cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Send Event to Events Hub

archedmeerkat
Copper Contributor

‎May 17 2019 10:20 AM

‎May 17 2019 10:20 AM

Send Event to Events Hub

Does Azure ATP allow you to send events to Events Hub (https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about)?

 

I'm not very familiar with Events Hub, but know we are collecting events from there, so if we start sending Azure ATP data there, we can just scoop it right up with minimal change in processes.

1,817 Views
0 Likes
7 Replies
Reply
7 Replies
Valon_Kolica

‎May 20 2019 02:30 PM

‎May 20 2019 02:30 PM

Re: Send Event to Events Hub

@archedmeerkat 

 

@Enrique Saggese: Is this something you can speak to? 

0 Likes
Reply
Nicholas DiCola (SECURITY JEDI)

‎May 21 2019 02:18 PM

‎May 21 2019 02:18 PM

Re: Send Event to Events Hub

@archedmeerkat 

Hi

No you can send events to event hub then to Azure ATP.  AATP collects its data from the sensor.  You have to install the sensor on your domain controllers in Active Directory.

1 Like
Reply
archedmeerkat

‎May 22 2019 05:57 AM

‎May 22 2019 05:57 AM

Re: Send Event to Events Hub

 

 

I understand we need the sensors to get the data into AATP, I was referring to Suspicious Activity and Health alerts being sent to Events Hub, rather than using a sensor to syslog the events to our SIEM. Just seems like a little cleaner solution for our environment, if available.

0 Likes
Reply
best response confirmed by archedmeerkat (Copper Contributor)
Nicholas DiCola (SECURITY JEDI)

‎May 22 2019 05:59 AM

‎May 22 2019 05:59 AM

Solution

Re: Send Event to Events Hub

@archedmeerkat 

For alerts outbound, today we support the syslog model only.  We have a public preview coming soon that will move AATP to a new portal.  When moving to that portal, the event hubs model will work.

0 Likes
Reply
Bryan Bishop

‎Dec 10 2019 05:02 AM

‎Dec 10 2019 05:02 AM

Re: Send Event to Events Hub

@Nicholas DiCola (SECURITY JEDI)   Hello, I'm also looking at configuration options to forward ATP alerts to EventHub.  Is the "ATP to a new portal." online now?  If there are any documentation links you can provide that would be great.   

Thanks!

0 Likes
Reply
Nicholas DiCola (SECURITY JEDI)

‎Dec 10 2019 07:57 AM

‎Dec 10 2019 07:57 AM

Re: Send Event to Events Hub

@Bryan Bishop 

there is no way to send Azure ATP alerts to event hubs.

0 Likes
Reply
Bryan Bishop

‎Dec 10 2019 09:46 AM

‎Dec 10 2019 09:46 AM

Re: Send Event to Events Hub

@Nicholas DiCola (SECURITY JEDI) Thanks for the reply.

I thought I read there is a way to get ATP events to Eventhub, maybe via Azure Sentinel?

 

0 Likes
Reply