You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/integrations/send-cloud-data-to-partners.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -49,38 +49,38 @@ You'll need Azure Active Directory (Azure AD) defined as a service principal for
49
49
-**Directory (tenant) ID**
50
50
51
51
52
-
1. From the **Certificates & secrets** page, note the values of your client secret **Value** and *Secret ID**.
52
+
1. From the **Certificates & secrets** page, note the values of your client secret **Value** and **Secret ID**.
53
53
54
-
## Create an Azure Event Hub
54
+
## Create an Azure event hub
55
55
56
-
Create an Azure Event Hub to use as a bridge between Microsoft Sentinel and your partner SIEM. Start this step by creating an Azure Event Hub namespace, and then adding an Azure Event Hub.
56
+
Create an Azure event hub to use as a bridge between Microsoft Sentinel and your partner SIEM. Start this step by creating an Azure event hub namespace, and then adding an Azure event hub.
57
57
58
-
**To create your Event Hub namespace and Event Hub**:
58
+
**To create your event hub namespace and event hub**:
59
59
60
-
1. In Azure Event Hubs, create a new Event Hubs namespace. In your new namespace, create a new Azure event hub.
60
+
1. In Azure Event Hubs, create a new event hub namespace. In your new namespace, create a new Azure event hub.
61
61
62
62
In your event hub, make sure to define the **Partition Count** and **Message Retention** settings.
63
63
64
64
For more information, see [Create an event hub using the Azure portal](/azure/event-hubs/event-hubs-create).
65
65
66
-
1. In your Event Hubs namespace, select the **Access control (IAM)** page and add a new role assignment.
66
+
1. In your event hub namespace, select the **Access control (IAM)** page and add a new role assignment.
67
67
68
68
Select to use the **Azure Event Hubs Data Receiver** role, and add the Azure AD service principle app that you'd created [earlier](#register-an-application-in-azure-active-directory) as a member.
69
69
70
70
For more information, see: [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
71
71
72
-
1. In your Event Hubs namespace's **Overview** page, make a note of the namespace's **Host name** value.
72
+
1. In your event hub namespace's **Overview** page, make a note of the namespace's **Host name** value.
73
73
74
-
1. In your Event Hubs namespace's **Event Hubs** page, make a note of your event hub's name.
74
+
1. In your event hub namespace's **Event Hubs** page, make a note of your event hub's name.
75
75
76
-
## Forward Microsoft Sentinel incidents to your Event Hub
76
+
## Forward Microsoft Sentinel incidents to your event hub
77
77
78
-
To forward Microsoft Sentinel incidents or alerts to Azure Event Hub, create a data export from Azure Log Analytics.
78
+
To forward Microsoft Sentinel incidents or alerts to your event hub, create a data export rule from Azure Log Analytics.
79
79
80
80
In your rule, make sure to define the following settings:
81
81
82
82
- Configure the **Source** as **SecurityIncident**
83
-
- Configure the **Destination** as **Event Type**, using the Event Hub namespace and Event Hub name you'd recorded earlier.
83
+
- Configure the **Destination** as **Event Type**, using the event hub namespace and event hub name you'd recorded earlier.
84
84
85
85
For more information, see [Log Analytics workspace data export in Azure Monitor](/azure/azure-monitor/logs/logs-data-export?tabs=portal#create-or-update-a-data-export-rule).
0 commit comments