Skip to content

Latest commit

 

History

History
62 lines (36 loc) · 2.76 KB

continuous-export-event-hub-firewall.md

File metadata and controls

62 lines (36 loc) · 2.76 KB
Raw
title description author ms.author ms.topic ms.date
Set up continuous export to an event hub behind a firewall
Learn how to set up continuous export of Microsoft Defender for Cloud security alerts and recommendations to an event hub behind a firewall.
dcurwin
dacurwin
how-to
03/20/2024

Set up continuous export to an event hub behind a firewall

In a situation where an event hub is behind a firewall, you can enable continuous export as a trusted service so that you can send data to the event hub.

Prerequisites

Set up continuous export to the eventhub

You can enable continuous export as a trusted service so that you can send data to an event hub that has Azure Firewall enabled.

To grant access to continuous export as a trusted service:

  1. Sign in to the Azure portal.

  2. Go to Microsoft Defender for Cloud > Environmental settings.

  3. Select the relevant resource.

  4. Select Continuous export.

  5. Select Export as a trusted service.

    :::image type="content" source="media/continuous-export-event-hub-firewall/export-as-trusted.png" alt-text="Screenshot that shows where the checkbox is located to select export as trusted service.":::

Add the relevant role assignment to the destination event hub.

To add the relevant role assignment to the destination event hub:

  1. Go to the selected event hub.

  2. In the resource menu, select Access control (IAM) > Add role assignment.

    :::image type="content" source="media/continuous-export-event-hub-firewall/add-role-assignment.png" alt-text="Screenshot that shows the Add role assignment button." lightbox="media/continuous-export-event-hub-firewall/add-role-assignment.png":::

  3. Select Azure Event Hubs Data Sender.

  4. Select the Members tab.

  5. Choose + Select members.

  6. Search for and then select Windows Azure Security Resource Provider.

    :::image type="content" source="media/continuous-export-event-hub-firewall/windows-security-resource.png" alt-text="Screenshot that shows you where to enter and search for Microsoft Azure Security Resource Provider." lightbox="media/continuous-export-event-hub-firewall/windows-security-resource.png":::

  7. Select Review + assign.

Next step

[!div class="nextstepaction"] View exported data in Azure Monitor