Skip to content

Commit 05da262

Browse files
committed
Removed references to Preview
1 parent ae31534 commit 05da262

File tree

5 files changed

+8
-28
lines changed

5 files changed

+8
-28
lines changed

articles/sentinel/basic-logs-use-cases.md

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,7 @@ ms.collection: usx-security
1818

1919
This article highlights log sources to consider configuring as Auxiliary Logs (or Basic Logs) when they're stored in Log Analytics tables. Before choosing a log type for which to configure a given table, do the research to see which is most appropriate. For more information about data categories and log data plans, see [Log retention plans in Microsoft Sentinel](log-plans.md).
2020

21-
> [!IMPORTANT]
22-
>
23-
> The **Auxiliary Logs** log type is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
24-
>
25-
> [!INCLUDE [unified-soc-preview](includes/unified-soc-preview-without-alert.md)]
21+
[!INCLUDE [unified-soc-preview](includes/unified-soc-preview.md)]
2622

2723
## Storage access logs for cloud providers
2824

@@ -69,6 +65,6 @@ A new and growing source of log data is Internet of Things (IoT)-connected devic
6965
## Next steps
7066

7167
- [Select a table plan based on data usage in a Log Analytics workspace](/azure/azure-monitor/logs/logs-table-plans)
72-
- [Set up a table with the Auxiliary plan in your Log Analytics workspace (Preview)](/azure/azure-monitor/logs/create-custom-table-auxiliary)
68+
- [Set up a table with the Auxiliary plan in your Log Analytics workspace](/azure/azure-monitor/logs/create-custom-table-auxiliary)
7369
- [Manage data retention in a Log Analytics workspace](/azure/azure-monitor/logs/data-retention-configure)
7470
- [Start an investigation by searching for events in large datasets (preview)](investigate-large-datasets.md)

articles/sentinel/billing-reduce-costs.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@ When hunting or investigating threats in Microsoft Sentinel, you might need to a
5353

5454
## Select low-cost log types for high-volume, low-value data
5555

56-
While standard analytics logs are most appropriate for continuous, real-time threat detection, two other log types—[basic logs and auxiliary logs](/azure/azure-monitor/logs/basic-logs-configure)—are more suited for ad-hoc querying and search of verbose, high-volume, low-value logs that aren't frequently needed or accessed on demand. Enable basic log data ingestion at a significantly reduced cost, or auxiliary log data ingestion (now in Preview) at an even lower cost, for eligible data tables. For more information, see [Microsoft Sentinel Pricing](https://azure.microsoft.com/pricing/details/microsoft-sentinel/).
56+
While standard analytics logs are most appropriate for continuous, real-time threat detection, two other log types—[basic logs and auxiliary logs](/azure/azure-monitor/logs/basic-logs-configure)—are more suited for ad-hoc querying and search of verbose, high-volume, low-value logs that aren't frequently needed or accessed on demand. Enable basic log data ingestion at a significantly reduced cost, or auxiliary log data ingestion at an even lower cost, for eligible data tables. For more information, see [Microsoft Sentinel Pricing](https://azure.microsoft.com/pricing/details/microsoft-sentinel/).
5757

5858
- [Log retention plans in Microsoft Sentinel](log-plans.md)
5959
- [Log sources to use for Auxiliary Logs ingestion](basic-logs-use-cases.md)
@@ -88,7 +88,7 @@ Microsoft Sentinel security data might lose some of its value after a few months
8888

8989
To help you reduce Microsoft Sentinel data retention costs, Azure Monitor now offers long-term retention. Data that ages out of its interactive retention state can still be retained for up to twelve years, at a much-reduced cost, and with limitations on its usage. For more information, see [Manage data retention in a Log Analytics workspace](/azure/azure-monitor/logs/data-retention-configure).
9090

91-
You can reduce costs even further by enrolling tables that contain secondary security data in the **Auxiliary logs** plan (now in Preview). This plan allows you to store high-volume, low-value logs at a low price, with a lower-cost 30-day interactive retention period at the beginning to allow for summarization and basic querying. To learn more about the Auxiliary logs plan and other plans, see [Log retention plans in Microsoft Sentinel](log-plans.md). While the auxiliary logs plan remains in Preview, you also have the option of enrolling these tables in the **Basic logs** plan. Basic logs offers similar functionality to auxiliary logs, but with less of a cost savings.
91+
You can reduce costs even further by enrolling tables that contain secondary security data in the **Auxiliary logs** plan. This plan allows you to store high-volume, low-value logs at a low price, with a lower-cost 30-day interactive retention period at the beginning to allow for summarization and basic querying. To learn more about the Auxiliary logs plan and other plans, see [Log retention plans in Microsoft Sentinel](log-plans.md). While the auxiliary logs plan remains in Preview, you also have the option of enrolling these tables in the **Basic logs** plan. Basic logs offers similar functionality to auxiliary logs, but with less of a cost savings.
9292

9393
## Use data collection rules for your Windows Security Events
9494

articles/sentinel/billing.md

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -90,10 +90,6 @@ These two log types are best suited for use in playbook automation, ad-hoc query
9090

9191
To learn more about the difference between **interactive retention** and **long-term retention** (formerly known as archive), see [Manage data retention in a Log Analytics workspace](/azure/azure-monitor/logs/data-retention-archive).
9292

93-
> [!IMPORTANT]
94-
>
95-
> The **Auxiliary Logs** log type is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
96-
9793
### Simplified pricing tiers
9894

9995
Simplified pricing tiers combine the data analysis costs for Microsoft Sentinel and ingestion storage costs of Log Analytics into a single pricing tier. The following screenshot shows the simplified pricing tier that all new workspaces use.

articles/sentinel/log-plans.md

Lines changed: 3 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,7 @@ These competing needs require a log management strategy that balances data acces
1818

1919
This article discusses categories of data and the retention states used to store and access your data. It also describes the log plans Microsoft Sentinel offers you to build a log management and retention strategy.
2020

21-
> [!IMPORTANT]
22-
>
23-
> The **Auxiliary Logs** log type is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
24-
>
25-
> [!INCLUDE [unified-soc-preview](includes/unified-soc-preview-without-alert.md)]
21+
[!INCLUDE [unified-soc-preview](includes/unified-soc-preview.md)]
2622

2723
## Categories of ingested data
2824

@@ -64,9 +60,7 @@ This category encompasses logs whose individual security value is limited but ar
6460

6561
Some examples of secondary data log sources are cloud storage access logs, NetFlow logs, TLS/SSL certificate logs, firewall logs, proxy logs, and IoT logs. To learn more about how each of these sources brings value to security detections without being needed all the time, see [Log sources to use for Auxiliary Logs ingestion](basic-logs-use-cases.md).
6662

67-
Logs containing secondary security data should be stored using the [**Auxiliary logs**](#auxiliary-logs-plan) plan (now in Preview) described later in this article.
68-
69-
For a non-preview option, you can use [**Basic logs**](#basic-logs-plan) instead.
63+
Logs containing secondary security data should be stored using the [**Auxiliary logs**](#auxiliary-logs-plan) plan described later in this article.
7064

7165
## Log management plans
7266

@@ -76,8 +70,6 @@ Microsoft Sentinel provides two different log storage plans, or types, to accomm
7670

7771
- The [**Auxiliary logs**](#auxiliary-logs-plan) plan is designed to store secondary security data at very low cost for long periods of time, while still allowing for limited accessibility.
7872

79-
- A third plan, [**Basic logs**](#basic-logs-plan), is the predecessor of the auxiliary logs plan, and can be used as a substitute for it while the auxiliary logs plan remains in preview.
80-
8173
**Each of these plans preserves data in two different states:**
8274

8375
- The **interactive retention** state is the initial state into which the data is ingested. This state allows different levels of access to the data, depending on the plan, and costs for this state vary widely, depending on the plan.
@@ -102,14 +94,10 @@ The **Auxiliary logs** plan keeps data in the **interactive retention** state fo
10294

10395
When the interactive retention period ends, data goes into the **long-term retention** state, remaining in its original table. Long-term retention in the auxiliary logs plan is similar to long-term retention in the analytics logs plan, except that the only option to access the data is with a [**search job**](investigate-large-datasets.md). [Restore](restore.md) is not supported for the auxiliary logs plan.
10496

105-
### Basic logs plan
106-
107-
A third plan, known as **Basic logs**, provides similar functionality to the auxiliary logs plan, but at a higher interactive retention cost (though not as high as the analytics logs plan). While the auxiliary logs plan remains in preview, basic logs can be an option for long-term, low-cost retention if your organization doesn't use preview features. To learn more about the basic logs plan, see [Table plans](/azure/azure-monitor/logs/data-platform-logs#table-plans) in the Azure Monitor documentation.
108-
10997
## Related content
11098

11199
- For a more in-depth comparison of log data plans, and more general information about log types, see [Azure Monitor Logs overview | Table plans](/azure/azure-monitor/logs/data-platform-logs#table-plans).
112100

113-
- To set up a table in the Auxiliary logs plan, see [Set up a table with the Auxiliary plan in your Log Analytics workspace (Preview)](/azure/azure-monitor/logs/create-custom-table-auxiliary).
101+
- To set up a table in the Auxiliary logs plan, see [Set up a table with the Auxiliary plan in your Log Analytics workspace](/azure/azure-monitor/logs/create-custom-table-auxiliary).
114102

115103
- To understand more about retention periods—which exist across plans—see [Manage data retention in a Log Analytics workspace](/azure/azure-monitor/logs/data-retention-configure).

articles/sentinel/soc-optimization/soc-optimization-reference.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ The following table lists the available types of data value SOC optimization rec
4343

4444
| Type of observation | Action |
4545
|---------|---------|
46-
| The table wasn’t used by analytics rules or detections in the last 30 days but was used by other sources, such as workbooks, log queries, hunting queries. | Turn on analytics rule templates <br>OR<br>Move to [auxiliary logs (Preview) or basic logs](../billing.md#auxiliary-logs-and-basic-logs) if the table is eligible. |
46+
| The table wasn’t used by analytics rules or detections in the last 30 days but was used by other sources, such as workbooks, log queries, hunting queries. | Turn on analytics rule templates <br>OR<br>Move to [auxiliary logs or basic logs](../billing.md#auxiliary-logs-and-basic-logs) if the table is eligible. |
4747
| The table wasn’t used at all in the last 30 days. | Turn on analytics rule templates <br>OR<br> Stop data ingestion and remove the table or move the table to long term retention. |
4848
| The table was only used by Azure Monitor. | Turn on any relevant analytics rule templates for tables with security value <br>OR<br>Move to a non-security Log Analytics workspace. |
4949

0 commit comments

Comments
 (0)