We performed a comparison between Microsoft Sentinel and Trellix ESM based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The Log analytics are useful."
"It has a lot of great features."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The support I have received from the vendor has been great."
"It blocks the things which are not to be allowed. It has an adaptive mode where it learns for itself."
"The ease of use is the most valuable feature. Over the years I have always been using this solution and have become comfortable with it."
"The most valuable feature is the correlation rules."
"McAfee as a whole is a good solution."
"It is a good central viewpoint for issues. These can then be investigated in more detail on the subnet server(s)/endpoints."
"This solution integrates easily and very well with other technologies."
"The solution's technical support is great."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"I think the number one area of improvement for Sentinel would be the cost."
"The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"There are some banking and transactional cases that are local, South America transactions. I would like to see them add features that can be used locally, to make those transactions more reliable."
"The disk space needed for events is not clear. In all clients, we had at least more than 100GB free that we could not use."
"We would welcome integrations with some of the new McAfee acquisitions, e.g., behavioural analytics."
"There are always multiple bugs in the product. For example, the console page was hanging multiple times. Afterwards, they released multiple upgrades for the same, multiple patches from McAfee."
"The product's stability is an area of concern where improvements are required."
"Customized reports and alerting functionality could be included in the dashboard."
"Cloud integration has room for improvement because they're not full-fledged to integrate with the cloud solutions that come. They use different integration platforms to bring in data, and that needs to be improved."
"I would like to see good analytics in future releases."
Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 85 reviews while Trellix ESM is ranked 19th in Security Information and Event Management (SIEM) with 34 reviews. Microsoft Sentinel is rated 8.2, while Trellix ESM is rated 7.4. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Trellix ESM writes "Provides visibility of all the traffic within the company infrastructure". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Elastic Security, whereas Trellix ESM is most compared with ArcSight Enterprise Security Manager (ESM), IBM Security QRadar, LogRhythm SIEM, Splunk Enterprise Security and Cybereason Endpoint Detection & Response. See our Microsoft Sentinel vs. Trellix ESM report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.