Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,934 questions
Microsoft Defender XDR Streaming API
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 24%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
DG001
346
Reputation points Microsoft Employee
We have an API configured, and it is my understanding that you should be able to tie directly to a sentinel workspace and it should be configured like the image. But none of the options are selected for event hub connections or Storage accounts. For any NEW connections, an Event Hub or Storage account is required before it can be created.
We are trying to understand the ramifications of making changes to these APIs knowing that the requirements have changed for them?
Our concern is, If we try and enable an Event Hub, will we be able to go back to the current configuration if necessary?
Delete maybe the only option and recreate with an Event hub connection. That is what we are trying to nail down.
Can we modify it in anyway or is a delete and restart with no ability to go back to the current configuration?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Catherine Kyalo 650 Reputation points Microsoft Employee2024-04-04T10:21:32.9066667+00:00 For Microsoft Defender XDR Streaming API, if you need to add an Event Hub or Storage account to your existing configuration, you should be able to do so without having to delete your current configuration.
However, be aware that once you set up an Event Hub or a Storage account, the data starts flowing to these resources and you may incur additional costs. Additionally, if you decide to remove the Event Hub or Storage account later, the data will stop flowing to these resources.
If you are worried about the implications of these changes, it would be a good idea to test the changes in a non-production environment first.
Sign in to comment