Why is this important?
Log data ingestion can quickly become expensive and inefficient, especially in Sentinel. Traditionally, identifying unnecessary log ingestion required manual queries and tedious workflows. Seculyze's DCR tool transforms hours of manual labor into minutes, offering a improved user experience for immediately value coupled with accessible visibility into your costs.
Seculyze DCR Experience compared to Sentinel
| Sentinel Native Experience | Seculyze DCR Experience |
Cost Insight at a row level | ❌ Not available | ✅ Clear, immediate visibility |
Applying Transformation Filters | ❌ Complex & manual | ✅ One-click easy filtering |
Recommended Optimizations | ❌ Requires manual analysis | ✅ Automated smart recommendations |
Prerequisites:
An active "Cost" subscription found here
Given Seculyze proper Data Collection permissions
How do I get started?
You'll find the main Data Collection view in your sidebar.Upon opening it, you will see cards, each representing a Log Source in your system.
Each card present an abundance of information and a few simple actions
Get an overview of the Log Source: 30 days est. spend, number of event, data usage, data price, already existing transformation filters,
Get Top Savings Opportunities: Seculyze has analyzed your ingestions of each Log Source available and reveals Transformation Filters that could be great savings opportunities.
Apply Transformation Filters: This is the actual filter that will exclude events and thus your costly ingestions. Any events that exactly match the query, will be filtered out before being ingested into your environment.
Create with Query: If you want to explore the Log Source costs yourself, and look for redundancies, you can query the log within our app. Doing so bring our our KQL UI, that will give you price and spending insights into each row of the returned results.
What happens when I apply the filter?
Any events that exactly match the query of the filter, will be filtered out before being ingested into your environment. This means the best practice is prioritize to filter out events that you are confident is not needed to trigger or investigate future positive incidents.
Note: Seculyze Data Collection Rules does not support custo Log Sources yet.
Can I make my own Transformation Filters through Seculyze?
Yes, you can create your own filters on a Log Source with Seculyze KQL constructor and quick actions.
Summary:
Seculyze's Data Collection Rules (DCR) simplify controlling and reducing your Microsoft log ingestion costs on redudant data. Quickly identify this redundant data with clear, row-level cost insights unavailable in Sentinel. Apply recommended or custom Transformation Filters easily through our intuitive UI, instantly excluding unnecessary logs and lowering costs. This streamlined process ensures efficient spending while preserving essential security visibility while preserving the Transformation Filters in an easy overview for each Log Source.