Microsoft Azure Sentinel is a scalable security information event management (SIEM) and security orchestration automated response (SOAR) platform, designed as a cloud-native solution.
What is Microsoft Azure Sentinel?
Azure Sentinel is an all-in-one solution for providing threat intelligence and security analytics functionality, enabling organizations to proactively detect cyber threats and respond to security incidents across their IT ecosystem.
Azure Sentinel is an enterprise-grade solution that assists organizations in:
- Collecting data on-premises and in multiple clouds and enabling security teams to monitor all users, devices, applications, and infrastructure
- Detecting unknown threats while minimizing false positives by applying advanced threat intelligence
- Inspecting threats with artificial intelligence and detecting suspicious activities at scale.
- Responding to incidents fast by taking advantage of a combination of task automation and built-in orchestration features
As an enterprise-grade platform, Azure Sentinel comes with different price tiers and two flexible pricing models.
Azure Sentinel Pricing Models
Azure Sentinel is available through a Capacity Reservations and a Pay-As-You-Go subscription models.
Capacity Reservations Pricing
If opting for the Capacity Reservations pricing model, customers pay a fixed fee based on the selected tier.
When using Azure Sentinel under a Capacity Reservation contract, companies can save up to 60% on the service cost depending on the selected capacity reservation compared to Pay-As-You-Go contracts.
Following the expiration of 31 days from the start of the contract, organizations can opt-out of the capacity tier at their discretion.
The Capacity Reservations pricing also depends on their specific location across the United States or abroad. Pricing starts at $100 per 100GB per day for locations on the East Coast of the US and goes up to $200 per 100GB per day for locations in South Brazil.
Below is a pricing table for Capacity Reservations on the West Coast of the United States, as provided by Microsoft:
The same pricing levels apply to locations in Western Europe. Still, you should bear in mind that Azure Sentinel has differentiated pricing plans for several European countries, including France, Germany, Norway, Switzerland, and the United Kingdom.
Asia/Pacific and Australia are considered different regions and so different pricing tiers apply. Locations in South Korea and Japan are subject to individual pricing tiers as well.
US government agencies can purchase Capacity Reservations plans under a dedicated pricing list while the prices are comparable to US-based organizations.
The Pay-As-You-Go pricing model charges you per GB of data you collect for analysis in Azure Sentinel and store in the Azure Monitor Log Analytics.
Below is the base price for ingesting data for analysis in Azure Sentinel (as of November 2019):
Those prices do not include the related data ingestion charges for Log Analytics.
Free Trial and Additional Charges
Users have 31 days of free trial activation for Azure Sentinel on an Azure Monitor Log Analytics workspace. After the first 31 days expire, the above prices apply.
You should be aware that you will be charged for Azure Monitor Log Analytics data ingestion and usage of additional capabilities for automation. Charges also apply if you use your own machine learning tools during the free trial.
You are allowed to retain ingested data at no cost for 90 days after you enable Azure Sentinel on Azure Monitor Log Analytics workspace. After that period, the standard Azure Monitor Log Analytics data retention prices apply.
To get the complete picture of the total cost of Azure Sentinel, you should also explore the Azure Monitor Log Analytics pricing list for the related data ingestion charges.
Your total service costs also depend on your eventual usage of Azure Logic Apps to automate incident response tasks and the use of your own machine learning models.