Real world business tracks leading towards Azure Services
As 2025 wraps up, Microsoft Sentinel takes center stage with a major innovation announced at Ignite: Sentinel Data Lake. This feature is designed to unify security signals, reduce SIEM costs, and enable AI-powered threat detection at scale. In this article, we’ll explore what Sentinel Data Lake means for SOC operations, why it matters, and how you can start leveraging it today.
Join me this week to gain an in-depth understanding on how to clearly define what data to retain. Data retention is not just a regulatory box to tick; it’s the backbone of a robust security posture. In the realm of Microsoft Sentinel, understanding how to manage your data retention is key to leveraging the full potential of your SIEM system. From cost management to compliance, the way you handle data can make or break your security operations.
Today we explore additional cost management options to use as part of your ongoing governance in Microsoft Sentinel. Let’s dive into the world of Log Analytics Workspace configurations together!
Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Part 1 of How do I create incidents to test with?
Let’s take a look at setting data ingestion caps in an Azure Log Analytics workspace today. There are different reasons why we may want to limit the data coming into our storage account, today we look at both setting the data cap, and alerting us when that data cap is reached through Azure Monitor alerting.
Today, I’d like to talk about using Microsoft Sentinel and address a common question that many teams have when they are starting to work with the Sentinel SIEM/SOAR solution….Where is my Data?
A log analytics workspace is an environment that is made especially for storing log data. This can be Azure Monitor, or other diagnostic log data. We’ll cover a few different uses for log analytics data in this article and how to get data into your workspace. Know that each workspace has it’s own data repository, configuration, and data sources. Join me as I take a look at deploying a log analytics workspace today!
Log Analytics workspaces provide a special way to store log data from multiple sources such as Microsoft Defender for Cloud, Azure Monitor, and so much more. A workspace typically combines data from multiple services and likely has it’s own distinct configuration for retention. I get a lot of questions about what the differences between workspaces within the Log Analytics scope are and why we would use them. Let’s take a look today at some of the information around Microsoft Azure Log Analytics Workspaces.
Today we look at configuring a custom retention period for AzureActivity and Usage data tables in Log Analytics workspaces. This allows us to keep only the data we want for the exact retention period that is needed.
Today it’s time for more CLI to get things dones fast! Join me while I look at how to create scope encrypted storage to get ready to do testing in Azure.
