Forum Discussion
Defender API streaming Incidents & Alerts...HELP
Hello everyone
we are currently going through an audit and one of the things that we need set up is a storage account that saves Incidents & Alerts for up to a year. I am going through defender documentation and this is what i found https://learn.microsoft.com/en-us/microsoft-365/security/defender/streaming-api?view=o365-worldwide
This is what i need saved...
Hellpppp
Thank you!!
You go to Settings->Microsoft 365 Defender->Streaming API and configure forwarding of alerts and other events to Azure Storage, or an Event Hub for pickup by some other application.
It's there in the link you posted, maybe your description of your problem needs some more details.
4 Replies
You go to Settings->Microsoft 365 Defender->Streaming API and configure forwarding of alerts and other events to Azure Storage, or an Event Hub for pickup by some other application.
It's there in the link you posted, maybe your description of your problem needs some more details.
- thats what i what i am trying to find out my self....i don't see the the "Steaming API" option on my end...i am guessing this is a licensing issue?
- Perhaps, though AFAIK if you have MDE you have access to the streaming API. Maybe a permissions issue with your logon? Or maybe you are looking in the wrong place?
