Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to:
Note
Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn. If you're using Microsoft Defender for Business, see Use the streaming API (preview) with Microsoft Defender for Business.
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Stream Advanced Hunting events to Event Hubs and/or Azure storage account
Microsoft Defender XDR supports streaming events through Advanced Hunting to an Event Hubs and/or Azure storage account.
For more information on Microsoft Defender XDR streaming API, see the video.
In this section
| Topic | Description | 
|---|---|
| Stream events to Azure Event Hubs | Learn about enabling the streaming API in your tenant and configure Microsoft Defender XDR to stream Advanced Hunting to Event Hubs. | 
| Stream events to your Azure storage account | Learn about enabling the streaming API in your tenant and configure Microsoft Defender XDR to stream Advanced Hunting to your Azure storage account. | 
| Supported event types | Learn which Advanced Hunting event types the Streaming API supports. | 
Watch this short video to learn how to set up the streaming API to ship event information directly to Azure Event hubs for consumption by visualization services, data processing engines, or Azure storage for long-term data retention.
Related topics
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.