cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Sentinel vs. Azure LogAnalytics

Joonas Pakkanen
Brass Contributor

‎Apr 16 2019 01:27 AM

‎Apr 16 2019 01:27 AM

Azure Sentinel vs. Azure LogAnalytics

Hi,

 

Do we have already available some kind of comparison chart between Azure Sentinel and Azure LogAnalytics.

I'm trying to understand differences between these two solutions.

What to pick for customer cases.


Thanks

 

Br, Joonas

26.5K Views
1 Like
5 Replies
Reply
5 Replies
Valon_Kolica

‎Apr 17 2019 09:19 AM

‎Apr 17 2019 09:19 AM

Re: Azure Sentinel vs. Azure LogAnalytics

@Joonas Pakkanen 

 

@Ofer_Shezaf: Is this something you can speak to? 

@Chris Boehm 

0 Likes
Reply
Chris Boehm

‎Apr 22 2019 10:44 AM

‎Apr 22 2019 10:44 AM

Re: Azure Sentinel vs. Azure LogAnalytics

@Joonas Pakkanen 

 

Azure Sentinel is a cloud-native SIEM that provides intelligent security analytics for your entire enterprise at cloud scale. Get limitless cloud speed and scale to help focus on what really matters. Easily collect data from all your cloud or on-premises assets, Office 365, Azure resources, and other clouds. Effectively detect threats with built-in machine learning from Microsoft’s security analytics experts. Automate threat response, using built-in orchestration and automation playbooks.

 

Azure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

 

 

0 Likes
Reply
CliveWatson

‎May 02 2019 12:22 AM

‎May 02 2019 12:22 AM

Re: Azure Sentinel vs. Azure LogAnalytics

 

FYI, Yuri also posted recently a response to this question, in the "Security and Identity" conversation - see:

here

 

He has some nice, simple diagrams as well.  

0 Likes
Reply
Akshaya_Kumar

‎May 07 2020 02:05 AM

‎May 07 2020 02:05 AM

Re: Azure Sentinel vs. Azure LogAnalytics

@Chris Boehm - Is it possible to do the work of Azure Sentinel like creating events and analyzing it by using Insights and Log Analytics? I know Azure Sentinel is a SIEM solution but are any capabilities for Insights and Log Analytics which Sentinel can do ?

0 Likes
Reply
Chris Boehm

‎May 07 2020 12:10 PM

‎May 07 2020 12:10 PM

Re: Azure Sentinel vs. Azure LogAnalytics

@Akshaya_Kumar 

Please let me know if this answered your question;

 

Azure Monitor has capabilities to do the following:

So similar things can be accomplished although the products are geared in different directions as stated above.

 

Azure Sentinel is sitting on-top of Log Analytics, which will have similar features without the security enrichment offerings; like some of the following examples;

 

  • Wide scale data collection - across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.

  • Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence. 

  • Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft. 

  • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

 

Primary things that are different; are the Investigation and detections with AI, Incident Management capabilities, upcoming features like User and Entity Behavior Analytics and Threat Intelligence.

2 Likes
Reply