cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Workspace and Sentinel how it will work

sharukh222000
Copper Contributor

‎Nov 19 2022 08:57 PM

‎Nov 19 2022 08:57 PM

Workspace and Sentinel how it will work

Dear All,


I have my company server and worspace located in 3 regions i.e US, Europe and India and data is flowing from those specific locations to the respective workspace for example US data will go to US workspace.

 

We wanted to continue the same but the issue is we wanted now to have our security team setup and we are planning to have it in India only so we ran sentinel on top of India workspace now the question is how to monitor the US and europe workspace?

 

Kindly let me know the answer from the following prespective

 

1) The cost effiecnent way?

2) The best practice in these scenario's?

3) Can we use azure lighthouse?

 

Labels:
1,032 Views
0 Likes
3 Replies
Reply
3 Replies
samikroy

‎Nov 21 2022 05:15 AM

‎Nov 21 2022 05:15 AM

Re: Workspace and Sentinel how it will work

1. If data compliance aggress, target the logs to a single workspace.
a. This will help you to query in a single workspace.
b. In case of a high data ingestion, you will be able to leverage commitment tiers.
3. Lighthouse is used in case of multi-tenancy which does not seem to be use case here.
This brings up another question what data sources being ingested
Heartbeat - Free
SecuityEvent - Will be billing same as of now.
Hope this helps.
0 Likes
Reply
sharukh222000

‎Nov 21 2022 06:22 AM

‎Nov 21 2022 06:22 AM

Re: Workspace and Sentinel how it will work

Didnt get it.

Lets make it simple

If we have 2 workspace in two separate region 1 in us and another in india

Sentinel running on india workspace only but in future i want to monitor us site also
Whats best practice?
Do i need 2 sentinel?
0 Likes
Reply
samikroy

‎Nov 21 2022 07:07 AM

‎Nov 21 2022 07:07 AM

Re: Workspace and Sentinel how it will work

Assess (Data compliance/ Any other requirements) if we the log sources from another location (US) can point to initial location (India)
Else, you have to have 2 different Sentinel Instance and use cross workspace queries to join for your use cases
0 Likes
Reply