{"id":15504,"date":"2019-07-23T07:30:24","date_gmt":"2019-07-23T07:30:24","guid":{"rendered":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/?p=15504"},"modified":"2019-10-07T14:09:39","modified_gmt":"2019-10-07T13:09:39","slug":"azure-sentinel-meets-azure-log-analytics","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/","title":{"rendered":"Azure Sentinel meets Azure Log Analytics – looking at data use and estimated costs."},"content":{"rendered":"

\/\/
\n\/\/
\n\/\/ Now that the pricing is released – please see https:\/\/azure.microsoft.com\/en-gb\/pricing\/calculator\/ <\/a>
\n\/\/
\n\/\/ Please use https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/10\/03\/azure-sentinel-average-gb-per-day\/<\/a>
\n\/\/ <\/p>\n

————————————————————————————————<\/p>\n

Please use the above link – posted retained for examples only, now that Sentinel has been released <\/p>\n

————————————————————————————————<\/p>\n

This post combines two previous posts, one on Log Analytics and one on Sentinel Dashboards.<\/p>\n

https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/22\/azure-log-analytics-looking-at-data-and-costs-part-4\/<\/a>
\nhttps:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/19\/azure-sentinel-dashboard-queries\/<\/a><\/p>\n

Please note Azure Sentinel prices have not been disclosed yet. However we can see the Log Analytics tables used by Sentinel and look at those costs. I’ve used the query from the “Azure Sentinel Dashboard query” post to find the relevant tables in Log Analytics, to work out the GB consumed and then estimate the costs (in USD).<\/p>\n


\nlet aap = 2.30; \/\/Add Azure Pricing ($ USD) source: https:\/\/azure.microsoft.com\/en-us\/pricing\/details\/monitor\/
\nunion isfuzzy=true withsource = tt *
\n| where _IsBillable == True
\n| where tt in (\"Syslog\", \"SecurityEvent\",\"AWSCloudTrail\", \"CommonSecurityLog\",
\n\"SecurityAlert\", \"ThreatIntelligenceIndicator\", \"LinuxAuditLog\",
\n\"HuntingBookmark\", \"WindowsFirewall\",\"SigninLogs\",\"SymantecICDX_CL\",
\n\"DnsEvents\",\"SecurityCenterFree\",\"OfficeActivity\")
\n| summarize
\nTotalGBytes =round( sum(_BilledSize\/(1024*1024*1024)),2),
\nEstimatedCostUSD=round(aap * sum(_BilledSize\/(1024*1024*1024)),2)
\nby Solution=tt
\n| sort by TotalGBytes desc
\n<\/code><\/p>\n

Azure Sentinel Documentation<\/a><\/p>\n

A variant of the above query is this, which filters specifically on the past 31days (and only full days). I also grab the oldest and newest date\/time per solution:<\/p>\n


\nlet aap = 2.30; \/\/Add Azure Pricing ($ USD) source: https:\/\/azure.microsoft.com\/en-us\/pricing\/details\/monitor\/
\nunion isfuzzy=true withsource = tt *
\n| where TimeGenerated > startofday(ago(31d)) and TimeGenerated < startofday(now())
\n| where _IsBillable == True
\n| where tt in
\n(
\n\"Syslog\", \"SecurityEvent\",\"AWSCloudTrail\", \"CommonSecurityLog\",
\n\"SecurityAlert\", \"ThreatIntelligenceIndicator\", \"LinuxAuditLog\",
\n\"HuntingBookmark\", \"WindowsFirewall\",\"SigninLogs\",\"SymantecICDX_CL\",
\n\"DnsEvents\",\"SecurityCenterFree\",\"OfficeActivity\", \"McasShadowItReporting \"
\n)
\n| summarize
\nTotalGBytes =round( sum(_BilledSize\/(1024*1024*1024)),2),
\nEstimatedCostUSD=round(aap * sum(_BilledSize\/(1024*1024*1024)),2),
\nOldestRecord=min(TimeGenerated), NewestRecord=max(TimeGenerated)
\nby Solution=tt
\n| sort by TotalGBytes desc
\n<\/code><\/p>\n

You can run the above from here<\/a><\/p>\n

\"KA\"<\/p>\n

 <\/p>\n

Optionally you may want to view the Data on a graph for the month.<\/p>\n


\n\/\/ show per day ingestion per solution for past full 31days
\nunion withsource = tt *
\n| where TimeGenerated > startofday(ago(31d)) and TimeGenerated < startofday(now())
\n| where _IsBillable == true
\n| where tt in
\n(
\n\"Syslog\", \"SecurityEvent\",\"AWSCloudTrail\", \"CommonSecurityLog\",
\n\"SecurityAlert\", \"ThreatIntelligenceIndicator\", \"LinuxAuditLog\",
\n\"HuntingBookmark\", \"WindowsFirewall\",\"SigninLogs\",\"SymantecICDX_CL\",
\n\"DnsEvents\",\"SecurityCenterFree\",\"OfficeActivity\", \"McasShadowItReporting \"
\n)
\n| summarize BillableGBytes=round(sum(_BilledSize\/(1024*1024*1024)),2) by bin(TimeGenerated, 6h), tt
\n| sort by TimeGenerated asc
\n| render timechart
\n<\/code>
\n\"Monthly<\/p>\n

\/\/
\n\/\/Another useful Example is when you need to see the Average per computer and Service.
\n\/\/<\/p>\n


\nlet aap = 2.30; \/\/Add Azure Pricing ($ USD) source: https:\/\/azure.microsoft.com\/en-us\/pricing\/details\/monitor\/
\nunion isfuzzy=true withsource = tt *
\n| where TimeGenerated > startofday(ago(31d)) and TimeGenerated < startofday(now())
\n| where _IsBillable == True
\n| where tt in
\n(
\n\"Syslog\", \"SecurityEvent\",\"AWSCloudTrail\", \"CommonSecurityLog\",
\n\"SecurityAlert\", \"ThreatIntelligenceIndicator\", \"LinuxAuditLog\",
\n\"HuntingBookmark\", \"WindowsFirewall\",\"SigninLogs\",\"SymantecICDX_CL\",
\n\"DnsEvents\",\"SecurityCenterFree\",\"OfficeActivity\", \"McasShadowItReporting \"
\n)
\n| summarize
\nTotalGBytes =round( sum(_BilledSize\/(1024*1024*1024)),2),
\nEstimatedCostUSD=round(aap * sum(_BilledSize\/(1024*1024*1024)),2),
\nOldestRecord=min(TimeGenerated), NewestRecord=max(TimeGenerated),
\nHowManyComputers = dcount(Computer),
\navgGBperComputer= round(sum(_BilledSize \/ (1024*1024*1024)) \/ dcount(Computer),4)
\nby tt
\n| sort by TotalGBytes desc
\n<\/code><\/p>\n

Run this example here<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\/\/ \/\/ \/\/ Now that the pricing is released – please see https:\/\/azure.microsoft.com\/en-gb\/pricing\/calculator\/ \/\/ \/\/ Please use https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/10\/03\/azure-sentinel-average-gb-per-day\/ \/\/ ———————————————————————————————— Please use the above link – posted retained for examples only, now that Sentinel has been released ———————————————————————————————— This post combines two previous posts, one on Log Analytics and one on Sentinel Dashboards. https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/22\/azure-log-analytics-looking-at-data-and-costs-part-4\/ https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/19\/azure-sentinel-dashboard-queries\/<\/p>\n","protected":false},"author":424,"featured_media":17586,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"categories":[1,144],"post_tag":[128,783,424],"content-type":[],"coauthors":[],"class_list":["post-15504","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cross-industry","category-manufacturing","tag-azure","tag-cloud-transformation-azure","tag-hybridcloud"],"yoast_head":"\nAzure Sentinel meets Azure Log Analytics - looking at data use and estimated costs. - Microsoft Industry Blogs - United Kingdom<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure Sentinel meets Azure Log Analytics - looking at data use and estimated costs. - Microsoft Industry Blogs - United Kingdom\" \/>\n<meta property=\"og:description\" content=\"\/\/ \/\/ \/\/ Now that the pricing is released – please see https:\/\/azure.microsoft.com\/en-gb\/pricing\/calculator\/ \/\/ \/\/ Please use https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/10\/03\/azure-sentinel-average-gb-per-day\/ \/\/ ———————————————————————————————— Please use the above link – posted retained for examples only, now that Sentinel has been released ———————————————————————————————— This post combines two previous posts, one on Log Analytics and one on Sentinel Dashboards. https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/22\/azure-log-analytics-looking-at-data-and-costs-part-4\/ https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/19\/azure-sentinel-dashboard-queries\/\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Industry Blogs - United Kingdom\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-23T07:30:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-10-07T13:09:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/\"},\"author\":{\"name\":\"\",\"@id\":\"\"},\"headline\":\"Azure Sentinel meets Azure Log Analytics – looking at data use and estimated costs.\",\"datePublished\":\"2019-07-23T07:30:24+00:00\",\"dateModified\":\"2019-10-07T13:09:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/\"},\"wordCount\":226,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg\",\"keywords\":[\"Azure\",\"Cloud Transformation\",\"Hybrid Cloud\"],\"articleSection\":[\"Cross-industry\",\"Manufacturing\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/\",\"name\":\"Azure Sentinel meets Azure Log Analytics - looking at data use and estimated costs. - Microsoft Industry Blogs - United Kingdom\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg\",\"datePublished\":\"2019-07-23T07:30:24+00:00\",\"dateModified\":\"2019-10-07T13:09:39+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg\",\"width\":800,\"height\":450,\"caption\":\"a close up of a logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Azure Sentinel meets Azure Log Analytics – looking at data use and estimated costs.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/\",\"name\":\"Microsoft Industry Blogs - United Kingdom\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization\",\"name\":\"Microsoft Industry Blogs - United Kingdom\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png\",\"width\":259,\"height\":194,\"caption\":\"Microsoft Industry Blogs - United Kingdom\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure Sentinel meets Azure Log Analytics - looking at data use and estimated costs. - Microsoft Industry Blogs - United Kingdom","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/","og_locale":"en_US","og_type":"article","og_title":"Azure Sentinel meets Azure Log Analytics - looking at data use and estimated costs. - Microsoft Industry Blogs - United Kingdom","og_description":"\/\/ \/\/ \/\/ Now that the pricing is released – please see https:\/\/azure.microsoft.com\/en-gb\/pricing\/calculator\/ \/\/ \/\/ Please use https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/10\/03\/azure-sentinel-average-gb-per-day\/ \/\/ ———————————————————————————————— Please use the above link – posted retained for examples only, now that Sentinel has been released ———————————————————————————————— This post combines two previous posts, one on Log Analytics and one on Sentinel Dashboards. https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/22\/azure-log-analytics-looking-at-data-and-costs-part-4\/ https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/19\/azure-sentinel-dashboard-queries\/","og_url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/","og_site_name":"Microsoft Industry Blogs - United Kingdom","article_published_time":"2019-07-23T07:30:24+00:00","article_modified_time":"2019-10-07T13:09:39+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/"},"author":{"name":"","@id":""},"headline":"Azure Sentinel meets Azure Log Analytics – looking at data use and estimated costs.","datePublished":"2019-07-23T07:30:24+00:00","dateModified":"2019-10-07T13:09:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/"},"wordCount":226,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg","keywords":["Azure","Cloud Transformation","Hybrid Cloud"],"articleSection":["Cross-industry","Manufacturing"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/","name":"Azure Sentinel meets Azure Log Analytics - looking at data use and estimated costs. - Microsoft Industry Blogs - United Kingdom","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg","datePublished":"2019-07-23T07:30:24+00:00","dateModified":"2019-10-07T13:09:39+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/08\/UK-Hybrid-Cloud-Team-Black.jpg","width":800,"height":450,"caption":"a close up of a logo"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2019\/07\/23\/azure-sentinel-meets-azure-log-analytics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/"},{"@type":"ListItem","position":2,"name":"Azure Sentinel meets Azure Log Analytics – looking at data use and estimated costs."}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/","name":"Microsoft Industry Blogs - United Kingdom","description":"","publisher":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization","name":"Microsoft Industry Blogs - United Kingdom","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png","contentUrl":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png","width":259,"height":194,"caption":"Microsoft Industry Blogs - United Kingdom"},"image":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts\/15504"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/users\/424"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/comments?post=15504"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts\/15504\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/media\/17586"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/media?parent=15504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/categories?post=15504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/post_tag?post=15504"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/content-type?post=15504"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/coauthors?post=15504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}