We performed a comparison between Microsoft Sentinel and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Sentinel pricing is good"
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The pricing of the product is excellent."
"We have no complaints about the features or functionality."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The most valuable features of McAfee ESM are intrusion detection, malware protection, and the device controller."
"The solution is 100% stable. We really have had a great time working with it. It hasn't let us down."
"It can be easily deployed with the other solutions."
"We are now able to completely monitor our environment so we can review what is there, which is a big win for us."
"The most valuable feature in ESM is its search and reporting feature. It's really nice."
"It enables us to detect malicious threats, issues, or vulnerabilities in our network."
"The support I have received from the vendor has been great."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"I would like to be able to monitor applications outside of the Azure Cloud."
"We are invoiced according to the amount of data generated within each log."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"The only thing is sometimes you can have a false positive."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"Product currently requires Flash."
"The only drawback is that they don't have any packet capturing or network behavior analysis."
"I have to purchase a new box now. Its existing box is not scalable and I can't use it anymore."
"It seems McAfee does test its product before releasing. When we - not only us, other companies also - deploy McAfee, we face multiple issues from the customer side, after which, McAfee reacts and fixes the bugs."
"I would like to see improvements to the user interface."
"Update to user interface from version 9 is cosmetic in some aspects, and after a few clicks you are back on the old interface."
"There should be support for multitenancy in the product."
"The initial setup is difficult and could improve."
Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews while Trellix ESM is ranked 18th in Security Information and Event Management (SIEM) with 34 reviews. Microsoft Sentinel is rated 8.2, while Trellix ESM is rated 7.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Elastic Security, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, Splunk Enterprise Security, LogRhythm SIEM and Cybereason Endpoint Detection & Response. See our Microsoft Sentinel vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.