Apr 16 2019 01:27 AM
Hi,
Do we have already available some kind of comparison chart between Azure Sentinel and Azure LogAnalytics.
I'm trying to understand differences between these two solutions.
What to pick for customer cases.
Thanks
Br, Joonas
Apr 17 2019 09:19 AM
Apr 22 2019 10:44 AM
Azure Sentinel is a cloud-native SIEM that provides intelligent security analytics for your entire enterprise at cloud scale. Get limitless cloud speed and scale to help focus on what really matters. Easily collect data from all your cloud or on-premises assets, Office 365, Azure resources, and other clouds. Effectively detect threats with built-in machine learning from Microsoft’s security analytics experts. Automate threat response, using built-in orchestration and automation playbooks.
Azure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
May 02 2019 12:22 AM
FYI, Yuri also posted recently a response to this question, in the "Security and Identity" conversation - see:
He has some nice, simple diagrams as well.
May 07 2020 02:05 AM
@Chris Boehm - Is it possible to do the work of Azure Sentinel like creating events and analyzing it by using Insights and Log Analytics? I know Azure Sentinel is a SIEM solution but are any capabilities for Insights and Log Analytics which Sentinel can do ?
May 07 2020 12:10 PM
Please let me know if this answered your question;
Azure Monitor has capabilities to do the following:
So similar things can be accomplished although the products are geared in different directions as stated above.
Azure Sentinel is sitting on-top of Log Analytics, which will have similar features without the security enrichment offerings; like some of the following examples;
Wide scale data collection - across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.
Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
Respond to incidents rapidly with built-in orchestration and automation of common tasks.
Primary things that are different; are the Investigation and detections with AI, Incident Management capabilities, upcoming features like User and Entity Behavior Analytics and Threat Intelligence.