Types of Data Free to Ingest in Azure Sentinel
Question
Which of the following types of data are free to ingest to Azure Sentinel? (choose all that apply)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answers: B and C
The following data sources are free with Azure Sentinel: Azure Activity Logs.
Office 365 Audit Logs, including all SharePoint activity, Exchange admin activity, and Teams.
Microsoft Defender alerts, including alerts from Azure Defender, Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Defender for Endpoint.
Azure Security Center and Microsoft Cloud App Security (MCAS) alerts.
However, raw logs for some Microsoft 365 Defender, MCAS, Azure Active Directory (Azure AD), and Azure Information Protection (AIP) data types are paid.
Reference:
Azure Sentinel is a cloud-native security information and event management (SIEM) system that provides intelligent security analytics and threat intelligence across the enterprise. It is a scalable, cloud-based SIEM solution that ingests and analyzes large volumes of data from various sources to detect and respond to security threats in real-time.
Regarding the question, Azure Sentinel provides a variety of data connectors to enable organizations to easily ingest data from different sources into Sentinel. Here are the explanations for each option:
A. Azure Diagnostics Logs: Azure Diagnostics logs are logs generated by Azure resources, such as virtual machines, virtual networks, and storage accounts, which provide detailed insights into the health and performance of these resources. Azure Sentinel provides built-in connectors to ingest these logs, and they are free to ingest.
B. Microsoft 365 Defender Alerts: Microsoft 365 Defender is a unified solution for endpoint protection, email protection, and identity and access management. It provides advanced threat protection and security management capabilities for Microsoft 365 environments. Azure Sentinel can ingest alerts generated by Microsoft 365 Defender, and these alerts are also free to ingest.
C. Azure Activity Logs: Azure Activity Logs provide a record of all activities that occur within an Azure subscription. These logs include information about resource creation, modification, and deletion, as well as other management activities. Azure Sentinel provides a built-in connector to ingest these logs, and they are free to ingest.
D. Logs ingested into Custom Tables: Azure Sentinel also provides the capability to ingest logs from custom data sources using custom data connectors. These logs can be ingested into custom tables in Azure Sentinel, and the cost of ingesting these logs will depend on the pricing tier of the Azure Sentinel instance.
In conclusion, all of the given options are free to ingest to Azure Sentinel except for the logs ingested into Custom Tables, which are not free and will depend on the pricing tier of the Azure Sentinel instance.
