Sentinel-Precheck

Microsoft Sentinel pre ingestion sizing can be a bit different between data sources, especially if Cribl or ETL streaming like tool or Existing SIEM has not already collected those events and measurements. In this case sometimes we need to examine at source and measure to get to a GB Per Day for that data source or server coming online.