Configuring continuous export to Event Hub
Detailed security alerts and recommendations generated in Microsoft Defender for Cloud can be exported to Event Hubs and Log Analytics workspaces.
Specific recommendations or alerts can be sent to an Azure Event Hub, where these events can be analyzed and processed even further.
Getting ready
Before you complete the steps in this recipe, the Event Hub Namespace, Event Hub, and Event Hub Policy resources must be available.
Open a web browser and navigate to https://portal.azure.com.
How to do it…
To configure the continuous export of Defender for Cloud alerts and recommendations data to Event Hub, complete the following steps:
- In the Azure portal, open Microsoft Defender for Cloud.
- From the left menu, under Management, select Pricing & Settings.
- Click on an Azure subscription where you want to configure the data export.
- From the left menu, select Continuous export.
- From the right blade...