Forum Discussion

  • nopnop Each Defender service will have a different way of aggregating and send alerts / incidents to ELK.

    It will be a matter of setting these up for each environment

    See the below for sending data/alerts etc to ELK from each Defender

    Looks like ELK have released an integration from Defender to ELK for the full stream of Data

     

    To get Alerts and Incidents see the "Alert Info" Data stream

     

    Microsoft 365 Defender to ELK

     

     

     

Resources