Export Reporting Data to Elastic/ELK
The flow data collected by one or multiple Threat Defender installations can be aggregated via Logstash or Filebeat and written to one or multiple Elasticsearch instances. They are then evaluated with Kibana.
To quickly start an Elastic stack, have a look at this example using docker.
Additional References:
For the IPFIX specification of Threat Defender, see IPFIX Specification.
For information on the JSONL events generated by Threat Defender, see JSON Lines Formatted Output.