![]() It is currently a bit complicated, and it should be simplified. There are a lot of applications in the world that are not supported." "Its search or filtering capability is nice, but it can be improved. "Given the ever-increasing number of threats, I would like Splunk to update its threat signatures more frequently." "Previously, they developed custom connectors or add-ons for a lot of applications. People who are using Microsoft Power BI do not like Sentinel's dashboards." Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems." "The dashboards can be improved. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. They could improve the ease of deploying these queries." "Everyone has their favorites. You have to take a canned query and paste it into an operational box and then you hit a button. It's not immediately intuitive regarding how you use it. But Microsoft should increase the number of native connectors to get logs into Sentinel." "Sometimes, it is hard for us to estimate the costs of Microsoft Sentinel." "If you're looking to use canned queries, the interface could be a little more straightforward. ![]() If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. At the moment, it only covers a few vendors. Structuring the rules according to industry might help us." "Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized." "Sentinel's reporting is complex and can be more user-friendly." "Sentinel should be improved with more connectors. ![]() For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. There are already more than 400 rules, but they could add more industry-specific ones. "I would like Sentinel to have more out-of-the-box analytics rules. That is helpful for a power user like me." "The ability to ingest different log types from many different products in our environment is most valuable." "Splunk Enterprise Security is able to process a huge amount of data without any issues." On top of that, we can use their language in order to create and customize the dashboards, correlations, or analytics that we want to incorporate." "Splunk would be my choice for the presentation layer because it comes with inbuilt reports and a dashboard that you can customize." "The most useful feature for me is the ability to create different kinds of alerts and set a different kind of denominator that will capture the real event. The ability to connect to pretty much everything and bring the information in the same format is also valuable. It's good for monitoring that in particular." "The ability to digest any information and then correlate it in accordance with what you need is valuable. "The product has a good security posture." "The correlation searches are most valuable just because we are able to do things like RBA." "We are using Microsoft 365 and we're using the Exchange Mail Service. It has an easily understandable language to perform actions." "Sentinel is a SIEM and SOAR tool, so its automation is the best feature we can reduce human interaction, freeing up our human resources." Sometimes, we have to do it manually." "The UI of Sentinel is very good and easy to use, even for beginners." "Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment." "The analytic rule is the most valuable feature." "It's easy to use. For example, we can integrate Sentinel with Office 365 with one click. It automatically provisions the native Microsoft products." "One of the most valuable features of Microsoft Sentinel is that it's cloud-based." "Native integration with Microsoft security products or other Microsoft software is also crucial. We don't need to depend upon any other connectors. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. ![]() "The AI and ML of Azure Sentinel are valuable.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |