Sentinel log ingestion

Question

@macd&nbsp;in&nbsp;Microsoft SentinelHello,&nbsp;&nbsp;I have one question regarding log ingestion.If we already have logs in the log analytic workspace and later if we enable sentinel in the same workspace, then will that sentinel be able to read those logs or do we need to ingest those logs again through sentinel data connectors?&nbsp;Thank you

cyb3rmik3 · Answer

burasathi&nbsp;hi,&nbsp;What kind of logs do you ingest in Log Analytics Workspace now?

clive_watson · Answer

Logs are only ingested once, Sentinel reads them, so they will be available to you *after* you enable Sentinel

burasathi · Answer

cyb3rmik3 hi in log analytics there is Sign in logs from Azure Active Directory.

burasathi · Answer

Clive_Watson.Hello, Thank you for the confirmation,. Will there be extra cost if sentinel reads the logs.

clive_watson · Answer

burasathi&nbsp;&nbsp;Microsoft Sentinel has a similar billing, model to Log Analytics, please look up "Sentinel" in&nbsp;Pricing Calculator | Microsoft AzureThe total monthly price is for the Ingestion + Sentinel to analyse those same logs&nbsp;"Microsoft Sentinel is billed for the volume of data stored in an Azure Monitor Log Analytics workspace and analyzed in Microsoft Sentinel."&nbsp;

Forum Discussion

Sentinel log ingestion

Share

Resources