deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

2

Browse Source
This commit is contained in:
Ben Alfasi 2019-06-26 11:38:24 +03:00
parent 23bd880614
commit a64def9511
3 changed files with 54 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/security/threat-protection/microsoft-defender-atp/images/event-hub-resource-id.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.6 KiB

50
windows/security/threat-protection/microsoft-defender-atp/raw-data-export-event-hub.md Normal file
View File

@ -0,0 +1,50 @@
---
title: Stream Microsoft Defender Advanced Threat Protection events.
description: Learn how to configure Microsoft Defender ATP to stream Advanced Hunting events to your Event Hub.
keywords: raw data export, streaming API, API, Event hub, Azure storage, storage account, Advanced Hunting, raw data sharing
search.product: eADQiWindows 10XVcnh
search.appverid: met150
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: medium
manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
---
# Configure Microsoft Defender ATP to stream Advanced Hunting events to your Event hub
**Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configuresiem-abovefoldlink)
## Preparations:
- Create an [Event hub](https://docs.microsoft.com/en-us/azure/event-hubs/) in your tenant.
- Log in to your [Azure tenant](https://ms.portal.azure.com/), go to Subscriptions > Your subscription > Resource Providers > Register to **Microsoft.insights**
## Enable raw data streaming:
- Log in to [MDATP portal](https://securitycenter.windows.com) with Global Admin user.
- Go to [Data export settings page](https://securitycenter.windows.com/interoperability/dataexport) on MDATP portal.
- Click on **Add data export settings**.
- Choose a Name to your new settings.
- Choose **Forward events to Azure Event Hub**
- Type your **Event hub name** and your **Event hub resource Id**
In order to get your **Event hub resource Id**, go to your Event hub namespace page on Azure > properties tab > copy the text under **Resource ID**:
![Image of event hub resource Id](images/event-hub-resource-id.png)
- Choose the events you want to stream and click Save.
## Related topics
- [Overview of Advanced Hunting](overview-hunting)
- [Azure Event Hub documentation](https://docs.microsoft.com/en-us/azure/event-hubs/)

8
windows/security/threat-protection/microsoft-defender-atp/raw-data-export.md
View File

@ -27,17 +27,17 @@ ms.topic: article
## Stream Advanced Hunting events to your event hub and/or Azure storage account. ## Stream Advanced Hunting events to your event hub and/or Azure storage account.
Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](overview-hunting) to an [Event hub](https://docs.microsoft.com/en-us/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/en-us/azure/event-hubs/). Microsoft Defender ATP supports streaming all the events available through [Advanced Hunting](overview-hunting.md) to an [Event hub](https://docs.microsoft.com/en-us/azure/event-hubs/) and/or [Azure storage account](https://docs.microsoft.com/en-us/azure/event-hubs/).
## In this section ## In this section
Topic | Description Topic | Description
:---|:--- :---|:---
[Stream MDATP events to your event hub](enable-siem-integration.md)| Learn about enabling the streaming API in your tenant and configure MDATP to stream [Advanced Hunting](overview-hunting) to your event hub. [Stream MDATP events to your event hub](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure MDATP to stream [Advanced Hunting](overview-hunting.md) to your event hub.
[Stream MDATP events to your Azure storage account](configure-splunk.md)| Learn about enabling the streaming API in your tenant and configure MDATP to stream [Advanced Hunting](overview-hunting) to your Azure storage account. [Stream MDATP events to your Azure storage account](raw-data-export-event-hub.md)| Learn about enabling the streaming API in your tenant and configure MDATP to stream [Advanced Hunting](overview-hunting.md) to your Azure storage account.
## Related topics ## Related topics
- [Overview of Advanced Hunting](overview-hunting) - [Overview of Advanced Hunting](overview-hunting.md)
- [Azure Event Hub documentation](https://docs.microsoft.com/en-us/azure/event-hubs/) - [Azure Event Hub documentation](https://docs.microsoft.com/en-us/azure/event-hubs/)
- [Azure Storage Account documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview) - [Azure Storage Account documentation](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview)