Microsoft Defender offers protection, detection, investigation, and response to threats. Defender comes in multiple editions, Defender for Office 365, Defender for Endpoint, Defender for IoT, Defender for Identity, and Defender for Cloud. All Defender products can stream events in real time to Tenzir using Azure Event Hubs.
Configure Streaming API
Section titled “Configure Streaming API”In Microsoft Security Center, configure Streaming under System -> Settings -> Microsoft Defender XDR -> General -> Streaming API. Add a new Streaming API for
the target Event Hub and enable all event types that you want to collect.
For detailed instructions on setting up Azure Event Hubs and consuming events with Tenzir, see the Azure Event Hubs integration documentation.