Compliance: Cost-effective Microsoft Sentinel log storage with LogLocker

If your business wants more from your Microsoft Sentinel investment, you may find that traditional compliance tools lack legal defence details, struggle with the surge in log data, and don’t offer cost-effective, long-term preservation. LogLocker allows you to easily rationalise your Microsoft Sentinel logs and store them for longer, for less. This enhances Sentinel, transforming it into a crucial component for compliance, just like it is for security.
Alex Cawthorne
Alex Cawthorne
Read more

Never has it been more important to retain necessary log data whilst reducing cost and storage complexity. And, if you retain logs for long periods its also essential data lineage is preserved to ensure legal defensibility. LogLocker solves these compliance challenges, and more, by providing a robust log management platform ready for the data and AI economy.

The business case for LogLocker

Reduce costs. LogLocker is a cost-effective alternative to Log Analytics and Azure Data Explorer archiving.

Minimise data.  Only archive and retain the specific logs you need for business requirements and compliance.

Preserve logs. Preserve and protect logs using distributed ledger technology for truly defensible legal evidence.

Integration ready. APIs designed for easy and effective integrations with Microsoft services, storage and analytics.

No retraining. Use Kusto Query Language (KQL) to define the targeted log collections via Microsoft Sentinel.

Extensible data sources. Bring in other data sources of any volume, or type of data, log or query.

Getting started with LogLocker

Install on Azure. The LogLocker platform is deployed into your Azure subscription so you govern the security and location of your data using the configuration options provided. Includes Terraform, Kubernetes, Storage and Logic App.

In any Azure region. LogLocker can be deployed into any Azure region ensuring your data is stored on the blockchain network that respects your data sovereignty requirements.

With Azure Blob storage options. Larger data sets can extend to off-chain storage using Azure Blob storage. Further options for multi cloud storage are also available.

How LogLocker works

Targeted protection. Select  the logs to capture, using KQL from Sentinel, against Log Analytics and Azure Data Explorer. Then, add the LogLocker automation to the query workbook.

Sentinel triggers. When a Sentinel alert triggers, LogLocker requests the KQL, running the query against  the Log Analytics Sentinel workspace or Azure Data Explorer (ADX).

Searchable logs. Only the logs you specify are stored and preserved in LogLocker, ready for search, sharing and review. This reduces costs and search time.

Easy and rapid deployment to Azure

Azure users with a Sentinel subscription can easily implement LogLocker. Once you've committed to buying, via the Azure Marketplace, here's what happens next:

  • Book an installation call with our engineering team
  • Or, if you have immediate questions, a call with one of our team ahead of the installation meeting.
  • Full details of prerequisites will be provided ahead of the installation meeting.
  • The LogLocker installation is completed within 5-working days once meetings are confirmed and pre-requisites are in place

Explore LogLocker

Subscribe to The Frontier

Did you know we publish our newsletter, The Frontier, to our subscribers early? So you can get exclusive access to our enterprise blockchain news, events, and insights weeks ahead of the competition. 

It’s easy. Just hit the subscribe button and get the headlines straight to your inbox.