• Sentinel Cost Optimization Exercise Part 2

    Posted on May 17, 2023

    Introduction and Use Case: You have recently deployed Microsoft Defender for Endpoint. Before this, your workstations were reporting directly to Sentinel. Now that your workstations have 30 days of retention in the Defender for Endpoint product, why duplicate those workstation logs into your Sentienl ingest volume and pay twice? From... [Read More]

  • Sentinel Cost Optimization Part 2

    Posted on May 15, 2023

    Introduction and Use Case: Effective Per GB Price is a crucial part of any cost optimization exercise against your environment. How do you find your Effective Per GB Price and how do you use it to calculate how much stuff costs? [Read More]

  • Workspace Transformation Rules

    Posted on May 10, 2023

    Introduction and Use Case: Workspace Transformation Rules are a very effective way to fine tune your ingest volume. Perhaps you need data from the SecurityEvent table but not ALL of the EventIDs that go with it? Let’s take out the trash! [Read More]

  • Sentinel Cost Optimization

    Posted on April 24, 2023

    Introduction and Use Case: You’ve just deployed Microsoft Sentinel to your Log Analytics Workspace… now what? How do you know this is an efficient setup? Let’s take a walk on the LEAN side. [Read More]