Forum Discussion

archedmeerkat's avatar
archedmeerkat
Copper Contributor
May 17, 2019

Send Event to Events Hub

Does Azure ATP allow you to send events to Events Hub (https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about)?

 

I'm not very familiar with Events Hub, but know we are collecting events from there, so if we start sending Azure ATP data there, we can just scoop it right up with minimal change in processes.

  • archedmeerkat 

    For alerts outbound, today we support the syslog model only.  We have a public preview coming soon that will move AATP to a new portal.  When moving to that portal, the event hubs model will work.

    • archedmeerkat's avatar
      archedmeerkat
      Copper Contributor

       

       

      I understand we need the sensors to get the data into AATP, I was referring to Suspicious Activity and Health alerts being sent to Events Hub, rather than using a sensor to syslog the events to our SIEM. Just seems like a little cleaner solution for our environment, if available.

      • archedmeerkat 

        For alerts outbound, today we support the syslog model only.  We have a public preview coming soon that will move AATP to a new portal.  When moving to that portal, the event hubs model will work.

Resources