Find your Microsoft Sentinel data connector

This article lists all supported, out-of-the-box data connectors and links to each connector's deployment steps.

Important

  • Noted Microsoft Sentinel data connectors are currently in Preview. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
  • For connectors that use the Log Analytics agent, the agent will be retired on 31 August, 2024. If you are using the Log Analytics agent in your Microsoft Sentinel deployment, we recommend that you start planning your migration to the AMA. For more information, see AMA migration for Microsoft Sentinel.
  • Microsoft Sentinel is available as part of the unified security operations platform in the Microsoft Defender portal. Microsoft Sentinel in the Defender portal is now supported for production use. For more information, see Microsoft Sentinel in the Microsoft Defender portal.

Data connectors are available as part of the following offerings:

  • Solutions: Many data connectors are deployed as part of Microsoft Sentinel solution together with related content like analytics rules, workbooks, and playbooks. For more information, see the Microsoft Sentinel solutions catalog.

  • Community connectors: More data connectors are provided by the Microsoft Sentinel community and can be found in the Azure Marketplace. Documentation for community data connectors is the responsibility of the organization that created the connector.

  • Custom connectors: If you have a data source that isn't listed or currently supported, you can also create your own, custom connector. For more information, see Resources for creating Microsoft Sentinel custom connectors.

Note

For information about feature availability in US Government clouds, see the Microsoft Sentinel tables in Cloud feature availability for US Government customers.

Data connector prerequisites

Each data connector has its own set of prerequisites. Prerequisites might include that you must have specific permissions on your Azure workspace, subscription, or policy. Or, you must meet other requirements for the partner data source you're connecting to.

Prerequisites for each data connector are listed on the relevant data connector page in Microsoft Sentinel.

Syslog and Common Event Format (CEF) connectors

Some Microsoft Sentinel solutions are supported by the data connectors Syslog via AMA or Common Event Format (CEF) via AMA in Microsoft Sentinel. To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in Ingest Syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent. These steps include installing either the Common Event Format or Syslog solution from the Content hub in Microsoft Sentinel. Then, configure the related AMA connector that's installed with the solution. Complete the setup by configuring the appropriate devices or appliances. For more information, see the solution provider's installation instructions or contact the solution provider.

42Crunch

Abnormal Security Corporation

Akamai

AliCloud

Amazon Web Services

Apache

Apache Software Foundation

archTIS

ARGOS Cloud Security Pty Ltd

Arista Networks

Armis, Inc.

Armorblox

Aruba

Atlassian

Auth0

Better Mobile Security Inc.

Bitglass

Bitsight Technologies, Inc.

Blackberry

Bosch Global Software Technologies Pvt Ltd

Box

Broadcom

Cisco

Cisco Systems, Inc.

Citrix

Claroty

Cloudflare

Cognni

cognyte technologies israel ltd

CohesityDev

Corelight Inc.

Crowdstrike

Cyber Defense Group B.V.

CyberArk

CyberPion

Cybersixgill

Cyborg Security, Inc.

Cynerio

Darktrace plc

Dataminr, Inc.

Defend Limited

DEFEND Limited

Derdack

Digital Guardian

Digital Shadows

Dynatrace

Elastic

Exabeam

F5, Inc.

Facebook

Feedly, Inc.

Fireeye

Flare Systems

Forescout

Fortinet

Gigamon, Inc

GitLab

Google

Greynoise Intelligence, Inc.

H.O.L.M. Security Sweden AB

HYAS Infosec Inc

Illumio

Imperva

Infoblox

Infosec Global

Insight VM / Rapid7

ISC

Island Technology Inc.

Ivanti

Jamf Software, LLC

Juniper

Kaspersky

Linux

Lookout, Inc.

MailGuard Pty Limited

MarkLogic

McAfee

Microsoft

Microsoft Corporation

Microsoft Corporation - sentinel4github

Microsoft Sentinel Community, Microsoft Corporation

Mimecast North America

MongoDB

MuleSoft

Nasuni Corporation

NetClean Technologies AB

Netskope

Netwrix

Nginx

Noname Gate, Inc.

Nozomi Networks

NXLog Ltd.

Okta

OneLogin

OpenVPN

Oracle

Orca Security, Inc.

OSSEC

Palo Alto Networks

Perimeter 81

Ping Identity

PostgreSQL

Prancer Enterprise

Proofpoint

Pulse Secure

Qualys

RedHat

Ridge Security Technology Inc.

RSA

Rubrik, Inc.

SailPoint

Salesforce

Secure Practice

SecurityBridge

Senserva, LLC

SentinelOne

SERAPHIC ALGORITHMS LTD

Slack

Snowflake

SonicWall Inc

Sonrai Security

Sophos

Squid

Symantec

TALON CYBER SECURITY LTD

Tenable

The Collective Consulting BV

TheHive

Theom, Inc.

Trend Micro

TrendMicro

Ubiquiti

Valence Security Inc.

Vectra AI, Inc

VMware

WatchGuard Technologies

WithSecure

Wiz, Inc.

ZERO NETWORKS LTD

Zimperium, Inc.

Zoom

Zscaler

Next steps

For more information, see: