Find your Microsoft Sentinel data connector
This article lists all supported, out-of-the-box data connectors and links to each connector's deployment steps.
- Noted Microsoft Sentinel data connectors are currently in Preview. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- For connectors that use the Log Analytics agent, the agent will be retired on 31 August, 2024. If you are using the Log Analytics agent in your Microsoft Sentinel deployment, we recommend that you start planning your migration to the AMA. For more information, see AMA migration for Microsoft Sentinel.
Data connectors are available as part of the following offerings:
Solutions: Many data connectors are deployed as part of Microsoft Sentinel solution together with related content like analytics rules, workbooks and playbooks. For more information, see the Microsoft Sentinel solutions catalog.
Community connectors: More data connectors are provided by the Microsoft Sentinel community and can be found in the Azure Marketplace. Documentation for community data connectors is the responsibility of the organization that created the connector.
Custom connectors: If you have a data source that isn't listed or currently supported, you can also create your own, custom connector. For more information, see Resources for creating Microsoft Sentinel custom connectors.
For information about feature availability in US Government clouds, see the Microsoft Sentinel tables in Cloud feature availability for US Government customers.
Data connector prerequisites
Each data connector will have its own set of prerequisites, such as required permissions on your Azure workspace, subscription, or policy, and so on, or other requirements for the partner data source you're connecting to.
Prerequisites for each data connector are listed on the relevant data connector page in Microsoft Sentinel, on the Instructions tab.
Abnormal Security Corporation
Amazon Web Services
Apache Software Foundation
ARGOS Cloud Security Pty Ltd
Better Mobile Security Inc.
Bosch Global Software Technologies Pvt Ltd
- Cisco Application Centric Infrastructure
- Cisco ASA
- Cisco ASA/FTD via AMA (Preview)
- Cisco Duo Security (using Azure Function)
- Cisco Meraki
- Cisco Secure Email Gateway
- Cisco Secure Endpoint (AMP) (using Azure Function)
- Cisco Stealthwatch
- Cisco UCS
- Cisco Umbrella (using Azure Function)
- Cisco Web Security Appliance
Cisco Systems, Inc.
Cloud Software Group
Cyber Defense Group B.V.
ExtraHop Networks, Inc.
- Google ApigeeX (using Azure Function)
- Google Cloud Platform Cloud Monitoring (using Azure Function)
- Google Cloud Platform DNS (using Azure Function)
- Google Cloud Platform IAM (using Azure Function)
- Google Workspace (G Suite) (using Azure Function)
H.O.L.M. Security Sweden AB
Insight VM / Rapid7
Jamf Software, LLC
- Automated Logic WebCTRL
- Azure Active Directory
- Azure Active Directory Identity Protection
- Azure Activity
- Azure Batch Account
- Azure Cognitive Search
- Azure Data Lake Storage Gen1
- Azure DDoS Protection
- Azure Event Hub
- Azure Information Protection
- Azure Key Vault
- Azure Kubernetes Service (AKS)
- Azure Logic Apps
- Azure Service Bus
- Azure Storage Account
- Azure Stream Analytics
- Azure Web Application Firewall (WAF)
- Common Event Format (CEF)
- Common Event Format (CEF) via AMA
- Fortinet FortiWeb Web Application Firewall
- Microsoft 365 Defender
- Microsoft 365 Insider Risk Management
- Microsoft Defender for Cloud
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for IoT
- Microsoft Defender for Office 365
- Microsoft Defender Threat Intelligence (Preview)
- Microsoft PowerBI
- Microsoft Project
- Microsoft Purview (Preview)
- Microsoft Purview Information Protection
- Network Security Groups
- Office 365
- Security Events via Legacy Agent
- SentinelOne (using Azure Function)
- Threat intelligence - TAXII
- Threat Intelligence Platforms
- Threat Intelligence Upload Indicators API (Preview)
- Windows DNS Events via AMA (Preview)
- Windows Firewall
- Windows Firewall Events via AMA (Preview)
- Windows Forwarded Events
- Windows Security Events via AMA
Microsoft Corporation - sentinel4github
Microsoft Sentinel Community, Microsoft Corporation
Noname Gate, Inc.
Orca Security, Inc.
Palo Alto Networks
- Palo Alto Networks (Firewall)
- Palo Alto Networks Cortex Data Lake (CDL)
- Palo Alto Prisma Cloud CSPM (using Azure Function)
- Qualys VM KnowledgeBase (using Azure Function)
- Qualys Vulnerability Management (using Azure Function)
- Symantec Endpoint Protection
- Symantec Integrated Cyber Defense Exchange
- Symantec ProxySG
- Symantec VIP
TALON CYBER SECURITY LTD
The Collective Consulting BV
Vectra AI, Inc
ZERO NETWORKS LTD
For more information, see:
Submit and view feedback for