Microsoft Sentinel Cost Optimization Secrets
Vložit
- čas přidán 12. 09. 2024
- 🎉 85% OFF Cyber Security Courses! 🚀
🔒 Hack Your Future - Cyber Security Projects for Your Dream Job
www.udemy.com/...
☁️ Cloud Penetration Testing with Azure
www.udemy.com/...
🤖 ChatGPT for SOC Analyst: Master Cyber Security with AI
www.udemy.com/...
🌐 Microsoft Sentinel: The Complete Introduction Course in Azure
www.udemy.com/...
💼 Microsoft Sentinel Advanced Course - Secure Azure Like a Pro
www.udemy.com/...
👉 *Join Our Discord Community* / discord
-----------------------------
🌐 Related Links:
- [Pricing Tiers](azure.microsof...)
- [Limited KQL queries](learn.microsof...)
- [8 days retention](learn.microsof...)
- [Data lake integration by Sayed Nouraie](github.com/sey...)
- [Data Lake Pricing](azure.microsof...)
- [Unlimited Advanced Hunting by Koos Goossens]( / unlimited-advanced-hun... )
- [Data Collection IDs](learn.microsof...)
-----------------------------
📋 Description:
In this video, discover 5 essential strategies to slash your Microsoft Sentinel costs and enhance your security spending efficiency. Learn how to optimize your pricing tier, leverage Basic Logs for cost-effective data management, and make the most of Data Archive options. Explore the benefits of alternative data storage solutions in Azure, especially for long-term data retention. Additionally, harness the benefits of data collection rules to gather only crucial information, saving you money on data ingestion.
-----------------------------
👇 Get in Touch:
- LinkedIn: / pavelhrabec
-----------------------------
Microsoft Sentinel cost reduction
SIEM cost-saving tips
Security cost optimization
Microsoft Sentinel pricing tier
Data ingestion cost savings
Basics Logs vs. Analytics Logs
Data Archive for cost efficiency
Long-term data retention options
Azure Data Lake Storage
Azure Data Explorer integration
Data collection rules
Event ID filtering
Cost-effective SIEM strategies
Log Analytics Workspace
Security budget optimization
Reduce SIEM expenses
Microsoft Sentinel secrets
Azure security cost reduction
SIEM cost management
Efficient data management
Cost-effective log storage
Data transformation rules
Security data analysis
Data archiving best practices
SIEM cost-effective solutions
SIEM cost-cutting strategies
Azure security best practices
SIEM data optimization
Efficient log management
Microsoft Azure cost-saving tactics
#azuresecurity #microsoftsentinel #securitytools #azurecost #cloudsecurity #security #azure #cybersecurity #SIEM #azuresentinel #KLQTransformation #AzureCosts
We have a problem that project away in the transformation editor isn't working. It works in the editor window and that means the query is correct. But it still ingests all the data as we see it in the logs.
Hello, that's interesting. How long did you wait? Sometimes there are big delays with transformation in hours.
It's also possible you have multiple workspace transformation rules on different tables. Didn't test it for a while, maybe Microsoft fixed it, but you couldn't have multiple workspace transformation rules.
You would have to combine all your rules into one, even for multiple build in tables such as SignInLogs NonInteractive...etc.
yeah that doesn't work :(. single workspace.
Can you elaborate? What exactly is not working for you?
@@Cyber-Check I tried filtering out events using a simple kql query, like dropping a specific windows event or dropping firewall events between 2 IP addresses.