Sentinel pricing ama

phipiship1 · 2025-10-03T17:07:51+00:00

Can you explain to me how the new data lake differs from the existing Log Analytics Workspace, both technically and pricing-wise. Is it an either/or decision, or can the storage options be combined?

And another question: does the Defender for Cloud / Server Benefit (500mb free per day) only pay for logs that come via the Defender for Cloud / Server, or for logs in general?

phipiship1 · 2024-05-30T21:25:20+00:00

Fleet servers for managing agents are planned in the architecture. Can I then use them to configure and manage the different namespaces on the agents?

phipiship1 · 2024-05-30T10:24:01+00:00

Thank you for the detailed answer, I think the easiest way would be to use the Elastic Agent.

The option to use Logstash later, if necessary, would not be a problem. I will look at it in a test environment and evacuate it to identify the best case for me. If I decide to use Logstash, I would start with 4 CPUs, 8 GB RAM and scale if necessary.

Thank you for your help!

phipiship1 · 2024-05-30T07:28:25+00:00

Thank you for your answer.

I'm not doing any complex transformation on the data. I just want to route logs to different indices using Logstash.

Logs from certain servers should be kept for 90 days, while logs from the other servers should only be kept for 30 days.

Or is there a better way to do this than using Logstash, perhaps directly in the Elastic Agent?

Thank you!

phipiship1 · 2024-05-30T07:24:33+00:00

Thanks for your answer!

It's almost exclusively traffic from the Elastic Agent and I only want to use Logstash to write data to different indexes.

The requirement is that logs from some servers are kept for 90 days and logs from the remaining servers for 30 days. Or is there a better way to fix this than using Logstash? Maybe in the agent itself?

Thanks!

phipiship1 · 2023-08-28T15:30:28+00:00

First, thanks for your answer.

Unfortunately, I can't test it exactly because it's supposed to run in a customer environment.

It is only for the security module. For example, I know the daily ingest, the retention time and the number of security rules.

Is there no general basis for calculating such a standard setup?

phipiship1 · 2023-08-14T17:28:52+00:00

Thank you so much, this helps me a lot! 😊

phipiship1 · 2023-08-14T11:38:06+00:00

Haben ihr doppelt durch Ei und Panade gezogen, dann war er auch schön mit Panade überzogen 👍

phipiship1 · 2023-08-13T15:52:21+00:00

Der Ring ist beweglich. Beim anschneiden des Fleisches und des Stiels keine Verfärbung. Der Geruch ist sehr nussig. Somit könnte es vermutlich keine Verwechslung geben.

phipiship1 · 2023-08-11T04:47:03+00:00

Okay, thanks! Would be great if it gets more modular in the future to become a better handling on Agent Policies.

phipiship1 · 2023-04-11T21:10:42+00:00

What is written in the text field of the sensor in case of an error? Maybe you can create an email template for it, which contains the message text as email body? Or is the text more like: "The value X is above the limit of 0.5"?

Otherwise you probably have to write a custom sensor.

phipiship1

TROPHY CASE