Streaming API

Applies to:

Note

Try our new APIs using MS Graph security API. Find out more at: Use the Microsoft Graph security API - Microsoft Graph | Microsoft Learn. If you're using Microsoft Defender for Business, see Use the streaming API (preview) with Microsoft Defender for Business.

Important

Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.

Stream Advanced Hunting events to Event Hubs and/or Azure storage account

Microsoft Defender XDR supports streaming events through Advanced Hunting to an Event Hubs and/or Azure storage account.

For more information on Microsoft Defender XDR streaming API, see the video.

In this section

Topic Description
Stream events to Azure Event Hubs Learn about enabling the streaming API in your tenant and configure Microsoft Defender XDR to stream Advanced Hunting to Event Hubs.
Stream events to your Azure storage account Learn about enabling the streaming API in your tenant and configure Microsoft Defender XDR to stream Advanced Hunting to your Azure storage account.
Supported event types Learn which Advanced Hunting event types the Streaming API supports.

Watch this short video to learn how to set up the streaming API to ship event information directly to Azure Event hubs for consumption by visualization services, data processing engines, or Azure storage for long-term data retention.

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.