Forum Discussion

Maxou's avatar
Maxou
Copper Contributor
Feb 15, 2021

Technical details and integration

Hi All, I was wondering if you can help with the following questions please?   - What datastore does Sentinel use? - Does Sentinel allow to backup the data in Azure blob store and search it ? - ...
printscreen's avatar
printscreen
Brass Contributor
Feb 15, 2021

Maxou I could be able to answer few questions - 

 

- What datastore does Sentinel use? [Sentinel stores all logs which got ingested, in log analytics]
- Does Sentinel allow to backup the data in Azure blob store and search it ? 
- Is it easy to get data out of Sentinel what is the cost? [you can remove sentinel easily, pls go thru this https://docs.microsoft.com/en-us/azure/sentinel/offboard?WT.mc_id=Portal-Microsoft_Azure_Security_Insights]

- How do we can collect logs and audit logs from PASS services like API management services , Azure cosmos , Synapse workspace and PowerBI Embedded? [you can easily collect any azure resource logs(in fact, a few non-Microsoft vendor logs too) through diagnostic settings. For example, if we consider APi managements service, go to Azure portal ->APIM-> Diagnostic settings-> click on '+ Add diagnostic settings'. Select appropriate logs and map the sentinel log analytic workspace there and save it)
- Also how is the cost calculated if you increase the retention from 31 days to 90 days ? [With best of my knowledge, For Azure Sentinel enabled workspaces the data is retained for free for 90 days, Retention beyond 90 days will be charged per the standard https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Flog-analytics%2F&data=04%7C01%7Cnikitha.cheemati%40kontex.com%7C23d170a576bb4fab535108d8951409bd%7C6bfdb47acb3e4b91854a9d201e501f6a%7C0%7C0%7C637423260585495280%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Q%2FLqt1xpwedKpVN86sRb0WKrsXnsVwywQLNuAIhVOwg%3D&reserved=0 retention prices (as outlined https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fazure-sentinel%2F&data=04%7C01%7Cnikitha.cheemati%40kontex.com%7C23d170a576bb4fab535108d8951409bd%7C6bfdb47acb3e4b91854a9d201e501f6a%7C0%7C0%7C637423260585505235%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dE1nVAQXu2Uy11pL5A4iyP4rHsqqG7OGIZOaowaouY4%3D&reserved=0). Only if you do configure some changes in sentinel settings, you will find an option to increase data ingestion]

 

I hop it helps.

Maxou's avatar
Maxou
Copper Contributor
Feb 15, 2021
printscreen: Thanks a lots appreciate it 🙂