We performed a comparison between Google Chronicle Suite and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."What sets Chronicle apart from other solutions is its emphasis on threat hunting rather than solely serving as a monitoring tool."
"Google Chronicle Suite provides useful APIs."
"The platform's most valuable features are multiple connectors and data output flexibility regarding dashboards and user experience."
"The product's most valuable feature is threat hunting. We can detect the threats directly from the console from the past data as well."
"The tool's most valuable feature is the search option, allowing easy navigation."
"Google Chronicle Suite is a highly scalable solution with good search capabilities."
"The log folder is fairly simple."
"The support team is responsive."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"The most valuable features are its threat handling and detection. It's a powerful tool because it's based on machine learning and on the behavior of malware."
"It has a lot of great features."
"I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"The tool needs to improve tasking packages. Its GUI needs to be improved. The product needs to include time-based filtration. We can only see the alert detection timeline now."
"In terms of improvement, the UI can be a bit challenging for beginners."
"The tool is complicated for a first-time user. It should also include newer APIs."
"The configuration is not optimal."
"A few areas are difficult to understand for someone who has less experience using the product."
"The solution's graphical user interface (GUI) should be more user-friendly."
"The product's default dashboard feature has a few limitations regarding availability."
"The tool is a little bit difficult to use compared to Microsoft Sentinel."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"The product can be improved by reducing the cost to use AI machine learning."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"It has been a challenge with Azure Sentinel to onboard the Syslog server from FortiGate. Azure Sentinel can work better on that shift between the Syslog server and a firewall."
"Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
Google Chronicle Suite is ranked 26th in Security Information and Event Management (SIEM) with 8 reviews while Microsoft Sentinel is ranked 2nd in Security Information and Event Management (SIEM) with 86 reviews. Google Chronicle Suite is rated 7.8, while Microsoft Sentinel is rated 8.2. The top reviewer of Google Chronicle Suite writes "Swiftly navigates and analyzes extensive datasets without significant delays ". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Google Chronicle Suite is most compared with Splunk Enterprise Security, AWS Security Hub, Sentinel, IBM Security QRadar and Elastic Security, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Wazuh, Microsoft Defender for Cloud and Rapid7 InsightIDR. See our Google Chronicle Suite vs. Microsoft Sentinel report.
See our list of best Security Information and Event Management (SIEM) vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
