Verified User in Information Services

Enterprise (> 1000 emp.)

10/28/2025

"Does Microsoft Sentinel simplifies security monitoring?"

4/5

What do you like best about Microsoft Sentinel?

There bunch of SIEM tools available in market like Splunk, MS Sentinel and IBM QRadar. Let's see pros of MS Sentinel today:-

1. This tool is completely build on Azure and does not require on-prem infrastructure.

2. As it is deployed on Azure, it scales automatically based on the data ingestion.

3. Integration with Azure AD, Defender for Cloud and MS tools is very easy and quick.

4. It has multiple features, one of them is AI which automatically detects anomalies and correlates signals across data sources.

5. It makes use of KQL which helps in reporting and getting deep analytics with custom queries.

6. It has very large community rules, workbooks, and playbooks available on the GitHub and Sentinel communit which makes things much easier when compared with other SIEM tools. Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

1. Sentinel has a "pay as you go" pricing model which makes it really expensive if you are ingesting lot of data.

2. Sentinel makes use of KQL (Kusto Query Language) is powerful but not intuitive for beginners needs good amount of training for a kick start.

3. Sentinel has a good amount of prebuilt connectors but when it comes to integration with legacy system it is complex process and take good amount of time.

4. When dealing with large, complex queries it may take time and consume high compute resources.

5. Once completely set up the tool and has been used over a long period they switching to another SIEM platform becomes a tedious task. Review collected by and hosted on G2.com.

Microsoft Sentinel Reviews & Product Details

Microsoft Sentinel lets you see and stop threats before they cause harm, with SIEM reinvented for a modern world. Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can: - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft -Respond to incidents rapidly with built-in orchestration and automation of common tasks

Seller

Microsoft

Overview by

Derek Mathis

Pricing

Pricing provided by Microsoft Sentinel.

Pay-As-You-Go

Pay As You Go

100 GB per Day

$123.00

View More Pricing Information

Top-Rated Alternatives

Splunk Enterprise Security

4.3/5

(201)

View All Alternatives

Microsoft Sentinel Integrations

(2)

Integration information sourced from real user reviews.

Microsoft Sentinel Media

Microsoft Sentinel Demo - Cloud Native SIEM + SOAR

Collect - Detect- Investigate - Respond

Microsoft Sentinel Demo - Microsoft Sentinel

Visibility across your entire Organization with Microsoft 365 Defender and Microsoft Defender for Cloud

Microsoft Sentinel Reviews (289)

View 1 Video Reviews

G2 reviews are authentic and verified.

Here's how.

Verified User in Information Technology and Services

Enterprise (> 1000 emp.)

11/17/2025

"Comprehensive Visibility and Seamless Azure Integration in MS Sentinel"

5/5

What do you like best about Microsoft Sentinel?

We have both logs and incidents visible in MS Sentinel unlike our previous SIEM tool. Also, it is an advantage to have the visibility of other services of Azure in the Sentinel and many more. Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

We don't have an RBAC option to the tables in the Sentinel like we have in the ADX. It would be great if we have these RBAC option so that we can grant permissions to specific user or group to specific tables Review collected by and hosted on G2.com.

What problems is Microsoft Sentinel solving and how is that benefiting you?

It is easy to triage the security alerts from the L1 SOC. Building dashboards is easy. Microsoft has given us a default usage dashboard which is useful.

Easy for building reports in from logic apps and integrating with the Sentinel. Predefined library functions in query editor and more Review collected by and hosted on G2.com.

Christian Noel C.

Jefe Regional de Inteligencia de Ciberseguridad | CIC |

Enterprise (> 1000 emp.)

8/1/2025

"Siem with excellent capabilities to infest logs and create use cases for the Soc service"

3.5/5

What do you like best about Microsoft Sentinel?

Integrations with multiple cybersecurity tools Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

The cost of monthly intake is a high price that is paid Review collected by and hosted on G2.com.

SHAIKH S.

Field Monitor

Small-Business (50 or fewer emp.)

3/7/2024

"Microsoft Sentinel Review"

4/5

What do you like best about Microsoft Sentinel?

Microsoft sentinel has very good capabilities to integrate the data. It is easy to connet with the ongoing security softwares and other tools also. This helps organizations to improve their security at different level. Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

To generate custom reports using Microsoft Sentinel sometimes may be time consuming due to its dependency on KQLscript writing. If we want to combine the non microsoft data in order to generate log anaysis, it will be difficult. Additionally, learning KQL is also difficult for the new comers. Review collected by and hosted on G2.com.

Anugrah Pratap S.

Technical Lead

Enterprise (> 1000 emp.)

11/11/2024

"Streamlining Security Operation with Azure Sentinel !!!!"

4.5/5

What do you like best about Microsoft Sentinel?

Integration with almost all tools and applications. Ease of use, Implementation, migration from other solutions, User friendly and lot much capable Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

Whenever you need to search for a rule or use case, you first need to find the proper alert name (proper naming convention) from analytics; after that, you can search for it. Review collected by and hosted on G2.com.

What problems is Microsoft Sentinel solving and how is that benefiting you?

By the help of Microsoft or Azure Sentinel we are able to streamlined our SOC operation. Due to its vast category of tools/application with other tools, it helps most. Sentinel also has the simple and almost every level of training /certification on its portal. That's really helpful for to train our resources. Review collected by and hosted on G2.com.

Shashank G.

Cyber Security Architecture

Enterprise (> 1000 emp.)

7/30/2024

"Microsoft Sentinel is a Cloud-native security intelligence platform for Microsoft Azure."

5/5

What do you like best about Microsoft Sentinel?

Microsoft Sentinel seamlessly integrates with Azure security services, capturing data from different sources like VMs using the Azure monitor agent, Azure Activity log, and Azure event hub. Its built on cloud native architecture. Its a centralized monitoring system. Azure sentinel uses playbooks for automated threat response, streamlining incident handeling. Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

Some users find the user interface challenging to navigate, understanding its features may take time. This conprehensive soltuin comes with a price tag. Review collected by and hosted on G2.com.

What problems is Microsoft Sentinel solving and how is that benefiting you?

Microsoft sentinel provides bird's-eye view across enterprise, ingesting security data from all the workloads.It is AI-powered threat intelligence and a rules engine help detects and investigate incidents. MS Sentinel uses playbooks for automated threat response, streamlining incident handling. Review collected by and hosted on G2.com.

Luciano P.

Cybersecurity Analyst

Mid-Market (51-1000 emp.)

2/17/2025

"It's a very powerful SIEM-tool for conducting cloud security operations"

5/5

What do you like best about Microsoft Sentinel?

It's easy intergration with Azure Services and the Microsoft Security Tools. Also the pay-as-you-go model. Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

The high costs at scale and the alert fatigue that it gets. Review collected by and hosted on G2.com.

Shital U.

Cyber Security Consultant

Enterprise (> 1000 emp.)

7/25/2024

""Microsoft Sentinel - Future of the SOC""

5/5

What do you like best about Microsoft Sentinel?

This tool has a very good platform and user friendly to all new user as well.It is a easy to use platform and a soc monitoring tool. it's ease of implementaion makes user to use it. It has a good customer support and I have been using this tool since past years .I am frequently using this .It has good integration with other tools. Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

The cost of this platform is little bit higher and the complexity of the tool is there. Review collected by and hosted on G2.com.

Siddharth Ranjan S.

Senior System Engineer

Enterprise (> 1000 emp.)

9/23/2024

"Sentinel- A cloud native SIEM"

5/5

What do you like best about Microsoft Sentinel?

The best features of Microsoft Sentinel includes scalability, seamless integration with Microsoft products, automated incident response etc. Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

So far there is nothing to dislike instead of the integration challenges with third party tool which are non-Microsoft tools. But it can be doable with guides or plugins. Review collected by and hosted on G2.com.

What problems is Microsoft Sentinel solving and how is that benefiting you?

The major problem that Microsoft Sentinel solving is Threat Detection and Response using AI and Machine Learning. Apart from that it provides scalability and flexibility as volume of data grows. Through automated correlation rules, Sentinel reduces false positives and data overload. Review collected by and hosted on G2.com.

Himanshu P.

Cyber Security Analyst

Enterprise (> 1000 emp.)

2/22/2024

"Azure Sentinel SIEM review"

4.5/5

What do you like best about Microsoft Sentinel?

All option and log analytics are handy in single view! Well microsoft is really working on UI specially incident dashboard, new incident view section is better we can see alerts, incident timeline and previous related incident in single window which is good.

There are too much data connector in content hub which is amazing and makes our life easy to integrate new log source. Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

Bug fixes and funtionality issue.

Recently the data connector were not visible in data connector page and we faced lot of problem in health checks.

Microsoft should build an alternate workbook to monitor all data connectors manually.

Speed issue: data query speed is low microsoft should work on that. Review collected by and hosted on G2.com.

What problems is Microsoft Sentinel solving and how is that benefiting you?

Microsoft sentinel is providing saas bases SIEM platform with tons of log integration option which solves the gap between onprem and cloud infra log centralization issue. So that we can not miss any security incident

We can easily setup whole SOC service within few clicks and all thanks to content hub with lots of data connector options which comes with analytic rules & workbooks.

It helps us to onboard new client fast in our mssp environment. Review collected by and hosted on G2.com.

Manish D.

Staff Security Engineer - SecOps

Enterprise (> 1000 emp.)

4/11/2024

"The most feature centric and AI driven cloud SIEM solution"

4.5/5

What do you like best about Microsoft Sentinel?

The MS Sentinel is one of the leading cloud SIEM solution provider. The ease of integration with any 3rd party software solution and native support for all microsoft suite products is what makes it a SIEM leader in Gartner Magic quadrant. The one click deployment of MMA agents to your azure hosted VMs and on-prem workloads (using azure arc) makes it really scalable and easy to manage. The out of the box integration with almost all type of applications are an added advantage. The extensive library of detection/automation rules prepared by Microsoft security research team and community supported content makes it a very rich SIEM product in the market. Review collected by and hosted on G2.com.

What do you dislike about Microsoft Sentinel?

Currently the feature of ingesting logs from private resources is bit complicated and expensive. Microsoft needs to come up with an connectivity model for Sentinel which enables organisations to ingest logs over private communication channel easily instead of leveraging public log analytics API. Review collected by and hosted on G2.com.

What problems is Microsoft Sentinel solving and how is that benefiting you?

The requirement of Security information and event management is paramount for any tyoe of organisation who wants to run business security in the era of hybrid deployment architectures. MS Sentinel fits perfectly in such situation where your computing resources are spread across on-prem and cloud workloads. The ease of deploying the monitoring agents and integrating public/private SaaS solutions are super easy with the help of MS sentinel's content management interface. The rich library of out of the box integrations and detection logics reduces the workload on your SOC engineering team. The simple to use KQL query language helps to investigate your ingested logs into the platform. Review collected by and hosted on G2.com.