Find your Microsoft Sentinel data connector

This article lists all supported, out-of-the-box data connectors and links to each connector's deployment steps.

Important

• Noted Microsoft Sentinel data connectors are currently in Preview. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
• For connectors that use the Log Analytics agent, the agent will be retired on 31 August, 2024. If you are using the Log Analytics agent in your Microsoft Sentinel deployment, we recommend that you start planning your migration to the AMA. For more information, see AMA migration for Microsoft Sentinel.

Data connectors are available as part of the following offerings:

• Solutions: Many data connectors are deployed as part of Microsoft Sentinel solution together with related content like analytics rules, workbooks and playbooks. For more information, see the Microsoft Sentinel solutions catalog.

• Community connectors: More data connectors are provided by the Microsoft Sentinel community and can be found in the Azure Marketplace. Documentation for community data connectors is the responsibility of the organization that created the connector.

• Custom connectors: If you have a data source that isn't listed or currently supported, you can also create your own, custom connector. For more information, see Resources for creating Microsoft Sentinel custom connectors.

Note

For information about feature availability in US Government clouds, see the Microsoft Sentinel tables in Cloud feature availability for US Government customers.

Data connector prerequisites

Each data connector will have its own set of prerequisites, such as required permissions on your Azure workspace, subscription, or policy, and so on, or other requirements for the partner data source you're connecting to.

Prerequisites for each data connector are listed on the relevant data connector page in Microsoft Sentinel, on the Instructions tab.

42Crunch

• API Protection

Abnormal Security Corporation

• AbnormalSecurity (using Azure Functions)

Akamai

• Akamai Security Events

AliCloud

• AliCloud (using Azure Functions)

Amazon Web Services

• Amazon Web Services
• Amazon Web Services S3

Apache

• Apache Tomcat

Apache Software Foundation

• Apache HTTP Server

archTIS

• NC Protect

ARGOS Cloud Security Pty Ltd

• ARGOS Cloud Security

Arista Networks

• Awake Security

Armorblox

• Armorblox (using Azure Functions)

Aruba

• Aruba ClearPass

Atlassian

• Atlassian Confluence Audit (using Azure Functions)
• Atlassian Jira Audit (using Azure Functions)

Auth0

• Auth0 Access Management(using Azure Functions)

Better Mobile Security Inc.

• BETTER Mobile Threat Defense (MTD)

Bitglass

• Bitglass (using Azure Functions)

Blackberry

• Blackberry CylancePROTECT

Bosch Global Software Technologies Pvt Ltd

• AIShield

Box

• Box (using Azure Functions)

Broadcom

• Broadcom Symantec DLP

Cisco

• Cisco Application Centric Infrastructure
• Cisco ASA
• Cisco ASA/FTD via AMA (Preview)
• Cisco Duo Security (using Azure Functions)
• Cisco Identity Services Engine
• Cisco Meraki
• Cisco Secure Email Gateway
• Cisco Secure Endpoint (AMP) (using Azure Functions)
• Cisco Stealthwatch
• Cisco UCS
• Cisco Umbrella (using Azure Function)
• Cisco Web Security Appliance

Cisco Systems, Inc.

• Cisco Firepower eStreamer
• Cisco Software Defined WAN

Citrix

• Citrix ADC (former NetScaler)

Claroty

• Claroty

Cloud Software Group

• CITRIX SECURITY ANALYTICS
• Citrix WAF (Web App Firewall)

Cloudflare

• Cloudflare (Preview) (using Azure Functions)

Cognni

• Cognni

CohesityDev

• Cohesity (using Azure Functions)

Contrast Security

• Contrast Protect

Corelight Inc.

• Corelight

Crowdstrike

• Crowdstrike Falcon Data Replicator (using Azure Functions)
• CrowdStrike Falcon Endpoint Protection

Cyber Defense Group B.V.

• ESET PROTECT

CyberArk

• CyberArk Enterprise Password Vault (EPV) Events
• CyberArkEPM (using Azure Functions)

CyberPion

• Cyberpion Security Logs

Cybersixgill

• Cybersixgill Actionable Alerts (using Azure Functions)

Cynerio

• Cynerio Security Events

Darktrace

• AI Analyst Darktrace
• Darktrace Connector for Microsoft Sentinel REST API

Defend Limited

• Cortex XDR - Incidents

Delinea Inc.

• Delinea Secret Server

Derdack

• Derdack SIGNL4

Digital Guardian

• Digital Guardian Data Loss Prevention

Digital Shadows

• Digital Shadows Searchlight (using Azure Functions)

Dynatrace

• Dynatrace Attacks
• Dynatrace Audit Logs
• Dynatrace Problems
• Dynatrace Runtime Vulnerabilities

Elastic

• Elastic Agent (Standalone)

Exabeam

• Exabeam Advanced Analytics

ExtraHop Networks, Inc.

• ExtraHop Reveal(x)

F5, Inc.

• F5 BIG-IP
• F5 Networks

Facebook

• Workplace from Facebook (using Azure Functions)

Fireeye

• FireEye Network Security (NX)

Flare Systems

• Flare

Forescout

• Forescout
• Forescout Host Property Monitor

Fortinet

• Fortinet

GitLab

• GitLab

Google

• Google ApigeeX (using Azure Functions)
• Google Cloud Platform Cloud Monitoring (using Azure Functions)
• Google Cloud Platform DNS (using Azure Functions)
• Google Cloud Platform IAM (using Azure Functions)
• Google Workspace (G Suite) (using Azure Functions)

H.O.L.M. Security Sweden AB

• Holm Security Asset Data (using Azure Functions)

iboss inc

• iboss

Illumio

• Illumio Core

Illusive Networks

• Illusive Platform

Imperva

• Imperva Cloud WAF (using Azure Functions)

Infoblox

• Infoblox NIOS

Infoblox Inc.

• Infoblox Cloud Data Connector

Infosec Global

• InfoSecGlobal Data Connector

Insight VM / Rapid7

• Rapid7 Insight Platform Vulnerability Management Reports (using Azure Functions)

ISC

• ISC Bind

Island Technology Inc.

• Island Enterprise Browser Admin Audit (Polling CCP)
• Island Enterprise Browser User Activity (Polling CCP)

Ivanti

• Ivanti Unified Endpoint Management

Jamf Software, LLC

• Jamf Protect

Juniper

• Juniper IDP
• Juniper SRX

Kaspersky

• Kaspersky Security Center

Linux

• Microsoft Sysmon For Linux

Lookout, Inc.

• Lookout (using Azure Functions)
• Lookout Cloud Security for Microsoft Sentinel (using Azure Functions)

MarkLogic

• MarkLogic Audit

McAfee

• McAfee ePolicy Orchestrator (ePO)
• McAfee Network Security Platform

Microsoft

• Automated Logic WebCTRL
• Azure Active Directory
• Azure Active Directory Identity Protection
• Azure Activity
• Azure Batch Account
• Azure Cognitive Search
• Azure Data Lake Storage Gen1
• Azure DDoS Protection
• Azure Event Hub
• Azure Key Vault
• Azure Kubernetes Service (AKS)
• Azure Logic Apps
• Azure Service Bus
• Azure Storage Account
• Azure Stream Analytics
• Azure Web Application Firewall (WAF)
• Common Event Format (CEF)
• Common Event Format (CEF) via AMA
• DNS
• Fortinet FortiWeb Web Application Firewall
• Microsoft 365 (formerly, Office 365)
• Microsoft 365 Defender
• Microsoft 365 Insider Risk Management
• Microsoft Defender for Cloud
• Microsoft Defender for Cloud Apps
• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft Defender for IoT
• Microsoft Defender for Office 365
• Microsoft Defender Threat Intelligence
• Microsoft PowerBI
• Microsoft Project
• Microsoft Purview (Preview)
• Microsoft Purview Information Protection
• Network Security Groups
• Security Events via Legacy Agent
• Syslog
• Threat intelligence - TAXII
• Threat Intelligence Platforms
• Threat Intelligence Upload Indicators API (Preview)
• Windows DNS Events via AMA (Preview)
• Windows Firewall
• Windows Forwarded Events
• Windows Security Events via AMA

Microsoft Corporation

• Azure Firewall
• Dynamics 365

Microsoft Corporation - sentinel4github

• GitHub (using Webhooks) (using Azure Functions)
• GitHub Enterprise Audit Log

Microsoft Sentinel Community, Microsoft Corporation

• Exchange Security Insights Online Collector (using Azure Functions)
• Forcepoint CASB
• Forcepoint CSG
• Forcepoint DLP
• Forcepoint NGFW
• MISP2Sentinel

MongoDB

• MongoDB Audit

Morphisec

• Morphisec UTPP

MuleSoft

• MuleSoft Cloudhub (using Azure Functions)

Nasuni Corporation

• Nasuni Edge Appliance

NetClean Technologies AB

• Netclean ProActive Incidents

Netskope

• Netskope (using Azure Functions)

Netwrix

• Netwrix Auditor (formerly Stealthbits Privileged Activity Manager)

Nginx

• NGINX HTTP Server

Noname Gate, Inc.

• Noname Security for Microsoft Sentinel

Nozomi Networks

• Nozomi Networks N2OS

NXLog Ltd.

• NXLog AIX Audit
• NXLog BSM macOS
• NXLog DNS Logs
• NXLog LinuxAudit

Okta

• Okta Single Sign-On (using Azure Functions)

OneLogin

• OneLogin IAM Platform (using Azure Functions)

OpenVPN

• OpenVPN Server

Oracle

• Oracle Cloud Infrastructure (using Azure Functions)
• Oracle Database Audit
• Oracle WebLogic Server

Orca Security, Inc.

• Orca Security Alerts

OSSEC

• OSSEC

Palo Alto Networks

• Palo Alto Networks (Firewall)
• Palo Alto Networks Cortex Data Lake (CDL)
• Palo Alto Prisma Cloud CSPM (using Azure Functions)

Perimeter 81

• Perimeter 81 Activity Logs

Ping Identity

• PingFederate

PostgreSQL

• PostgreSQL Events

Proofpoint

• Proofpoint On Demand Email Security (using Azure Functions)
• Proofpoint TAP (using Azure Functions)

Pulse Secure

• Pulse Connect Secure

Qualys

• Qualys VM KnowledgeBase (using Azure Functions)
• Qualys Vulnerability Management (using Azure Functions)

RedHat

• JBoss Enterprise Application Platform

RSA

• RSA® SecurID (Authentication Manager)

Rubrik, Inc.

• Rubrik Security Cloud data connector (using Azure Functions)

SailPoint

• SailPoint IdentityNow (using Azure Functions)

Salesforce

• Salesforce Service Cloud (using Azure Functions)

Secure Practice

• MailRisk by Secure Practice (using Azure Functions)

SecurityBridge

• SecurityBridge Threat Detection for SAP

Senserva, LLC

• SenservaPro (Preview)

SentinelOne

• SentinelOne (using Azure Functions)

Slack

• Slack Audit (using Azure Functions)

Snowflake

• Snowflake (using Azure Functions)

SonicWall Inc

• SonicWall Firewall

Sonrai Security

• Sonrai Data Connector

Sophos

• Sophos Cloud Optix
• Sophos Endpoint Protection (using Azure Functions)
• Sophos XG Firewall

Squid

• Squid Proxy

Symantec

• Symantec Endpoint Protection
• Symantec Integrated Cyber Defense Exchange
• Symantec ProxySG
• Symantec VIP

TALON CYBER SECURITY LTD

• Talon Insights

Tenable

• Tenable.io Vulnerability Management (using Azure Functions)

The Collective Consulting BV

• LastPass Enterprise - Reporting (Polling CCP)

TheHive

• TheHive Project - TheHive (using Azure Functions)

Theom, Inc.

• Theom

Trend Micro

• Trend Micro Deep Security
• Trend Micro TippingPoint
• Trend Vision One (using Azure Functions)

TrendMicro

• Trend Micro Apex One

Ubiquiti

• Ubiquiti UniFi (Preview)

vArmour Networks

• vArmour Application Controller

Vectra AI, Inc

• AI Vectra Stream
• Vectra AI Detect
• Vectra XDR (using Azure Functions)

VMware

• VMware Carbon Black Cloud (using Azure Functions)
• VMware ESXi
• VMware vCenter

WatchGuard Technologies

• WatchGuard Firebox

WireX Systems

• WireX Network Forensics Platform

WithSecure

• WithSecure Elements via Connector

ZERO NETWORKS LTD

• Zero Networks Segment Audit
• Zero Networks Segment Audit (Function) (using Azure Functions)

Zimperium, Inc.

• Zimperium Mobile Threat Defense

Zoom

• Zoom Reports (using Azure Functions)

Zscaler

• Zscaler
• Zscaler Private Access

Next steps

For more information, see:

• Microsoft Sentinel solutions catalog
• Threat intelligence integration in Microsoft Sentinel