1. *In a recent blog post, Microsoft discusses cost-saving strategies for log ingestion in Microsoft Sentinel. By splitting logs into multiple tables and utilizing the Basic tier, users can effectively manage expenses. The article outlines various log plans, including Analytics, Basic, and Auxiliary logs, and offers practical steps for implementing these changes.2. **:**

“`html

Optimize Your Log Management with Microsoft Sentinel

In an era where data is king, managing log ingestion costs is crucial. Microsoft has introduced a cost-effective strategy for users of Microsoft Sentinel. This involves splitting logs into multiple tables and opting for the Basic tier. Let’s explore this innovative approach.

What’s New?

Microsoft has revamped its log plans to provide users with more flexibility and cost-saving options. The introduction of Basic Logs is a game-changer. It supports richer troubleshooting and incident response while significantly reducing costs. Also, the retention period has been extended, allowing users to keep logs longer without incurring hefty fees.

“Basic Logs have been improved to support even richer troubleshooting and incident response with fast queries while saving costs.”

Major Updates in Log Plans

Azure Monitor now offers three distinct log plans:

• Analytics Logs: Designed for frequent access and optimized for critical logs.
• Basic Logs: Ideal for cost-saving without compromising on functionality.
• Auxiliary Logs: A new, inexpensive option for verbose logs needed for compliance.

Understanding these plans allows users to make informed decisions about their log management strategy. For example, Analytics Logs support all tables, while Basic Logs are compatible with DCR-based custom tables and some Azure tables.

What’s Important to Know?

To effectively manage costs, it’s essential to analyze your logs. High-volume logs, such as Firewall logs, can significantly inflate ingestion costs. By switching these logs to the Basic log plan, users can save substantially.

Here are the steps to achieve this:

1. Ingest Firewall logs to Microsoft Sentinel using the Azure Monitor Agent.
2. Create a custom table mirroring the Syslog table schema.
3. Update the Data Collection Rule (DCR) template to split the logs.
4. Set the table plan to Basic for the new DCR-based custom table.

“I highly recommend reviewing the PowerShell script thoroughly and doing proper testing before executing it in production.”

Conclusion

By splitting logs into multiple tables and utilizing the Basic tier, organizations can significantly reduce their log ingestion costs. This strategic approach not only enhances efficiency but also ensures compliance. Dive into Microsoft Sentinel’s new log plans and start optimizing your log management today!

From the Core Infrastructure and Security Blog

Related Posts

Unlock the Mystery of Why BitLocker is Not Resuming After Reboot Count Has Been Reached

Security hardening changes needed on domain controllers in IT environments to address CVE-2022-37967 will enter the Third deployment phase, as Read more

Unlock the Power of Automation with Dynamic Thresholds in Azure Monitor Log Alerts

What is Azure Monitor? Azure Monitor is a service that provides a single source for monitoring Azure resources. It provides Read more

Connect to Azure Government with Azure Data Studio – Unlocking the Power of Government Cloud Computing!

Azure Data Studio Connections to Azure Government Azure Data Studio is an open source, cross-platform database tool for data professionals Read more

Unlock the Power of Kubernetes with External DNS for Azure DNS & AKS!

What is Kubernetes External DNS? Kubernetes External DNS is a service that allows users to manage and configure public DNS Read more