Find your Microsoft Sentinel data connector
This article lists all supported, out-of-the-box data connectors and links to each connector's deployment steps.
Important
- Noted Microsoft Sentinel data connectors are currently in Preview.
- For connectors that use the Log Analytics agent, the agent will be retired on 31 August, 2024. If you are using the Log Analytics agent in your Microsoft Sentinel deployment, we recommend that you start planning your migration to the AMA. For more information, see AMA migration for Microsoft Sentinel.
Data connectors are available as part of the following offerings:
Solutions: Many data connectors are deployed as part of Microsoft Sentinel solution together with related content like analytics rules, workbooks, and playbooks. For more information, see the Microsoft Sentinel solutions catalog.
Community connectors: More data connectors are provided by the Microsoft Sentinel community and can be found in the Azure Marketplace. Documentation for community data connectors is the responsibility of the organization that created the connector.
Custom connectors: If you have a data source that isn't listed or currently supported, you can also create your own, custom connector. For more information, see Resources for creating Microsoft Sentinel custom connectors.
Data connector prerequisites
Each data connector has its own set of prerequisites. Prerequisites might include that you must have specific permissions on your Azure workspace, subscription, or policy. Or, you must meet other requirements for the partner data source you're connecting to.
Prerequisites for each data connector are listed on the relevant data connector page in Microsoft Sentinel.
AliCloud
Cisco
CohesityDev
Corelight Inc.
Cyber Defense Group B.V.
Cynerio
Elastic
Fireeye
- [Deprecated] FireEye Network Security (NX) via Legacy Agent
- [Recommended] FireEye Network Security (NX) via AMA
Infosec Global
Microsoft
- Microsoft Entra ID
- Azure Activity
- Azure Cognitive Search
- Azure Key Vault
- Azure Kubernetes Service (AKS)
- Azure Storage Account
- Azure Web Application Firewall (WAF)
- Azure Batch Account
- Common Event Format (CEF)
- Common Event Format (CEF) via AMA
- Windows DNS Events via AMA
- Azure Event Hub
- Azure Logic Apps
- Tenant-based Microsoft Defender for Cloud (Preview)
- Microsoft 365
- Security Events via Legacy Agent
- Windows Security Events via AMA
- Azure Service Bus
- Azure Stream Analytics
- Syslog
- Syslog via AMA
- Threat intelligence - TAXII
- Windows Firewall
- Windows Forwarded Events
Microsoft Corporation
Palo Alto Networks
- [Deprecated] Palo Alto Networks Cortex Data Lake (CDL) via Legacy Agent
- [Recommended] Palo Alto Networks Cortex Data Lake (CDL) via AMA
- Palo Alto Prisma Cloud CSPM (using Azure Functions)
Trend Micro
Wiz, Inc.
Next steps
For more information, see: