Find your Microsoft Sentinel data connector

This article lists all supported, out-of-the-box data connectors and links to each connector's deployment steps.

Important

  • Noted Microsoft Sentinel data connectors are currently in Preview. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
  • Microsoft Sentinel is generally available within Microsoft's unified security operations platform in the Microsoft Defender portal. For preview, Microsoft Sentinel is available in the Defender portal without Microsoft Defender XDR or an E5 license. For more information, see Microsoft Sentinel in the Microsoft Defender portal.

Data connectors are available as part of the following offerings:

  • Solutions: Many data connectors are deployed as part of Microsoft Sentinel solution together with related content like analytics rules, workbooks, and playbooks. For more information, see the Microsoft Sentinel solutions catalog.

  • Community connectors: More data connectors are provided by the Microsoft Sentinel community and can be found in the Azure Marketplace. Documentation for community data connectors is the responsibility of the organization that created the connector.

  • Custom connectors: If you have a data source that isn't listed or currently supported, you can also create your own, custom connector. For more information, see Resources for creating Microsoft Sentinel custom connectors.

Note

For information about feature availability in US Government clouds, see the Microsoft Sentinel tables in Cloud feature availability for US Government customers.

Data connector prerequisites

Each data connector has its own set of prerequisites. Prerequisites might include that you must have specific permissions on your Azure workspace, subscription, or policy. Or, you must meet other requirements for the partner data source you're connecting to.

Prerequisites for each data connector are listed on the relevant data connector page in Microsoft Sentinel.

Azure Monitor agent (AMA) based data connectors require an internet connection from the system where the agent is installed. Enable port 443 outbound to allow a connection between the system where the agent is installed and Microsoft Sentinel.

Syslog and Common Event Format (CEF) connectors

Log collection from many security appliances and devices are supported by the data connectors Syslog via AMA or Common Event Format (CEF) via AMA in Microsoft Sentinel. To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent. These steps include installing the Microsoft Sentinel solution for a security appliance or device from the Content hub in Microsoft Sentinel. Then, configure the Syslog via AMA or Common Event Format (CEF) via AMA data connector that's appropriate for the Microsoft Sentinel solution you installed. Complete the setup by configuring the security device or appliance. Find instructions to configure your security device or appliance in one of the following articles:

Contact the solution provider for more information or where information is unavailable for the appliance or device.

Custom Logs via AMA connector

Filter and ingest logs in text-file format from network or security applications installed on Windows or Linux machines by using the Custom Logs via AMA connector in Microsoft Sentinel. For more information, see the following articles:

Codeless connector platform connectors

The following connectors use the current codeless connector platform but don't have a specific documentation page generated. They're available from the content hub in Microsoft Sentinel as part of a solution. For instructions on how to configure these data connectors, review the instructions available with each data connector within Microsoft Sentinel.

Codeless connector name Azure Marketplace solution
Atlassian Jira Audit (using REST API) (Preview) Atlassian Jira Audit
Cisco Meraki (using Rest API) Cisco Meraki Events via REST API
Ermes Browser Security Events Ermes Browser Security for Microsoft Sentinel
Okta Single Sign-On (Preview) Okta Single Sign-On Solution
Sophos Endpoint Protection (using REST API) (Preview) Sophos Endpoint Protection Solution
Workday User Activity (Preview) Workday (Preview)

For more information about the codeless connector platform, see Create a codeless connector for Microsoft Sentinel.

1Password

42Crunch

Abnormal Security Corporation

AliCloud

Amazon Web Services

archTIS

ARGOS Cloud Security Pty Ltd

Armis, Inc.

Armorblox

Atlassian

Auth0

Better Mobile Security Inc.

Bitglass

Bitsight Technologies, Inc.

Bosch Global Software Technologies Pvt Ltd

Box

Cisco

Cisco Systems, Inc.

Claroty

Cloudflare

Cognni

cognyte technologies israel ltd

CohesityDev

Commvault

Corelight Inc.

Cribl

Crowdstrike

CyberArk

CyberPion

Cybersixgill

Cyborg Security, Inc.

Cynerio

Darktrace plc

Dataminr, Inc.

Defend Limited

DEFEND Limited

Derdack

Digital Shadows

Dynatrace

Elastic

F5, Inc.

Facebook

Feedly, Inc.

Flare Systems

Forescout

Fortinet

Gigamon, Inc

Google

Greynoise Intelligence, Inc.

HYAS Infosec Inc

Illumio, Inc.

H.O.L.M. Security Sweden AB

Imperva

Infoblox

Infosec Global

Insight VM / Rapid7

Island Technology Inc.

Jamf Software, LLC

Lookout, Inc.

MailGuard Pty Limited

Microsoft

Microsoft Corporation

Microsoft Corporation - sentinel4github

Microsoft Sentinel Community, Microsoft Corporation

Mimecast North America

MuleSoft

NetClean Technologies AB

Netskope

Noname Gate, Inc.

NXLog Ltd.

Okta

OneLogin

Orca Security, Inc.

Palo Alto Networks

Perimeter 81

Phosphorus Cybersecurity

Prancer Enterprise

Proofpoint

Qualys

Radiflow

Rubrik, Inc.

SailPoint

Salesforce

Secure Practice

Senserva, LLC

SentinelOne

SERAPHIC ALGORITHMS LTD

Silverfort Ltd.

Slack

Snowflake

Sonrai Security

Sophos

Symantec

TALON CYBER SECURITY LTD

Tenable

The Collective Consulting BV

TheHive

Theom, Inc.

Transmit Security LTD

Trend Micro

Valence Security Inc.

Varonis

Vectra AI, Inc

VMware

WithSecure

Wiz, Inc.

ZERO NETWORKS LTD

Zerofox, Inc.

Zimperium, Inc.

Zoom

Next steps

For more information, see: