Forum Discussion

Joonas Pakkanen's avatar
Joonas Pakkanen
Brass Contributor
Apr 16, 2019

Azure Sentinel vs. Azure LogAnalytics

Hi,

 

Do we have already available some kind of comparison chart between Azure Sentinel and Azure LogAnalytics.

I'm trying to understand differences between these two solutions.

What to pick for customer cases.


Thanks

 

Br, Joonas

  • Joonas Pakkanen 

     

    Azure Sentinel is a cloud-native SIEM that provides intelligent security analytics for your entire enterprise at cloud scale. Get limitless cloud speed and scale to help focus on what really matters. Easily collect data from all your cloud or on-premises assets, Office 365, Azure resources, and other clouds. Effectively detect threats with built-in machine learning from Microsoft’s security analytics experts. Automate threat response, using built-in orchestration and automation playbooks.

     

    Azure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

     

     

    • Akshaya_Kumar's avatar
      Akshaya_Kumar
      Copper Contributor

      Chris Boehm - Is it possible to do the work of Azure Sentinel like creating events and analyzing it by using Insights and Log Analytics? I know Azure Sentinel is a SIEM solution but are any capabilities for Insights and Log Analytics which Sentinel can do ?

      • Chris Boehm's avatar
        Chris Boehm
        Icon for Microsoft rankMicrosoft

        Akshaya_Kumar 

        Please let me know if this answered your question;

         

        Azure Monitor has capabilities to do the following:

        So similar things can be accomplished although the products are geared in different directions as stated above.

         

        Azure Sentinel is sitting on-top of Log Analytics, which will have similar features without the security enrichment offerings; like some of the following examples;

         

        • Wide scale data collection - across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.

        • Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence. 

        • Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft. 

        • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

         

        Primary things that are different; are the Investigation and detections with AI, Incident Management capabilities, upcoming features like User and Entity Behavior Analytics and Threat Intelligence.

    • CliveWatson's avatar
      CliveWatson
      Icon for Microsoft rankMicrosoft

       

      FYI, Yuri also posted recently a response to this question, in the "Security and Identity" conversation - see:

      here

       

      He has some nice, simple diagrams as well.  

Resources