How azure sentinel different from other SIEM leaders?

New Contributor
I wanted to know the benefits of azure sentinel and how it's different from other SIEM tools like securonix,Logrhytm, Arcsight and Splunk.
Why one should go with azure sentinel because it's not a leader ?
How many number of usecases are there in the tool?
Can anyone help in the community answering the above questions?
2 Replies

@Dinesh_G Here is some basic information

Benefits:  One main benefit is that it is 100% cloud based so you do not have to worry about hardware at all.  Some other SIEM providers are not starting to provide cloud based instances but those are more of a hosted IaaS and there will still be a lag to expand your environment as needed. 


Because it is cloud based, updates happen instantly without needing to schedule downtime or other times to perform the updates.


Azure Sentinel also makes great use of Machine Learning to help alleviate the false positive issue and to create incidents that may otherwise have fallen through the cracks.


Another benefit is its integration with other Microsoft products.  Being able to ingest O365 data for free is quite compelling.


Why go it when it is not a leader:  First I will say it is not a leader yet.  Microsoft is making great strides with features and functionality and I think you will see it as a leader soon.   With that said, refer back to the benefits for reasons to go to it (and I am sure there are many more that I have missed)


Number of use cases:  Currently there are about 140 OOTB alert rules that come with Azure Sentinel.  There is also a very healthy GitHub community where you can get more.  While other SIEMs, like Splunk, have many more keep in mind that a good portion of those are for very specific hardware/incidents and very few companies would actually use them.


Hope this helps.

Thanks it was very informative but other siem vendors also providing the benefits which you have said.