In this session, we’ll unravel the secrets of efficient and cost-effective log storage for your security logs. Learn why Microsoft Sentinel might not always be the ideal go-to destination for ALL of your security logs, especially with “chatty” logs like network/firewall logs.

Firstly, discover the benefits of Azure Data Explorer; offering limitless storage at a fraction of the cost while keeping the versatility of Kusto Query Language (KQL) for seamless data exploration.

Secondly, let’s dive into table-level on-the-fly filtering and parsing your native Azure platform logs. I made an open-source tool (Spl1tR) to help you deploy this transformation in an easy way.

Lastly, we’ll also be exploring how Elastic Logstash can help you distribute logs from multiple different sources across multiple tables and destinations effortlessly. This tool proves to be the Swiss Army knife of logging solutions once again!