Microsoft Sentinel - Data Connectors

Author : MD TAREQ HASSAN | Updated : 2022/02/17

About Data Connectors

After on-boarding, first we need to start ingesting data from different sources into Microsoft Sentinel.

Microsoft Sentinel comes with several data connectors for Microsoft and non-Microsoft products to help get your data onboarded. These data connectors are available out of the box and provide real-time integration with products including Microsoft 365 Defender, Microsoft 365 sources, Azure AD, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and more. In addition, there are built-in connectors to the broader security ecosystem for non-Microsoft products.

Connector types:

Connectors from Microsoft
Connectors from third party vendors (partners)
Custom connectors that we can create using:
- Common Event Format (CEF)
- Syslog
- REST-API

Azure Activity

Microsoft Sentinel | Data Connectors - Azure Activity Step 1

Microsoft Sentinel | Data Connectors - Azure Activity Step 2

Microsoft Sentinel | Data Connectors - Azure Activity Step 3

Microsoft Sentinel | Data Connectors - Azure Activity Step 4

Azure Active Directory

Required roles:

“Contributor” role at scope of Subscription or Resource Group or Log Analytics Workspace
“Security Administrator” role in Azure AD

Microsoft Sentinel | Data Connectors - Azure Active Directory Step 1

Microsoft Sentinel | Data Connectors - Azure Active Directory Step 2

Microsoft Sentinel | Data Connectors - Azure Active Directory Step 3

Azure Firewall

Microsoft Sentinel | Data Connectors - Azure Firewall Step 1

Microsoft Sentinel | Data Connectors - Azure Firewall Step 2

Microsoft Sentinel | Data Connectors - Azure Firewall Step 3

Web Application Firewall

Microsoft Sentinel | Data Connectors - Web Application Firewall Step 1

Microsoft Sentinel | Data Connectors - Web Application Firewall Step 2

Microsoft Sentinel | Data Connectors - Web Application Firewall Step 3