Find your Microsoft Sentinel data connector
This article lists all supported, out-of-the-box data connectors and links to each connector's deployment steps.
Important
- Noted Microsoft Sentinel data connectors are currently in Preview.
- For connectors that use the Log Analytics agent, the agent will be retired on 31 August, 2024. If you are using the Log Analytics agent in your Microsoft Sentinel deployment, we recommend that you start planning your migration to the AMA. For more information, see AMA migration for Microsoft Sentinel.
Data connectors are available as part of the following offerings:
Solutions: Many data connectors are deployed as part of Microsoft Sentinel solution together with related content like analytics rules, workbooks and playbooks. For more information, see the Microsoft Sentinel solutions catalog.
Community connectors: More data connectors are provided by the Microsoft Sentinel community and can be found in the Azure Marketplace. Documentation for community data connectors is the responsibility of the organization that created the connector.
Custom connectors: If you have a data source that isn't listed or currently supported, you can also create your own, custom connector. For more information, see Resources for creating Microsoft Sentinel custom connectors.
Data connector prerequisites
Each data connector will have its own set of prerequisites, such as required permissions on your Azure workspace, subscription, or policy, and so on, or other requirements for the partner data source you're connecting to.
Prerequisites for each data connector are listed on the relevant data connector page in Microsoft Sentinel, on the Instructions tab.
Cisco
Cloud Software Group
CohesityDev
Contrast Security
Corelight Inc.
Cynerio
Delinea Inc.
Elastic
ExtraHop Networks, Inc.
F5, Inc.
Fireeye
- [Deprecated] FireEye Network Security (NX) via Legacy Agent
- [Recommended] FireEye Network Security (NX) via AMA
Fortinet
Infosec Global
Microsoft
- Azure Activity
- Azure Batch Account
- Azure Cognitive Search
- Azure Event Hub
- Azure Key Vault
- Azure Kubernetes Service (AKS)
- Azure Logic Apps
- Azure Service Bus
- Azure Storage Account
- Azure Stream Analytics
- Azure Web Application Firewall (WAF)
- Common Event Format (CEF)
- Common Event Format (CEF) via AMA
- DNS
- Fortinet FortiWeb Web Application Firewall
- Microsoft 365 (formerly, Office 365)
- Microsoft Defender for Cloud
- Microsoft Entra ID
- Security Events via Legacy Agent
- Syslog
- Threat intelligence - TAXII
- Windows Firewall
- Windows Forwarded Events
- Windows Security Events via AMA