• Sentinel Cost Optimization Part 2

    Introduction and Use Case: Effective Per GB Price is a crucial part of any cost optimization exercise against your environment. How do you find your Effective Per GB Price and how do you use it to calculate how much stuff costs? [Read More]
  • Workspace Transformation Rules

    Introduction and Use Case: Workspace Transformation Rules are a very effective way to fine tune your ingest volume. Perhaps you need data from the SecurityEvent table but not ALL of the EventIDs that go with it? Let’s take out the trash! [Read More]
  • Sentinel Cost Optimization

    Introduction and Use Case: You’ve just deployed Microsoft Sentinel to your Log Analytics Workspace… now what? How do you know this is an efficient setup? Let’s take a walk on the LEAN side. [Read More]
  • Kql Detective Part 2

    Recap: In my last post, we leveraged the awesome power of KQL to investigate the drop in billable LogManagement ingest volume illustrated below (left side). During this investigation, we noticed a sudden increase in Security ingest volume toward the end of March. In this post, we’re going to track down... [Read More]