Forum Discussion
Solved
MS Defender for Identity to SIEM
I know that I can forward our MS Defender for Identity logs to a syslog server for our SIEM to ingest/monitor. Is there any other way aside from this method to get logs from MS Defender for Ident...
If you are using Sentinel, you can use native connector, see Microsoft 365 Defender integration with Microsoft Sentinel | Microsoft Docs
Or you could use the streaming API to export events to a storage account or to an event hub and get them to your SIEM from there. See Announcing Microsoft 365 Defender Streaming API Public Preview - Microsoft Tech Community. Note that MDI events are currently in public preview.
Apologies for the huge delay. I have looked into this and this is definitely the way to go. Will mark this as the answer.
I do have one last question. Is there a cost for using Streaming API? I couldn't find any documentation on this.
I do have one last question. Is there a cost for using Streaming API? I couldn't find any documentation on this.
Martin_Schvartzman
Microsoft
MicrosoftNo, there's no specific cost for the streaming APIs. You do have the cost for the Azure resources you are streaming the event into (eventHub / storage account / etc.).
