We performed a comparison between Centreon and Sumo Logic Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The pricing of the product is excellent."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"Valuable features include the ability to schedule downtime, intensity or depth of monitoring which it does, different plugin packs, Centreon MAP, Centreon BI."
"We have a single GUI where we can view the status of all our infrastructure."
"I can't point to one valuable feature. All of Centreon is good."
"The most important feature is that it permits us to receive alarms if there is an incident within the infrastructure. The feature I love the most is the reporting feature, the MBI (Monitoring Business Intelligence) which permits us to send advanced reports to our customers in PDF format or in Doc format. We also deploy Centreon Map which gives our customers intuitive views of their information system."
"Centreon's most valuable features are preventative maintenance and cost-efficiency. Everything is monitored, and we get a log before the system fails. We have an opportunity to fix the issue and avoid downtime."
"The product is available in ISO image format, ready for deployment. Centreon also has a comprehensive guide and documentation that are simple and easy to follow."
"It supports active monitoring so we don't have to use traps. From time to time traps are not very useful because we never know if they are actually working or not. The reporting part is also valuable as are the event logs. Using them we can check right away if something has had a hiccup."
"We use the remote server functionality on some customer sites, because you can see an independent view and are not dependent on a single connection. If you have branch offices or bigger office outside your headquarters, you can use remote servers because if the connection is broken or disrupted, then remote server will obtain a view of your environment and server availability. This is a good point against using other solutions. Because with other solutions, you don't have this feature. Then, you will be blind if you have this type of a situation."
"I have no concerns about the stability of the product. I feel it handles the stress we put on it very well."
"Technical support is always great."
"We can integrate threat intelligence solutions into the product."
"The most valuable features of Sumo Logic Security are the rules, use cases, and ease of use. Additionally, the integration is straightforward and good GUI."
"We are able to diagnose problems before our customers."
"The solution is quite stable."
"With this tool, we provide access to every developer team the ability to find errors, then they come to us and ask for specific help."
"For many of our services, we use Sumo Logic to track errors and send notifications to our Slack channel, if there are issues. Then, we have our support people monitoring this, and they can react quickly."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"One key area that can be improved is by building a strong integration with our XDR platform."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"I would like to be able to monitor applications outside of the Azure Cloud."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"There are improvements that they need to make to their API. When we're using different systems and we want to disable monitoring for a specific server, we still can't do that through the API. That's something that's lacking."
"Centreon technical support is only available during Central European business hours. When it comes to critical business solutions, there should be a 24/7 hotline that customers can rely on."
"Centreon is actually missing an easy way to create a trendline for the metrics. Actually it is possible to create it, but you need a good knowledge of math, Centreon, and RRD."
"Centreon needs to improve the granularity of the data as well as the graphical data. It would also be better to if there was improvement to the filtering/grouping system as well as the creation of views."
"I would like to see a better UI, one which is more responsive."
"Centreon is very bad with auto-scanning. It's very monolithic software. It doesn't have microservices and it only has basic clustering. You cannot, for example, have six or seven nodes for Centreon's cloud processes."
"The most important issue is the capability to interconnect with other systems. It already exists for some of them. For example, the Stream Connector is something we use to populate data in another system. This kind of facility for connecting should exist for all products that it makes sense to have connected to a monitoring solution."
"It is necessary to improve service monitoring of database services in the free version."
"We would like to have some type of predefined setup for the logs, making the setup easier by default."
"I would like to see improvement in the user experience when configuring things, ingesting logs, and creating ports."
"The API integration in Sumo Logic Security could improve. There are delayed connections or they stop and then automatically start. Having a seamless log collection would be beneficial."
"We would like the ability to drill down into a dashboard and get into deeper levels."
"In my opinion, this solution has a steep learning curve and requires practice if users to be able to use this tool very efficiently."
"If you want to up your subscription through the AWS Marketplace, it can be difficult. You can't just go back to the AWS Marketplace, and say, "I want a bigger one now." You have to contact the sales team, then they do it on the back-end. This could definitely be improved."
"The initial setup is the most stressful, like learning how to use it."
"There needs to be improvement on imported data which can be used within Sumo Logic to do more advanced queries."
Centreon is ranked 11th in IT Infrastructure Monitoring with 27 reviews while Sumo Logic Security is ranked 20th in Security Information and Event Management (SIEM) with 18 reviews. Centreon is rated 8.6, while Sumo Logic Security is rated 8.6. The top reviewer of Centreon writes "Proactive reporting guides our NOC on what needs to be fixed, saving them time". On the other hand, the top reviewer of Sumo Logic Security writes "Used to store and monitor application logs and VPC flow logs". Centreon is most compared with Zabbix, PRTG Network Monitor, Nagios Core, Icinga and Nagios XI, whereas Sumo Logic Security is most compared with Wazuh, Rapid7 InsightIDR, Splunk Enterprise Security, VMware Aria Operations for Logs and IBM Security QRadar. See our Centreon vs. Sumo Logic Security report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.