We performed a comparison between Microsoft Sentinel and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The scalability is great. You can put unlimited logs in, as long as you can pay for it. There are commitment tiers, up to six terabytes per day, which is nowhere close to what any one of our customers is running."
"The main benefit is the ease of integration."
"It has a lot of great features."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"It's pretty powerful and its performance is pretty good."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"We can ingest logs and make reports out of them. It is a good tool which can help us monitor any issues."
"Sumo Logic Security is a good solution for searching the logs and identifying the issues."
"We use it to ingest Windows domain controller logs. We use this to monitor if anyone is placed in particular administration groups that potentially shouldn't be. It helps us keep track of people."
"The tool has key features like operability. It will alert the admins whenever a device is onboarded."
"Sumo Logic is an easy solution to use. You can set it up very quickly, and it includes a lot of training videos."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"Scalability has been good for our needs. We haven't run into any scaling issues in regards to size so far."
"Support has been excellent. Sumo Logic's support staff is really good, both their account management staff and direct support."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Sentinel's reporting is complex and can be more user-friendly."
"We are invoiced according to the amount of data generated within each log."
"I would like better UI-driven functionality to create alerts and reports. Now, we have to understand the syntax, so it is a little difficult for someone to pick it up without using the manuals. If there was more of a graphical user interface, it would be beneficial."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"From the network segmentation side, there is some discrepancy in log onboarding. The tool needs to improve direct API integrations, login integration, native login integration, etc."
"The initial setup is the most stressful, like learning how to use it."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"There are some API gaps that are missing."
"The dashboard has room for improvement, because sometimes it is a difficult to create a specific dashboard or query. This would be a nice place to correct problems."
Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 86 reviews while Sumo Logic Security is ranked 17th in Security Information and Event Management (SIEM) with 18 reviews. Microsoft Sentinel is rated 8.2, while Sumo Logic Security is rated 8.6. The top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Wazuh, Microsoft Defender for Cloud and Elastic Security, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, Google Chronicle Suite and Grafana Loki. See our Microsoft Sentinel vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors, best Security Orchestration Automation and Response (SOAR) vendors, and best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.