Azure Sentinel

Microsoft Sentinel (formerly Azure Sentinel) is a cloud-native SIEM and SOAR solution that uses AI to collect, analyze, and respond to security threats across hybrid, multi-cloud, and on-premises environments, ingesting petabytes of data from Azure, AWS, GCP, Office 365, endpoints (Defender), firewalls, and third-party sources. It features built-in analytics rules for anomaly detection, threat hunting with KQL queries, automated playbooks via Logic Apps, incident management, and entity behavior analytics—delivering unified visibility and reducing alert fatigue by 50%+ through Copilot-powered investigations. In 2025, enhancements include Auxiliary Logs for high-volume data at lower costs (GA April 2025), new ThreatIntelIndicators tables (legacy sunset July 2025), and seamless onboarding to the Microsoft Defender portal for new workspaces.

Pricing is data-volume based via Log Analytics: pay-as-you-go at ~$2.76/GB ingested (US East), with 90-day default retention (additional $0.10–$0.13/GB/month beyond) and up to 12-year archival; free ingestion for Azure Activity Logs, Office 365 audits, and 5MB/user/day with E5 licenses, plus 500MB/server/day via Defender for Servers Plan 2. Commitment tiers (e.g., 50GB promotional from Oct 2025–Mar 2026 at reduced rates) and pre-purchase reservations offer up to 60% savings, with a 31-day free trial (10GB/day). Ideal for SOC teams, it scales elastically with 99.9% SLA, integrates with Purview for governance, and optimizes costs via free data sources and AI triage—empowering proactive security in an era of escalating threats.