try to search for Sentinel Optimization workbook, get it installed, get it run, and find the areas of improvement you can make to reduce cost and enhance optimizations
Question please: can I use ADX and get similar value to auxiliary logs? If I'm correct ADX would be about $0.008/GB/month and auxiliary is $.19/GB? (plus with adx you pay about $1k/month for the adx cluster, etc)
We subscribed to Sentinel. As powerful as it is, it’s quite unfortunate that it’s a major money HOG! By design, it’s meant to get data from multiple sources, yet - the more you configure for just that reason, the more unaffordable it becomes. This is really for big corporates with bottomless pockets. 😔. I’ll be surprised if my IT Department lasts one more year of this.
Good news, that's a lot of what this video is about. SOC optimizations to save costs with storage and Auxiliary Logs to affordably pull in important logs you might otherwise not be able to, because they are too vast and potentially too noisy, like firewall logs.
the education and features for lower cost logging have certainly been some time coming. Consider these topics to reduce costs: - logging to ADX - creating data transformations to filter no-value logs - this new auxiliary log feature Hopefully Microsoft or someone will create an up to date video with a deep dive on the above 3 topics, including cost comparison use cases.
Thanks for your comment. The good news is that Microsoft Sentinel is also integrated with the Microsoft Defender XDR portal experience. Microsoft Sentinel has the advantage that you can connect other Cloud and on premises services - IaaS, PaaS, and SaaS - for a view of your entire estate and see how incidents might move between Microsoft and non-Microsoft services.
