Azure Sentinel Overview

Azure Sentinel is the #13 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to AWS Security Hub: Azure Sentinel vs AWS Security Hub

What is Azure Sentinel?

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security and Compliance Community.

Azure Sentinel Buyer's Guide

Download the Azure Sentinel Buyer's Guide including reviews and more. Updated: July 2021

Azure Sentinel Customers

Azure Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Azure Sentinel Video

Pricing Advice

What users are saying about Azure Sentinel pricing:
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
KP
System Engineer at a computer software company with 5,001-10,000 employees
Real User
Top 10
Makes it easy to monitor and keep a track record for vulnerabilities

What is our primary use case?

We use it on a public cloud. We have integrated Azure Lighthouse with Azure Sentinel Security. By integrating all of these, Azure Security Center and Azure Defender, we are providing an MSSP platform to our customers.

Pros and Cons

  • "In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
  • "They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."

What other advice do I have?

Azure Sentinel s actually quite handy, and very adaptive to the market trends. Anyone who is looking for the same store, creating their complete security solution for their enterprise, for the effective security solution, and for data integration, they must go with the Azure Sentinel as they are going to get everything in one place. I would rate Azure Sentinel at an eight on a scale of ten.
TL
Senior Microsoft 365 Consultant at The Collective Consulting
Real User
Top 20
Quick to set up with good automation and integrates well with Microsoft products

What is our primary use case?

We are running an MDR service for our customers and use Azure Sentinel as the SIEM product to allow us to have an overview of all our customers, but also to easily push configurations to different customers. We use Azure Sentinel as an alert aggregator to import all of the incidents/alerts from the different (Microsoft) security products in order to have a single pane of glass. On top of that, we create our own custom Analytics Rule that can be used to add our own added value. This enables us to create our own IP to protect customers.

Pros and Cons

  • "Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
  • "The solution should allow for a streamlined CI/CD procedure."
Learn what your peers think about Azure Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
522,693 professionals have used our research since 2012.
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Real User
Top 5
UI-based analytics are excellent; great tools for cleaning data

What is our primary use case?

We use this solution for analyzing Microsoft cloud-based log services and for security data. The services include Microsoft 365, Azure Security Center logs and Microsoft cache logs. We are gold security partners with Azure.

Pros and Cons

  • "The UI-based analytics are excellent."
  • "The on-prem log sources still require a lot of development."

What other advice do I have?

I would definitely recommend this solution. If you have cloud-based workloads and different cloud or cloud lookalike services that require security data, or if you are looking for SOAR functionalities, then it's a no brainer. It's the best in that market. On the other hand, if you are mainly working and operating with on-prem stuff then there's no advantage over FortiSIEM or other solutions. I rate this solution a nine out of 10.
RK
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Real User
Top 5Leaderboard
Scalable and offers good pricing but needs a better user interface

What is our primary use case?

The primary use case is the same use case as Splunk. Requirements differ. We're still doing fine-tuning. However, lots of users are added to its security group to note activities.

Pros and Cons

  • "The pricing of the product is excellent."
  • "The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."

What other advice do I have?

We're using the latest version of the solution. Choosing this solution was a management decision. Due to cost-effectiveness, they opted for Azure Sentinel. Whether this product would work for another organization or not depends on the company's requirements. As it is still very early in terms of our experience with the solution, I would rate the product at a six out of ten.
IG
Domain Architect at a government with 5,001-10,000 employees
Real User
Top 5
Really good SIEM technology for Microsoft-centric organisations

What is our primary use case?

Security incident and event management. Threat detection and automated response. It is a software as a service from Microsoft.

Pros and Cons

  • "Free ingestion for Azure logs (with E5 licence)"
  • "It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
  • "It has basic out-of-the-box integrations with multiple log sources."
  • "They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
  • "Add more out-of-the-box connectors with other SaaS platforms/applications."
  • "They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
  • "There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."

What other advice do I have?

It is fairly new but making a charge up the market anayses. Should be considered if you have E5 licence due to native and 'free' ingestion of M365 logs. We haven't used all of its capability yet because we haven't had the time yet to implement it all, and it appears that the MS roadmap for Sentinel is being actively invested in.
MarkDarwish
CEO at Danastar Professional Services, LLC
Real User
Top 5
Included with Microsoft, and we have no complaints about functionality

What is our primary use case?

We are security system integrators.

Pros and Cons

  • "We have no complaints about the features or functionality."
  • "I would like to be able to monitor applications outside of the Azure Cloud."

What other advice do I have?

If it's a security integrator like us, quite often people push the client into buying different vendors' products and the client already has the tool in-house. Microsoft is one of those tools that most clients already have. Many vendors, or integrators, that we know of, are not familiar with Microsoft Sentinel product classification security. So that's one thing I would encourage both potential customers, and users, to look into what suite of products do they have with existing Microsoft accounts that they have. Also, the integrators should be quite familiar with all the things that are…
Buyer's Guide
Download our free Azure Sentinel Report and get advice and tips from experienced pros sharing their opinions.