May 10 2021 12:27 PM
Does anyone have any recommendation what logs to monitor or best practices once Sentinel is enabled then what events we should focus on? Currently working on pricing but as we are sending logs from our own syslog server but then I want to filter it out from there & only send the logs to Sentinel which I think will be useful (source can be anything endpoint, dns, windows security events etc) so based on that volume we can estimate the cost. Is there any documentation I can follow?
Any suggestion would be appreciated.
Jun 10 2021 09:40 AM
Jun 10 2021 02:38 PM
SolutionJun 10 2021 02:38 PM
Solution