Forum Discussion

msundman78's avatar
msundman78
Copper Contributor
Apr 16, 2024
Solved

Stream alerts from Defender for Cloud

Is it possible to have alerts originating from Defender to Cloud to use Defender XDR Streaming API to forward alerts to an Eventhub?

 

If currently have event Streaming API configured in Defender XDR to forward alerts to our Graylog system which works fine for alerts originating from Defender for Endpoint ect, however when I generate test alerts in Defender for Cloud they appear on the Alerts page in the Security/Defender-portal, but they are not forwarded to our Eventhub.

 

I've been able to work around it by configuring continuous export to Eventhub directly in Defender for Cloud instead, but just wonder if it is supposed to work via Defender XDR "Streaming API"?

alerts
  • msundman78's avatar
    msundman78
    Apr 17, 2024
    Ignore my post. It was just a delay after configuring Streaming API. When testing again today events are forwarded just fine by Defender XDR to both my Eventhub and Blob Storage Account.

1 Reply

Sort By
  • msundman78's avatar
    msundman78
    Copper Contributor
    Apr 17, 2024
    Ignore my post. It was just a delay after configuring Streaming API. When testing again today events are forwarded just fine by Defender XDR to both my Eventhub and Blob Storage Account.

Resources