As there are lots of question on this topic, I’m hoping this post will help.
What to do if you have Log Analytics already in use in your company today:
Step 1: Read my blog post on getting your average daily per Gigabyte value from Log Analytics
Step 2: Run the query I provided in the blog post
Step 3: Open the Azure Pricing Calculator https://azure.microsoft.com/en-gb/pricing/calculator/ and also read the Pricing Guide: https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/
- Login to the calculator if you can, so you can save and share the estimate. (Optional)
- Find the [Security] tab on the left hand-side, Select [Security], then [Azure Sentinel]
- Select your currency (I’ve selected £ in the diagram) – scroll right to the bottom of the page to do this!
- Answer the 3 questions, you see (marked with red boxes) in the screenshot:
Azure Cost Calculator example.
- The calculator for Azure Sentinel is for both Log Analytics (ingestion of Billable data, my query doesn’t count the free data types) and the Azure Sentinel analytics of that data – both are measured in Gigabytes (GB) per day. The calculator will automatically move from PAYG (pay as you go) to Capacity Reservation when the number you enter reaches the right threshold. Billing will start on Nov 1st 2019.
- This is your estimated new monthly price for Log Analytics ingestion and for Sentinel to analyse your data – including 3 months retention.
- If you plan to use Azure Logic Apps (playbooks) – please add an Item for those.
You can name that section of the calculator, in the diagram I’ve called mine “Azure Sentinel 1GB per day option“. This is good for ‘whatif’ scenarios, as you can take today’s per GB value, and try out others, such as what happens if my ingestion increases by 1GB a day?
All prices shown are in British Pound (£). This is a summary estimate, not a quote. For up to date pricing information please visit https://azure.microsoft.com/pricing/calculator/