Designing and implementing Microsoft Sentinel
Microsoft Sentinel is built on top of an existing Log Analytics workspace, and you can have as many workspaces as you want, placed all around the different Azure regions around the world. It should be noted that with Log Analytics and Sentinel, you pay for each GB that is stored there, as well as the retention time that is configured.
As an example, if you generate 10 GB of logs each day in Microsoft Sentinel, it will cost approximately $1,600 each month, where $780 of that is the cost for Sentinel and $882 is for Log Analytics.
You can use the Azure price calculator as a good way to measure what the cost would be for the data amount that you are collecting: https://azure.microsoft.com/nb-no/pricing/calculator/.
As mentioned previously, Sentinel is billed on top of Log Analytics, and since Sentinel focuses on security events and monitoring for abnormal traffic patterns, a good best practice is to determine what kind of data should...
