संपादित करें

इसके माध्यम से साझा किया गया


Connect your data source to the Microsoft Sentinel Data Collector API to ingest data

API integrations built by third-party vendors pull data from their products' data sources and connect to Microsoft Sentinel's Azure Monitor Data Collector API to push the data into custom log tables in your Microsoft Sentinel workspace.

For the most part, you can find all the information you need to configure these data sources to connect to Microsoft Sentinel in each vendor's documentation.

Check your product's section in the data connectors reference page for any extra instructions that may appear there, and for the links to your vendor's instructions.

Data will be stored in the geographic location of the workspace on which you are running Microsoft Sentinel.

Note

For information about feature availability in US Government clouds, see the Microsoft Sentinel tables in Cloud feature availability for US Government customers.

Prerequisites

Configure and connect your data source

  1. In the Microsoft Sentinel portal, select Data connectors on the navigation menu.

  2. Select your product's entry from the data connectors gallery, and then select the Open connector page button.

  3. Follow any steps that appear on the connector page, or any links to vendor instructions that appear there.

  4. When asked for the Workspace ID and the Primary Key, copy them from the data connector page and paste them into the configuration as directed by your vendor's instructions. See the example below.

    Workspace ID and Primary Key

Find your data

After a successful connection is established, the data appears in Logs under the CustomLogs section. Find your product's page from the data connectors reference for the table names.

To query the data from your product, use those table names in your query.

It may take up to 20 minutes before your logs start to appear in Log Analytics.

Next steps

In this document, you learned how to connect external data sources to the Microsoft Sentinel Data Collector API.

To learn more about Microsoft Sentinel, see the following articles: