Microsoft Sentinel content hub catalog

Note

Azure Sentinel is now called Microsoft Sentinel, and we’ll be updating these pages in the coming weeks. Learn more about recent Microsoft security enhancements.

Important

The Microsoft Sentinel content hub experience is currently in PREVIEW, as are all individual solution packages. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Microsoft Sentinel solutions provide a consolidated way to acquire Microsoft Sentinel content - like data connectors, workbooks, analytics, and automation - in your workspace with a single deployment step.

This article lists the out-of-the-box (built-in), on-demand, Microsoft Sentinel data connectors and solutions available for you to deploy in your workspace. Deploying a solution makes any included security content, such as data connectors, playbooks, workbooks, or rules, in the relevant area of Microsoft Sentinel.

For more information, see Centrally discover and deploy Microsoft Sentinel out-of-the-box content and solutions.

Domain solutions

Name Includes Categories Supported by
Microsoft Insider Risk Management Data connector, workbook, analytics rules, hunting queries Security - Insider threat Microsoft
Microsoft MITRE ATT&CK solution for Cloud Workbooks, analytics rules, hunting queries Security - Threat protection, Security - Others Microsoft
Microsoft Sentinel Deception Workbooks, analytics rules, watchlists Security - Threat Protection Microsoft
Zero Trust (TIC3.0) Workbooks Identity, Security - Others Microsoft

Arista Networks

Name Includes Categories Supported by
Arista Networks (Awake Security) Data connector, workbooks, analytics rules Security - Network Arista - Awake Security

Armorblox

Name Includes Categories Supported by
Armorblox - Sentinel Data connector Security - Threat protection Armorblox

Azure

Name Includes Categories Supported by
Azure Firewall Solution for Sentinel Data connector, workbook, analytics rules, playbooks, hunting queries, custom Logic App connector Security - Network Security, Networking Community
Microsoft Sentinel for SQL PaaS Data connector, workbook, analytics rules, playbooks, hunting queries Application Community
Microsoft Sentinel Training Lab Workbook, analytics rules, playbooks, hunting queries Training and tutorials Microsoft
Azure SQL Data connector, workbook, analytics, playbooks, hunting queries Application Microsoft

Box

Name Includes Categories Supported by
Box Solution Data connector, workbook, analytics rules, hunting queries, parser Storage, application Microsoft

Check Point

Name Includes Categories Supported by
Check Point Microsoft Sentinel Solutions Data connector, playbooks, custom Logic App connector Security - Automation (SOAR) Checkpoint

Cisco

Name Includes Categories Supported by
Cisco ACI Data connector, parser Security – Network Microsoft
Cisco ASA Data connector, playbooks, custom Logic App connector Security – Automation (SOAR) Microsoft
Cisco Duo Security Data connector, parser Identity Microsoft
Cisco ISE Data connector, workbooks, analytics rules, playbooks, hunting queries, parser, custom Logic App connector Networking, Security - Others Microsoft
Cisco Meraki Data connector, playbooks, custom Logic App connector Security - Network Microsoft
Cisco Secure Email Gateway / ESA Data connector, parser Security - Threat Protection Microsoft
Cisco StealthWatch Data connector, parser Security - Network Microsoft
Cisco Umbrella Data connector, workbooks, analytics rules, playbooks, hunting queries, parser, custom Logic App connector Security - Cloud Security Microsoft
Cisco Web Security Appliance (WSA) Data connector, parser Security - Network Microsoft

Cloudflare

Name Includes Categories Supported by
Cloudflare Solution Data connector, workbooks, analytics rules, hunting queries, parser Security - Network, networking Microsoft

Contrast Security

Name Includes Categories Supported by
Contrast Protect Microsoft Sentinel Solution Data connector, workbooks, analytics rules Security - Threat protection Microsoft

Crowdstrike

Name Includes Categories Supported by
CrowdStrike Falcon Endpoint Protection Solution Data connector, workbooks, analytics rules, playbooks, parser Security - Threat protection Microsoft

Digital Guardian

Name Includes Categories Supported by
Digital Guardian Data connector, parser Security - Information Protection Microsoft

FalconForce

Name Includes Categories Supported by
FalconFriday Content - Falcon Friday Analytics rules User Behavior (UEBA), Security - Insider threat FalconForce

FireEye NX (Network Security)

Name Includes Categories Supported by
FireEye NX (Network Security) Data connector, parser Security - Network Microsoft

Flare Systems Firework

Name Includes Categories Supported by
Flare Systems Firework Data connector Security - Threat protection Microsoft

Forescout

Name Includes Categories Supported by
Forescout Data connector, parser Security - Network Microsoft

Fortinet Fortigate

Name Includes Categories Supported by
Fortinet Fortigate Data connector, playbooks, custom Logic App connector Security - Automation (SOAR) Microsoft

Google

Name Includes Categories Supported by
Google Cloud Platform DNS Solution Data connector, parser Cloud Provider, Networking Microsoft
Google Cloud Platform Cloud Monitoring Solution Data connector, parser Cloud Provider Microsoft
Google Cloud Platform Identity and Access Management Solution Data connector, workbook, analytics rules, playbooks, hunting queries, parser, custom Logic App connector Cloud Provider, Identity Microsoft

HYAS

Name Includes Categories Supported by
HYAS Insight for Microsoft Sentinel Solutions Gallery Playbooks Security - Threat Intelligence, Security - Automation (SOAR) Microsoft

Imperva

Name Includes Categories Supported by
Imperva Cloud WAF (formally Imperva Incapsula) Data connector, parser Security - Network Microsoft

InfoBlox

Name Includes Categories Supported by
InfoBlox Threat Defense / InfoBlox Cloud Data Connector Data connector, workbook, analytics rules Security - Threat protection Microsoft

IronNet

Name Includes Categories Supported by
IronNet CyberSecurity Iron Defense - Microsoft Sentinel Security - Network Microsoft

Juniper

Name Includes Categories Supported by
Juniper IDP Data connector, parser Security - Network Microsoft

Kaspersky

Name Includes Categories Supported by
Kaspersky AntiVirus Data connector, parser Security - Threat protection Microsoft

Lookout

Name Includes Categories Supported by
Lookout Mobile Threat Defense for Microsoft Sentinel Data connector Security - Network Lookout

McAfee

Name Includes Categories Supported by
McAfee ePolicy Orchestrator Solution Data connector, workbook, analytics rules, playbooks, hunting queries, parser, custom Logic App connector Security - Threat protection Microsoft
McAfee Network Security Platform Solution (Intrushield) + AntiVirus Information (T1 minus Logic apps) Data connector, workbooks, analytics rules, hunting queries, parser Security - Threat protection Microsoft

Microsoft

Name Includes Categories Supported by
Microsoft Sentinel 4 Microsoft Dynamics 365 Data connector, workbooks, analytics rules, and hunting queries Application Microsoft
Microsoft Sentinel for Teams Data connector, analytics rules, playbooks, hunting queries Application Community

Oracle

Name Includes Categories Supported by
Oracle Cloud Infrastructure Data connector, parser Cloud Provider Microsoft
Oracle Database Audit Solution Data connector, workbook, analytics rules, hunting queries, parser Application Microsoft

Palo Alto

Name Includes Categories Supported by
Palo Alto PAN-OS Data connector, playbooks, custom Logic App connector Security - Automation (SOAR), Security - Network Microsoft
Palo Alto Prisma Solution Data connector, workbooks, analytics rules, hunting queries, parser Security - Cloud security Microsoft

Ping Identity

Name Includes Categories Supported by
PingFederate Solution Data connector, workbooks, analytics rules, hunting queries, parser Identity Microsoft

Proofpoint

Name Includes Categories Supported by
Proofpoint POD Solution Data connector, workbook, analytics rules, hunting queries, parser Security - Threat protection Microsoft
Proofpoint TAP Solution Workbooks, analytics rules, playbooks, custom Logic App connector Security - Automation (SOAR), Security - Threat protection Microsoft

Qualys

Name Includes Categories Supported by
Qualys VM Solution Workbooks, analytics rules Security - Vulnerability Management Microsoft

Rapid7

Name Includes Categories Supported by
Rapid7 InsightVM CloudAPI Solution Data connector, parser Security - Vulnerability Management Microsoft

ReversingLabs

Name Includes Categories Supported by
ReversingLabs TitaniumCloud File Enrichment Solution Playbooks Security - Threat intelligence ReversingLabs

RiskIQ

Name Includes Categories Supported by
RiskIQ Security Intelligence Playbooks Playbooks Security - Threat intelligence, Security - Automation (SOAR) RiskIQ

RSA

Name Includes Categories Supported by
RSA SecurID Data connector, parser Security - Others, Identity Microsoft

SAP

Name Includes Categories Supported by
Continuous Threat Monitoring for SAP Data connector, workbooks, analytics rules, watchlists Application Community

Semperis

Name Includes Categories Supported by
Semperis Data connector, workbooks, analytics rules, parser Security - Threat protection, Identity Semperis

Senserva Pro

Name Includes Categories Supported by
Senserva Offer for Microsoft Sentinel Data connector, workbooks, analytics rules, hunting queries Compliance Senserva

Sonrai Security

Name Includes Categories Supported by
Sonrai Security - Microsoft Sentinel Data connector, workbooks, analytics rules Compliance Sonrai Security

Slack

Name Includes Categories Supported by
Slack Audit Solution Data connector, workbooks, analytics rules, hunting queries, parser Application Microsoft

Sophos

Name Includes Categories Supported by
Sophos Endpoint Protection Solution Data connector, parser Security - Threat protection Microsoft
Sophos XG Firewall Solution Workbooks, analytics rules, parser Security - Network Microsoft

Symantec

Name Includes Categories Supported by
Symantec Endpoint Data connector, workbook, analytics rules, playbooks, hunting queries, parser Security - Threat protection Microsoft
Symantec ProxySG Solution Workbooks, analytics rules Security - Network Symantec

Tenable

Name Includes Categories Supported by
Tenable Nessus Scanner / IO VM reports for cloud Data connector, parser Security - Vulnerability Management Microsoft

Trend Micro

Name Includes Categories Supported by
Trend Micro Apex One Solution Data connector, hunting queries, parser Security - Threat protection Microsoft

Ubiquiti

Name Includes Categories Supported by
Ubiquiti UniFi Solution Data connector, workbooks, analytics rules, hunting queries, parser Security - Network Microsoft

vArmour

Name Includes Categories Supported by
vArmour Application Controller and Microsoft Sentinel Solution Data connector, workbook, analytics rules IT Operations vArmour

Vectra

Name Includes Categories Supported by
Vectra Stream Solution Data connector, hunting queries, parser Security - Network Microsoft

VMware

Name Includes Categories Supported by
VMware Carbon Black Solution Workbooks, analytics rules Security - Threat protection Microsoft

Zeek Network

Name Includes Categories Supported by
Corelight for Microsoft Sentinel Data connector, workbooks, analytics rules, hunting queries, parser IT Operations, Security - Network Zeek Network

Next steps

In this document, you learned about Microsoft Sentinel solutions and how to find and deploy them.