Item: Microsoft Sentinel
Rating: 5
Author: Verified User

Overall Satisfaction with Microsoft Sentinel

Use Cases and Deployment Scope

We are using it for our Microsoft based events, Azure, 365, things like that, and only for Microsoft. And the reason why we are using it is because we're of the impression that Microsoft knows Microsoft and that the prebuilt alerting and detections will have value.

Pros and Cons

Pros

Azure Logs, specifically the detections and alerting.

Cons

Because it can be so complicated pulling in outside log sources, we don't. It's just hard to do that when you do bring in a log source, even if it's Azure, that's also pretty difficult. It has to go to a single log location regardless of the subscription that you're sending it from. And then of course it's really hard to find the original events.

Return on Investment

None yet.

Sources

Right now, just Azure Activity, Entra ID, O365

Complex. It's really difficult to manage the permissions and the roles.

AI and ML

We have tried using them. We haven't accomplished anything yet.

Investigation Tools

I'm not using that yet.

Alternatives Considered

Splunk Enterprise and Elasticsearch

Well, we didn't select, we selected Sentinel for our Azure stuff, our Microsoft stuff, but we do use a different SIEM for the other stuff still.

Key Insights

Do you think Microsoft Sentinel delivers good value for the price?

Are you happy with Microsoft Sentinel's feature set?

Yes

Did Microsoft Sentinel live up to sales and marketing promises?

Did implementation of Microsoft Sentinel go as expected?

Yes

Would you buy Microsoft Sentinel again?

Yes

Likelihood to Recommend

It's well suited for Microsoft Azure Logs, assuming you can get them in there, but when you're in a multi subscription environment and you have a lot of ambiguity, it makes it really difficult to pull stuff in.

Microsoft Sentinel Feature Ratings

Comments

Please log in to join the conversation

Sentinel Review