We performed a comparison between Google Chronicle Suite and Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The most valuable feature is the alert notifications, which are categorized by severity levels: informational, low, medium, and high."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"The tool's most valuable feature is the search option, allowing easy navigation."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"Google Chronicle Suite provides useful APIs."
"What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"The log folder is fairly simple."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"The support team is responsive."
"It makes everything easier by automating some tasks and growing with our needs."
"Sentinel gave us logs to tell us what's going right and wrong in your environment so we could secure the network."
"The native integration with out-of-the box format is hassle free and allows data to be used advantageously."
"The solution lets us get all the logs properly and regularly monitor customer infrastructure."
"The most valuable feature of this solution is that it provides a central locking system for many event sources."
"The most valuable feature is the flexible log for identifying security threats inside an application. Sentinel is very good at this."
"The stability is phenomenal and we never had any issues with downtime or even had to restart."
"The solution's Kusto Query Language (KQL) execution time is pretty good."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"The playbook is a bit difficult and could be improved."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"The tool is complicated for a first-time user. It should also include newer APIs."
"The solution's graphical user interface (GUI) should be more user-friendly."
"In terms of improvement, the UI can be a bit challenging for beginners."
"A few areas are difficult to understand for someone who has less experience using the product."
"The product's default dashboard feature has a few limitations regarding availability."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"The configuration is not optimal."
"I rate Sentinel a six out of ten for scalability."
"There is a need for more flexibility in customization, especially when working with different vendors and platforms."
"You need a lot of Unix scripting knowledge in order to manage the tool, which is one of the main issues that we faced."
"The solution does not allow outsourced authorizations."
"There is no integration in the web-side of the tool."
"I would like to see a better reporting work structure on the dashboard."
"It is an ancient product."
"This product's connection to certain types of cloud systems could be improved. We can do Microsoft, Google, and Amazon, but there are a lot of other things happening in the cloud that we do not connect well enough to. This product could be improved with better connection to cloud-based solutions."
Google Chronicle Suite is ranked 28th in Security Information and Event Management (SIEM) with 8 reviews while Sentinel is ranked 18th in Security Information and Event Management (SIEM) with 15 reviews. Google Chronicle Suite is rated 7.8, while Sentinel is rated 7.6. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Sentinel writes "An automated solution that helped me detect threats in less than half the time it used to take". Google Chronicle Suite is most compared with Splunk Enterprise Security, AWS Security Hub, IBM Security QRadar, Elastic Security and Rapid7 InsightIDR, whereas Sentinel is most compared with IBM Security QRadar, Splunk Enterprise Security, Wazuh, LogRhythm SIEM and ArcSight Enterprise Security Manager (ESM). See our Google Chronicle Suite vs. Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
