Security Alerts to SIEM

Copper Contributor



How can I rotate all Security and Compliance alerts to ELK? I could not find any efficient guidance. Could you please help?



1 Reply

@nopnop Each Defender service will have a different way of aggregating and send alerts / incidents to ELK.

It will be a matter of setting these up for each environment

See the below for sending data/alerts etc to ELK from each Defender

Looks like ELK have released an integration from Defender to ELK for the full stream of Data


To get Alerts and Incidents see the "Alert Info" Data stream


Microsoft 365 Defender to ELK