You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/continuous-export.md
+41-1Lines changed: 41 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to configure continuous export of security alerts and rec
4
4
author: bmansheim
5
5
ms.author: benmansheim
6
6
ms.topic: how-to
7
-
ms.date: 11/30/2022
7
+
ms.date: 01/19/2023
8
8
---
9
9
# Continuously export Microsoft Defender for Cloud data
10
10
@@ -182,6 +182,46 @@ To export data to an Azure Event hub or Log Analytics workspace in a different t
182
182
183
183
You can also configure export to another tenant through the REST API. For more information, see the automations [REST API](/rest/api/defenderforcloud/automations/create-or-update?tabs=HTTP).
184
184
185
+
## Continuously export to an Event Hub behind a firewall
186
+
187
+
You can enable continuous export as a trusted service, so that you can send data to an Event Hub that has an Azure Firewall enabled.
188
+
189
+
**To grant access to continuous export as a trusted service**:
190
+
191
+
1. Sign in to the [Azure portal](https://portal.azure.com).
192
+
193
+
1. Navigate to **Microsoft Defender for Cloud** > **Environmental settings**.
194
+
195
+
1. Select the relevant resource.
196
+
197
+
1. Select **Continuous export**.
198
+
199
+
1. Select **Export as a trusted service**.
200
+
201
+
:::image type="content" source="media/continuous-export/export-as-trusted.png" alt-text="Screenshot that shows where the checkbox is located to select export as trusted service.":::
202
+
203
+
You'll now need to add the relevant role assignment on the destination Event Hub.
204
+
205
+
**To add the relevant role assignment on the destination Event Hub**:
206
+
207
+
1. Navigate to the selected Event Hub.
208
+
209
+
1. Select **Access Control** > **Add role assignment**
210
+
211
+
:::image type="content" source="media/continuous-export/add-role-assignment.png" alt-text="Screenshot that shows where the add role assignment button is found." lightbox="media/continuous-export/add-role-assignment.png":::
212
+
213
+
1. Select **Azure Event Hubs Data Sender**.
214
+
215
+
1. Select the **Members** tab.
216
+
217
+
1. Select **+ Select members**.
218
+
219
+
1. Search for and select **Windows Azure Security Resource Provider**.
220
+
221
+
:::image type="content" source="media/continuous-export/windows-security-resource.png" alt-text="Screenshot that shows you where to enter and search for Windows Azure Security Resource Provider." lightbox="media/continuous-export/windows-security-resource.png":::
222
+
223
+
1. Select **Review + assign**.
224
+
185
225
## View exported alerts and recommendations in Azure Monitor
186
226
187
227
You might also choose to view exported Security Alerts and/or recommendations in [Azure Monitor](../azure-monitor/alerts/alerts-overview.md).
0 commit comments