We performed a comparison between Microsoft Sentinel and RSA enVision based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The data connectors that Microsoft Sentinel provides are easy to integrate when we work with a Microsoft agent."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The Log analytics are useful."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"The most valuable feature of this solution is the reporting."
"The most valuable feature is the management features. It's capable of managing large enterprises."
"The configuration part is very easy...The technical support was sincere in their responses...I rate the technical support a nine out of ten."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"I would like to see more AI used in processes."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Sometimes, we are observing large ingestion delays. We expect logs within 5 minutes, but it takes about 10 to 15 minutes."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"In general, the solution currently isn't user-friendly."
"The integration could be easier, it should support more products."
"RSA enVision log manager is out of date and is not in use anymore."
Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews while RSA enVision is ranked 36th in Security Information and Event Management (SIEM) with 5 reviews. Microsoft Sentinel is rated 8.2, while RSA enVision is rated 6.8. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of RSA enVision writes "Though the solution offers good technical support, it needs to be made more user-friendly ". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Elastic Security, whereas RSA enVision is most compared with NetWitness Platform, Splunk Enterprise Security and IBM Security QRadar. See our Microsoft Sentinel vs. RSA enVision report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.