Cost Optimized flow logs

My firm is deploying Palo Alto Prisma Cloud to protect my main AWS account. The Prisma Cloud platform is dependent on ingestion and analysis of VPC Flow Logs. There are two methods for integrating with their platform; either send the flow logs to S3 bucket or CloudWatch Logs. Our analysis of the implementation found that sending the flow logs out is cost-prohibitive for us. The logs would be sent outside (ingested by the Palo Alto Prisma Cloud platform). This is all in the main AWS account where we have 1 VPC with a few subnets. It’s a highly transactional environment where they seem to produce over 700GB in flow logs (1 flow log) which will cost about $7500 per month to produce, send to a s3 bucket, and then pulled by Prisma Cloud. We’re trying to cost optimize and are concerned about the data transfer from S3 or Cloudwatch, and then from either of those to Prisma Cloud. Prisma Cloud parses the log and then transfers the data to a database is used by our platform. We asked Palo Alto if we could simply send the REJECT traffic rather than ALL as a means to reduce the log size. Palo Alto’s recommendation/response was that due to the ML capability on the platform, if they don’t receive the ACCEPT traffic they can’t establish a baseline of normal. And so, it would be unable to determine abnormal or anomalous traffic.