Forum Discussion
Send Event to Events Hub
Does Azure ATP allow you to send events to Events Hub (https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about)?
I'm not very familiar with Events Hub, but know we are collecting events from there, so if we start sending Azure ATP data there, we can just scoop it right up with minimal change in processes.
For alerts outbound, today we support the syslog model only. We have a public preview coming soon that will move AATP to a new portal. When moving to that portal, the event hubs model will work.
Hi
No you can send events to event hub then to Azure ATP. AATP collects its data from the sensor. You have to install the sensor on your domain controllers in Active Directory.
- archedmeerkatCopper Contributor
I understand we need the sensors to get the data into AATP, I was referring to Suspicious Activity and Health alerts being sent to Events Hub, rather than using a sensor to syslog the events to our SIEM. Just seems like a little cleaner solution for our environment, if available.
For alerts outbound, today we support the syslog model only. We have a public preview coming soon that will move AATP to a new portal. When moving to that portal, the event hubs model will work.
- Valon_KolicaMicrosoft