You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/continuous-export.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,7 +28,7 @@ This article describes how to configure continuous export to Log Analytics works
28
28
|----|:----|
29
29
|Release state:|General availability (GA)|
30
30
|Pricing:|Free|
31
-
|Required roles and permissions:|<ul><li>**Security admin** or **Owner** on the resource group</li><li>Write permissions for the target resource.</li><li>, you'll also need permissions for assigning policies</li><li>To export data to Event Hubs, you'll need Write permission on the Event Hubs Policy.</li><li>To export to a Log Analytics workspace:<ul><li>if it **has the SecurityCenterFree solution**, you'll need a minimum of read permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/read`</li><li>if it **doesn't have the SecurityCenterFree solution**, you'll need write permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/action`</li><li>Learn more about [Azure Monitor and Log Analytics workspace solutions](../azure-monitor/insights/solutions.md)</li></ul></li></ul>|
31
+
|Required roles and permissions:|<ul><li>**Security admin** or **Owner** on the resource group</li><li>Write permissions for the target resource.</li><li>If you're using the Azure Policy 'DeployIfNotExist' policies described below, you'll also need permissions for assigning policies</li><li>To export data to Event Hubs, you'll need Write permission on the Event Hubs Policy.</li><li>To export to a Log Analytics workspace:<ul><li>if it **has the SecurityCenterFree solution**, you'll need a minimum of read permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/read`</li><li>if it **doesn't have the SecurityCenterFree solution**, you'll need write permissions for the workspace solution: `Microsoft.OperationsManagement/solutions/action`</li><li>Learn more about [Azure Monitor and Log Analytics workspace solutions](../azure-monitor/insights/solutions.md)</li></ul></li></ul>|
32
32
|Clouds:|:::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: National (Azure Government, Azure China 21Vianet)|
33
33
34
34
## What data types can be exported?
@@ -53,25 +53,25 @@ You can configure continuous export from the Microsoft Defender for Cloud pages
53
53
54
54
### Configure continuous export from the Defender for Cloud pages in Azure portal
55
55
56
-
The steps below are necessary whether you're setting up a continuous export to Log Analytics workspace or Azure Event Hubs.
56
+
The steps below are necessary whether you're setting up a continuous export to Log Analytics or Azure Event Hubs.
57
57
58
58
1. From Defender for Cloud's menu, open **Environment settings**.
59
59
60
60
1. Select the specific subscription for which you want to configure the data export.
61
61
62
-
1. From the sidebar of the settings page for that subscription, select **Continuous Export**.
62
+
1. From the sidebar of the settings page for that subscription, select **Continuous export**.
63
63
64
-
:::image type="content" source="./media/continuous-export/continuous-export-options-page.png" alt-text="Export options in Microsoft Defender for Cloud.":::
64
+
:::image type="content" source="./media/continuous-export/continuous-export-options-page.png" alt-text="Export options in Microsoft Defender for Cloud." lightbox="./media/continuous-export/continuous-export-options-page.png":::
65
65
66
66
Here you see the export options. There's a tab for each available export target.
67
67
68
68
1. Select the data type you'd like to export and choose from the filters on each type (for example, export only high severity alerts).
69
69
70
-
1. Select the appropriate export frequency:
70
+
1. Select the export frequency:
71
71
-**Streaming** – assessments will be sent when a resource’s health state is updated (if no updates occur, no data will be sent).
72
72
-**Snapshots** – a snapshot of the current state of the selected data types will be sent once a week per subscription. To identify snapshot data, look for the field ``IsSnapshot``.
73
73
74
-
1.Optionally, if your selection includes one of these recommendations, you can include the vulnerability assessment findings together with them:
74
+
1.If your selection includes one of these recommendations, you can include the vulnerability assessment findings together with them:
75
75
-[SQL databases should have vulnerability findings resolved](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/82e20e14-edc5-4373-bfc4-f13121257c37)
76
76
-[SQL servers on machines should have vulnerability findings resolved](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/f97aa83c-9b63-4f9a-99f6-b22c4398f936)
77
77
-[Container registry images should have vulnerability findings resolved (powered by Qualys)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/dbd0cb49-b563-45e7-9724-889e799fa648)
@@ -150,7 +150,7 @@ To deploy your continuous export configurations across your organization, use th
150
150
151
151
---
152
152
153
-
## Information about exporting to a Log Analytics workspace
153
+
## Exporting to a Log Analytics workspace
154
154
155
155
If you want to analyze Microsoft Defender for Cloud data inside a Log Analytics workspace or use Azure alerts together with Defender for Cloud alerts, set up continuous export to your Log Analytics workspace.
0 commit comments