LogLocker for Microsoft Sentinel

Cost-effective, long-term archiving

LogLocker is a long-term log storage solution for compliance teams, deployed as an app that augments Microsoft Sentinel.


The smart way for compliance teams to archive Microsoft Sentinel logs.

LogLocker augments existing monitoring systems, like Microsoft Sentinel, providing compliance professionals with a smarter and more cost-effective way to retain enterprise activity logs.

Blockchain backed data you can trust

In regulated sectors, businesses need to avoid fines and reputational damage. Thanks to our proprietary blockchain platform FALKOR, LogLocker gives you superior redundancy, preservation, security, and data lineage capabilities built in. This guarantees tamper-proof, immutable compliance logs, the kind you know will stand up to scrutiny.

Byzgen -Private Blockchain-1
The business case for LogLocker

LogLocker solves compliance challenges by providing a robust log management platform for the data and AI economy

Never has it been more important to retain only the necessary log data to reduce cost and storage complexity - if you retain logs for long periods its essential data lineage is preserved to ensure legal defensibility.


Shrink costs

Shocked at the limited options and long-term cost of retaining your logs? Dramatically reduce your archiving costs with LogLocker

Minimise data

Wonder why you keep so much log data? LogLocker eliminates this inefficiency by effortlessly selecting only the logs you need,

Reduce complexity

Simplify the storage and preservation of your high-value compliance logs through LogLocker's automation and easy to navigate interface.

Instant search

LogLocker's powerful search features mean you can find your logs immediately instead of spending days running complex queries.

Trustworthy AI

Strengthen your governance and audit tactics, to build trust in AI technologies. LogLocker gives you control and records what happens with the data AI accesses and uses.

Flexible and agnostic

Want to bring in other data sources? No problem. LogLocker will work with any volume or type of data, log or query.

Ready for integration

LogLocker API's were designed for easy and effective integrations with Microsoft Sentinel, Log Analytics, Azure Data Explorer and other Microsoft services.

No retraining

LogLocker uses Kusto Query Language (KQL) to define the targeted log collections via Azure Sentinel allowing it to align to existing staff roles and skills.

Extensible data sources

Want to bring in other data sources? No problem. LogLocker will work with any volume or type of data, log or query.

Getting started with LogLocker

Where is LogLocker installed?

azure icon logo

Installed on Azure

The LogLocker platform is deployed into your Azure subscription so you govern the security and location of your data using the configuration option provided. Includes Terraform, Kubernetes, Storage and Logic App.

Azur regions

In any Azure region

LogLocker can be deployed into any Azure region ensuring your data is stored on the blockchain network that respects your data sovereignty requirements


Azure Blob storage options

Larger data sets can extend to off-chain storage using Azure Blob storage. Further options for multi cloud storage are also available.

Getting started with LogLocker

How does LogLocker work?


Targeted protection

Target the specific logs you want to capture using KQL queries run from Sentinel against Log Analytics and Azure Data Explorer. Then add the LogLocker automation to the query workbook.


Sentinel triggers

When a Sentinel alert is triggered, LogLocker will request the KQL and run the specific query against either the Log Analytics Sentinel workspace or Azure Data Explorer (ADX).

Byzgen -Private Blockchain-1

Stored logs

Only the logs you specify are stored and preserved in LogLocker, ready for search, sharing and review.

LogLocker pricing


from $2850/mo

Best for smaller log volumes. Retain and manage your high-value logs quickly and easily

  • Checkmark Single tenant
  • Checkmark Sentinel connector
  • Checkmark Private blockchain
  • Checkmark On-chain storage
  • Checkmark Elastic search


from $8350/mo

All the Business and Enterprise features plus API integration and 3rd party data sharing

  • Checkmark Single tenant
  • Checkmark Sentinel connector
  • Checkmark Private blockchain
  • Checkmark On-chain storage
  • Checkmark Elastic search
  • Checkmark Azure Off-chain storage
  • Checkmark ADX search
  • Checkmark Public blockchain options
  • Checkmark AWS & GCP Off-chain storage options
  • Checkmark API Access
  • Checkmark 3rd party permissioned data sharing
What happens when you complete your marketplace purchase?

LogLocker is easy to deploy - with experts on hand to help

Azure users with a Sentinel subscription can easily implement LogLocker.

Once you've committed to buying here's what happens next:

  1. Book an installation call with our engineering team
  2. Or, if you have immediate questions, a call with one of our team ahead of the installation meeting.
  3. Full details of prerequisites will be provided ahead of the installation meeting.
  4. The LogLocker installation is completed within 5-working days once meetings are confirmed and pre-requisites are in place
The challenges LogLocker solves

Logs are ever more critical for digital compliance and security

  • Increasing cyber security costs

  • Stream lining security and compliance teams

  • Retention of high value logs for long periods

  • Increasing volumes of telemetry data

Your business wants ways to do more with less and drive value from existing security investments

If you're looking at LogLocker your investment in SIEM (Security Information and Event Management) is likely significant. To truly reap the benefits of SIEM, you need to be sure that your security and compliance teams are getting the most value out of this powerful tool. Imagine a Venn diagram where the circles of security and compliance overlap. The sweet spot in that overlap is where your SIEM should reside. This is where it becomes more than a tool—it transforms into a bridge, uniting these typically isolated areas to unveil insights and boost efficiency. By working together with LogLocker, your security and compliance teams can turn your SIEM into a valuable asset that shields your organisation from cyber threats and regulatory pitfalls

You need to avoid siloed teams by reusing skills, data and functionality to gain business efficiencies.

The disconnect between siloed security and compliance teams creates a critical blind spot. Security, focused on real-time threats, overlooks long-term compliance gaps. Compliance, chained to checklists, misses dynamic security risks. This double vision leaves vulnerabilities unseen and unaddressed, potentially increasing audit time and fines and ultimately weakening your overall defence. Breaking down these silos and forging a shared view through integrated tools and proactive collaboration is key to achieving resilient security and seamless compliance.

Native options are not suitable for long-term log retention being costly, unable to accommodate custom data types and lacking the preservation capabilities required.

Preserving data over vast stretches of time is a formidable hurdle. Storage technology constantly evolves, demanding data migration to survive, while physical media degrades, necessitating backups and redundancy measures. Data formats and software compatibility become obsolete, requiring costly conversions to maintain accessibility. Privacy concerns escalate with lengthy retention, demanding meticulous access control and potential anonymisation. The sheer volume of data can become unwieldy, requiring efficient archiving and retrieval strategies. In short, safeguarding information against the relentless march of time is a complex juggling act demanding constant vigilance and resourcefulness.

You need tools to enable selection and filtering of logs to ensure that only those with value are processed and retained. Retaining unfiltered logs is not a sustainable option given the projected data growth and increased regulatory requirements.

The deluge of log data threatens to engulf organizations like a rising tide. Each click, sensor ping, and system event spills into the reservoir, and the torrent shows no signs of slowing. Existing tools strain under the pressure, buckling under the ever-growing weight of analysis and storage demands. Future projections paint an even bleaker picture, with data volumes set to explode exponentially. This tsunami of information threatens to drown our ability to identify critical security events and maintain regulatory compliance. Navigating this data deluge will require innovative solutions, from intelligent filtering and compression techniques to scalable storage architectures and AI-powered analysis tools. Only by riding this wave of data, not succumbing to it, can organizations unlock the valuable insights hidden within.

One compliance tool to rule them all