Raw Data Streaming API

Important

Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.

Applies to:

Stream Advanced Hunting events to Event Hubs and/or Azure storage account.

Defender for Endpoint supports streaming all the events available through Advanced Hunting to an Event Hubs and/or Azure storage account.

In this section

Topic Description
Stream Microsoft Defender for Endpoint events to Azure Event Hubs Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream Advanced Hunting to Event Hubs.
Stream Defender for Endpoint events to your Azure storage account Learn about enabling the streaming API in your tenant and configure Defender for Endpoint to stream Advanced Hunting to your Azure storage account.