| title | Stream Microsoft Defender XDR events | ||
|---|---|---|---|
| description | Learn how to configure Microsoft Defender XDR to stream Advanced Hunting events to Event Hubs or Azure storage account | ||
| search.appverid | met150 | ||
| ms.service | defender-xdr | ||
| ms.author | edbaynash | ||
| author | EdB-MSFT | ||
| ms.localizationpriority | medium | ||
| manager | dansimp | ||
| audience | ITPro | ||
| ms.collection |
|
||
| ms.topic | concept-article | ||
| ms.date | 07/25/2023 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn. If you're using Microsoft Defender for Business, see Use the streaming API (preview) with Microsoft Defender for Business.
[!includePrerelease information]
Microsoft Defender XDR supports streaming events through Advanced Hunting to an Event Hubs and/or Azure storage account.
For more information on Microsoft Defender XDR streaming API, see the video.
| Topic | Description |
|---|---|
| Stream events to Azure Event Hubs | Learn about enabling the streaming API in your tenant and configure Microsoft Defender XDR to stream Advanced Hunting to Event Hubs. |
| Stream events to your Azure storage account | Learn about enabling the streaming API in your tenant and configure Microsoft Defender XDR to stream Advanced Hunting to your Azure storage account. |
| Supported event types | Learn which Advanced Hunting event types the Streaming API supports. |
Watch this short video to learn how to set up the streaming API to ship event information directly to Azure Event hubs for consumption by visualization services, data processing engines, or Azure storage for long-term data retention.
[!VIDEO https://learn-video.azurefd.net/vod/player?id=56edfb3f-b612-4e4c-acb9-4bbd141bd535]