We performed a comparison between Microsoft Sentinel and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"One of the most valuable features of Microsoft Sentinel is that it's cloud-based."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The analytic rule is the most valuable feature."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"I like the ease of deployment."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"It is easy to use."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The support I have received from the vendor has been great."
"It is easy to use and deploy. It comes with user-friendly manuals."
"I rate the tool's deployment an eight out of ten. The deployment is completed in two days."
"Sentinel's reporting is complex and can be more user-friendly."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"The product can be improved by reducing the cost to use AI machine learning."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"The solution could improve the playbooks."
"There should be support for multitenancy in the product."
"I would like to see good analytics in future releases."
"The user interface could be more user-friendly."
"McAfee ESM is not user-friendly and the log is not accurate. For instance, if I were assigned to generate a log for changes made today, I wouldn't be able to see all the modifications. While Palo Alto allows us to see all changes, McAfee ESM only captures one out of every ten changes. It's crucial to have visibility into all changes made."
"Product currently requires Flash."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"Tech support is required each time there is a system update of the solution."
"The support from McAfee ESM could improve. They could improve the speed."
Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 86 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Microsoft Sentinel is rated 8.2, while Trellix ESM is rated 7.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Wazuh, Microsoft Defender for Cloud and Elastic Security, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and SQRRL. See our Microsoft Sentinel vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.