Connect your data source to the Microsoft Sentinel Data Collector API to ingest data
API integrations built by third-party vendors pull data from their products' data sources and connect to Microsoft Sentinel's Azure Monitor Data Collector API to push the data into custom log tables in your Microsoft Sentinel workspace.
For the most part, you can find all the information you need to configure these data sources to connect to Microsoft Sentinel in each vendor's documentation.
Check your product's section in the data connectors reference page for any extra instructions that may appear there, and for the links to your vendor's instructions.
Data will be stored in the geographic location of the workspace on which you are running Microsoft Sentinel.
Note
For information about feature availability in US Government clouds, see the Microsoft Sentinel tables in Cloud feature availability for US Government customers.
Prerequisites
You must have read and write permissions on the Microsoft Sentinel workspace.
You must have read permissions to shared keys for the workspace. Learn more about workspace keys.
Install the product's solution from the Content Hub in Microsoft Sentinel. For more information, see Discover and manage Microsoft Sentinel out-of-the-box content.
Configure and connect your data source
In the Microsoft Sentinel portal, select Data connectors on the navigation menu.
Select your product's entry from the data connectors gallery, and then select the Open connector page button.
Follow any steps that appear on the connector page, or any links to vendor instructions that appear there.
When asked for the Workspace ID and the Primary Key, copy them from the data connector page and paste them into the configuration as directed by your vendor's instructions. See the example below.
Find your data
After a successful connection is established, the data appears in Logs under the CustomLogs section. Find your product's page from the data connectors reference for the table names.
To query the data from your product, use those table names in your query.
It may take up to 20 minutes before your logs start to appear in Log Analytics.
Next steps
In this document, you learned how to connect external data sources to the Microsoft Sentinel Data Collector API.
To learn more about Microsoft Sentinel, see the following articles:
- Learn how to get visibility into your data and potential threats.
- Get started detecting threats with Microsoft Sentinel.
- Use workbooks to monitor your data.