You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/export-to-siem.md
+7-8Lines changed: 7 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to stream your security alerts to Microsoft Sentinel, SIE
4
4
ms.topic: how-to
5
5
ms.author: dacurwin
6
6
author: dcurwin
7
-
ms.date: 01/11/2024
7
+
ms.date: 01/15/2024
8
8
---
9
9
10
10
# Stream alerts to monitoring solutions
@@ -14,14 +14,19 @@ Microsoft Defender for Cloud has the ability to stream security alerts into vari
14
14
There are built-in Azure tools that are available that ensure you can view your alert data in the following solutions:
15
15
16
16
-**Microsoft Sentinel**
17
-
-**Microsoft Defender XDR**
18
17
-**Splunk Enterprise and Splunk Cloud**
19
18
-**Power BI**
20
19
-**ServiceNow**
21
20
-**IBM's QRadar**
22
21
-**Palo Alto Networks**
23
22
-**ArcSight**
24
23
24
+
## Stream alerts to Defender XDR with the Defender XDR API
25
+
26
+
Defender for Cloud natively integrates with [Microsoft Defender XDR](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) allows you to use Defender XDR's incidents and alerts API to stream alerts and incidents into non-Microsoft solutions. Defender for Cloud customers can access one API for all Microsoft security products and can use this integration as an easier way to export alerts and incidents.
27
+
28
+
Learn how to [integrate SIEM tools with Defender XDR](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide).
29
+
25
30
## Stream alerts to Microsoft Sentinel
26
31
27
32
Defender for Cloud natively integrates with [Microsoft Sentinel](../sentinel/overview.md) Azure's cloud-native SIEM and SOAR solution.
@@ -55,12 +60,6 @@ Another alternative for investigating Defender for Cloud alerts in Microsoft Sen
55
60
> [!TIP]
56
61
> Microsoft Sentinel is billed based on the volume of data that it ingests for analysis in Microsoft Sentinel and stores in the Azure Monitor Log Analytics workspace. Microsoft Sentinel offers a flexible and predictable pricing model. [Learn more at the Microsoft Sentinel pricing page](https://azure.microsoft.com/pricing/details/azure-sentinel/).
57
62
58
-
## Stream alerts to Defender XDR
59
-
60
-
Defender for Cloud natively integrates with [Microsoft Defender XDR](/microsoft-365/security/defender/microsoft-365-defender?view=o365-worldwide) allows you to use Defender XDR's incidents and alerts API to stream alerts and incidents into non-Microsoft solutions. Customers who have both [Microsoft Office 365 E5](https://www.microsoft.com/microsoft-365/enterprise/office-365-e5#overview) and Defender for Cloud can access one API for all Microsoft security products. Defender for Cloud customers can use this integration as an easier way to export alerts and incidents.
61
-
62
-
Learn how to [integrate SIEM tools with Defender XDR](/microsoft-365/security/defender/configure-siem-defender?view=o365-worldwide).
63
-
64
63
## Stream alerts to QRadar and Splunk
65
64
66
65
To export security alerts to Splunk and QRadar, you need to use Event Hubs and a built-in connector. You can either use a PowerShell script or the Azure portal to set up the requirements for exporting security alerts for your subscription or tenant. Once the requirements are in place, you need to use the procedure specific to each SIEM to install the solution in the SIEM platform.
0 commit comments