Log custom application security events in Azure Log Analytics which are ingested and used in Microsoft Sentinel

This article explains how to use the Azure Log Analytics Data Collector API to send custom logs from your applications to a Log Analytics workspace, which is then ingested into Microsoft Sentinel for security monitoring. It covers the scenario of centralizing logs from various sources (Azure services, third-party apps, custom applications) into Sentinel, enabling automated rules, alerts, and incident creation. The post also discusses cost considerations, including Sentinel and Log Analytics pricing models (Capacity Reservation vs. Pay-as-You-Go), and emphasizes designing efficient log entities to manage data ingestion costs. A practical guide for building a scalable detection system for custom application security events.