Export Reporting Data to Elastic/ELK

The flow data collected by one or multiple Threat Defender installations can be aggregated via Logstash or Filebeat and written to one or multiple Elasticsearch instances. They are then evaluated with Kibana.

To quickly start an Elastic stack, have a look at this example using docker.

• Export IPFIX Reporting Data to Filebeat
• Export JSONL Reporting Data to Logstash via an Encrypted Channel

---

Additional References:

• For the IPFIX specification of Threat Defender, see IPFIX Specification.

• For information on the JSONL events generated by Threat Defender, see JSON Lines Formatted Output.