Azure Sentinel Room for Improvement
System Engineer at a computer software company with 5,001-10,000 employees
They could use some kind of workbook. There is some limitation doing the editing and creating the workbook. That would improve it. Sometimes you will find some network issue, and network error with the Azure Sentinel portal. That's the biggest drawback I found with the Sentinel. It would be great if would provide PIP platforms. They do have PI platforms but they don't have PIP.View full review »
Senior Microsoft 365 Consultant at The Collective Consulting
Azure Sentinel is constantly growing. Throughout the two years we have been using it, we have seen it expand tremendously. A lot of the limitations we had originally seen have already been mitigated. A couple of potential improvements could be: allow for a streamlined CI/CD procedure. Now it's a combination of using API/Powershell and ARM which is not ideal. Also, it should allow us to ingest on-prem logs by using a SaaS platform to ingest CEF/Syslog logs that also allow for prefiltering. This would allow us to minimize the cost of the solution.
There's not much that needs improvement but the on-prem log sources still require a lot of development. It's clear that there are limitations there. I also think that the implementation and on-prem data sources could be done in a better way. We've used some functions with Python and whole scripting on FortiSIEM, which is something that Microsoft could easily provide, but so far hasn't.
SOC Analyst at a wholesaler/distributor with 10,001+ employees
We have just recently migrated to this product. We haven't used it long enough to note all of the features. Therefore, it would be impossible to note what is lacking just yet.
The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.View full review »
Domain Architect at a government with 5,001-10,000 employees
Add more out-of-the-box connectors with other SaaS platforms/applications.
Azure Sentinel, the Microsoft Azure product is, from what I understand, used for the Microsoft applications. I don't know if it works outside of the Microsoft Azure cloud.
I would like to be able to monitor applications outside of the Azure Cloud. That is one of the reasons one of the customers has multiple tools.