azure_sentinel

Azure Sentinel

  • #SIEM

Costs

KQL for log volume

// Billable performance data over the last 30 days

Usage
| where TimeGenerated > ago(30d)
| where IsBillable == true
| summarize TotalVolumeGB = sum(Quantity) / 1024

Related

  • azure_sentinel.txt
  • Last modified: 2021/11/12 22:24
  • by mgupton