Sentinel would tell me if someone was trying to log into my tenancy and access my virtual machines, if someone was trying to hack into the network, and if there were account lockouts where accounts get logged out now and then for users. All these threats get reported by the domain controller. Once we enabled Sentinel, it picked up those logs from the domain controllers and gave me an in-depth report of where and when the accounts got locked and the reason why.

Sentinel saved us time. We only needed to know the queries if we wanted to search logs on our Windows servers. If you know how to run queries and what queries to run, it's a big time saver. It saved about 60% of our time when we needed it.

Moreover, Sentinel has decreased our time to detect and respond to threats. As it's centralized and it gets alerts very quickly. You can set up automated actions on those alerts, and once the alert is triggered, you can set up emails, where emails go out to the admins or security people, who can click on them as soon as they see them. Logs come from the servers almost in real-time within ten to 15 seconds. It saves a lot of time.

View full review »

We have not necessarily realized the power of the solution but find integrations with other products to be valuable. We are able to understand how access management applications are being used for multifactor authentication and password management. We can see user behavior and prevent malicious use. 

For example, we can look at a user resetting a password at 3am to determine if this is abnormal behavior or if the two-factor authentication is attempting SMS when the user is enrolled in fingerprint authentication. This information helps us to identify patterns of abuse and opportunities for security improvement. 

View full review »

Sentinel has improved the user experience inside. It is easier to create queries. 

View full review »

Sentinel can help our customers meet PCI, and other requirements based on the reporting and control of related components. Questions like "who has access to that asset" and "who had access in such and such moment" can be solved quickly.

View full review »

<ul> <li>Better security incident analysis</li> <li>New scopes for security events and correlation</li> <li>Better performances on device failures actions</li> </ul> View full review »

For example, from version 7.1 the company where I worked started using an anomaly dashboards. It very convenient, because SOC could and can react on possible attack, which are not seen in alerts made by rules. As I said before, anomaly dashboards can help detect a type of attacks called 0-day attacks. 0-day attack is threat haven't categorized as an attack yet and because of that there is no patch or solution, because it's unknown for systems like IDS/IPS.

View full review »

We have a regular database to audit and this solution is able to lock the audit data.

View full review »

It provides real time security event analytics.

View full review »

Detection of unauthorised access to systems. View full review »