Forum Discussion
archedmeerkat
May 17, 2019Copper Contributor
Send Event to Events Hub
Does Azure ATP allow you to send events to Events Hub (https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about)? I'm not very familiar with Events Hub, but know we are collecting event...
- May 22, 2019
For alerts outbound, today we support the syslog model only. We have a public preview coming soon that will move AATP to a new portal. When moving to that portal, the event hubs model will work.
archedmeerkat
May 22, 2019Copper Contributor
I understand we need the sensors to get the data into AATP, I was referring to Suspicious Activity and Health alerts being sent to Events Hub, rather than using a sensor to syslog the events to our SIEM. Just seems like a little cleaner solution for our environment, if available.
Nicholas DiCola (SECURITY JEDI)
Microsoft
May 22, 2019For alerts outbound, today we support the syslog model only. We have a public preview coming soon that will move AATP to a new portal. When moving to that portal, the event hubs model will work.
- bryanbDec 10, 2019Brass Contributor
Nicholas DiCola (SECURITY JEDI) Hello, I'm also looking at configuration options to forward ATP alerts to EventHub. Is the "ATP to a new portal." online now? If there are any documentation links you can provide that would be great.
Thanks!- Nicholas DiCola (SECURITY JEDI)Dec 10, 2019
Microsoft
there is no way to send Azure ATP alerts to event hubs.
- bryanbDec 10, 2019Brass Contributor
Nicholas DiCola (SECURITY JEDI) Thanks for the reply.
I thought I read there is a way to get ATP events to Eventhub, maybe via Azure Sentinel?