Home

Sentinel incidents to event hub

%3CLINGO-SUB%20id%3D%22lingo-sub-854854%22%20slang%3D%22en-US%22%3ESentinel%20incidents%20to%20event%20hub%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-854854%22%20slang%3D%22en-US%22%3E%3CP%3EI%20know%20when%20the%20alert%20rule%20triggers%20you%20can%20call%20a%20logic%20app%20but%20that%20is%20only%20a%20single%20trigger%20point.%26nbsp%3B%20Is%20there%20a%20plan%20to%20be%20able%20to%20sent%20the%20events%20to%20an%20event%20hub%20that%20might%20be%20able%20to%20have%20multiple%20system%20listening%20to%20it%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-857279%22%20slang%3D%22en-US%22%3ERE%3A%20Sentinel%20incidents%20to%20event%20hub%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-857279%22%20slang%3D%22en-US%22%3EYes%2C%20Logic%20Apps%20has%20an%20action%20to%20send%20information%20to%20an%20Event%20Hub%20so%20you%20can%20forward%20any%20information%20you%20gather%20from%20the%20Sentinel%20event%20and%20pass%20it%20to%20an%20Event%20Hub%20or%20Event%20Grid%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-857296%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Sentinel%20incidents%20to%20event%20hub%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-857296%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46875%22%20target%3D%22_blank%22%3E%40Gary%20Bushey%3C%2FA%3E%3B%20I%20have%20used%20that%20in%20the%20past%20with%20other%20deployments%2C%20was%20just%20hoping%20for%20an%20internal%20mechanism%20that%20wouldn't%20require%20additional%20costs%20of%20the%20logic%20app%20along%20with%20another%20piece%20to%20monitor%20for%20failure%20and%20recovery.%3C%2FP%3E%3C%2FLINGO-BODY%3E
mikehanson
New Contributor

I know when the alert rule triggers you can call a logic app but that is only a single trigger point.  Is there a plan to be able to sent the events to an event hub that might be able to have multiple system listening to it?

2 Replies
Yes, Logic Apps has an action to send information to an Event Hub so you can forward any information you gather from the Sentinel event and pass it to an Event Hub or Event Grid

Thanks @Gary Bushey; I have used that in the past with other deployments, was just hoping for an internal mechanism that wouldn't require additional costs of the logic app along with another piece to monitor for failure and recovery.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies