If you are planning on exporting raw events from Defender 365 to your SIEM you can easily estimate the table sizes and number of entries in Defender 365 Advanced Hunting.
Estimate All Table Sizes
// All Tables
union withsource = TableName *
| summarize totalTableEntries = count(), TableSizeInGB = sum(estimate_data_size(*))/1000/1000/1000., TableSizeInMB = sum(estimate_data_size(*))/1000/1000. by TableName
Estimated Sentinel Price
Update the price variable based on your region from the Azure pricing calculator.
Price = Sentinel + Log Analytics Ingestion
let Price = 3.0;
union withsource = TableName *
| summarize totalTableEntries = count(), TableSizeInGB = sum(estimate_data_size(*))/1000/1000/1000., TableSizeInMB = sum(estimate_data_size(*))/1000/1000., estimatedSentinelprice = round(sum(estimate_data_size(*)) / (1000 * 1000 * 1000.) * Price, 2)
by TableName
For an updated list of all KQL queries for estimating table sizes please refer to Defender-365/Estimated Table Size.txt at main · seanstark/Defender-365 (github.com)