Microsoft Sentinel Reviews & Product Details

I love the centralized visibility that Microsoft Sentinel offers as it allows me to see logs, alerts, and incidents all in one place without jumping between tools, which speeds up investigations. I really like the built-in analytics and detection rules; they're ready to use and customizable, so I don't have to start from scratch. The integration with the Microsoft ecosystem, including Azure, Microsoft 365, and Defender tools, is also super smooth and almost seamless, making onboarding easier. Review collected by and hosted on G2.com.

A few things with Microsoft Sentinel could definitely be improved, like cost visibility. Pricing can be confusing, especially with the data ingestion. It's easy to overshoot if you are not keeping an eye on it. And, there's a learning curve; it takes time to get comfortable writing queries. Also, while the out-of-the-box rules are helpful, you still need to fine-tune them to reduce noise. Review collected by and hosted on G2.com.

What I like most about Microsoft Sentinel is how it delivers centralized security monitoring across multiple data sources in a cloud-native environment. It simplifies collecting, analyzing, and correlating large volumes of security logs, without the overhead of managing traditional SIEM infrastructure. The built-in analytics rules, threat intelligence integration, and playbook-based automation also help detect and respond to threats more efficiently. I’ve found its integration with other Microsoft security services especially valuable because it creates a more unified view of security incidents and helps security teams investigate and respond more quickly. Review collected by and hosted on G2.com.

One challenge with Microsoft Sentinel is that the initial setup and configuration can be time-consuming, especially for teams that are new to SIEM platforms or Azure services. Some analytics rules and data connectors also need careful tuning to cut down on false positives and make sure the alerts stay relevant. On top of that, the data-ingestion-based pricing model can get expensive if you collect large volumes of logs without proper filtering. For this reason, organizations should plan their log sources and retention strategy thoughtfully so they can keep costs under control while still capturing the logs they need. Review collected by and hosted on G2.com.

What I appreciate most about Microsoft Sentinel is its seamless combination of SIEM and SOAR within a truly cloud-native environment. Its strong integration with the Microsoft ecosystem—particularly Azure, Entra ID, Defender, and M365—delivers immediate visibility and requires very little onboarding effort. The platform’s use of KQL empowers flexible and robust threat hunting, while the built-in analytics rules and UEBA features help to significantly reduce alert fatigue. Additionally, automation via Logic Apps enables security teams to respond more quickly and consistently, making Sentinel a highly scalable and cost-effective solution for today’s SOC operations. Review collected by and hosted on G2.com.

One aspect I find challenging about Microsoft Sentinel is managing costs, particularly as usage grows, because the pricing model relies heavily on the amount of data ingested and retained. While KQL is a powerful tool, it presents a learning curve for teams who are new to it, which can slow down the adoption process. In addition, implementing advanced SOAR use cases often demands considerable customization through Logic Apps, and troubleshooting these automations can be quite complex. Lastly, Sentinel tends to work best within the Microsoft ecosystem, which can be a drawback for organizations that rely on a variety of non-Microsoft security tools. Review collected by and hosted on G2.com.

We have both logs and incidents visible in MS Sentinel unlike our previous SIEM tool. Also, it is an advantage to have the visibility of other services of Azure in the Sentinel and many more. Review collected by and hosted on G2.com.

We don't have an RBAC option to the tables in the Sentinel like we have in the ADX. It would be great if we have these RBAC option so that we can grant permissions to specific user or group to specific tables Review collected by and hosted on G2.com.

There bunch of SIEM tools available in market like Splunk, MS Sentinel and IBM QRadar. Let's see pros of MS Sentinel today:-

1. This tool is completely build on Azure and does not require on-prem infrastructure.

2. As it is deployed on Azure, it scales automatically based on the data ingestion.

3. Integration with Azure AD, Defender for Cloud and MS tools is very easy and quick.

4. It has multiple features, one of them is AI which automatically detects anomalies and correlates signals across data sources.

5. It makes use of KQL which helps in reporting and getting deep analytics with custom queries.

6. It has very large community rules, workbooks, and playbooks available on the GitHub and Sentinel communit which makes things much easier when compared with other SIEM tools. Review collected by and hosted on G2.com.

1. Sentinel has a "pay as you go" pricing model which makes it really expensive if you are ingesting lot of data.

2. Sentinel makes use of KQL (Kusto Query Language) is powerful but not intuitive for beginners needs good amount of training for a kick start.

3. Sentinel has a good amount of prebuilt connectors but when it comes to integration with legacy system it is complex process and take good amount of time.

4. When dealing with large, complex queries it may take time and consume high compute resources.

5. Once completely set up the tool and has been used over a long period they switching to another SIEM platform becomes a tedious task. Review collected by and hosted on G2.com.

Integrations with multiple cybersecurity tools Review collected by and hosted on G2.com.

The cost of monthly intake is a high price that is paid Review collected by and hosted on G2.com.

Microsoft sentinel has very good capabilities to integrate the data. It is easy to connet with the ongoing security softwares and other tools also. This helps organizations to improve their security at different level. Review collected by and hosted on G2.com.

To generate custom reports using Microsoft Sentinel sometimes may be time consuming due to its dependency on KQLscript writing. If we want to combine the non microsoft data in order to generate log anaysis, it will be difficult. Additionally, learning KQL is also difficult for the new comers. Review collected by and hosted on G2.com.

Integration with almost all tools and applications. Ease of use, Implementation, migration from other solutions, User friendly and lot much capable Review collected by and hosted on G2.com.

Whenever you need to search for a rule or use case, you first need to find the proper alert name (proper naming convention) from analytics; after that, you can search for it. Review collected by and hosted on G2.com.

Microsoft Sentinel seamlessly integrates with Azure security services, capturing data from different sources like VMs using the Azure monitor agent, Azure Activity log, and Azure event hub. Its built on cloud native architecture. Its a centralized monitoring system. Azure sentinel uses playbooks for automated threat response, streamlining incident handeling. Review collected by and hosted on G2.com.

Some users find the user interface challenging to navigate, understanding its features may take time. This conprehensive soltuin comes with a price tag. Review collected by and hosted on G2.com.

It's easy intergration with Azure Services and the Microsoft Security Tools. Also the pay-as-you-go model. Review collected by and hosted on G2.com.

The high costs at scale and the alert fatigue that it gets. Review collected by and hosted on G2.com.