Microsoft Sentinel Data Lake: What Belongs in Which Tier
Microsoft Sentinel Data Lake: What Belongs in Which Tier
Rethinking SIEM Storage with Microsoft Sentinel Data Lake
Microsoft has introduced a new Data Lake tier for Microsoft Sentinel that fundamentally changes how security data can be stored, retained, and analyzed. With automatic mirroring from the Analytics tier at no additional ingestion cost, long-term retention of up to twelve years, and significantly lower storage costs for high-volume log sources, organizations can now rethink their SIEM data strategy from the ground up.
The practical questions follow quickly: which data belongs in which tier, and how can the new options be used efficiently and cost-effectively? In this webcast we provide a hands-on overview of the new Sentinel Data Lake capabilities, with live demos and time for your architecture questions at the end.
What You Will Learn
|
Tiering in practice
How Analytics, Data Lake, and Auxiliary Logs work together and how to choose the right tier for different data sources. |
|
Pricing and retention
How the new pricing model compares to classic retention approaches and how to extend Defender XDR retention efficiently. |
|
Analysis tooling
How KQL Jobs, Jupyter Notebooks, VS Code, and Sentinel Graph support deeper analysis and investigations. |
|
Onboarding reality
What matters when onboarding Data Lake, from permissions and auditing to current preview limitations. |
Our Speakers
Both speakers work as Cyber Security Architects at glueckkanja, with a focus on Microsoft Sentinel, identity security, and the broader Microsoft Security stack.
