We performed a comparison between Exabeam Fusion SIEM and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of Exabeam Fusion SIEM is the easy-to-use user interface."
"The way it can connect with AWS is very useful, and the integrations are pretty good."
"The user interface and the timelines they use are the most valuable features. The price model is very simple so that one can understand it easily and there are no surprises within it."
"Exabeam Fusion SIEM has a good performance and more advantages than traditional solutions."
"I have customers that like the EUBA functionality of it. The solution has the ability to build a session, basically. It pulls a lot of information together, for example, everything a user does in a specific timeframe. It's quite helpful."
"The advanced analytics has a really great overview of user behavior."
"The solution's initial setup process is easy."
"The setup is not difficult. It was easy."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"Sentinel enables us to ingest data from our entire ecosystem. In addition to integrating our Cisco ASA Firewall logs, we get our Palo Alto proxy logs and some on-premises data coming from our hardware devices... That is very important and is one way Sentinel is playing a wider role in our environment."
"The solution offers a lot of data on events. It helps us create specific detection strategies."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"It has basic out-of-the-box integrations with multiple log sources."
"They need to focus on more of the MITRE ATT&CK Framework and coverage. They claim they cover about 70 to 80%. I'm not sure if it's really quite that much, however."
"They should provide detailed information about detecting phishing emails."
"We had a large volume right from the beginning and they weren't quite prepared for that. That's something that they should think about when it comes to customers that have a large volume to start off with."
"We still have questions surrounding hardware deployment."
"The organzation is rigid and not flexible in the way they operate"
"Updating the new release of Exabeam Fusion SIEM takes time and slows our performance."
"The only problem is that the UI is not very impressive."
"The initial setup of Exabeam Fusion SIEM is complex because it needs to integrate with the SIEM solution, but after this is complete it is straightforward."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"I would like to see more AI used in processes."
"The solution could improve the playbooks."
"I think the number one area of improvement for Sentinel would be the cost."
"Sentinel's reporting is complex and can be more user-friendly."
"The playbook development environment is not as rich as it should be. There are multiple occasions when we face problems while creating the playbook."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
Exabeam Fusion SIEM is ranked 28th in Security Information and Event Management (SIEM) with 10 reviews while Microsoft Sentinel is ranked 1st in Security Information and Event Management (SIEM) with 85 reviews. Exabeam Fusion SIEM is rated 8.0, while Microsoft Sentinel is rated 8.2. The top reviewer of Exabeam Fusion SIEM writes "Enables centralized log collection on a single platform". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Exabeam Fusion SIEM is most compared with IBM Security QRadar, Palo Alto Networks Cortex XSOAR, Splunk Enterprise Security, Splunk User Behavior Analytics and Gurucul UEBA, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Microsoft Defender for Cloud, Splunk Enterprise Security and Elastic Security. See our Exabeam Fusion SIEM vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors and best Security Orchestration Automation and Response (SOAR) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.