Azure Sentinel pricing
Pricing for cloud-native SIEM that provides intelligent security analytics for your entire enterprise
Azure Sentinel provides intelligent security analytics across your enterprise. The data for this analysis is stored in an Azure Monitor Log Analytics workspace. Azure Sentinel is billed based on the volume of data ingested for analysis in Azure Sentinel and stored in the Azure Monitor Log Analytics workspace. Azure Sentinel offers a flexible and predictable pricing model. There are two ways to pay for the Azure Sentinel service: Capacity Reservations and Pay-As-You-Go.
With Capacity Reservations you are billed a fixed fee based on the selected tier, enabling a predictable total cost for Azure Sentinel. Capacity Reservation provides you a discount (up to 60%) on the cost based on your selected capacity reservation compared to Pay-As-You-Go pricing. You have the flexibility to opt out of the capacity tier any time after the first 31 days of commitment. Prices shown below are related to the analytics enabled by Azure Sentinel and do not include the related data ingestion charges for Log Analytics. Please refer to the Azure Monitor Log Analytics pricing for the related data ingestion charges.
US government entities are eligible to purchase Azure Government services from a licensing solution provider with no upfront financial commitment, or directly through a pay-as-you-go online subscription.
Important—The price in R$ is merely a reference; this is an international transaction and the final price is subject to exchange rates and the inclusion of IOF taxes. An eNF will not be issued.
Azure Germany is available to customers and partners who have already purchased this, doing business in the European Union (EU), the European Free Trade Association (EFTA), and in the United Kingdom (UK). It provides data residency in Germany with additional levels of control and data protection. You can also sign up for a free Azure trial.
|100 GB per day||$- per day||50%|
|200 GB per day||$- per day||55%|
|300 GB per day||$- per day||57%|
|400 GB per day||$- per day||58%|
|500 GB per day||$- per day||60%|
|More than 500 GB per day||$- per day + $- per day (for each 100 GB increment after 500 GB in daily capacity)||60%|
With Pay-As-You-Go pricing, you are billed per gigabyte (GB) for the volume of data ingested for analysis in Azure Sentinel and stored in the Azure Monitor Log Analytics workspace. Prices shown below are related to the security analytics enabled by Azure Sentinel. Prices shown below are related to the analytics enabled by Azure Sentinel and do not include the related data ingestion charges for Log Analytics. Please refer to the Azure Monitor Log Analytics pricing for the related data ingestion charges.
Charges for Azure Sentinel will go into effect on November 1, 2019.
|Azure Sentinel||$- per GB-ingested|
Azure Sentinel can be enabled at no additional cost on an Azure Monitor Log Analytics workspace for the first 31-days. Usage beyond the first 31-days will be charged per pricing listed above. Charges related to Azure Monitor Log Analytics for data ingestion and additional capabilities for automation and bring your own machine learning are still applicable during the free trial.
Once Azure Sentinel is enabled on your Azure Monitor Log Analytics workspace, every GB of data ingested into the workspace can be retained at no charge for the first 90 days. Retention beyond 90 days will be charged per the standard Azure Monitor Log Analytics retention prices.
Azure Monitor Log Analytics
Azure Sentinel is built on the proven foundation of Azure Monitor Log Analytics platform and enables an extensive query language to analyze, interact with, and derive insights from huge volumes of operational data in seconds. Azure Sentinel is billed based on the volume of data ingested for analysis in Azure Sentinel and stored in Azure Monitor Log Analytics workspace. Please refer to the Azure Monitor Log Analytics pricing for the related data ingestion charges.
Automation and Bring your own Machine Learning
Azure Sentinel integrates with many other Azure services providing enhanced capabilities for Security Information and Event Management (SIEM) and Security Orchestration and Automation and Response (SOAR). Some of these services may have additional charges:
- You can use Azure Logic Apps to automate your security responses. Please refer to Azure Logic Apps pricing page for related costs.
- You can bring in your own machine learning models for customized analysis. Please refer to Azure Machine Learning Studio and Azure Databricks pricing to understand the related costs.
New and existing Azure Sentinel customers can import AWS CloudTrail logs for free until June 30, 2020. Applicable data is ingested using the AWS CloudTrail data connector in Azure Sentinel.
Capacity reservations allow you to reserve a fixed amount of daily data ingestion capacity for Azure Monitor and Azure Sentinel for a fixed, predictable daily fee. You can upgrade your requested capacity at any time. However, the minimum commitment period before you can opt out or reduce your capacity reservation is 31 days.
- Adding more capacity to your reservation – You can upgrade your requested capacity at any time. Your new capacity reservation will be effective at the start of the next UTC day.
- Reducing your selected capacity reservation - You can reduce your capacity reservation or opt out entirely from the capacity reservation model after the first 31 days. This 31-day clock resets every time you make any change (increase or decrease) to your selected capacity reservation. Your new capacity reservation or business model choice will be effective at the start of the next UTC day.
You can opt into a capacity reservation at any time. Once you opt in, you will continue to be in your selected capacity tier unless you decide to opt out to a different pricing model or upgrade or downgrade your capacity reservation.
Capacity reservations are applicable at a workspace level and cannot be grouped across workspaces or subscriptions.
Azure Activity Logs, Office 365 Audit Logs (all SharePoint activity and Exchange admin activity) and alerts from Microsoft Threat Protection products (Azure Security Center, Office 365 ATP, Azure ATP, Microsoft Defender ATP, Microsoft Cloud App Security, Azure Information Protection) can be ingested at no additional cost into both Azure Sentinel, and Azure Monitor Log Analytics.
Please Note: Azure Active Directory (AAD) audit data is not free and is billed for ingestion into both Azure Sentinel, and Azure Monitor Log Analytics.
Any Azure services that you use in addition to Azure Sentinel are charged per their applicable pricing. For example – Log Analytics, Logic Apps, Machine Learning, etc.
There are no additional charges for Azure Sentinel features that are in preview (indicated by a “Preview” tag). Pricing for features that are in preview will be announced in the future and a notice will be provided prior to the end of the preview. Should you choose to continue using preview features after the notice period, you will be billed at the applicable rates.