Azure Sentinel Review

Really good SIEM technology for Microsoft-centric organisations


What is our primary use case?

Security incident and event management. Threat detection and automated response.

It is a software as a service from Microsoft.

How has it helped my organization?

Reduced mean time to detect and resolve

Quickly able to cover a majority of mitre att&ck techniques

Free to ingest Azure logs with E5 license

What is most valuable?

Free ingestion for Azure logs (with E5 licence)

It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks.

It has basic out-of-the-box integrations with multiple log sources.

What needs improvement?

Add more out-of-the-box connectors with other SaaS platforms/applications.

For how long have I used the solution?

12 months

What do I think about the stability of the solution?

No stability issues encountered.

What do I think about the scalability of the solution?

It is scalable as a SaaS offering, but there is a consumption cost to consider.

Cybersecurity team uses this on a daily basis.

How are customer service and technical support?

We work together very well with local MS Team.

How was the initial setup?

The initial setup was simple. All that was needed was to put agents onto our infrastructure.

Integration more complex for non-MS SaaS and OS, but do-able using middleware.

What about the implementation team?

It was done in-house.

It is an evergreen service.

What was our ROI?

What is the cost of lack of visibility?  Average cost of breach = $$$

What's my experience with pricing, setup cost, and licensing?

It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure

Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit.

Which other solutions did I evaluate?

Others were considered however being an E5 M365 and Azure user this was by far the preferred solution.

What other advice do I have?

It is fairly new but making a charge up the market anayses.  Should be considered if you have E5 licence due to native and 'free' ingestion of M365 logs.

We haven't used all of its capability yet because we haven't had the time yet to implement it all, and it appears that the MS roadmap for Sentinel is being actively invested in.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Azure Sentinel reviews from users
...who compared it with Splunk
Learn what your peers think about Azure Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
522,693 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest