![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 40%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
996 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
@barry.wong In order to understand how much data you are going to ingest into Sentinel you need to figure out the how much data you are sending from each of these services to log analytics workspace. For example, In a typical Azure VM you would be sending around 1-3 GB of data/month which will depend on environment and your usage. If you are already ingesting data to log analytics workspace then you can go to Azure portal > Your log analytics > {Select your workspace} > Usage and estimated costs page. This page provides Data ingestion per solution chart to determine the volume of data being sent to log analytics. (see screenshot below)
You can refer to the Estimating the costs to manage your environment for details. You can also refer to the documentation to get the data volume by Azure Resources/Resource Group/Subscription.
Once you are able to determine the estimated data ingestion of each resource to log analytics then you can use the Pricing Calculator to get estimated cost.
