🌐
Microsoft Learn
learn.microsoft.com › en-us › security › zero-trust › siem-xdr-overview
Incident Response with XDR and Integrated SIEM | Microsoft Learn
Microsoft Sentinel is a cloud-native solution that provides security information and event management (SIEM) and security orchestration, automation, and response (SOAR) capabilities.
🌐
Microsoft
microsoft.com › en-us › security › business › siem-and-xdr › microsoft-sentinel
Microsoft Sentinel—AI-Ready Platform | Microsoft Security
Microsoft Sentinel delivers extended visibility and foundational SecOps tools with built-in SIEM, SOAR, UEBA, and TI to detect, investigate, and respond to cyberthreats efficiently across the entire digital estate. Both Microsoft Defender XDR and Microsoft Sentinel are fully integrated in the Microsoft Defender portal, delivering unparalleled native detection and automated response with extended visibility, flexibility, and scalability.
Videos
28:32
🌐 YouTube
Ask Microsoft Anything: SIEM and XDR - YouTube
April 13, 2023
1.1K
27:02
🌐 YouTube
What’s new in SIEM and XDR: Attack disruption and SOC empowerment ...
October 13, 2022
3.36K
24:48
🌐 YouTube
Transitioning the Sentinel SIEM experience from Azure to the Defender ...
September 30, 2025
01:33
🌐 YouTube
Enhanced Security: Microsoft Sentinel, Defender XDR & Generative ...
May 9, 2024
1.31K
🌐 youtube.com
Unifying SIEM & XDR: a new era in SecOps
10:12
🌐 YouTube
Microsoft Defender XDR, Copilot for Security & Microsoft Sentinel ...
November 15, 2023
View all
View all
🌐
Microsoft
microsoft.com › en-ca › security › business › solutions › siem-xdr-threat-protection
SIEM and XDR Solutions | Microsoft Security
Automatically disrupt cyberattacks and accelerate response with extended detection and response (XDR). ... Get incident-level visibility across your digital estate with cloud-native security information and event management (SIEM).
🌐
Microsoft Learn
learn.microsoft.com › en-us › defender-xdr › configure-siem-defender
Integrate your SIEM tools with Microsoft Defender XDR - Microsoft Defender XDR | Microsoft Learn
Microsoft Defender XDR supports security information and event management (SIEM) tools ingesting information from your enterprise tenant in Microsoft Entra ID using the OAuth 2.0 authentication protocol for a registered Microsoft Entra application ...
🌐
Microsoft
microsoft.com › en-ca › security › business › siem-and-xdr › microsoft-defender-xdr
Microsoft Defender XDR | Microsoft Security
Microsoft Defender XDR is an XDR platform that provides security across your multiplatform endpoints, hybrid identities, emails, collaboration tools, and cloud apps. It uses incident-level visibility across the cyberattack chain, automatic cyberattack disruption, and unified security and access ...
🌐
Microsoft
microsoft.com › home › microsoft delivers unified siem and xdr to modernize security operations
Microsoft delivers unified SIEM and XDR to modernize security operations | Microsoft Security Blog
June 25, 2025 - Extended detection and response ... that are designed to deliver intelligent, automated, and integrated security across domains to help defenders connect seemingly disparate alerts and get ahead of attackers....
🌐
Microsoft Learn
learn.microsoft.com › en-us › shows › microsoft-sentinel-defender-xdr-virtual-ninja-training › unifying-siem-xdr-a-new-era-in-secops
Unifying SIEM & XDR: a new era in SecOps | Microsoft Learn
Learn how this innovation offers you enhanced analyst efficiency by combining security information and event management (SIEM) and extended detection and response (XDR), reducing interruptions through consolidation of duplicate features, and ...
🌐
Microsoft Learn
learn.microsoft.com › en-us › security › zero-trust › siem-xdr-implement
Zero Trust Security with Microsoft Sentinel and Defender XDR | Microsoft Learn
If you onboarded your Microsoft Sentinel workspace to the Defender portal, SIEM data is available with Microsoft Sentinel directly in the Microsoft Defender portal. After observing a common attack, use Microsoft Sentinel and Microsoft Defender XDR for incident response.
🌐
Microsoft
microsoft.com › home › siem and xdr
SIEM and XDR Insights | Microsoft Security Blog
... Microsoft has been named a Leader in IDC’s inaugural category for Worldwide Extended Detection and Response (XDR) Software for 2025, recognized for its deep integration, intelligent automation, and unified security operations solutions.
Find elsewhere
🌐
Microsoft
microsoft.com › home › microsoft unifies siem and xdr to help stop advanced attacks
Microsoft unifies SIEM and XDR to help stop advanced attacks | Microsoft Security Blog
June 24, 2025 - We combined the breadth of Azure Sentinel, our cloud-native SIEM (security information and event management) with the depth of Microsoft 365 Defender and Azure Defender, our XDR (extended detection and response) tools, to help fight against ...
🌐
Microsoft
microsoft.com › en-us › security › business › solutions › ai-powered-unified-secops-defender
AI-Powered Security Operations | Microsoft Security
Automatically disrupt cyberattacks and accelerate response with extended detection and response (XDR). ... Strengthen operations with a security information and event management (SIEM) and AI-powered SecOps platform that unifies your data, scales intelligently, and powers agentic defense across ...
🌐
Microsoft
partner.microsoft.com › en-us › partnership › partner-incentives › build-intent-workshops-defend-against-threats-with-siem-plus-xdr
Sales - Defend Against Threats with SIEM Plus XDR
The Sales - Defend Against Threats with SIEM Plus XDR workshop is designed to create customer intent for purchasing and/or deploying advanced Microsoft Security products, including Microsoft Sentinel and Microsoft 365 Defender. The workshop is expected to require about a three-day partner effort.
🌐
Reddit
reddit.com › r/msp › what's the difference between siem and xdr?
r/msp on Reddit: What's the Difference between SIEM and XDR?
September 22, 2022 -

Hi everyone, lately I've noticed growth in XDR solutions (StellarCyber, Cortex) being used over SIEM platforms (Splunk, SolarWinds).

I don't have much knowledge on XDR and I'm trying to understand how it's a better solution over SIEM regarding things like event detection, threat intelligence, incident visibility, efficiency, etc.

I'd like to know more about the concept and the argument, can SIEM and XDR solutions be paired together and operate? Is it too expensive to have both, or are they mutually exclusive?

My organization utilizes a SIEM setup but we're curious to know if an XDR solution could enhance and improve our setup. If it's better, could we fully convert to an XDR platform rather than having SIEM?

Top answer
1 of 11
41
Disclaimer: I am a Solutions Architect for Arctic Wolf (MDR provider). SIEM is essentially a log aggregator. It is only as smart as what you feed into it. Many SIEM’s have some capability of doing correlation between data sources, but in most cases the alerts it provides you are based on fixed rules. They require a lot of work to setup, customize, and need constant care and feeding and can get very expensive very quickly. With that said, when you’re doing IR they’re worth their weight in gold to be able to dig through massive amounts of logs in a short period. Having a SIEM of some kind in 2022 is essentially mandatory. XDR on the other hand is kind of a fluffy industry term and means different things depending on what platform you’re talking about. The immediate advantage to an XDR over solely a SIEM is the ability to look at the network layer instead of just relying on a NIDS to spit activity alerts to a SIEM. XDR platforms all have endpoint agents so when a detection is raised, the XDR platform has the ability to do automatic remediation where as SIEM would need an integration into another platform to be able to do it. Could an XDR enhance your environment? Absolutely! There is no question that getting more data about your security posture and having a client that can do automated after hours remediation is a good thing. Now will it replace your SIEM? It depends on what your needs are and if you have a compliance requirement for log retention. If all you want is security posture management, detection, and remediation, XDR is fine and you don’t need a SIEM. Some XDR solutions (like my company) include a SIEM because we understand that there’s strong value in having both.
2 of 11
40
First things first, many security companies/vendors make these terms up and water them down with marketing fluff to the point where it can be meaningless to try to compare vendor A's XDR solution to vendor B's XDR solution... So lets start by defining what most people are talking about when they talk about eXtended Detection and Response (XDR) and how its different from Endpoint Detection and Response. From my experience most vendors consider EDR to be anything that blocks or logs execution of code on an endpoint. When they talk about "extended" detection and response, they are typically referring to the network aspect of it. For example, logging or blocking DNS, network connections, filtering webpages, ssl inspection, user behavior, etc. Many of these solutions have a fairly robust logging solution, but it isn't universal. Additionally, not all logging is created equally, ease of access, ability to create rules/detection logic are all things that vary drastically by vendor. Lets contrast that with SIEM, which is meant to be a single place to shove all your logs/telemetry into and spit out alerts or something for your analysts to work through. Much of the focus is taking disparate events and being able to group them together, providing context for an analyst to determine if an event is a security incident. Even if XDR solutions provided the ability to correlate/aggregate any type of events/logs (which is in my experience either don't, or are terrible at it), many don't provide mechanisms for custom detection/business logic. I know of no XDR solution that is a drop in replacement for a well established log management/alerting system like Splunk or Elastic. And some of them even are using elastic, solr or splunk as their backend. TL;DR: EDR/XDR != SIEM, no matter how much vendors want to believe/sell you on it. Also, fuck product marketing people.
🌐
Microsoft Learn
learn.microsoft.com › en-us › azure › sentinel › microsoft-sentinel-defender-portal
Microsoft Sentinel in the Microsoft Defender portal | Microsoft Learn
Microsoft Defender provides a unified cybersecurity solution that integrates endpoint protection, cloud security, identity protection, email security, threat intelligence, exposure management, and SIEM into a centralized platform powered by a modern data lake. It uses AI-driven defense to help organizations anticipate and stop attacks, ensuring efficient and effective security operations. Microsoft Sentinel is generally available in the Microsoft Defender portal, either with Microsoft Defender XDR, or on its own, delivering a unified experience across SIEM and XDR for faster and more accurate threat detection and response, simplified workflows, and enhanced operational efficiency.
🌐
Microsoft Learn
learn.microsoft.com › pl-pl › defender-xdr › configure-siem-defender
Integrowanie narzędzi SIEM z usługą Microsoft Defender XDR - Microsoft Defender XDR | Microsoft Learn
Microsoft Defender XDR obsługuje narzędzia do zarządzania informacjami o zabezpieczeniach i zdarzeniami (SIEM) pozyskujące informacje z dzierżawy przedsiębiorstwa w Tożsamość Microsoft Entra przy użyciu protokołu uwierzytelniania ...
🌐
Microsoft Learn
learn.microsoft.com › de-de › defender-xdr › configure-siem-defender
Integrieren Ihrer SIEM-Tools in Microsoft Defender XDR - Microsoft Defender XDR | Microsoft Learn
Microsoft Defender XDR unterstützt SIEM-Tools (Security Information and Event Management) zum Erfassen von Informationen von Ihrem Unternehmensmandanten in Microsoft Entra ID mithilfe des OAuth 2.0-Authentifizierungsprotokolls für eine ...
🌐
Microsoft
microsoft.com › pl-pl › security › business › siem-and-xdr › microsoft-defender-xdr
Microsoft Defender XDR | Rozwiązania zabezpieczające firmy Microsoft
Dowiedz się, jak usługa Microsoft Defender XDR pomaga identyfikować i zatrzymywać cyberataki między punktami końcowymi, tożsamościami, pocztą e-mail, narzędziami do współpracy, aplikacjami SaaS, obciążeniami w chmurze, szczegółowymi informacjami o utracie danych i nie tylko.
🌐
Microsoft
microsoft.com › fr-ca › security › business › threat-protection
Protection contre les menaces - Outils SIEM et XDR - Microsoft
Interrompez automatiquement les cyberattaques et accélérez la réponse avec une détection et une réponse étendues (XDR). ... Bénéficiez d’une visibilité au niveau des incidents sur votre patrimoine numérique avec des informations de sécurité et une gestion des événements (SIEM) natives du nuage.
🌐
Microsoft
microsoft.com › fr-ca › security › business › siem-and-xdr › microsoft-365-defender
Microsoft Defender XDR | Sécurité Microsoft
Découvrez comment Microsoft Defender XDR permet d’identifier et d’arrêter les cyberattaques sur les points de terminaison, les identités, la messagerie électronique, les outils de collaboration, les applications SaaS, les charges de travail nuage, les insights sur la perte de données, etc.