Forum Discussion
Stream Microsoft Defender for IoT alerts directly to Event Hub?
Can I stream IoT alerts directly to an Event Hub or do they need to be streamed to Sentinel first and then have Sentinel forward to an Event Hub? Seems like an unnecessary extra step.
Thx
2 Replies
- amitcohen
Microsoft
To stream the alerts to an Event Hub, it is necessary to first stream them to Sentinel Log Analytics.
This step can actually bring benefits, for example pre custom the alert data and transfer only relevant alerts/use cases to reduce unnecessary logs.
Btw it’s worth noting-streaming to Sentinel requires two clicks for the customer (no additional cost)- TYVM for the info
Do you foresee this ever changing in that one will be able to utilize GraphAPI or send to Event Hub without sending to Sentinel first?
