, Microsoft Sentinel automatically executes a playbook, which may involve actions such as killing the malicious process or isolating the affected endpoint. This automated response helps expedite threat containment and reduces the burden on security analysts.

AN
Real User
Top 5
2023-10-18T20:20:00Z
Oct 18, 2023

We primarily use the solution for security operations.

SD
Real User
Top 20
2023-09-15T18:32:00Z
Sep 15, 2023

The usual use cases would be starting from scratch, implementing Sentinel for clients, onboarding log sources, building analytical use case rules, and supporting the platform for operations.

Learn what your peers think about Microsoft Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Mahmoud Hanafi - PeerSpot reviewer
Real User
Top 5
2023-08-17T12:58:00Z
Aug 17, 2023

We have possible use cases for the solution. We have ten or 12 different use cases under this solution.

Paul Schnackenburg - PeerSpot reviewer
Real User
Top 10
2023-08-17T11:43:00Z
Aug 17, 2023

I'm an IT consultant, and I use Sentinel with two of my clients to monitor all their security signals and get alerts when things are happening that might be suspicious.

JS
Real User
Top 20
2023-08-15T09:51:00Z
Aug 15, 2023

We primarily use the solution for security purposes, to record events, and generate alerts, so that our security team can review the items and take proper action. We work jointly with an MSSP, we have about 14 people working on a 24/7 schedule, around 25 people might use our Sentinel workspace regularly, and more than 40 people benefit directly from the output of this solution.

TD
Real User
Top 20
2023-05-18T15:25:00Z
May 18, 2023

We are using Microsoft Sentinel for our traditional SOC. So previously, we had multiple products, like VM products, log analytics products, and analysts. We are making so much effort to analyze incidents and events in the security operation center., after which we decide whether it's an incident or an event, and we take action. After Sentinel's implementation, it would be much better and much simpler. For instance, we can now save much more time since in Sentinel, there is artificial intelligence, so the system will decide for you instead of a human. The system will learn what kind of thing you should take action on, and it will save some time since you do not need much human power. In traditional SOC systems, there were three or four people. But in Sentinel, it's much easier, and you do not need so many people in the SOC. So you will save time and keep it cost-effective.

Wasif Kazia Mohamed - PeerSpot reviewer
Real User
Top 10
2023-05-17T10:46:00Z
May 17, 2023

We primarily use the solution for analyzing logs, such as those from Azure AD. We have it integrated with Microsoft 365 and plan to integrate it with our firewalls so we can analyze those logs too. So, our main uses are for log analysis and to check for vulnerabilities in our system. We use more than one Microsoft security product; we also use Defender for Cloud.

Jalan Cruz - PeerSpot reviewer
Real User
Top 10
2023-05-10T20:14:00Z
May 10, 2023

We use Microsoft Sentinel for log aggregation, data connectors, and alerts.

AK
Real User
Top 20
2023-05-09T16:57:00Z
May 9, 2023

We use it for security. It's at the forefront of managing the security within our organization. We use the platform as our main SIEM for enterprise security whereby we have several tools that feed into Microsoft Sentinel and then from there, we have the use cases. It's a major tool for security monitoring within the enterprise.

KP
MSP/MSSP
Top 20
2023-03-21T07:51:00Z
Mar 21, 2023

Our organization is a service company, therefore, we are proposing Microsoft Sentinel as an MSSP solution to our clients. Additionally, we are offering other solutions with Microsoft Sentinel. We have integrated Microsoft Sentinel with MISP, an open source intelligence trading platform, to create a deluxe solution. Furthermore, we use the five-year tool in conjunction with Microsoft Sentinel. We pitched the solution for BFSI, healthcare, and ONG sectors. The solution can be deployed based on the client's requirements.

Matthew Hoerig - PeerSpot reviewer
Real User
Top 10
2023-02-11T23:29:00Z
Feb 11, 2023

Our use cases range from more complex configurations, looking at things like playbooks, workbooks, and threat-hunting, for which we rolled out architectures in some departments in the Government of Canada, to a more streamlined functionality and looking at things from a correlation perspective. We work in tandem with a couple of departments that have products called cloud sensors and those sensors feed telemetry into Sentinel. In its simplest form, we're using it for the ingestion of all that telemetry and looking for anomalies. The anomalous behavior can include anonymous IPs and geolocation that might indicate bad actors are trying to access a system. If I'm located in Ottawa, Ontario and somebody from Russia is trying to access our tenant, that's going to be pretty suspicious. Just like the US government has FedRAMP, there is a similar approach, here, for the Government of Canada where the funding for projects takes a cloud-first approach. Most of the departments in the government are now on some kind of cloud journey. When I look at the various projects I've worked on, every single one, to some degree, has an IaaS in Azure environment, and most of those deployments incorporate Sentinel and the log analytics workspace into the solution.

GP
Real User
Top 20
2023-01-25T08:41:00Z
Jan 25, 2023

When Exchange email is outside the domain, we have found sometimes that there are phishing emails. With the help of Microsoft Defender only, without Sentinel, we would not be able to track them. A couple of times data was compromised. With Sentinel, what we have done is integrate Microsoft Endpoint for Defender, M365 Defender, and our Exchange Online for all the email communications in and out.

RS
Real User
Top 20
2022-11-11T19:42:00Z
Nov 11, 2022

My customers mainly want to correlate logs so that they have a single point for their log information. In addition to correlating logs, they want to automate tasks. Microsoft Sentinel is just a "watch tower" to get all the logs and manage threats. After that, you have the Microsoft Defender products that help to reduce threats. For example, Microsoft Defender for Endpoint is an anti-virus and EDR that helps to eliminate threats on devices such as laptops and smartphones. Microsoft Defender for Office 365 enables protection for Teams, Mail, or SharePoint, and Microsoft Defender for Identity helps to reduce risk on Active Directory or Azure AD. So Microsoft Defender products are the tools for reducing threats, and Microsoft Sentinel is the tool for analyzing incidents and threats.

Nitin Arora - PeerSpot reviewer
Real User
Top 20
2022-11-02T06:53:00Z
Nov 2, 2022

I'm using it as a SIEM solution. If I consider the leading clouds, especially Google and Amazon, so we don't have a dedicated SIEM solution available in either and we have to create a SIEM solution by using the native services of those clouds. But Microsoft Sentinel gives us an opportunity to use a direct SIEM solution. I have clients from different regions and they already have environments on the cloud with various vendors, as well as on-prem. The problem they came to me with was that they wanted to secure their environments. They wanted to monitor all the vulnerability management, patches, and vulnerability scans in a single place. They have third-party data sources that they wanted to monitor things in a single dashboard. I suggested they use Microsoft Sentinel because it can integrate many third-party vendors into a single picture. Those are the kinds of scenarios in which I suggest that my clients use Microsoft Sentinel.

Ankit-Joshi - PeerSpot reviewer
Real User
Top 20
2022-10-08T05:40:00Z
Oct 8, 2022

I'm currently using this solution for monitoring our SOC. I also implement Sentinel for clients. We use Defender for Cloud, Defender for Endpoint, Defender for Office 365, and Defender for Identity. They were easy to integrate. It's necessary to understand the background of the data source to integrate the devices into Sentinel. If it is cloud-based, we can utilize the GeoLogic app or Azure function to integrate the log sources or use the slot method. These solutions work natively together to deliver coordinated detection and response across our enterprise. We have different EDR solutions in our environment, and we have integrated them with Sentinel. We directly monitor all of the other security devices from Sentinel. I haven't seen many issues with integrating different products. We can set a robust error detection mechanism. If there are some issues while integrating the logs, we can do automated alerting and easily troubleshoot any issues. There are no issues with integrating multiple-location firewalls. We have Sentinel deployed in the US and other geolocations. There are between 15 to 20 people using this solution in my team. The solution is deployed on the cloud.

JL
Consultant
Top 20
2022-09-03T21:49:00Z
Sep 3, 2022

We needed a SIEM solution that could integrate with our Microsoft 365 stack. Being a Microsoft product, that was the first SIEM we looked at, and we haven't looked back. We're still growing with the product over the last couple of years. It is phenomenal. We're mainly focused on the cloud, but one of our selling points is that you can integrate with on-prem. We push to get the Azure Arc implementation done on top of Sentinel so that we can ingest data from your on-prem environment into Azure Monitor, which is then exposed to Sentinel. That's how we drive that integration, but we mainly have the cloud. We have 80% cloud and 20% on-prem.

SA
Real User
Top 5
2022-08-23T11:28:00Z
Aug 23, 2022

Microsoft Sentinel is basically a major log, on top of which you can build queries that can analyze the data you get. It's used to build up security operations centers. In addition, it is a SIEM and SOAR solution.

AidanMcLaughlin - PeerSpot reviewer
Real User
Top 20
2022-08-08T10:38:00Z
Aug 8, 2022

We use Microsoft Sentinel to monitor many different environments for cybersecurity incidents, and we use it as our main alerting tool to let us know when this activity happens. It also interfaces with all of our other Defender products, such as Defender for Office 365, Defender for Endpoint, et cetera. Almost all of our solutions are based in Azure. We use Defender for Endpoint, Defender for Office 365, Defender for cloud, Sentinel, and Azure Active Directory Identity Protection. I use the latest version of Sentinel. Sentinel is mostly used within our security operations center and our security team. We have about 50 endpoint users.

KarimMabrouk - PeerSpot reviewer
Real User
Top 20
2022-07-27T11:39:00Z
Jul 27, 2022

We use it to protect our Office 365 environment. We can also deploy it for the entire infrastructure, including on-premises, firewalls, and also users' devices. I'm a partner with many customers using Sentinel. Some are small companies but I also have many banks that have implemented the solution.

AS
Real User
Top 20
2022-06-23T20:06:00Z
Jun 23, 2022

We use it to monitor the cloud for any security issues. We are using it as a SIEM for our cloud workspace.

MikaelFryksten - PeerSpot reviewer
Real User
Top 10
2022-05-03T15:36:57Z
May 3, 2022

We use Microsoft Sentinel for providing managed services and for security use cases, which include detecting anomalies or security events and collecting security events from various data sources.

Sharjeel Khan - PeerSpot reviewer
Real User
Top 5
2022-04-12T13:49:51Z
Apr 12, 2022

We primarily use the solution for the surrounding management.

EM
Real User
2022-02-17T20:20:08Z
Feb 17, 2022

It is for tracking the logs. I'm working on automation. So, the use case basically includes logs, incidents, automation, UEBA, and endpoint integration with Office 365 Defender.

Harsimran Sidhu - PeerSpot reviewer
Real User
Top 20
2021-12-12T17:00:00Z
Dec 12, 2021

We actually use it for queuing logs and checking log systems that we have downloading from other devices to see if there are any issues. For example, if we get an alert, then we triage it and query the logs and the devices that we're looking for.

MJ
Consultant
2021-11-28T11:57:00Z
Nov 28, 2021

We work as a managed security services provider (MSSP). We have different clients who have their own security team. One company that I worked for recently had a security team of three people, then they hired us for 24/7 analysis and monitoring. For that, I solely worked on building this product, then there are the eight to nine people who do 24/7 monitoring and analysis. Sentinel is a full-fledged SIEM and SOAR solution. It is made to enhance your security posture and entirely centered around enhancing security. Every feature that is built into Azure Sentinel is for enhancing security posture.

OO
Consultant
2021-11-02T21:04:00Z
Nov 2, 2021

Azure Sentinel is a SIEM solution. It offers security information on an event management solution and also security orchestration automation response. It actually looks into events coming into your environment and events from a lot of sources, or whatever you might have in your network. There are a lot of events and logs generated by all of these resources - sometimes in the thousands or millions. Azure Sentinel helps you investigate a lot of these logs faster. It uses artificial intelligence, called threat intelligence, to look into all the events that might be coming into your environment. For example, on a daily basis, you might be receiving two million events coming from all the resources you have, including your users. If you're a very big enterprise and you have thousands of users, there are logs coming in from each of these users. You also have some resources, such as your web application, virtual machine, and a lot of your resources that span across both Azure AWS, GCP, and other solution providers like Sophos, Fortinet, Cisco, and your on-premise environment. You can get all these logs together with this.

DO
Real User
2021-10-25T16:21:00Z
Oct 25, 2021

On Azure, we have workloads on virtual machines, Kubernetes clusters, and SQL Servers. The way Sentinel works is that logs from our Kubernetes services, virtual machines, and database servers go into what is called Log Analytics on Azure. Log Analytics connects to Azure Sentinel, then all the logs move from the resources to Log Analytics down to Sentinel. Sentinel is configured to do some form of threat detection on these logs. For example, there is a firewall log connected to Log Analytics. Sentinel looks at those firewall logs for repeated IPs that are trying to either do an attack on our system or get access into our system. There is some form of machine learning and AI implemented in it to be able to tell us which particular IP address is trying to do this.

Matthew Hoerig - PeerSpot reviewer
Real User
Top 10
2021-10-22T19:38:00Z
Oct 22, 2021

It is a tool for compliance for us. Every department and agency in the government is trying to get to the cloud as fast as they can. Because of that, there's a lot of SA&A work—service authorization and accreditation. In that, you're assessing the environment against a set of controls. We use Sentinel to provide us with a core piece of evidence that ensures these environments are compliant.

SM
Real User
2021-10-14T10:01:00Z
Oct 14, 2021

Azure Sentinel is a next-generation SIEM, which is purely cloud-based. There is no on-premises deployment. We primarily use it to leverage the machine learning and AI capabilities that are embedded in the solution.

GT
Real User
2021-08-23T13:12:00Z
Aug 23, 2021

We internally do not use this solution. We provide advisory for Azure Sentinel because we are Microsoft's partner. Our clients use it for Security Operations Centers. Some of the clients wish to build a Security Operation Center. They want to perform threat analysis and see that the environment is secure and monitor it. That's why we deploy SIEM solutions. In terms of deployment, what we see here in Asia, specifically in Malaysia, are hybrid and public cloud deployments.

TL
Real User
2021-06-18T10:57:00Z
Jun 18, 2021

We are running an MDR service for our customers and use Azure Sentinel as the SIEM product to allow us to have an overview of all our customers, but also to easily push configurations to different customers. We use Azure Sentinel as an alert aggregator to import all of the incidents/alerts from the different (Microsoft) security products in order to have a single pane of glass. On top of that, we create our own custom Analytics Rule that can be used to add our own added value. This enables us to create our own IP to protect customers.

IG
Real User
2021-04-08T08:18:00Z
Apr 8, 2021

Security incident and event management. Threat detection and automated response. It is a software as a service from Microsoft.

KP
MSP/MSSP
Top 20
2021-02-24T21:43:00Z
Feb 24, 2021

We use it on a public cloud. We have integrated Azure Lighthouse with Azure Sentinel Security. By integrating all of these, Azure Security Center and Azure Defender, we are providing an MSSP platform to our customers.

RK
Real User
2021-02-12T14:37:31Z
Feb 12, 2021

The primary use case is the same use case as Splunk. Requirements differ. We're still doing fine-tuning. However, lots of users are added to its security group to note activities.

MD
Real User
2021-01-23T00:28:35Z
Jan 23, 2021

We are security system integrators.

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and...
Download Microsoft Sentinel ReportRead more