try to search for Sentinel Optimization workbook, get it installed, get it run, and find the areas of improvement you can make to reduce cost and enhance optimizations
Question please: can I use ADX and get similar value to auxiliary logs? If I'm correct ADX would be about $0.008/GB/month and auxiliary is $.19/GB? (plus with adx you pay about $1k/month for the adx cluster, etc)
Thanks for your comment. The good news is that Microsoft Sentinel is also integrated with the Microsoft Defender XDR portal experience. Microsoft Sentinel has the advantage that you can connect other Cloud and on premises services - IaaS, PaaS, and SaaS - for a view of your entire estate and see how incidents might move between Microsoft and non-Microsoft services.
Is MSFT advocating that customers integrate all AWS logs into Sentinel and relying upon it as a single pane of glass instead of AWS Security Hub / Cloud Watch / Guard Duty?
That would be the recommendation for any SIEM, not just Microsoft, otherwise there is no way to connect the activity signals together as you investigate and work through incidents.
We subscribed to Sentinel. As powerful as it is, it’s quite unfortunate that it’s a major money HOG! By design, it’s meant to get data from multiple sources, yet - the more you configure for just that reason, the more unaffordable it becomes. This is really for big corporates with bottomless pockets. 😔. I’ll be surprised if my IT Department lasts one more year of this.
Good news, that's a lot of what this video is about. SOC optimizations to save costs with storage and Auxiliary Logs to affordably pull in important logs you might otherwise not be able to, because they are too vast and potentially too noisy, like firewall logs.
the education and features for lower cost logging have certainly been some time coming. Consider these topics to reduce costs: - logging to ADX - creating data transformations to filter no-value logs - this new auxiliary log feature Hopefully Microsoft or someone will create an up to date video with a deep dive on the above 3 topics, including cost comparison use cases.
![[ ออกกอง ] วัยหนุ่ม 2544 โลกหลังลูกกรง..ทัวร์กองถ่ายหนังใน "คุกของจริง" | JUSTดูIT.](http://i.ytimg.com/vi/vB--aOkZCpw/mqdefault.jpg)
I really struggle with Sentinel. I know it's hugely powerful but it's so expensive to run and hard to know how to optimize.
try to search for Sentinel Optimization workbook, get it installed, get it run, and find the areas of improvement you can make to reduce cost and enhance optimizations
Question please: can I use ADX and get similar value to auxiliary logs?
If I'm correct ADX would be about $0.008/GB/month and auxiliary is $.19/GB? (plus with adx you pay about $1k/month for the adx cluster, etc)
I'm confused as to what Sentinel is providing me that Defender isn't. All we have configured is the 365, Defender and Entra connectors.
Thanks for your comment. The good news is that Microsoft Sentinel is also integrated with the Microsoft Defender XDR portal experience. Microsoft Sentinel has the advantage that you can connect other Cloud and on premises services - IaaS, PaaS, and SaaS - for a view of your entire estate and see how incidents might move between Microsoft and non-Microsoft services.
Is MSFT advocating that customers integrate all AWS logs into Sentinel and relying upon it as a single pane of glass instead of AWS Security Hub / Cloud Watch / Guard Duty?
That would be the recommendation for any SIEM, not just Microsoft, otherwise there is no way to connect the activity signals together as you investigate and work through incidents.
👌
We subscribed to Sentinel. As powerful as it is, it’s quite unfortunate that it’s a major money HOG! By design, it’s meant to get data from multiple sources, yet - the more you configure for just that reason, the more unaffordable it becomes. This is really for big corporates with bottomless pockets. 😔. I’ll be surprised if my IT Department lasts one more year of this.
What are you ingesting? DM if you want help on controlling costs.
Good news, that's a lot of what this video is about. SOC optimizations to save costs with storage and Auxiliary Logs to affordably pull in important logs you might otherwise not be able to, because they are too vast and potentially too noisy, like firewall logs.
the education and features for lower cost logging have certainly been some time coming. Consider these topics to reduce costs:
- logging to ADX
- creating data transformations to filter no-value logs
- this new auxiliary log feature
Hopefully Microsoft or someone will create an up to date video with a deep dive on the above 3 topics, including cost comparison use cases.
@@simple-security Thank you, I’ve taken note for my team. Appreciated.
@@MSFTMechanics Taken note, shared with my team to consider. Thank you.🙏