Microsoft Defender for Endpoint

Follow

Tom Dell

• May 03, 2021 00:13

Hi all, how does everyone handle sending logs from Defender to Sumologic?

 

I was thinking of a Azure Function that ran every 30 seconds to the Defender API, and grabbing any data in the last 30 seconds, but that would be running a lot.

0

• 

  Tom Dell

  • May 03, 2021 03:50

  Eddie posted this on the Sumo Slack

   

  You can now stream defender events to an azure event hub: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/raw-data-export?view=o365-worldwide
  Which can then be collected via the Sumo Azure Event Hub source: https://help.sumologic.com/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/Azure_Event_Hubs_Source

   

   

  0

  Comment actions Permalink

Please sign in to leave a comment.