We just raised a $30M Series A: Read our story

Azure Sentinel OverviewUNIXBusinessApplication

Azure Sentinel is the #9 ranked solution in our list of top Security Information and Event Management (SIEM) tools. It is most often compared to AWS Security Hub: Azure Sentinel vs AWS Security Hub

What is Azure Sentinel?

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Azure Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security and Compliance Community.

Azure Sentinel Buyer's Guide

Download the Azure Sentinel Buyer's Guide including reviews and more. Updated: October 2021

Azure Sentinel Customers

Azure Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.

Azure Sentinel Video

Pricing Advice

What users are saying about Azure Sentinel pricing:
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."

Azure Sentinel Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
KP
System Engineer at a computer software company with 5,001-10,000 employees
Real User
Top 10
Makes it easy to monitor and keep a track record for vulnerabilities

Pros and Cons

  • "In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
  • "They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."

What is our primary use case?

We use it on a public cloud. We have integrated Azure Lighthouse with Azure Sentinel Security. By integrating all of these, Azure Security Center and Azure Defender, we are providing an MSSP platform to our customers.

How has it helped my organization?

With other solutions, you see some restrictions for collecting the log from custom connectors. With Azure Sentinel, we do have some restrictions or sometimes we need to struggle with the connection, but there is no need to struggle with the log connection. There is 100% integration to your enterprise environment. This makes it easy to monitor and keep a track record for vulnerabilities and track whatever things are lurking in your network. They also have their custom alert tools, alerting the analytics team, where we can receive custom alerts based on our custom requirements. This has helped our organization a lot. Then with Azure Lighthouse, we can manage multiple customers with one platform, so on a single interface, we manage a number of customers that are using the Lighthouse service from the Azure.

What is most valuable?

In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store With Azure it is a built-in thing, so there is no need to go and search for another vendor or integrate your solution for the store with a third-party.

What needs improvement?

They could use some kind of workbook. There is some limitation doing the editing and creating the workbook. That would improve it. Sometimes you will find some network issue, and network error with the Azure Sentinel portal. That's the biggest drawback I found with the Sentinel. It would be great if would provide PIP platforms. They do have PI platforms but they don't have PIP.

For how long have I used the solution?

My organization partners with Microsoft, so we are working on an MSSP with Azure.

How are customer service and technical support?

The technical support for Azure Sentinel is quite good. You have one level up from the basic support so you will definitely get to Microsoft support directly and actually have a conversation with Microsoft technical guys for the support team and they will resolve your issues very quickly.

How was the initial setup?

The setup for Azure Sentinel is very straightforward. You only need a subscription and for that subscription, you just need the admin roles. So if you are an admin and if you do have the Microsoft certification, you can make a Microsoft Azure account then it's very easy to setup and it's very easy to onboard the Sentinel.

What other advice do I have?

Azure Sentinel s actually quite handy, and very adaptive to the market trends. Anyone who is looking for the same store, creating their complete security solution for their enterprise, for the effective security solution, and for data integration, they must go with the Azure Sentinel as they are going to get everything in one place. I would rate Azure Sentinel at an eight on a scale of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
TL
Senior Microsoft 365 Consultant at The Collective Consulting
Real User
Top 20
Quick to set up with good automation and integrates well with Microsoft products

Pros and Cons

  • "Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
  • "The solution should allow for a streamlined CI/CD procedure."

What is our primary use case?

We are running an MDR service for our customers and use Azure Sentinel as the SIEM product to allow us to have an overview of all our customers, but also to easily push configurations to different customers.

We use Azure Sentinel as an alert aggregator to import all of the incidents/alerts from the different (Microsoft) security products in order to have a single pane of glass. On top of that, we create our own custom Analytics Rule that can be used to add our own added value. This enables us to create our own IP to protect customers. 

How has it helped my organization?

It's really convenient for us to aggregate the logs/alerts from all our customers into a single pane of glass. By using the automation capabilities, it's relatively easy to sync all incidents to our ITSM tool which we can use to follow up on incidents. As it's based on the Microsoft stack, it's convenient for our engineers to learn the product. As Azure Sentinel is also a big focus for Microsoft, we have the ability to work with them on certain products. This creates visibility within the community and for new customers.

What is most valuable?

There are three valuable aspects of the solution: MSSP support, integration with Microsoft, and Automation. By using Azure Lighthouse, an MSSP can easily integrate their applications into their own baseline of policies/configurations.

Because Sentinel is built as an MS-first product, it integrates natively with other Microsoft products, which is really convenient as we are standardized on it. Without much work, you can connect any Microsoft product to it. 

Last, but not least, Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents.

What needs improvement?

Azure Sentinel is constantly growing. Throughout the two years we have been using it, we have seen it expand tremendously. A lot of the limitations we had originally seen have already been mitigated. A couple of potential improvements could be: allow for a streamlined CI/CD procedure. Now it's a combination of using API/Powershell and ARM which is not ideal. Also, it should allow us to ingest on-prem logs by using a SaaS platform to ingest CEF/Syslog logs that also allow for prefiltering. This would allow us to minimize the cost of the solution.

For how long have I used the solution?

I've been using the solution for 1.5 years.

Which solution did I use previously and why did I switch?

We didn't use another SIEM product before Azure Sentinel. 

What's my experience with pricing, setup cost, and licensing?

The cost can be a little confusing at first, but the Azure calculator is a great place to start. I would advise to start with integrating Microsoft products first, as this is the most convenient way forward and allows you to learn the product as you go.

In general, Azure Sentinel can be set up really quickly.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: We are a Microsoft partner
Flag as inappropriate
Learn what your peers think about Azure Sentinel. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
540,984 professionals have used our research since 2012.
Sami Isoaho
Principal Cloud Architect at Viria Security Oy
Real User
Top 5
UI-based analytics are excellent; great tools for cleaning data

Pros and Cons

  • "The UI-based analytics are excellent."
  • "The on-prem log sources still require a lot of development."

What is our primary use case?

We use this solution for analyzing Microsoft cloud-based log services and for security data. The services include Microsoft 365, Azure Security Center logs and Microsoft cache logs. We are gold security partners with Azure. 

What is most valuable?

The UI-based analytics are excellent, it's something I haven't seen with any other SIEM products. Microsoft has excellent tools for cleaning data, sorting out irrelevant log data and even fixing log data.

What needs improvement?

There's not much that needs improvement but the on-prem log sources still require a lot of development. It's clear that there are limitations there. I also think that the implementation and on-prem data sources could be done in a better way. We've used some functions with Python and whole scripting on FortiSIEM, which is something that Microsoft could easily provide, but so far hasn't.

What do I think about the stability of the solution?

The product has been very reliable. I don't know that there have been any service outbreaks. We haven't had any problems. 

What do I think about the scalability of the solution?

We have 700 users and from our perspective, it has unlimited processing power, but this is quite common for cloud services. I think the scalability has to be some kind of ABM and feeding all of the log stats, which could possibly have limits, but Azure has huge computing power behind it.

How are customer service and technical support?

The support is good, the only issue is getting past the level one people who ask if you've tried rebooting. If you have Microsoft's Unified Support, the most expensive support, then you'll be very happy. It's not the best support in the industry, but it's pretty good and they also support Sentinel. 

How was the initial setup?

The initial setup was extremely straightforward. It was the easiest I have seen because it's an SaaS service. I think anybody can do it by just clicking and clicking and saying yes. Straight out of the box and that's the strength of the SaaS service because there's no installation, you just use it. 

Which other solutions did I evaluate?

We compared Azure to Splunk and to our current mainstream implementation, FortiSIEM. If you have a lot of security data, then you feel that Azure is quite expensive but it's nowhere near as costly as Splunk which is four or five times more expensive. FortiSIEM wasn't good enough and Splunk was way to expensive. 

What other advice do I have?

I would definitely recommend this solution. If you have cloud-based workloads and different cloud or cloud lookalike services that require security data, or if you are looking for SOAR functionalities, then it's a no brainer. It's the best in that market. On the other hand, if you are mainly working and operating with on-prem stuff then there's no advantage over FortiSIEM or other solutions. 

I rate this solution a nine out of 10. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
RK
SOC Analyst at a wholesaler/distributor with 10,001+ employees
Real User
Top 5Leaderboard
Scalable and offers good pricing but needs a better user interface

Pros and Cons

  • "The pricing of the product is excellent."
  • "The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to."

What is our primary use case?

The primary use case is the same use case as Splunk.

Requirements differ. We're still doing fine-tuning. However, lots of users are added to its security group to note activities.

What is most valuable?

So far, the solution has been perfect. 

The pricing of the product is excellent.

So far, we have found the stability to be very good.

The solution, as a SIEM tool, has very good integration capabilities, at least, according to our needs.

What needs improvement?

We have just recently migrated to this product. We haven't used it long enough to note all of the features. Therefore, it would be impossible to note what is lacking just yet.

The interface could be more user-friendly. It''s a small improvement that they could make if they wanted to.

For how long have I used the solution?

We've recently migrated to this solution. We've only been using it for a month.

What do I think about the stability of the solution?

The stability of the product is very good. It doesn't have bugs. It's not glitchy. It doesn't crash or freeze. It's been reliable so far.

What do I think about the scalability of the solution?

As a Microsoft product, customers get scalability and elasticity. We have policies in place, and, based on them, we can upgrade if we need to. A company shouldn't have issues scaling should they have the need to expand. 

Only the security team uses this product. It's not accessible for every user. We have a team of about 20.

We have just invested in the solution, and therefore we have plans to use it for the foreseeable future.

How are customer service and technical support?

We do have access to support, and if we need them, we can call on them. However, the solution is so new, we have yet to need their services. Therefore, I can't speak to their level of responsiveness or knowledgeability just yet.

How was the initial setup?

The installation is very straightforward and easy. It's not complex. It's a cloud deployment, and therefore, it is very quick. You just connect the APIs to the data center.

What's my experience with pricing, setup cost, and licensing?

The product is extremely cost-effective and affordable for customers.

I'm more on the technical side. Therefore, I don't have any insights into the actual cost or the structure of the license.

Which other solutions did I evaluate?

We looked at Splunk as well and compared to that solution, this one is less expensive.

What other advice do I have?

We're using the latest version of the solution.

Choosing this solution was a management decision. Due to cost-effectiveness, they opted for Azure Sentinel.

Whether this product would work for another organization or not depends on the company's requirements.

As it is still very early in terms of our experience with the solution, I would rate the product at a six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
IG
Domain Architect at a government with 5,001-10,000 employees
Real User
Top 5
Really good SIEM technology for Microsoft-centric organisations

Pros and Cons

  • "Free ingestion for Azure logs (with E5 licence)"
  • "It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
  • "It has basic out-of-the-box integrations with multiple log sources."
  • "They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
  • "Add more out-of-the-box connectors with other SaaS platforms/applications."
  • "They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
  • "There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."

What is our primary use case?

Security incident and event management. Threat detection and automated response.

It is a software as a service from Microsoft.

How has it helped my organization?

Reduced mean time to detect and resolve

Quickly able to cover a majority of mitre att&ck techniques

Free to ingest Azure logs with E5 license

What is most valuable?

Free ingestion for Azure logs (with E5 licence)

It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks.

It has basic out-of-the-box integrations with multiple log sources.

What needs improvement?

Add more out-of-the-box connectors with other SaaS platforms/applications.

For how long have I used the solution?

12 months

What do I think about the stability of the solution?

No stability issues encountered.

What do I think about the scalability of the solution?

It is scalable as a SaaS offering, but there is a consumption cost to consider.

Cybersecurity team uses this on a daily basis.

How are customer service and technical support?

We work together very well with local MS Team.

How was the initial setup?

The initial setup was simple. All that was needed was to put agents onto our infrastructure.

Integration more complex for non-MS SaaS and OS, but do-able using middleware.

What about the implementation team?

It was done in-house.

It is an evergreen service.

What was our ROI?

What is the cost of lack of visibility?  Average cost of breach = $$$

What's my experience with pricing, setup cost, and licensing?

It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure

Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit.

Which other solutions did I evaluate?

Others were considered however being an E5 M365 and Azure user this was by far the preferred solution.

What other advice do I have?

It is fairly new but making a charge up the market anayses.  Should be considered if you have E5 licence due to native and 'free' ingestion of M365 logs.

We haven't used all of its capability yet because we haven't had the time yet to implement it all, and it appears that the MS roadmap for Sentinel is being actively invested in.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
MarkDarwish
CEO at Danastar Professional Services, LLC
Real User
Top 5
Included with Microsoft, and we have no complaints about functionality

Pros and Cons

  • "We have no complaints about the features or functionality."
  • "I would like to be able to monitor applications outside of the Azure Cloud."

What is our primary use case?

We are security system integrators. 

What is most valuable?

We have no complaints about the features or functionality.

What needs improvement?

Azure Sentinel, the Microsoft Azure product is, from what I understand, used for the Microsoft applications. I don't know if it works outside of the Microsoft Azure cloud.

I would like to be able to monitor applications outside of the Azure Cloud. That is one of the reasons one of the customers has multiple tools.

For how long have I used the solution?

I have been using Azure Sentinel for approximately one year.

What's my experience with pricing, setup cost, and licensing?

It's free. It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else. That'd be great if it was supporting other things.

What other advice do I have?

If it's a security integrator like us, quite often people push the client into buying different vendors' products and the client already has the tool in-house. Microsoft is one of those tools that most clients already have.

Many vendors, or integrators, that we know of, are not familiar with Microsoft Sentinel product classification security. So that's one thing I would encourage both potential customers, and users, to look into what suite of products do they have with existing Microsoft accounts that they have. 

Also, the integrators should be quite familiar with all the things that are available to their clients, so they don't have to invest tons of money in other tools.

Based on having no complaints, I would rate Azure Sentinel an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Azure Sentinel Report and get advice and tips from experienced pros sharing their opinions.