Hey everyone! I'm curious if any of you have used a third party to manage your SOC and SIEM while utilizing Azure Sentinel as your SIEM solution. Since we're heavily invested in Microsoft E5 and benefit from some discounts, it might be more cost-effective for us to host the SIEM ourselves but have someone else manage it. However, I'm a bit lost on how Sentinel's pricing works, especially when combining it with a third-party service. How does the billing work in these scenarios? Do you typically cover the full costs for hosting the SIEM yourself? Any insights would be appreciated!
4 Answers
We’ve encountered similar issues with Azure Sentinel. The pricing model is based on data ingestion, which can make budgeting a nightmare since costs can just keep climbing. Some managed service providers propose a flat monthly fee, but that usually means they’ve built in a significant margin to cover fluctuating costs over time.
Oh man, the SOC-SIEM saga! Azure Sentinel—it's either a blessing or a huge headache! There are mixed feelings out there, but some folks really do love it.
We outsourced our services to Cybriant, and so far, we're really pleased with how they manage everything.
I’m currently in a similar setup and yes, we do handle the costs for ingestion, queries, and storage for Sentinel. It’s been a challenging experience initially, but we’ve learned to be more strategic about data usage. There are a lot of resources out there on this topic. Check out some posts in relevant forums for tips on optimizing costs without sacrificing security.
Glad to hear you’re satisfied with them! I’ll definitely look into it.