Forum Discussion
Sentinel Cost Estimation
Good evening community, I need some help understanding the costing for Sentinel. I'm trying to build a case for Sentinel as a compete to an existing solution. The environment has around 1000 ...
SebastiaanR You will not get charged for O365 data and the ALERTS coming from the other Azure security products, like MCAS and ATP, and the Azure Activity logs. Go to this page and at the bottom of the page is a FAQ that lists this out. Also, note that the total cost for Azure Sentinel is:
1) Azure Sentinel ingestion (which the URL below is for)
2) Log Analytics ingestion
3) Data retention after 90 days (first 90 days is free no matter where the data come from)
https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/
You can also go to https://siemsizingcalculator.logpoint.com/ to get an idea of how much data you will be ingesting from your environment.
Thanks GaryBushey . I actually used that to determine the log sizes earlier today, thanks 🙂
Pardon my ignorance,
Let's assume I have my LA workspace with Sentinel on top of it. I have a server connected to this same workspace generating 50GB of logs per month. The same workspace is covered under Azure Security Center standard and as such this server is covered by Defender ATP.
Am I correct that Sentinel still sees the 50GB as ingested log volumes, and that is what will be counted against the consumption?
Thanks
SebastiaanR That is correct.
- Ofer_Shezaf
Microsoft
GaryBushey , SebastiaanR : To clarify:
- The free sources Gary mentions above are free for both the Sentinel cost and the Log Analytics ingestion cost. Only Log Analytics retention beyond 90 days is charged.
- The 500MB/d free consumption allocation for Security Events for systems licensed for ASC standard applies but only to the Log Anaytics ingestion cost and not to the Sentinel cost.
