Hi All,
I configured the MS add-on from a eventhub to gettin in splunk all security alert from Defender for cloud.
seems splunk can't collect some alerts I don't understand why.
The eventhub is properly configured because I see all the logs from the eventhub also I see some security alerts but not all.
the only thing give me a suspition is the eventhub have 3 consumergroup and the input is configured only one consumer group
any helps?
Hi All,
I found the solution by myself, seems the the ms add-on doesn't lost the events but received the logs from the eventhub very late.
I removed the defender for clouds logs from the eventhub and I used the MS graph api add-on.
now I can collect data near real time.
Hi All,
I found the solution by myself, seems the the ms add-on doesn't lost the events but received the logs from the eventhub very late.
I removed the defender for clouds logs from the eventhub and I used the MS graph api add-on.
now I can collect data near real time.