title | description | author | ms.author | ms.topic | ms.date |
---|---|---|---|---|---|
Set up continuous export to an event hub behind a firewall |
Learn how to set up continuous export of Microsoft Defender for Cloud security alerts and recommendations to an event hub behind a firewall. |
dcurwin |
dacurwin |
how-to |
03/20/2024 |
In a situation where an event hub is behind a firewall, you can enable continuous export as a trusted service so that you can send data to the event hub.
- Set up continuous export in the Azure portal or set up continuous export with Azure Policy or set up continuous export with REST API.
You can enable continuous export as a trusted service so that you can send data to an event hub that has Azure Firewall enabled.
To grant access to continuous export as a trusted service:
-
Sign in to the Azure portal.
-
Go to Microsoft Defender for Cloud > Environmental settings.
-
Select the relevant resource.
-
Select Continuous export.
-
Select Export as a trusted service.
:::image type="content" source="media/continuous-export-event-hub-firewall/export-as-trusted.png" alt-text="Screenshot that shows where the checkbox is located to select export as trusted service.":::
To add the relevant role assignment to the destination event hub:
-
Go to the selected event hub.
-
In the resource menu, select Access control (IAM) > Add role assignment.
:::image type="content" source="media/continuous-export-event-hub-firewall/add-role-assignment.png" alt-text="Screenshot that shows the Add role assignment button." lightbox="media/continuous-export-event-hub-firewall/add-role-assignment.png":::
-
Select Azure Event Hubs Data Sender.
-
Select the Members tab.
-
Choose + Select members.
-
Search for and then select Windows Azure Security Resource Provider.
:::image type="content" source="media/continuous-export-event-hub-firewall/windows-security-resource.png" alt-text="Screenshot that shows you where to enter and search for Microsoft Azure Security Resource Provider." lightbox="media/continuous-export-event-hub-firewall/windows-security-resource.png":::
-
Select Review + assign.
[!div class="nextstepaction"] View exported data in Azure Monitor