Microsoft Defender for Endpoint, formerly Defender Advanced Threat Protection is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
Blumira integrates with Microsoft Defender for endpoint to stream Office endpoint security events and alerts to the Blumira service for threat detection, alerting and actionable response.
Blumira integrates with Microsoft Defender for Endpoint using Microsoft Event Hub.
Before you begin, please make sure to configure your Azure Event Hub to integrate with Blumira using Blumira’s Azure Event Hub Documentation.
Step 1: Log in to Microsoft Defender Security Center with a Global Admin user.
Step 2: Go to Data export settings page on Microsoft Defender Security Center.
Step 3: Click on Add data export settings.
Step 4: Choose a name for your new settings.
Step 5: Choose Forward events to Azure Event Hubs.
Step 6: Type your Event Hubs name and your Event Hubs resource ID. In order to get your Event Hubs resource ID, go to your Azure Event Hubs namespace page on Azure > properties tab > copy the text under Resource ID: Image of event hub resource IdChoose the events you want to stream and click Save.
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.