MicrosoftIm curious to this. It cost about nothing to run a threat hunt query for this (in NRT or even in live feed) in sentinel. Running this query in Security for Copilot cost me about 1.47-3.6$ - that's running it once and depending on resources i had access to (one being global reader/reader on all azure resources). And this price is just for the queries themself. How is this just? (what i can see there is no new "detection" happening unless the LLM used is trained specifically for patterns that the queries/hunts already existing is not able to detect? If so, that would be the bigger news in itself!). The query in sentinel (if logs ingested) required the user to have less access (least privileged) and was quicker, even cost less - therefor also much more secure due to boundaries. Unless we can move under the threshold of existing tooling - this is not viable, just rather something that looks cool?
