Costs/limitations Sentinel Threat Indicators

New Contributor

In my organisation I have a MISP instance running which contains around 100k IoCs attributes. I want to sync these attributes to Azure Sentinel in the Threat Indicators table by using the Microsoft Graph Security API. However, I have two question on which I cannot find an answer on Microsoft's website:

* What are the costs of the Threat Intel ingestion (using the Microsoft Graph Security API)?

* Is there a limitation of how many IoC attributes I can ingest into Azure Sentinel?

1 Reply
@ceesmandjes I dont really have answer for first question for cost..
on limitation, there should not be any as its just a table within Log Analytics workspace. of course Log Analytics workspace limitations apply ;)