We performed a comparison between ArcSight Enterprise Security Manager (ESM) and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"The UI-based analytics are excellent."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"Once the rules are defined, it is capable of detecting minute changes in the systems, which are effectively based on the entries in the log."
"The feature that I have found the most useful is that it can be deployed to the cloud."
"Stable solution with good customer service support."
"The most useful features are directories, price, and live reporting."
"ArcSight gives us better visibility into threats that were unknown earlier."
"For the typical malware or intrusion, this solution assists us by identifying the symptoms based on network traffic from the application servers."
"I would rate the ease of use for new users an eight out of ten, with ten being easy to use. It is a good tool."
"The tool is good for correlation and aggregation. We use it as a collection platform."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"It makes everything easier by automating some tasks and growing with our needs."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The most valuable feature of Sentinel is the dashboard."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"One of the most valuable features is the business intelligence engine. It's very important because it keeps track of everything that's happening and alerts us if something is different than expected. The first time I used it, I was shocked at how well it performed. Another valuable feature that I think makes this product worth the price you pay for it is that it connects to basically every system that provides some form of logging, and it's very easy to set up what triggers this."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"We are invoiced according to the amount of data generated within each log."
"We'd like also a better ticketing system, which is older."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"The AI capabilities must be improved."
"The playbook is a bit difficult and could be improved."
"They should try to include business logic vulnerabilities in the SIEM tool."
"Could benefit from a more modern interface."
"The initial setup could be more straightforward."
"When we need to consume old events, we have to wait for a long time. ArcSight should improve the database capability to reply to queries faster. It would also be interesting if they implemented network visibility. For example, they could add a feature like NetWitness with a model just for looking through the packets."
"The centralized dashboard for the hybrid cloud environment needs to be more focused. It needs to be redefined because it's missing most of the information. It should be a little bit easy to use. Currently, integration with various applications and connectors is not that easy. Deployment is easy, but integration is not that easy. ArcSight also has a very high bandwidth consumption to pull the local servers. It should have some kind of better process or ability to transfer files from on-premises to the cloud, from the cloud to on-premises, and from a cloud to another cloud."
"ArcSight ESM is not easy to use and it should be integrated with other tools that have infrastructure capabilities."
"ArcSight ESM's UI is a little cumbersome and complex, especially for first-time and occasional users using the console manager."
"The customer experience could be improved."
"I rate Sentinel a six out of ten for scalability."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"The solution does not allow outsourced authorizations."
"The dashboard and customer view should be improved"
"Creating a drag-and-drop dashboard or workbook in Sentinel is a little more complex compared to other tools like LogRhythm and IBM QRadar."
"I would like to see a better reporting work structure on the dashboard."
"There is no integration in the web-side of the tool."
"Log source integration with Sentinel needs to be improved."
More ArcSight Enterprise Security Manager (ESM) Pricing and Cost Advice →
ArcSight Enterprise Security Manager (ESM) is ranked 12th in Security Information and Event Management (SIEM) with 93 reviews while Sentinel is ranked 17th in Security Information and Event Management (SIEM) with 16 reviews. ArcSight Enterprise Security Manager (ESM) is rated 7.8, while Sentinel is rated 7.6. The top reviewer of ArcSight Enterprise Security Manager (ESM) writes "Allows for monitoring logs according to industry standards within ESM but has a total capacity capped at 12 TB, limiting real-time data retention periods". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". ArcSight Enterprise Security Manager (ESM) is most compared with Splunk Enterprise Security, ArcSight Intelligence, Trellix ESM, IBM Security QRadar and LogRhythm SIEM, whereas Sentinel is most compared with Splunk Enterprise Security, IBM Security QRadar, Google Chronicle Suite and Wazuh. See our ArcSight Enterprise Security Manager (ESM) vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
