when trying to get Security Center Alerts into an Event Hub using continuous export I get the error "Failed to update export settings"

David Kent 1 Reputation point
2020-06-24T13:19:57.43+00:00

I can successfully add Security Center Recommendations. , can anyone advise ?
Do I need an Event Hub Policy for Alerts

Azure Event Hubs
Azure Event Hubs
An Azure real-time data ingestion service.
591 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,250 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Saurabh Sharma 23,781 Reputation points Microsoft Employee
    2020-06-24T20:59:25.26+00:00

    @David Kent Yes, you need an Event Hub Policy (Manage or Send) for both recommendation and alerts to export it to event hub.
    I am not able to setup continuous export for recommendations or alerts without setting up Shared Access Policy and gets error -

    10614-asc-continuous-export.png

    0 comments
  2. David Kent 1 Reputation point
    2020-06-25T08:16:26.727+00:00

    Hi SaurabhSharma, thanks for your response, I have an event hub policy configured but I still get the error

    “The json value of sources failed validation, with reason: Sources : sources must contain at least 1 source!, error tracking number: 76cb3749-9a3c-4e53-a781-fafdfd59f409”

  3. David Kent 1 Reputation point
    2020-06-30T08:52:13.8+00:00

    Hi , yes it seemed to be an internal issue which was resolved a few days ago, all is working now, thank you for your help