Ive continuously been asked about a Sentinel data lake option (Microsoft’s SIEM). Well, its available public preview soon to be publicly available. Those details can be found HERE.
Here is the pitch from this post
With security log volumes growing fast, teams are forced into making painful tradeoffs: reduce logging by risking blind spots, shorten retention by compromising forensic depth, or absorb unsustainable costs when aiming to manage all their security data within a SIEM. This is the paradox of modern security: the more data you have, the harder it becomes to use it effectively. And without unified, long-term visibility, even the most advanced AI models can’t deliver to their full potential. Siloed data means missed cyberthreats, delayed investigations, and underutilized tools.
Microsoft Sentinel data lake was purpose-built to solve this challenge and provides the foundation for agentic defense. It brings together all your security data, from Microsoft and third-party sources, into a single, cost-effective data lake, with more than 350 native connectors. With data retention priced at less than 15% of traditional analytics logs, it enables seamless enrichment with threat intelligence and AI-powered detection across your entire environment. This isn’t just a new product, it’s a new architecture for security operations—one that empowers security teams to hunt cyberthreats across months or years, reconstruct incidents with precision, and unlock the full value of AI.