Find your Microsoft Sentinel data connector
This article lists all supported, out-of-the-box data connectors and links to each connector's deployment steps.
Important
Noted Microsoft Sentinel data connectors are currently in Preview. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Data connectors are available as part of the following offerings:
Solutions: Many data connectors are deployed as part of Microsoft Sentinel solution together with related content like analytics rules, workbooks, and playbooks. For more information, see the Microsoft Sentinel solutions catalog.
Community connectors: More data connectors are provided by the Microsoft Sentinel community and can be found in the Azure Marketplace. Documentation for community data connectors is the responsibility of the organization that created the connector.
Custom connectors: If you have a data source that isn't listed or currently supported, you can also create your own, custom connector. For more information, see Resources for creating Microsoft Sentinel custom connectors.
Data connector prerequisites
Each data connector has its own set of prerequisites. Prerequisites might include that you must have specific permissions on your Azure workspace, subscription, or policy. Or, you must meet other requirements for the partner data source you're connecting to.
Prerequisites for each data connector are listed on the relevant data connector page in Microsoft Sentinel.
AliCloud
Cisco
CohesityDev
Corelight Inc.
Cynerio
Elastic
Infosec Global
Microsoft
- Microsoft Entra ID
- Azure Activity
- Azure Cognitive Search
- Azure Key Vault
- Azure Kubernetes Service (AKS)
- Azure Storage Account
- Azure Web Application Firewall (WAF)
- Azure Batch Account
- Common Event Format (CEF) via AMA
- Windows DNS Events via AMA
- Azure Event Hubs
- Azure Logic Apps
- Tenant-based Microsoft Defender for Cloud (Preview)
- Microsoft 365
- Windows Security Events via AMA
- Azure Service Bus
- Azure Stream Analytics
- Syslog via AMA
- Threat intelligence - TAXII
- Windows Firewall
- Windows Forwarded Events
Microsoft Corporation
Palo Alto Networks
Wiz, Inc.
Next steps
For more information, see: