We performed a comparison between Sentinel and SolarWinds Security Event Manager based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The machine learning and artificial intelligence on offer are great."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The analytic rule is the most valuable feature."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The most valuable feature of Sentinel is the dashboard."
"It makes everything easier by automating some tasks and growing with our needs."
"The solution helps me to go back in time and search for different events. For example, if you wanted to know who activated an account; you could go back in time and find out."
"The out of the box reports and dashboard. It was easy to trim down these windows to something we could quickly use."
"The solution helps you monitor database instances, application instances, other customer application things, Linux servers, IBM servers, and Oracle servers."
"The most valuable feature of SolarWinds Security Event Manager is the analysis and the knowledge about the incidence that we trace."
"SolarWinds' stability is fine. I don't think we've had any software issues."
"The most valuable feature of this solution is the visibility into both attempted and failed logins."
"It's extremely easy to deploy."
"SolarWinds is easy to configure, and it provides timely alerts."
"We'd like to see more connectors."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"The dashboard and customer view should be improved"
"It is an ancient product."
"There is no integration in the web-side of the tool."
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"Log source integration with Sentinel needs to be improved."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"Training for this solution needs to be improved, as new employees are sometimes unfamiliar with the product."
"I would like to have a more customizable dashboard."
"The only issue is the pricetag. SolarWinds is a costly solution."
"I imagine we will have to develop our own reports soon, this seems to be more cumbersome."
"It is a very technical program. They can simplify it so that it isn't so hard to deal with."
"The company had to use a third party for the implementation of the solution."
"It won't tell you when your backups are failing, but it will give you hints when your database is running on full recovery."
"There is no correlation made between log entries, so no threat information is presented."
More SolarWinds Security Event Manager Pricing and Cost Advice →
Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews while SolarWinds Security Event Manager is ranked 21st in Security Information and Event Management (SIEM) with 24 reviews. Sentinel is rated 7.6, while SolarWinds Security Event Manager is rated 7.8. The top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". On the other hand, the top reviewer of SolarWinds Security Event Manager writes "A comprehensive network security with robust technical capabilities, effective threat response, and centralized management". Sentinel is most compared with Splunk Enterprise Security, IBM Security QRadar, Google Chronicle Suite, Wazuh and LogRhythm SIEM, whereas SolarWinds Security Event Manager is most compared with ManageEngine Log360, Splunk Enterprise Security, IBM Security QRadar, Microsoft Defender XDR and Wazuh. See our Sentinel vs. SolarWinds Security Event Manager report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.