Our Defender for Endpoint Device tables are around 1TB a day, I'll never get the money to use Sentinel so I'm looking for an alternative.
Is there no way to use Azure Event Hubs with Elasticsearch? Stream the events from the Defender for Endpoint api to Azure Event Hub and then into an Elasticsearch cluster?
Is this even possible?
Thanks!