Microsoft Azure Event Hubs log source parameters for Microsoft 365 Defender
If IBM QRadar does not automatically detect the log source, add a Microsoft 365 Defender log source on the QRadar Console by using the Microsoft Azure Event Hubs protocol.
When you use the Microsoft Azure Event Hubs protocol, there are specific parameters that you must use.
The following table describes the parameters that require specific values to collect Microsoft Azure Event Hubs events from Microsoft 365 Defender:
| Parameter | Value |
|---|---|
| Log Source type | Microsoft 365 Defender |
| Protocol Configuration | Microsoft Azure Event Hubs |
| Log Source Identifier |
Use an identifiable name or IP address for the log source. When the Use as a Gateway Log Source parameter is enabled, the Log Source Identifier value is not used. |
For a complete list of Microsoft Azure Event Hubs protocol parameters and their values, see Microsoft Azure Event Hubs protocol configuration options.