You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-data-sources.md
+7-20Lines changed: 7 additions & 20 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,16 +3,13 @@ title: Microsoft Sentinel data connectors
3
3
description: Learn about supported data connectors, like Microsoft Defender XDR (formerly Microsoft 365 Defender), Microsoft 365 and Office 365, Microsoft Entra ID, ATP, and Defender for Cloud Apps to Microsoft Sentinel.
4
4
author: yelevin
5
5
ms.topic: conceptual
6
-
ms.date: 03/02/2024
6
+
ms.date: 11/06/2024
7
7
ms.author: yelevin
8
8
appliesto:
9
9
- Microsoft Sentinel in the Azure portal
10
10
- Microsoft Sentinel in the Microsoft Defender portal
11
11
ms.collection: usx-security
12
-
13
-
14
12
#Customer intent: As a security eningeer, I want to use data connectors to integrate various data sources into Microsoft Sentinel so that I can enhance threat detection and response capabilities.
15
-
16
13
---
17
14
18
15
# Microsoft Sentinel data connectors
@@ -55,26 +52,16 @@ To add more data connectors, install the solution associated with the data conne
55
52
56
53
## REST API integration for data connectors
57
54
58
-
Many security technologies provide a set of APIs for retrieving log files. Some data sources can use those APIs to connect to Microsoft Sentinel.
59
-
60
-
Data connectors that use APIs either integrate from the provider side or integrate using Azure Functions, as described in the following sections.
61
-
62
-
### Integration on the provider side
63
-
64
-
An API integration built by the provider connects with the provider data sources and pushes data into Microsoft Sentinel custom log tables by using the Azure Monitor Data Collector API. For more information, see [Send log data to Azure Monitor by using the HTTP Data Collector API](/azure/azure-monitor/logs/data-collector-api?branch=main&tabs=powershell).
65
-
66
-
To learn about REST API integration, read your provider documentation and [Connect your data source to Microsoft Sentinel's REST-API to ingest data](connect-rest-api-template.md).
67
-
68
-
### Integration using Azure Functions
69
-
70
-
Integrations that use Azure Functions to connect with a provider API first format the data, and then send it to Microsoft Sentinel custom log tables using the Azure Monitor Data Collector API.
55
+
Many security solutions provide a set of APIs for retrieving log files and other security data from their product or service. Those APIs connect to Microsoft Sentinel with one of the following methods:
56
+
- The data source APIs are configured with the [Codeless Connector Platform](create-codeless-connector.md).
57
+
- The data connector uses the Log Ingestion API for Azure Monitor as part of an Azure Function or Logic App.
71
58
72
-
For more information, see:
73
-
-[Send log data to Azure Monitor by using the HTTP Data Collector API](/azure/azure-monitor/logs/data-collector-api?branch=main&tabs=powershell)
59
+
For more information about connecting with Azure Functions, see the following articles:
74
60
-[Use Azure Functions to connect your data source to Microsoft Sentinel](connect-azure-functions-template.md)
Integrations that use Azure Functions might have extra data ingestion costs, because you host Azure Functions in your Azure organization. Learn more about [Azure Functions pricing](https://azure.microsoft.com/pricing/details/functions/).
64
+
For more information about connecting with Logic Apps, see [Connect with Logic Apps](create-custom-connector.md#connect-with-logic-apps).
0 commit comments