Azure Sentinel News
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Security Operations

What’s new: Dedicated clusters for Azure Sentinel

Azure Sentinel News Editor by Azure Sentinel News Editor
March 26, 2021
in Security Operations
0
Microsoft suspends 18 Azure accounts tied to China-based hackers
5.3kViews
816 Shares Share on Facebook Share on Twitter

If you ingest over 1Tb per day into your Azure Sentinel workspace and/or have multiple Azure Sentinel workspaces in your Azure enrolment, you may want to consider migrating to a dedicated cluster, a recent addition to the deployment options for Azure Sentinel.

NOTE: Although this blog refers to a “dedicated cluster for Azure Sentinel”, the dedicated cluster being referred to is for Log Analytics, the underlying data store for Azure Sentinel. You may find that linked official documents refer to Azure Monitor; Log Analytics is part of the wider Azure Monitor platform.

Overview

A dedicated cluster in Azure Sentinel does exactly what it says: you are given dedicated hardware in an Azure data center to run your Azure Sentinel instance. This enables several scenarios:

  • Customer-managed Keys – Encrypt the cluster data using keys that are provided and controlled by the customer.
  • Lockbox – Customers can control Microsoft support engineers access requests for data.
  • Double encryption protects against a scenario where one of the encryption algorithms or keys may be compromised. In this case, the additional layer of encryption continues to protect your data.

Additionally, multiple Azure Sentinel workspaces can be added to a dedicated cluster. There are several advantages to using a dedicated cluster from a Sentinel perspective:

  • Cross-workspace queries will run faster if all the workspaces involved in the query are added to the dedicated cluster. NB: It is still recommended to have as few workspaces as possible in your environment. A dedicated cluster still retains the limit of 100 workspaces that can be included in a single cross-workspace query. 
  • All workspaces on the dedicated cluster share the Log Analytics capacity reservation set on the cluster (not the Sentinel capacity reservation), rather than having to have one Log Analytics capacity reservation per workspace which can allow for cost savings and efficiencies. NB: By enabling a dedicated cluster you commit to a minimum capacity reservation in Log Analytics of 1Tb per day ingestion.

Considering migrating to a dedicated cluster?

There are some considerations and limitations for using dedicated clusters:

  • The max number of clusters per region and subscription is 2.
  • All workspaces linked to a cluster must be in the same region.
  • The maximum of linked workspaces to cluster is 1000.
  • You can link a workspace to your cluster and then unlink it. The number of workspace link operations on particular workspace is limited to 2 in a period of 30 days.
  • You cannot move an existing workspace to a CMK cluster. You need to create it in the cluster.
  • Cluster move to another resource group or subscription isn’t supported at the time of writing this article.
  • Workspace link to cluster will fail if it is linked to another cluster.

The great news is that you can retrospectively migrate to a dedicated cluster, so if this feature looks like it would be useful to your organization, you can find more information and migration steps here. 

Source : https://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-dedicated-clusters-for-azure-sentinel/ba-p/2072539

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

Microsoft is quietly becoming a cybersecurity powerhouse
Security Operations

Experience Azure Sentinel with Our New Interactive Learn Guide

April 16, 2021
Microsoft Acquires CyberX to Improve Azure IoT Security
Security Operations

Omdia Research Spotlight: XDR

April 14, 2021
Microsoft announces security, identity, management, and compliance updates across Azure and Office
Security Operations

Worth knowing: Multiple Execution Failures Force Azure Sentinel Analytics Rules to Auto-disable

April 13, 2021
Next Post
Cloud-based Supercomputer Accelerates COVID-19 Drug Discovery

What’s new: Alert Enrichment – Custom Details and Entity Mapping

Microsoft commercial cloud revenue up 30%, bigger than Google and IBM combined

Visibility of Azure key vault activity in Sentinel Azure Key Vault Workbook

Microsoft and Docker collaborate on new ways to deploy containers on Azure

Whats new: Azure Sentinel and Microsoft 365 Defender incident integration

Follow Us

  • 22M Fans
  • 85 Followers

Recommended

Quzara Cybertorch™ Adds Enhanced Security Operations Capabilities Through Azure Sentinel for the Microsoft Cloud

Quzara Cybertorch™ Adds Enhanced Security Operations Capabilities Through Azure Sentinel for the Microsoft Cloud

5 months ago
Microsoft improves Azure’s security to protect your business

Azure Sentinel Community – the Shortlinks

4 months ago
Enriching Windows Security Events with Parameterized Function

Monitoring Azure Kubernetes Service (AKS) with Azure Sentinel

5 months ago
Vectra AI and Microsoft partner on security integration

How to Automate the Backup of Azure Sentinel Tables to Long-term Storage Using Cloud Shell

4 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

Topics

analytics anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Data Connectors Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks
No Result
View All Result

Highlights

Experience Azure Sentinel with Our New Interactive Learn Guide

How to Use Microsoft Teams as a Frontend to Azure Sentinel

3 basic cybersecurity measures to protect MSP businesses

Microsoft buying speech recognition firm Nuance in $16 billion deal

Omdia Research Spotlight: XDR

Google Releases Monitoring Query Language for Cloud Monitoring into General Availability

Trending

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
SENTINEL

Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure

by Azure Sentinel News Editor
April 19, 2021
0

By  tanmay and Azure Sentinel News Covid-19 Impact On Global Stream Analytics Software Market Size, Status And...

Microsoft Acquires CyberX to Improve Azure IoT Security

Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks

April 16, 2021

Detecting the “Next” SolarWinds-Style Cyber Attack

April 16, 2021
Microsoft is quietly becoming a cybersecurity powerhouse

Experience Azure Sentinel with Our New Interactive Learn Guide

April 16, 2021
Vectra AI and Microsoft partner on security integration

How to Use Microsoft Teams as a Frontend to Azure Sentinel

April 16, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure April 19, 2021
  • Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks April 16, 2021
  • Detecting the “Next” SolarWinds-Style Cyber Attack April 16, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News