Microsoft Security Stats
Microsoft Security Stats shows data transformation flow and cost savings for Microsoft Azure targets -- Microsoft Sentinel, Azure Blob Storage, and Azure Data Explorer. Use it to track data reduction percentages, compression ratios, and estimated savings across the pipeline.
Accessing Microsoft Security Stats
Navigate to
Time Range Filter
Select a time period using the
| Preset | Period |
|---|---|
| Today | Current calendar day |
| This Week | Current calendar week |
| This Month | Current calendar month |
| Last 3 Months | Rolling 3-month window |
The maximum allowed range is 3 months. Entity selection is not available on this page -- metrics always reflect all Directors and Clusters.
Savings Summary
Three cards in the page header display estimated savings for the selected time period:
| Card | Description |
|---|---|
| Estimated Total Savings | Dollar amount based on reduced data volume relative to average ingestion costs in Microsoft targets |
| Estimated Time Savings | Hours saved through automated pipeline processing compared to manual data cleaning, filtering, and enrichment |
| Reduced Carbon Footprint | Estimated CO2 reduction from lower resource utilization across the data transformation chain |
Data Transformation
An interactive flow diagram visualizes the end-to-end data transformation pipeline from devices through the VirtualMetric engine to Microsoft Azure targets. Three tabs filter the view by device category.
Overview Tab
Displays the complete data flow across all device types. The left side shows device groups (Servers, Networks) with their collected data sizes. The center shows the VirtualMetric engine stages -- pre-processing, pipeline processing with per-target data reduction, compression, and post-processing. The right side shows the three target destinations (Microsoft Sentinel, Azure Data Explorer, Azure Blob Storage) with delivered data sizes.
Animated edges connect each stage, and each node displays its data volume.
Servers Tab
Same flow diagram layout filtered to server device types only. The left side breaks down individual server platforms (Windows, Linux, macOS) instead of the aggregated device groups.
Network Devices Tab
Same flow diagram layout filtered to network devices only. The left side shows network device vendors instead of the aggregated device groups.
Target Analytics Cards
Four cards below the flow diagram provide detailed metrics for each Microsoft Azure target.
Data Summary
Aggregate metrics across all three Azure targets:
| Metric | Description |
|---|---|
| Raw data routed to Microsoft targets | Total raw data volume entering the Microsoft target pipeline |
| Reduced data across pipelines | Total data volume after pipeline reduction |
| Data sent to Microsoft targets | Final data volume delivered to all three targets |
A stacked bar shows the proportional distribution across Microsoft Sentinel, Azure Data Explorer, and Azure Blob Storage.
Microsoft Sentinel
| Metric | Description |
|---|---|
| Data sent to Microsoft Sentinel | Total data volume for this target |
| Reduced percentage | Data reduction achieved by pipelines |
| Collected raw data from devices | Raw data volume before processing |
| Data reduced in pipelines | Data volume removed by pipeline processing |
| Data sent to MS Sentinel targets | Final data delivered to Sentinel |
Azure Blob Storage
| Metric | Description |
|---|---|
| Data sent to Azure Blob Storage | Total data volume for this target |
| Compressed percentage | Compression ratio achieved |
| Collected raw data from devices | Raw data volume before processing |
| Data compressed | Data volume after compression |
| Data sent to Azure Blob Storage targets | Final data delivered to Blob Storage |
Azure Blob Storage uses data compression rather than pipeline data reduction, so the percentage reflects the compression ratio instead of a reduction percentage.
Azure Data Explorer
| Metric | Description |
|---|---|
| Data sent to Azure Data Explorer | Total data volume for this target |
| Reduced percentage | Data reduction achieved by pipelines |
| Collected raw data from devices | Raw data volume before processing |
| Data reduced in pipelines | Data volume removed by pipeline processing |
| Data sent to Azure Data Explorer targets | Final data delivered to Azure Data Explorer |