{"id":2614,"date":"2025-08-25T21:01:41","date_gmt":"2025-08-25T18:01:41","guid":{"rendered":"https:\/\/www.jussimetso.com\/?p=2614"},"modified":"2025-10-17T16:49:34","modified_gmt":"2025-10-17T13:49:34","slug":"microsoft-sentinel-data-lake-preview","status":"publish","type":"post","link":"https:\/\/www.jussimetso.com\/index.php\/2025\/08\/25\/microsoft-sentinel-data-lake-preview\/","title":{"rendered":"Microsoft Sentinel Data lake (preview)"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div>\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2614\" class=\"elementor elementor-2614\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1e2c262 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1e2c262\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1eac8fc\" data-id=\"1eac8fc\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2093d3a elementor-toc--minimized-on-tablet elementor-widget elementor-widget-table-of-contents\" data-id=\"2093d3a\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;headings_by_tags&quot;:[&quot;h2&quot;,&quot;h3&quot;,&quot;h4&quot;,&quot;h5&quot;],&quot;exclude_headings_by_selector&quot;:[],&quot;no_headings_message&quot;:&quot;No headings were found on this page.&quot;,&quot;marker_view&quot;:&quot;numbers&quot;,&quot;minimize_box&quot;:&quot;yes&quot;,&quot;minimized_on&quot;:&quot;tablet&quot;,&quot;hierarchical_view&quot;:&quot;yes&quot;,&quot;min_height&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"table-of-contents.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__header\">\n\t\t\t\t\t\t<h4 class=\"elementor-toc__header-title\">\n\t\t\t\tTable of Contents\t\t\t<\/h4>\n\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--expand\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__2093d3a\" aria-expanded=\"true\" aria-label=\"Open table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/div>\n\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--collapse\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__2093d3a\" aria-expanded=\"true\" aria-label=\"Close table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<div id=\"elementor-toc__2093d3a\" class=\"elementor-toc__body\">\n\t\t\t<div class=\"elementor-toc__spinner-container\">\n\t\t\t\t<i class=\"elementor-toc__spinner eicon-animation-spin eicon-loading\" aria-hidden=\"true\"><\/i>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5feb456 elementor-widget elementor-widget-text-editor\" data-id=\"5feb456\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>UPDATE: Sentinel Data Lake is on GA. Released on 30\/9\/2025. Read more <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoft-security-blog\/microsoft-sentinel-data-lake-is-now-generally-available\/4456342\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p><p>Microsoft released the Sentinel data lake to public preview about three weeks ago. What does it mean?<\/p><p>Sentinel has been great tool for SOC analyst to see everything from one-point what is happening in cybersecurity environment. When it has been properly configured with different data sources, analytic rules, playbooks and other settings Sentinel have been your &#8220;<strong>all-you-need<\/strong>&#8221; tool at least for those who like to use Microsoft Security products.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2108f21 elementor-widget elementor-widget-heading\" data-id=\"2108f21\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">\"You can\u2019t protect what you can\u2019t see\"<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e0eb2ca elementor-widget elementor-widget-text-editor\" data-id=\"e0eb2ca\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>But because there are so huge amount of security logs everywhere there are always this thing called the\u00a0 <strong>$cost$<\/strong> of using these products. IT decision makers need to make painful tradeoffs:<\/p>\n<p><strong>reduce logging<\/strong> by risking blind spots, shorten retention by compromising forensic depth when aiming to manage all their security data within a SIEM.<\/p>\n<p>This creates a paradox\u2014more data makes security harder. Without unified, long-term visibility, even advanced AI falls short, leading to missed threats, slower investigations, and wasted tools.<\/p>\n<p>Microsoft Sentinel data lake is trying to solve this problem and with that Microsoft is also bringing<span style=\"text-decoration: underline;\"> <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/siem-and-xdr\/microsoft-defender-threat-intelligence?msockid=3793858bb492626d36189079b50d634e\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Defender Threat Intelligence<\/a><\/span> (MDTI) capabilities for <a href=\"https:\/\/techcommunity.microsoft.com\/blog\/defenderthreatintelligence\/mdti-is-converging-into-microsoft-sentinel-and-defender-xdr\/4427991\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\"><strong>free of charge<\/strong><\/span><\/a> for Defender XDR and Sentinel starting in October 2025 when all Microsoft first-party threat reports, including intel profiles and indicators of compromise (IoCs), will be available in Defender XDR.\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f70584b elementor-widget elementor-widget-image\" data-id=\"f70584b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/mdti.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"mdti\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjY2NiwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDhcL21kdGkucG5nIn0%3D\">\n\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"640\" height=\"356\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/mdti.png?fit=640%2C356&amp;ssl=1\" class=\"attachment-large size-large wp-image-2666\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/mdti.png?w=1570&amp;ssl=1 1570w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/mdti.png?resize=300%2C167&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/mdti.png?resize=1024%2C570&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/mdti.png?resize=768%2C428&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/mdti.png?resize=1536%2C855&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/mdti.png?resize=850%2C473&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/mdti.png?w=1280&amp;ssl=1 1280w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">SOURCE: Microsoft Defender Threat Intelligence web page<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6224ee5 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"6224ee5\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1b5d70a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1b5d70a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-39492a3\" data-id=\"39492a3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-800f806 elementor-widget elementor-widget-heading\" data-id=\"800f806\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">So what is the Sentinel data lake?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8997c06 elementor-widget elementor-widget-text-editor\" data-id=\"8997c06\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Microsoft Sentinel data lake is a cloud-native security data lake that transforms how organizations manage and analyze security data. It is fully managed, so you don&#8217;t need to deploy or maintain data infrastructure. It provides a unified data platform for end-to-end threat analysis and response.<\/p>\n<p>It stores a single copy of security data across assets, activity logs, and threat intelligence in the lake and leverages multiple analytics tools like KQL and Jupyter notebooks for deep security analytics.<\/p>\n<p>Traditional SIEM solutions struggle with the cost and complexity of storing and querying long-term security data.\u00a0 Sentinel data lake enables deep security insights with up to <strong>12 years of security data and telemetry you can query and analyze<\/strong>.<\/p>\n<p>Sentinel data lake enables SOC teams into the next era of security operations. Being able to ensure coverage of your security estate\u2014across all security data sources and vast time horizons\u2014enables security teams to proactively detect latent cyberattacks, detect emerging cyberthreats with AI-powered models, reconstruct cyberattack timelines in forensic detail, and retroactively uncover indicators of compromise that might otherwise go unnoticed.<\/p>\n<p>It&#8217;s built on <strong>Azure<\/strong>&#8216;s scalable infrastructure.<\/p>\n<p>More in <a href=\"https:\/\/learn.microsoft.com\/fi-fi\/azure\/sentinel\/datalake\/sentinel-lake-overview\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">MS Learn<\/span><\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-81382cc elementor-widget elementor-widget-image\" data-id=\"81382cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"sentinel_and_data_lake\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjYyMCwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDhcL3NlbnRpbmVsX2FuZF9kYXRhX2xha2UucG5nIn0%3D\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"392\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?fit=640%2C392&amp;ssl=1\" class=\"attachment-large size-large wp-image-2620\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?w=2368&amp;ssl=1 2368w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?resize=300%2C184&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?resize=1024%2C627&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?resize=768%2C470&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?resize=1536%2C941&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?resize=2048%2C1254&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?resize=850%2C520&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?w=1280&amp;ssl=1 1280w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake.png?w=1920&amp;ssl=1 1920w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">SOURCE: Microsoft Security<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c608d7d elementor-widget elementor-widget-text-editor\" data-id=\"c608d7d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Microsoft Sentinel has expanded with modern security data lake infrastructure to unify and manage all of your data with a single copy and run analytics on over it.<\/p><p>Let&#8217;s explore the key features:<\/p><p><strong>1<\/strong>. Unified data management. This is absolutely <strong>critical<\/strong>.<\/p><p>Think about it: security teams need to easily onboard all their security data, regardless of its format \u2013 structured, semi-structured, or unstructured. In addition, customers need to have access to their existing security data and platforms through federation. This means integrations such as with popular tools like AWS S3. This flexibility is essential, allowing us to unify data and provide complete visibility across the ecosystem.<\/p><p><strong>2<\/strong>. Microsoft delivers cost-effective storage in the data lake using Delta Parquet. ( Built on Microsoft<span style=\"text-decoration: underline;\"> \u00a0<a href=\"https:\/\/learn.microsoft.com\/en-us\/fabric\/data-engineering\/lakehouse-overview\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\">Fabric Lakehouse<\/a><\/span> data architecture platform). This is a game-changer. It not only allows us to perform real-time analytics with SQL and Spark, but it does so while maintaining a single copy of the data. And we need to be able easily manage the data tiering between hot and cold to ensure flexibility, value and significant cost reductions.<\/p><p><strong>3.<\/strong> The real power of a modern security data lakes advanced analytics capabilities. We&#8217;re talking about things like the graph and machine learning models. These advanced techniques enable real-time processing and semantic search, transforming the data lake into a truly powerful tool for addressing today&#8217;s complex security challenges.<\/p><p>By leveraging Microsoft\u2019s infrastructure leadership with a purpose-built data lake and management system, Sentinel is an even more powerful tool for modern security needs.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-604908a elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"604908a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-214867b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"214867b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ab3ff41\" data-id=\"ab3ff41\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a2f7018 elementor-widget elementor-widget-heading\" data-id=\"a2f7018\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Storage tiers: Analytics or Data lake  tier<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-15438fe elementor-widget elementor-widget-text-editor\" data-id=\"15438fe\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>You can retain data in Microsoft Sentinel in one of two tiers:<\/p>\n<ul>\n<li>\n<p><strong>Analytics tier<\/strong>: This tier makes data available for alerting, hunting, workbooks, and all Microsoft Sentinel features. It retains data in two states:<\/p>\n<ul>\n<li><strong>Analytics retention<\/strong>: In this &#8220;<strong>hot<\/strong>&#8221; state, data is fully available for real-time analytics &#8211; including high-performance queries and analytics rules &#8211; and threat hunting. By default, Microsoft Sentinel and Microsoft Defender XDR retain data in this tier for 30 days. You can extend the retention period of all tables to up to two years at a prorated monthly long-term retention charge. You can extend the retention period of Microsoft Sentinel solution tables to 90 days for free.<\/li>\n<li><strong>Total retention<\/strong>: By default, all data in the analytics tier is mirrored to the data lake for the same retention period. You can extend the retention of your data in the lake beyond the analytics retention, for up to 12 years of total retention at a low cost.<\/li>\n<\/ul>\n<\/li>\n<li>\n<p><strong>Data lake tier<\/strong>: In this low-cost &#8220;<strong>cold<\/strong>&#8221; tier, Microsoft Sentinel retains your data in the lake only. Data in the data lake tier isn&#8217;t available for real-time analytics features and threat hunting. However, you can access data in the lake whenever you need it through <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/datalake\/kql-jobs\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\"><span style=\"text-decoration: underline;\">KQL jobs<\/span><\/a>, analyze trends over time by running scheduled KQL or Spark jobs, and aggregate insights from incoming data at a regular cadence by using summary rules.<\/p>\n<\/li>\n<\/ul>\n<p>The comparison of these tiers is available <span style=\"text-decoration: underline;\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/manage-data-overview#compare-the-analytics-and-data-lake-tiers\" target=\"_blank\" rel=\"noopener\">here<\/a><\/span>. I will also describe it below.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7335d09 elementor-widget elementor-widget-image\" data-id=\"7335d09\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"sentinel_and_data_lake_retention\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjYzNCwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDhcL3NlbnRpbmVsX2FuZF9kYXRhX2xha2VfcmV0ZW50aW9uLXNjYWxlZC5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"246\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?fit=640%2C246&amp;ssl=1\" class=\"attachment-large size-large wp-image-2634\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?w=2560&amp;ssl=1 2560w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?resize=300%2C115&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?resize=1024%2C394&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?resize=768%2C296&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?resize=1536%2C591&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?resize=2048%2C788&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?resize=850%2C327&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?w=1280&amp;ssl=1 1280w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/sentinel_and_data_lake_retention-scaled.png?w=1920&amp;ssl=1 1920w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">SOURCE: MS Learn (Click to enlarge)<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0fb1a39 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0fb1a39\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-506f193\" data-id=\"506f193\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0e7a2b4 elementor-widget elementor-widget-heading\" data-id=\"0e7a2b4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">The comparison of data tiers<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-fc5cb92 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"fc5cb92\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-5308978\" data-id=\"5308978\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ac00e29 elementor-widget elementor-widget-text-editor\" data-id=\"ac00e29\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Comparison<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-d1acd9a\" data-id=\"d1acd9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-025838d elementor-widget elementor-widget-text-editor\" data-id=\"025838d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Analytics tier<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-5289e99\" data-id=\"5289e99\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-922f264 elementor-widget elementor-widget-text-editor\" data-id=\"922f264\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Data lake tier<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-63add70 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"63add70\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-afa32d3\" data-id=\"afa32d3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c6a126d elementor-widget elementor-widget-text-editor\" data-id=\"c6a126d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Key characteristics<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-bcbb926\" data-id=\"bcbb926\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fb1d21d elementor-widget elementor-widget-text-editor\" data-id=\"fb1d21d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>High-performance querying and indexing for logs (also knows as hot, or interactive retention)<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-111db6a\" data-id=\"111db6a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ea444d3 elementor-widget elementor-widget-text-editor\" data-id=\"ea444d3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Cost-effective long-term retention of large data volumes (also known as cold storage).<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-ee73ceb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"ee73ceb\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-bb39a66\" data-id=\"bb39a66\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-eaf9fba elementor-widget elementor-widget-text-editor\" data-id=\"eaf9fba\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Best for<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-146e9cb\" data-id=\"146e9cb\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e1ceefd elementor-widget elementor-widget-text-editor\" data-id=\"e1ceefd\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Real-time analytics rules, alerting, hunting, workbooks, and all Sentinel features<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-722fbda\" data-id=\"722fbda\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a662619 elementor-widget elementor-widget-text-editor\" data-id=\"a662619\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>-Compliance and regulatory logging,<\/p><p>-historical trend analysis and forensics,<\/p><p>-low-touch data that&#8217;s not needed for real-time alerts<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-675704e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"675704e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-dc373d6\" data-id=\"dc373d6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bd42316 elementor-widget elementor-widget-text-editor\" data-id=\"bd42316\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Ingestion cost<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-a2cfe1e\" data-id=\"a2cfe1e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-de2634b elementor-widget elementor-widget-text-editor\" data-id=\"de2634b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/pricing\/microsoft-sentinel\" target=\"_blank\" rel=\"noopener\">Standard<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-0858883\" data-id=\"0858883\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bea4dab elementor-widget elementor-widget-text-editor\" data-id=\"bea4dab\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoft-security-blog\/microsoft-sentinel-data-lake-pricing-preview\/4433919\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Minimal<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3dee143 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3dee143\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-8f9d566\" data-id=\"8f9d566\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-73bbc3c elementor-widget elementor-widget-text-editor\" data-id=\"73bbc3c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Query price included<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-9aad20b\" data-id=\"9aad20b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-062a0d2 elementor-widget elementor-widget-text-editor\" data-id=\"062a0d2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\">\u2705<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-13d8d5d\" data-id=\"13d8d5d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-61b2c9f elementor-widget elementor-widget-text-editor\" data-id=\"61b2c9f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u274c<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-02bf523 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"02bf523\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-69798b6\" data-id=\"69798b6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7beeee0 elementor-widget elementor-widget-text-editor\" data-id=\"7beeee0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Query performance optimized<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-655f11c\" data-id=\"655f11c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ebd6eeb elementor-widget elementor-widget-text-editor\" data-id=\"ebd6eeb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u274c<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-6e2f3d8\" data-id=\"6e2f3d8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e29dd38 elementor-widget elementor-widget-text-editor\" data-id=\"e29dd38\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2705<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8ac485f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8ac485f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-5469132\" data-id=\"5469132\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c8fe4da elementor-widget elementor-widget-text-editor\" data-id=\"c8fe4da\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Query capabilities<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-50bf4a7\" data-id=\"50bf4a7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b42b13d elementor-widget elementor-widget-text-editor\" data-id=\"b42b13d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-monitor\/logs\/get-started-queries\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\"><span style=\"text-decoration: underline;\">Full query capabilities<\/span><\/a> in the Microsoft Defender and Azure portals and using APIs.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-2b46e40\" data-id=\"2b46e40\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7eb7dd3 elementor-widget elementor-widget-text-editor\" data-id=\"7eb7dd3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>&#8211; <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-monitor\/logs\/get-started-queries\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\"><span style=\"text-decoration: underline;\">Full query capabilities<\/span><\/a> including unions and joins.<br \/>&#8211; Run scheduled KQL or Spark jobs.<br \/>&#8211; Use Notebooks.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0680a10 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0680a10\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-8d434f0\" data-id=\"8d434f0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1a861c7 elementor-widget elementor-widget-text-editor\" data-id=\"1a861c7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Full set of real-time analytics features<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-082648a\" data-id=\"082648a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a2186ac elementor-widget elementor-widget-text-editor\" data-id=\"a2186ac\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2705<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-00daf9c\" data-id=\"00daf9c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-fbd0cb4 elementor-widget elementor-widget-text-editor\" data-id=\"fbd0cb4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u274cLimitations on some features, including analytics rules, hunting queries, parsers, watchlists, workbooks, and playbooks (in preview).<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-3e7fc36 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"3e7fc36\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-e1da485\" data-id=\"e1da485\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d7c39b8 elementor-widget elementor-widget-text-editor\" data-id=\"d7c39b8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/investigate-large-datasets\" target=\"_blank\" rel=\"noopener\">Search jobs<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-b9fd7d1\" data-id=\"b9fd7d1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a2ad732 elementor-widget elementor-widget-text-editor\" data-id=\"a2ad732\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2705<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-5ec6fd7\" data-id=\"5ec6fd7\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-56236b8 elementor-widget elementor-widget-text-editor\" data-id=\"56236b8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2705<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-365d9d8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"365d9d8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-5632caa\" data-id=\"5632caa\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e57b549 elementor-widget elementor-widget-text-editor\" data-id=\"e57b549\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/summary-rules\" target=\"_blank\" rel=\"noopener\">Summary rules<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-0449802\" data-id=\"0449802\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-dc49898 elementor-widget elementor-widget-text-editor\" data-id=\"dc49898\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2705<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-3143c57\" data-id=\"3143c57\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ab53b18 elementor-widget elementor-widget-text-editor\" data-id=\"ab53b18\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2705 <span style=\"text-decoration: underline;\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-monitor\/logs\/basic-logs-query\" target=\"_blank\" rel=\"noopener\">Single table KQL<\/a><\/span>, which you can extend with data from an analytics table using <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/data-explorer\/kusto\/query\/lookup-operator\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">lookup<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-db5a780 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"db5a780\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-7109817\" data-id=\"7109817\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-70762b6 elementor-widget elementor-widget-text-editor\" data-id=\"70762b6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/restore\" target=\"_blank\" rel=\"noopener\">Restore<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-489654a\" data-id=\"489654a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a448154 elementor-widget elementor-widget-text-editor\" data-id=\"a448154\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2705<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-0cc90b8\" data-id=\"0cc90b8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0809dce elementor-widget elementor-widget-text-editor\" data-id=\"0809dce\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u274c<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c446e0e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c446e0e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-9f904ff\" data-id=\"9f904ff\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6b6dc50 elementor-widget elementor-widget-text-editor\" data-id=\"6b6dc50\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-monitor\/logs\/logs-data-export\" target=\"_blank\" rel=\"noopener\">Data export<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-ba5fb0f\" data-id=\"ba5fb0f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d722827 elementor-widget elementor-widget-text-editor\" data-id=\"d722827\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u2705<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-9c718f0\" data-id=\"9c718f0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-00390d2 elementor-widget elementor-widget-text-editor\" data-id=\"00390d2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u274c<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7a26f75 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7a26f75\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-eb5d0bd\" data-id=\"eb5d0bd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-dcda1e2 elementor-widget elementor-widget-text-editor\" data-id=\"dcda1e2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Retention period<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-c9b8883\" data-id=\"c9b8883\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3fe51c2 elementor-widget elementor-widget-text-editor\" data-id=\"3fe51c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>90 days for Microsoft Sentinel, 30 days for Microsoft Defender XDR.<br \/>Can be extended to <strong>up to two years<\/strong> at a prorated monthly long-term retention charge.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-d7553fe\" data-id=\"d7553fe\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a1f6873 elementor-widget elementor-widget-text-editor\" data-id=\"a1f6873\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Same as analytics retention, by default. Can be extended to <strong>up to 12 years<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-61169b4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"61169b4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0579a89\" data-id=\"0579a89\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f2fb481 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"f2fb481\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0403308 elementor-widget elementor-widget-heading\" data-id=\"0403308\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Access to Sentinel data lake<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-db5cdc7 elementor-widget elementor-widget-text-editor\" data-id=\"db5cdc7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>When you have passed the <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/quickstart-onboard?tabs=defender-portal#prerequisites\" target=\"_blank\" rel=\"noopener\"><strong><span style=\"text-decoration: underline;\">pre-requisites<\/span><\/strong><\/a> and the <a href=\"https:\/\/learn.microsoft.com\/fi-fi\/azure\/sentinel\/datalake\/sentinel-lake-onboarding#onboarding-steps\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\"><strong>onboarding<\/strong><\/span><\/a> you can see the portal access from Defender XDR portal menu:<\/p>\n<p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-92d9ce2 elementor-widget elementor-widget-image\" data-id=\"92d9ce2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/kql-queries-create-job.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"kql-queries-create-job\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjY3MCwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDhcL2txbC1xdWVyaWVzLWNyZWF0ZS1qb2IucG5nIn0%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"388\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/kql-queries-create-job.png?fit=640%2C388&amp;ssl=1\" class=\"attachment-large size-large wp-image-2670\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/kql-queries-create-job.png?w=1343&amp;ssl=1 1343w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/kql-queries-create-job.png?resize=300%2C182&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/kql-queries-create-job.png?resize=1024%2C621&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/kql-queries-create-job.png?resize=768%2C466&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/kql-queries-create-job.png?resize=850%2C516&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/kql-queries-create-job.png?w=1280&amp;ssl=1 1280w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">SOURCE:Defender portal  \/ MS Learn<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-794f683 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"794f683\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-9cb93f5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"9cb93f5\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0b14bf3\" data-id=\"0b14bf3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9c80a92 elementor-widget elementor-widget-heading\" data-id=\"9c80a92\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">KQL Jobs<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1cb5106 elementor-widget elementor-widget-text-editor\" data-id=\"1cb5106\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n<li>You can create a job to run a KQL query against the data in the data lake tier and promote the results to the analytics tier.<\/li>\n<li>You can create jobs to run on a schedule or one-time. When you create a job, you specify the destination workspace and table for the results. The results can be written to a new table or appended to an existing table in the analytics tier.<\/li>\n<li>You can create and manage jobs from the <strong>Jobs<\/strong> management page under <strong>Data lake exploration<\/strong> in the navigation panel. Use this page to create new jobs, view their status and details, and run, edit, delete, or disable jobs. For more information, see <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/datalake\/kql-manage-jobs\" data-linktype=\"relative-path\"><span style=\"text-decoration: underline;\">Manage KQL jobs<\/span><\/a>.<\/li>\n<\/ul>\n<p>There are <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/datalake\/kql-jobs#prerequisites\" target=\"_blank\" rel=\"noopener\" data-wplink-edit=\"true\"><span style=\"text-decoration: underline;\"><strong>pre-requisites<\/strong><\/span><\/a> for the KQL Jobs.<\/p>\n<p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6a9ae2a elementor-widget elementor-widget-image\" data-id=\"6a9ae2a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/review-job-details.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"review-job-details\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjY3MSwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDhcL3Jldmlldy1qb2ItZGV0YWlscy5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"456\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/review-job-details.png?fit=640%2C456&amp;ssl=1\" class=\"attachment-large size-large wp-image-2671\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/review-job-details.png?w=1287&amp;ssl=1 1287w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/review-job-details.png?resize=300%2C214&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/review-job-details.png?resize=1024%2C729&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/review-job-details.png?resize=768%2C547&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/review-job-details.png?resize=850%2C605&amp;ssl=1 850w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">SOURCE:Defender portal \/ MS Learn<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b33184d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b33184d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fc00ba0\" data-id=\"fc00ba0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f196350 elementor-widget elementor-widget-heading\" data-id=\"f196350\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Jupyter notebooks<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ef25488 elementor-widget elementor-widget-text-editor\" data-id=\"ef25488\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Jupyter notebooks in the Microsoft Sentinel data lake offer a powerful environment for data analysis and machine learning. Use Python libraries to build and run machine learning models, conduct advanced analytics, and visualize your data.<\/p>\n<p>The notebooks support rich visualizations, enabling you to gain insights from your security data. Schedule notebooks to summarize data regularly, run machine learning models, and promote data from the data lake tier to the analytics tier.<\/p>\n<p>The notebooks are provided by the Microsoft Sentinel <strong>Visual Studio Code extension<\/strong> (preview) that allows you to interact with the data lake using Python for Spark (PySpark).<\/p>\n<p>More info in <a href=\"https:\/\/learn.microsoft.com\/fi-fi\/azure\/sentinel\/datalake\/notebooks-overview\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">MS learn.<\/span><\/a><\/p>\n<p>To create <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/datalake\/notebooks#create-a-new-notebook\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Jupyter Notebook with VSCODE<\/span><\/a><span style=\"text-decoration: underline;\">.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-69ca359 elementor-widget elementor-widget-image\" data-id=\"69ca359\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/jyputernotebookvscode.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"jyputernotebookvscode\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjY3MiwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDhcL2p5cHV0ZXJub3RlYm9va3ZzY29kZS5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"521\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/jyputernotebookvscode.png?fit=640%2C521&amp;ssl=1\" class=\"attachment-large size-large wp-image-2672\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/jyputernotebookvscode.png?w=1834&amp;ssl=1 1834w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/jyputernotebookvscode.png?resize=300%2C244&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/jyputernotebookvscode.png?resize=1024%2C834&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/jyputernotebookvscode.png?resize=768%2C626&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/jyputernotebookvscode.png?resize=1536%2C1251&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/jyputernotebookvscode.png?resize=850%2C692&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/jyputernotebookvscode.png?w=1280&amp;ssl=1 1280w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">SOURCE: VS Code \/ MS Learn<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-29ef0f4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"29ef0f4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-58a8697\" data-id=\"58a8697\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c83f0fa elementor-widget elementor-widget-heading\" data-id=\"c83f0fa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Data lake exploration scenarios for notebooks<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-90fce30 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"90fce30\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-ea5f195\" data-id=\"ea5f195\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-27fac68 elementor-widget elementor-widget-text-editor\" data-id=\"27fac68\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Scenario<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-8c633b2\" data-id=\"8c633b2\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7a389d9 elementor-widget elementor-widget-text-editor\" data-id=\"7a389d9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Description<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-b6bbc99 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"b6bbc99\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-c46a9e0\" data-id=\"c46a9e0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c5bc500 elementor-widget elementor-widget-text-editor\" data-id=\"c5bc500\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>User behavior from failed sign ins<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-00bd2ae\" data-id=\"00bd2ae\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3e4c38d elementor-widget elementor-widget-text-editor\" data-id=\"3e4c38d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Establish a baseline of normal user behavior by analyzing patterns of failed sign in attempts. Investigate operations attempted before and after the failed logins to detect potential compromise or brute-force activity.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2e6e2f2 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2e6e2f2\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-5b4f978\" data-id=\"5b4f978\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bce39a2 elementor-widget elementor-widget-text-editor\" data-id=\"bce39a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Sensitive data paths<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-25c4f83\" data-id=\"25c4f83\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-901c6c3 elementor-widget elementor-widget-text-editor\" data-id=\"901c6c3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Identify users and devices that have access to sensitive data assets. Combine access logs with organizational context to assess risk exposure, map access paths, and prioritize areas for security review.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-026ce36 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"026ce36\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-bfd65a6\" data-id=\"bfd65a6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0d29f53 elementor-widget elementor-widget-text-editor\" data-id=\"0d29f53\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Anomaly threat analysis<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-04624ec\" data-id=\"04624ec\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-583b824 elementor-widget__width-initial elementor-widget elementor-widget-text-editor\" data-id=\"583b824\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Analyze threats by identifying deviations from established baselines, such as logins from unusual locations, devices, or times. Overlay user behavior with asset data to identify high-risk activity, including potential insider threats.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-c872349 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"c872349\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-8addf9a\" data-id=\"8addf9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-89609c0 elementor-widget elementor-widget-text-editor\" data-id=\"89609c0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Risk-scoring prioritization<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-2c71752\" data-id=\"2c71752\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-bd43758 elementor-widget elementor-widget-text-editor\" data-id=\"bd43758\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Apply custom risk scoring models to security events in the data lake. Enrich events with contextual signals such as asset criticality and user role to quantify risk, assess blast radius, and prioritize incidents for investigation.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-77e8532 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"77e8532\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-4906d8d\" data-id=\"4906d8d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-c8e76b3 elementor-widget elementor-widget-text-editor\" data-id=\"c8e76b3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Exploratory analysis and visualization<\/strong><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-147c38b\" data-id=\"147c38b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b50b3f9 elementor-widget elementor-widget-text-editor\" data-id=\"b50b3f9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Perform exploratory data analysis across multiple log sources to reconstruct attack timelines, determine root causes, and build custom visualizations that help communicate findings to stakeholders.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-66abb47 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"66abb47\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9d185c3\" data-id=\"9d185c3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f3a0173 elementor-widget elementor-widget-heading\" data-id=\"f3a0173\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Microsoft Sentinel extension setup for VS Code<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6c107e2 elementor-widget elementor-widget-image\" data-id=\"6c107e2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/vscode_sentinel_extension.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"vscode_sentinel_extension\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjY1MywidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDhcL3ZzY29kZV9zZW50aW5lbF9leHRlbnNpb24ucG5nIn0%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"409\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/vscode_sentinel_extension.png?fit=640%2C409&amp;ssl=1\" class=\"attachment-large size-large wp-image-2653\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/vscode_sentinel_extension.png?w=1801&amp;ssl=1 1801w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/vscode_sentinel_extension.png?resize=300%2C192&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/vscode_sentinel_extension.png?resize=1024%2C654&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/vscode_sentinel_extension.png?resize=768%2C490&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/vscode_sentinel_extension.png?resize=1536%2C981&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/vscode_sentinel_extension.png?resize=850%2C543&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/vscode_sentinel_extension.png?w=1280&amp;ssl=1 1280w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">VS Code extension installation<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-84ca903 elementor-widget elementor-widget-text-editor\" data-id=\"84ca903\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>Read more of the setup:<\/strong><\/p>\n<p><a href=\"https:\/\/learn.microsoft.com\/fi-fi\/azure\/sentinel\/datalake\/notebooks#install-visual-studio-code-and-the-microsoft-sentinel-extension\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Running notebooks on the Microsoft Sentinel data lake (preview) &#8211; Microsoft Security | Microsoft Learn<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-05c5e3d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"05c5e3d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-77e0ae5\" data-id=\"77e0ae5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-842bb8e elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"842bb8e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-394d94d elementor-widget elementor-widget-heading\" data-id=\"394d94d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">(Preview) Pricing<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-bfadb9a elementor-widget elementor-widget-text-editor\" data-id=\"bfadb9a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>NOTE <\/strong>The <strong>preview<\/strong> pricing below is provided in <strong>USD<\/strong> for reference only, based on pricing in the <strong>East US region<\/strong> and does not include taxes or currency adjustments.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d969dce elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d969dce\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-c357c96\" data-id=\"c357c96\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-aeca2f6 elementor-widget elementor-widget-heading\" data-id=\"aeca2f6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"elementor-heading-title elementor-size-default\">SKU<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d6d56b6 elementor-widget elementor-widget-text-editor\" data-id=\"d6d56b6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Data lake ingestion<\/p><p>Data processing<\/p><p>Data lake storage<\/p><p>Data lake query<\/p><p>Advanced data insights<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-a2cc828\" data-id=\"a2cc828\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-07abc76 elementor-widget elementor-widget-heading\" data-id=\"07abc76\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"elementor-heading-title elementor-size-default\">Meter type<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-748393f elementor-widget elementor-widget-text-editor\" data-id=\"748393f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Data Processed (GB)<\/p><p>Data Processed (GB)<\/p><p>Data Stored (GB\/Month)<\/p><p>Data Analyzed (GB)<\/p><p>1 Compute Hour<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-93c75d5\" data-id=\"93c75d5\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-aa25eca elementor-widget elementor-widget-heading\" data-id=\"aa25eca\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<p class=\"elementor-heading-title elementor-size-default\">Price<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-79fa6e1 elementor-widget elementor-widget-text-editor\" data-id=\"79fa6e1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>$0.05<\/p><p>$0.10<\/p><p>$0.026<\/p><p>$0.005<\/p><p>$0.15<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-266769b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"266769b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3629ebf\" data-id=\"3629ebf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3e0399d elementor-widget elementor-widget-text-editor\" data-id=\"3e0399d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Starting August 4, 2025, refer to the <span style=\"text-decoration: underline;\"><a class=\"lia-external-url\" href=\"https:\/\/azure.microsoft.com\/pricing\/details\/microsoft-sentinel\/\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Sentinel pricing page<\/a><\/span>\u00a0for current pricing within your relevant region.<\/p>\n<p><strong>NOTE<\/strong><\/p>\n<p><span style=\"text-decoration: underline;\">Prices are estimates only and are not intended as actual price quotes<\/span>. Actual pricing may vary depending on the type of <span style=\"text-decoration: underline;\">agreement entered with Microsoft, date of purchase, the currency exchange rate and taxes which may be applicable<\/span>.<\/p>\n<p>During preview, the data lake tier <strong>includes 30 days of free storage<\/strong>. Data processing in the data lake is also available at no cost during this time. For more information on these meters, see <a class=\"lia-external-url\" href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/billing?tabs=simplified%2Ccommitment-tiers#data-lake-tier\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"text-decoration: underline;\">Data lake tie<\/span>r<\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-243e208 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"243e208\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e7b0458 elementor-widget elementor-widget-heading\" data-id=\"e7b0458\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Preview limitations<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-838b8ac elementor-widget elementor-widget-text-editor\" data-id=\"838b8ac\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Public preview has limitations:<\/p>\n<ul>\n<li>\n<p>Microsoft Sentinel tables with the Basic plan can only be managed from the Log Analytics workspace. For more information, see <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-monitor\/logs\/manage-logs-tables\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\"><span style=\"text-decoration: underline;\">Manage tables in a Log Analytics workspace<\/span><\/a>.<\/p>\n<p>To manage retention and tiering from the Microsoft Defender portal, change the table plan to analytics from the Log Analytics workspace.<\/p>\n<\/li>\n<li>\n<p>Some Microsoft Defender XDR tables can only be viewed in the Microsoft Defender portal. Currently, the Microsoft Defender portal supports managing these Microsoft Defender XDR tables:<\/p>\n<ul>\n<li>AlertEvidence<\/li>\n<li>AlertInfo<\/li>\n<li>CampaignInfo<\/li>\n<li>CloudAppEvents<\/li>\n<li>DeviceEvents<\/li>\n<li>DeviceFileCertificateInfo<\/li>\n<li>DeviceFileEvents<\/li>\n<li>DeviceImageLoadEvents<\/li>\n<li>DeviceInfo<\/li>\n<li>DeviceLogonEvents<\/li>\n<li>DeviceNetworkEvents<\/li>\n<li>DeviceNetworkInfo<\/li>\n<li>DeviceProcessEvents<\/li>\n<li>DeviceRegistryEvents<\/li>\n<li>EmailAttachmentInfo<\/li>\n<li>EmailEvents<\/li>\n<li>EmailPostDeliveryEvents<\/li>\n<li>EmailUrlInfo<\/li>\n<li>FileMaliciousContentInfo<\/li>\n<li>IdentityDirectoryEvents<\/li>\n<li>IdentityLogonEvents<\/li>\n<li>IdentityQueryEvents<\/li>\n<li>SecurityAlert<\/li>\n<li>SecurityIncident<\/li>\n<li>UrlClickEvents<\/li>\n<\/ul>\n<\/li>\n<\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d1436e2 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"d1436e2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5bab61e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5bab61e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-65cc744\" data-id=\"65cc744\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2bfd7c7 elementor-widget elementor-widget-heading\" data-id=\"2bfd7c7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Public resources<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d818706 elementor-widget elementor-widget-text-editor\" data-id=\"d818706\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>There are some public resources available:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-8a58b18 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8a58b18\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-d618d14\" data-id=\"d618d14\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4aa652a elementor-widget elementor-widget-text-editor\" data-id=\"4aa652a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>News:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-2a46a38\" data-id=\"2a46a38\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4ce898e elementor-widget elementor-widget-text-editor\" data-id=\"4ce898e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.microsoft.com\/security\/blog\/2025\/07\/22\/microsoft-sentinel-data-lake-unify-signals-cut-costs-and-power-agentic-ai\/\" target=\"_blank\" rel=\"noopener\">Blog<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-02efb51 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"02efb51\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-a7709cd\" data-id=\"a7709cd\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0c155e1 elementor-widget elementor-widget-text-editor\" data-id=\"0c155e1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Azure security podcast:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-5e4f160\" data-id=\"5e4f160\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3d0e732 elementor-widget elementor-widget-text-editor\" data-id=\"3d0e732\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><a href=\"https:\/\/rss.com\/podcasts\/azsecpodcast\/2145941\/\" target=\"_blank\" rel=\"noopener\">Link<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-78b53db elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"78b53db\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-e4a26f8\" data-id=\"e4a26f8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-284f3e7 elementor-widget elementor-widget-text-editor\" data-id=\"284f3e7\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Blog:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-8319c1f\" data-id=\"8319c1f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2256cbc elementor-widget elementor-widget-text-editor\" data-id=\"2256cbc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoft-security-blog\/introducing-microsoft-sentinel-data-lake\/4434280\" target=\"_blank\" rel=\"noopener\">Tech community blog<\/a><\/span><\/p><p><a href=\"https:\/\/techcommunity.microsoft.com\/blog\/microsoft-security-blog\/microsoft-sentinel%E2%80%99s-new-data-lake-cut-costs--boost-threat-detection\/4445281\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Cut costs &amp; boost threat detection<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-67f5187 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"67f5187\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-f396a3c\" data-id=\"f396a3c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-327789c elementor-widget elementor-widget-text-editor\" data-id=\"327789c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Pricing blog:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-d9600be\" data-id=\"d9600be\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-138451f elementor-widget elementor-widget-text-editor\" data-id=\"138451f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/pricing\/microsoft-sentinel\/\" target=\"_blank\" rel=\"noopener\">Pricing<\/a><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-122fee4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"122fee4\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-7b1e9d0\" data-id=\"7b1e9d0\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-4950ff4 elementor-widget elementor-widget-text-editor\" data-id=\"4950ff4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Sentinel in MS learn<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-56fa3f3\" data-id=\"56fa3f3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-7b2a23b elementor-widget elementor-widget-text-editor\" data-id=\"7b2a23b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/overview?tabs=defender-portal\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Link<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-1ecadbb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1ecadbb\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-32a35b8\" data-id=\"32a35b8\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f7bedf4 elementor-widget elementor-widget-text-editor\" data-id=\"f7bedf4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Sentinel data lake in MS learn<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-1235ab1\" data-id=\"1235ab1\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-af0d89a elementor-widget elementor-widget-text-editor\" data-id=\"af0d89a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/sentinel\/datalake\/sentinel-lake-overview\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Link<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-inner-section elementor-element elementor-element-899850a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"899850a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-b0d9c9a\" data-id=\"b0d9c9a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-78500d8 elementor-widget elementor-widget-text-editor\" data-id=\"78500d8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"item-current item-8421\"><span class=\"bread-current bread-8421\" title=\"Microsoft Sentinel Data Lake: How to use\/enable and set-up the unified datalake\">How to use\/enable and set-up the unified datalake<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-a0458be\" data-id=\"a0458be\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1df445c elementor-widget elementor-widget-text-editor\" data-id=\"1df445c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/jeffreyappel.nl\/microsoft-sentinel-data-lake-how-to-use-enable-and-set-up-the-unified-datalake\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Jeffrey Appel&#8217;s blog about the setup<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<div class=\"elementor-element elementor-element-5665e54 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"5665e54\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7d48fb2b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7d48fb2b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-71405393\" data-id=\"71405393\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-617078c elementor-widget elementor-widget-author-box\" data-id=\"617078c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"author-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-author-box\">\n\t\t\t\t\t\t\t<div  class=\"elementor-author-box__avatar\">\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/07\/jussi_06_2024.jpg?fit=262%2C300&#038;ssl=1\" alt=\"Picture of Jussi Metso\" loading=\"lazy\">\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t<div class=\"elementor-author-box__text\">\n\t\t\t\t\t\t\t\t\t<div >\n\t\t\t\t\t\t<h6 class=\"elementor-author-box__name\">\n\t\t\t\t\t\t\tJussi Metso\t\t\t\t\t\t<\/h6>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-author-box__bio\">\n\t\t\t\t\t\t<p>Author is a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. <\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>&#8220;a cloud-native security data platform that centralizes logs and telemetry from across your environment into a scalable, cost-efficient data lake&#8221;<\/p>\n","protected":false},"author":1,"featured_media":2682,"comment_status":"open","ping_status":"open","sticky":false,"template":"elementor_theme","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"What is Microsoft Sentinel data lake","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[10],"tags":[42,41,43],"class_list":["post-2614","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sentinel","tag-sentinel","tag-siem","tag-soc"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/08\/cartoon_data_lake.png?fit=1536%2C1024&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/pes24X-Ga","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/2614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/comments?post=2614"}],"version-history":[{"count":57,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/2614\/revisions"}],"predecessor-version":[{"id":2737,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/2614\/revisions\/2737"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media\/2682"}],"wp:attachment":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media?parent=2614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/categories?post=2614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/tags?post=2614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}