We performed a comparison between Sentinel and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The automation feature is valuable."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"The tool is simple to use."
"The most valuable feature of Sentinel is the dashboard."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The graphical user interface is very user-friendly. SolarWinds is a hybrid solution so you can use it across many platforms."
"It supports high availability, which is very helpful."
"The most valuable feature of SolarWinds Security Event Manager is the analysis and the knowledge about the incidence that we trace."
"It's easy to build rules and actions based on the logs and event types we collect with the software."
"The most valuable feature is the ease of use for the end user."
"The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."
"SolarWinds is easy to configure, and it provides timely alerts."
"Some of the rules are most valuable because you can be notified about various things, such as spyware or things that are going on in the internal network."
"Azure Sentinel will be directly competing with tools such as Splunk or Qradar. These are very established kinds of a product that have been around for the last seven, eight years or more."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"There is room for improvement in entity behavior and the integration site."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"The on-prem log sources still require a lot of development."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"The solution does not allow outsourced authorizations."
"I rate Sentinel a six out of ten for scalability."
"There is no integration in the web-side of the tool."
"I would like to see a better reporting work structure on the dashboard."
"Log source integration with Sentinel needs to be improved."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"The solution's technical support is okay, but we don't have an SLA, and sometimes the response times are very slow."
"It won't tell you when your backups are failing, but it will give you hints when your database is running on full recovery."
"Under the new system, it is not upgradable the way they say. When you try to do an upgrade, it doesn't really work unless you dump everything and start from scratch. You lose a lot of your nodes. Whenever you set your nodes up and everything else, they don't want to bring those nodes back in, so you have to really go back and restructure all your nodes. I went from version 6.5 to version 6.6 and then to version 6.7. I then went to version 2019, and now it is version 2020. It would be good if we can upgrade without having to delete everything and start from scratch. They can maybe build more KPIs and other things for the dashboard. Some of the other systems already have built-in KPIs. SolarWinds is starting to catch up, but it is not there yet. They can include some of the business or industry standards for tracking the time, that is, the meantime to detect (MTTD) and the meantime to resolve (MTTR). They can also find a way to build a KPI that measures the number of instances of port scans experienced in a week or a month."
"There are no multiple dashboards which would allow you to see information side-by-side."
"It is a very technical program. They can simplify it so that it isn't so hard to deal with."
"The reporting could be more robust. It can be a lot more granular and that will make it a lot more useful in comparison to how it is incorporated at the moment."
"One of the drawbacks of being so flexible is that it is also a fairly complicated software application to install, configure, and maintain."
"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."
More SolarWinds Security Event Manager Pricing and Cost Advice →
Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews while SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews. Sentinel is rated 7.6, while SolarWinds Security Event Manager is rated 7.8. The top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". Sentinel is most compared with Splunk Enterprise Security, IBM Security QRadar, Google Chronicle Suite, Wazuh and LogRhythm SIEM, whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar, Wazuh and Microsoft Defender XDR. See our Sentinel vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.