Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
SOLVED

Stream alerts from Defender for Cloud

Copper Contributor

Is it possible to have alerts originating from Defender to Cloud to use Defender XDR Streaming API to forward alerts to an Eventhub?

 

If currently have event Streaming API configured in Defender XDR to forward alerts to our Graylog system which works fine for alerts originating from Defender for Endpoint ect, however when I generate test alerts in Defender for Cloud they appear on the Alerts page in the Security/Defender-portal, but they are not forwarded to our Eventhub.

 

I've been able to work around it by configuring continuous export to Eventhub directly in Defender for Cloud instead, but just wonder if it is supposed to work via Defender XDR "Streaming API"?

1 Reply
best response confirmed by Heike Ritter (Microsoft)
Solution
Ignore my post. It was just a delay after configuring Streaming API. When testing again today events are forwarded just fine by Defender XDR to both my Eventhub and Blob Storage Account.
1 best response

Accepted Solutions
best response confirmed by Heike Ritter (Microsoft)
Solution
Ignore my post. It was just a delay after configuring Streaming API. When testing again today events are forwarded just fine by Defender XDR to both my Eventhub and Blob Storage Account.

View solution in original post