Stream Microsoft Defender for IoT alerts directly to Event Hub?

Brass Contributor

Can I stream IoT alerts directly to an Event Hub or do they need to be streamed to Sentinel first and then have Sentinel forward to an Event Hub? Seems like an unnecessary extra step.

 

Thx

2 Replies

@SpeedRacer 

To stream the alerts to an Event Hub, it is necessary to first stream them to Sentinel Log Analytics.

This step can actually bring benefits, for example pre custom the alert data and transfer only relevant alerts/use cases to reduce unnecessary logs.
Btw it’s worth noting-streaming to Sentinel requires two clicks for the customer (no additional cost)

TYVM for the info

Do you foresee this ever changing in that one will be able to utilize GraphAPI or send to Event Hub without sending to Sentinel first?