Introduction In today's security landscape, organisations face an overwhelming volume of security data. Microsoft Sentinel, as a cloud-native SIEM solution, processes vast amounts of logs daily. However, the sheer volume can impact both performance and cost-efficiency. This is where Summary Rules come into play—a powerful feature that