Forum Discussion
Essential solutions
There are currently 10 different solutions with Essentials in their title and many of them have very similar titles, e.g. DNS, Network Session and Network Threat Protection. Do other firms typically...
Dean_Gross I cant speak for Microsoft in regards to this
But best practice in my experience, is to ingest the defender feeds first then shape your Sentinel to a particular architectural model for your environment. i.e. Threat informed defence, this would be based on the capabilities of your SOC or security team.
Ingest only what you require to monitor otherwise there can be typically big cost blow outs and "bill" shock when ingesting data into Sentinel