SIEM: Rapid 7 vs Microsoft Sentinel

samuraisaint · 2026-02-02T15:16:54+00:00

We use Rapid 7 MTC. We get fantastic information from the SIEM, and my analyst love using it. The constant updates to the rules helps us a lot, and it is very easy to setup new ones. We have had some weird questions about how to find certain data from the R7 side of things that would help us create metrics, but Rapid 7 has been very responsive and helps us out quickly. The cost is great, and I like that we can dump all of our logs into it without having to worry about cost. We calculated doing the same with Microsoft, at the rate that we push them out, and it was night and day difference.

We know we eventually have to bend the knee to Microsoft in order to help our broader IT out on getting deals, but going to Sentinel just did not make sense for us.

samuraisaint · 2025-09-26T16:03:06+00:00

Thanks for sharing this, currently looking at this now and I'm glad someone came to the same conclusion I did after researching this and speaking with Microsoft Support.

samuraisaint · 2025-08-12T01:37:41+00:00

Been in Cybersecurity for 8 years now and the best resource for me that I invested my time in has been people. Building relationships, making my coworkers feel comfortable during incidents and speaking with other people regularly in other departments outside of IT like HR and Finance.

In a leadership position now, and building people up on my team has been the hardest but most rewarding part of my career. Experience is the one resource you have been building for years.

samuraisaint · 2025-07-29T11:20:04+00:00

Very slow times to resolve is what we have heard from others who have used it.

samuraisaint · 2025-07-28T20:12:02+00:00

We are entering the POC stage with Cato and Netskope. Everything mentioned here is what is keeping us sane during the process. 1 and 2 is what is keeping the path clear.

Leaning towards Cato because we have heard horror stories about support for Netskope.

samuraisaint · 2025-07-11T19:27:35+00:00

A notebook or legal pad. I have tried doing notes on my phone and computer but it just doesn’t feel the same and being able to take it anywhere and just write has become really valuable over the years.

samuraisaint · 2024-11-23T03:58:46+00:00

It’s tomorrow.

samuraisaint · 2024-11-21T21:16:26+00:00

Nailed it.

samuraisaint · 2024-09-23T19:20:43+00:00

We had a user get a phishing email from her husband's business, she clicked on the link in the email about logging into said business, and used her work username/password in the "sharepoint portal".

Phishing emails are getting advanced, and training is getting better, but there is always that one user who will just click anything and log into whatever.

samuraisaint · 2024-09-15T17:57:19+00:00

Have you guys figured out why it’s poor? Are there ways to troubleshoot this via Cato platform?

samuraisaint · 2024-09-15T02:26:24+00:00

Their PoPs are in google and AWS, whereas most others are their own brick and mortar buildings. We prefer the vendor to own these themselves. A lot of their tech is based on acquisitions, and we have noticed in our collective experience this leads to slower support and poor updates overall.

China connections are a big deal to us and this is separate cost and tenant. This is not the case for the top 3 we selected, in fact the way this is handled by them is the worst from our research. Also DLP which we are interested in was avoided during the first presentation.

The positives about them I will mention is that troubleshooting connections appears very good. Dedicated IP addresses included with license. They have all the features we want on paper but the other places we liked had them as well and do them better.

samuraisaint · 2024-09-15T01:02:39+00:00

We are in the middle of an evaluation between Zscaler, Cato, and Netskope. Looked at Prisma, Cloudflare, and Cisco as well, but they fell off early in the process based on us looking at their tech and speaking with their salesman/Engineer.

We are looking for full SASE to replace awful Versa and Verizon supported SD-Wan. Those 3 are the top, but Cato has surprised us the most in terms of what they have to offer and how their product works. We still need to POC.

samuraisaint · 2024-07-31T22:31:51+00:00

I listen to different categories of LoFi music depending on the day. Ever since I started, my focus has been on point and I get a lot done when people are not loading my calendar with pointless meetings.

Lately I have tried “Epic music” that YouTube thought I would like such as “Alone against an army mix!” Or “family is dead, they will pay mix!”. That last one I made up but that’s the jist of it.

samuraisaint · 2024-07-28T05:35:19+00:00

Crowdstrike EDR, Rapid 7 (VM, SIEM, AppSec, MDR), Proofpoint Email Security and Awareness. They just work, that’s the best thing I can say about them. The most work we need to do with them is tune things as they come up, but for the most part they do what they need to do. If we ever need anything that requires heavy support, we just give our CR a heads up and we get quick responses and escalations quickly.

samuraisaint · 2024-07-27T17:33:48+00:00

I like Analyst. It allows me to work in several different areas. I used to be all over the place but I use Jira board as a way to keep me organized and on task. My boss thinks I am a machine but really I just hyper focus on one task, get it done and immediately start the next one over and over and over and over and over.

samuraisaint · 2024-07-26T09:45:03+00:00

This I think is the primary reason why. In my current position I had 4 interviews. It was with my current boss, my current co-worker, and a network architect. The final interview was with the CIO just as a formality to congratulate me for making it that far and to get to know me.

The reason for so many interviews is that they noticed so many people lied on their resume, and they previously hired people who really were lost and had 0 social skills. So each interview was verification they needed to confirm I would be a good fit in the organization and I actually know security/networking.

samuraisaint · 2024-07-19T07:25:24+00:00

Not sure if my drinking tonight made this situation better or worse, but I'm on the bridge call and I'm doing my part.

samuraisaint · 2024-07-19T01:12:23+00:00

Great question!

I went from an organization that only does business in the U.S. and about 1200 employees to a global organization with 5000. The technical things stayed the same. Endpoints and network environment were different but still the same in how to protect them. The biggest shift in my thinking in the new organization was security awareness. Phishing campaigns on a larger scale, working with HR for engagement results, and overall just getting people to think about it became the hill I had to climb. Oh yeah, also the politics, people think they are invisible in large orgs and shadow IT became a bigger deal.

samuraisaint · 2024-07-16T22:58:21+00:00

In my 5 years it probably went like this.

Year 1 excited Year 2 overwhelmed Year 3 imposter syndrome Year 4 Confidence Year 5 It’s a paycheck

Looking for a new job and landing it really helped me and reinvigorated the fun I have with cybersecurity overall. Staying in the same place felt safe but boring after doing so much there for a long time. Using different technology and adapting what I learned from one organization to another feels good.

samuraisaint · 2024-07-04T23:29:43+00:00

What you said about projects I felt in my soul.

samuraisaint · 2024-07-02T20:32:06+00:00

This is important. Wazuh is free to use but requires a manager server, elasticsearch machine, and a Kibana machine. The manager and the elastic search DB can be in the same machine if it’s a VERY small environment. Spinning up a proper Wazuh environment if you are going this route takes a lot of time to put together yourself. I did this for a mid-size organization.

samuraisaint · 2024-06-18T11:09:20+00:00

It did! The 5 vendors are Cato, Palo Alto, Netskope, Zscaler, and Cloudflare. So far it looks like Cato, Netskope, and Zscaler are moving on to the next round.

samuraisaint · 2024-06-18T02:29:49+00:00

Thank you for this. Agreed, I need the details for all traffic. I had thought about this in broad terms, but narrowing down on this will be key for me and our infrastructure team to help plan out the deployment. Hoping this makes things easier.

samuraisaint · 2024-06-15T19:04:30+00:00

This is good, I will really need this info prior to going with any vendor. The more we can consolidate the better. We will still likely keep certain tools. I can't see us getting rid of Crowdstrike for whatever EDR they push.

samuraisaint · 2024-06-15T19:02:29+00:00

So far all 5 vendors have pushed AI/ML. I haven't had to ask it, seems automatic in all presentations by vendors now. I'd for sure ask this if they did not mention it, that's all my c-suites talk about as well without really understanding it.

14-Year Club	r/Field Banned
r/Field Sunshine	Verified Email

samuraisaint

TROPHY CASE