Skip to content

Commit 4aade43

Browse files
committed
Links
1 parent 039ab7d commit 4aade43

File tree

2 files changed

+6
-5
lines changed

2 files changed

+6
-5
lines changed

articles/sentinel/basic-logs-use-cases.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,5 +64,6 @@ A new and growing source of log data is Internet of Things (IoT)-connected devic
6464

6565
## Next steps
6666

67-
- [Set a table's log data plan in Azure Monitor Logs](../azure-monitor/logs/basic-logs-configure.md)
67+
- [Select a table plan based on data usage in a Log Analytics workspace](../azure-monitor/logs/logs-table-plans.md)
68+
- [Manage data retention in a Log Analytics workspace](../azure-monitor/logs/data-retention-configure.md)
6869
- [Start an investigation by searching for events in large datasets (preview)](investigate-large-datasets.md)

articles/sentinel/log-plans.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ Logs containing primary security data should be stored using the [**Analytics lo
5252

5353
### Secondary security data
5454

55-
This category encompasses logs that have limited individual security value but are essential for providing a comprehensive view of a security incident or breach. Typically, these logs are high-volume and can be verbose. The security operations use cases for this data include the following:
55+
This category encompasses logs whose individual security value is limited but are essential for providing a comprehensive view of a security incident or breach. Typically, these logs are high-volume and can be verbose. The security operations use cases for this data include the following:
5656

5757
- **Threat intelligence**. Primary data can be checked against lists of Indicators of Compromise (IoC) or Indicators of Attack (IoA) to quickly and easily detect threats.
5858

@@ -62,7 +62,7 @@ This category encompasses logs that have limited individual security value but a
6262

6363
- **Summarization via summary rules**. Summarize high-volume logs into aggregate information and store the results as primary security data. To learn more about summary rules, see [Aggregate Microsoft Sentinel data with summary rules](../azure-monitor/logs/summary-rules.md).
6464

65-
Some examples of secondary data log sources are cloud storage access logs, NetFlow logs, TLS/SSL certificate logs, firewall logs, proxy logs, and IoT logs. To learn more about how each of these sources bring value to security detections without being needed all the time, see [Log sources to use for Auxiliary Logs ingestion](basic-logs-use-cases.md).
65+
Some examples of secondary data log sources are cloud storage access logs, NetFlow logs, TLS/SSL certificate logs, firewall logs, proxy logs, and IoT logs. To learn more about how each of these sources brings value to security detections without being needed all the time, see [Log sources to use for Auxiliary Logs ingestion](basic-logs-use-cases.md).
6666

6767
Logs containing secondary security data should be stored using the [**Auxiliary logs**](#auxiliary-logs-plan) plan.
6868

@@ -99,11 +99,11 @@ When the interactive retention period ends, data goes into the **long-term reten
9999

100100
The following diagram summarizes and compares these two log management plans.
101101

102-
:::image type="content" border=false source="media/log-plans/analytics-auxiliary-log-plans.png" alt-text="Diagram of available log plans in Microsoft Sentinel.":::
102+
:::image type="content" border="false" source="media/log-plans/analytics-auxiliary-log-plans.png" alt-text="Diagram of available log plans in Microsoft Sentinel.":::
103103

104104
### Basic logs plan
105105

106-
There is a third plan, known as **Basic logs**, that provides similar functionality to the auxiliary logs plan, but at a higher interactive retention cost (though not as high as the analytics logs plan). While the auxiliary logs plan remains in preview, basic logs can be an option for long-term, low-cost retention if your organization doesn't use preview features. To learn more about the basic logs plan, see [Table plans](../azure-monitor/logs/data-platform-logs.md#table-plans) in the Azure Monitor documentation.
106+
A third plan, known as **Basic logs**, provides similar functionality to the auxiliary logs plan, but at a higher interactive retention cost (though not as high as the analytics logs plan). While the auxiliary logs plan remains in preview, basic logs can be an option for long-term, low-cost retention if your organization doesn't use preview features. To learn more about the basic logs plan, see [Table plans](../azure-monitor/logs/data-platform-logs.md#table-plans) in the Azure Monitor documentation.
107107

108108
## Related content
109109

0 commit comments

Comments
 (0)