We performed a comparison between Rapid7 InsightIDR and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have no complaints about the features or functionality."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The features that stand out are the detection engine and its integration with multiple data sources."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"The initial setup is very simple and straightforward."
"It has basic out-of-the-box integrations with multiple log sources."
"The connectivity and analytics are great."
"The incident case management is the most valuable feature. Even though there's always something I find I would like to add to that feature, the ability to quickly sort through all the logs, network and endpoint data, etc., and add it to an incident case as part of the investigation, is nice. Having it automatically timeline that additional data into the original incident timeline, and correlate it to other notable events and activities on the network, results in a huge improvement in our overall confidence that we've quickly traced down the right source of an issue."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"I rate Rapid7 nine out of 10 for affordability"
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"The biggest reason why we chose Rapid7 was to gain value in a really quick time. Its deployment doesn't take months. It just takes a few days."
"InsightIDR has allowed us to find potential security issues that we did not know existed, and get remediation quickly."
"The UI is very good."
"Very intuitive and easy to set up."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The most valuable feature of Sentinel is the dashboard."
"It makes everything easier by automating some tasks and growing with our needs."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"We'd like also a better ticketing system, which is older."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"We are invoiced according to the amount of data generated within each log."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"The ability to tune the collector for custom logs would greatly help."
"The main problem lies in the processes within the client's operating systems."
"I feel it would greatly benefit from more supported log sources."
"The interface for doing investigation needs to be enhanced with minor improvements that would make it more useful."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"It would be useful to import threat intelligence in YARA format along with known incorrect email addresses."
"The solution does not allow outsourced authorizations."
"There is no integration in the web-side of the tool."
"The dashboard and customer view should be improved"
"Log source integration with Sentinel needs to be improved."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"I would like to see a better reporting work structure on the dashboard."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
"It is an ancient product."
Rapid7 InsightIDR is ranked 10th in Security Information and Event Management (SIEM) with 29 reviews while Sentinel is ranked 18th in Security Information and Event Management (SIEM) with 16 reviews. Rapid7 InsightIDR is rated 8.4, while Sentinel is rated 7.6. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". Rapid7 InsightIDR is most compared with Darktrace, Splunk Enterprise Security, Rapid7 InsightVM, IBM Security QRadar and Microsoft Defender for Identity, whereas Sentinel is most compared with IBM Security QRadar, Splunk Enterprise Security, Google Chronicle Suite, Wazuh and LogRhythm SIEM. See our Rapid7 InsightIDR vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.