Forum Discussion
Solved
Pricing Calculator for Microsoft Sentinel
Hi everyone, I am using the Pricing Calculator for Microsoft Sentinel. I can see the pricing split into two parts - Azure Monitor and Microsoft Sentinel. In my understanding, Microsoft Sentinel wil...
Hello CyrilChu,
The pricing is split into two parts - Azure Monitor and Microsoft Sentinel because:
Azure Monitor is considered to be the "Ingestion" part (GB of logs that are ingested into Log Analytics Workspace) and Microsoft Sentinel is the SIEM system itself that operates logs, queries, workbooks, connectors etc.
As far as I know, if you have 2 subscriptions and 2 Sentinels and use LightHouse to connect one Sentinel to another, you will still have to pay for both of them.
Because these are two separate Sentinels.
For example, you are a SOC company and have a customer who has Sentinel. And you want to connect your customer's Sentinel to your to see and manage data in your own system. The customer will have to pay for his Sentinel.
Because these are two separate Sentinels.
For example, you are a SOC company and have a customer who has Sentinel. And you want to connect your customer's Sentinel to your to see and manage data in your own system. The customer will have to pay for his Sentinel.
mikhailf,
I am not sure it have 2 Sentinels, the current situation is Customer Company use belows link to share his Resource group (Include Log Analytics Workspace and Already add Microsoft Sentinel to the workspace) to SOC Company.
https://github.com/Azure/Azure-Lighthouse-samples
As far as I know, we need to add Microsoft Sentinel to a workspace after you create a Log Analytics Workspace. SOC Company itself did not add Microsoft Sentinel to any workspaces before. SOC Company can connect to customer's Sentinel via lighthouse directly. We don't need to add Microsoft Sentinel to customer's workspace.
For this situation, it still count as two separate Sentinels?
I am not sure it have 2 Sentinels, the current situation is Customer Company use belows link to share his Resource group (Include Log Analytics Workspace and Already add Microsoft Sentinel to the workspace) to SOC Company.
https://github.com/Azure/Azure-Lighthouse-samples
As far as I know, we need to add Microsoft Sentinel to a workspace after you create a Log Analytics Workspace. SOC Company itself did not add Microsoft Sentinel to any workspaces before. SOC Company can connect to customer's Sentinel via lighthouse directly. We don't need to add Microsoft Sentinel to customer's workspace.
For this situation, it still count as two separate Sentinels?
- If the SOC company doesn't have Sentinel installed, so you won't have to pay for it.
You can use both scenarios.
1. You have LAW + Sentinel and SOC connects to your Sentinel via Lighthouse (so you pay only for 1 Sentinel on your side)
2. You have LAW + Sentinel and SOC has its LAW + Sentinel that is fully integrated with your Sentinel. In that way, the SOC can see logs from your Sentinel in their own one (they can create rules, workbooks, etc.)- mikhailf,
May I know the Sentinel is which component of Azure? a resource under the resource group?
I cannot find the Sentinel in the resource group or application. Since the lighthouse connection uses a resource group base. How can I make sure that I am using the customer's Sentinel instead of SOC Sentinel?- CyrilChu Sentinel is a resource create on top of a Log Analytics Workspace. It is deployed to the same resource group where that particular log analytics resides.
