|
2 | 2 | author: EdB-MSFT |
3 | 3 | ms.author: edbayansh |
4 | 4 | ms.topic: include |
5 | | -ms.date: 07/11/2025 |
| 5 | +ms.date: 07/14/2025 |
6 | 6 | --- |
7 | 7 |
|
8 | 8 | ## Sentinel data connectors |
@@ -125,7 +125,7 @@ ms.date: 07/11/2025 |
125 | 125 | |<a name="google-apigeex-via-codeless-connector-framework-preview"></a><details><summary>**Google ApigeeX (via Codeless Connector Framework) (Preview)** </summary> <br> The Google ApigeeX data connector provides the capability to ingest Audit logs into Microsoft Sentinel using the Google Apigee API. Refer to [Google Apigee API](https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/?apix=true) documentation for more information.<p> **Log Analytics table(s):** <br> - `GCPApigee`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
126 | 126 | |<a name="google-cloud-platform-cdn-via-codeless-connector-framework-preview"></a><details><summary>**Google Cloud Platform CDN (via Codeless Connector Framework) (Preview)** </summary> <br> The Google Cloud Platform CDN data connector provides the capability to ingest Cloud CDN Audit logs and Cloud CDN Traffic logs into Microsoft Sentinel using the Compute Engine API. Refer the [Product overview](https://cloud.google.com/cdn/docs/overview) document for more details.<p> **Log Analytics table(s):** <br> - `GCPCDN`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
127 | 127 | |<a name="google-cloud-platform-cloud-ids-via-codeless-connector-framework-preview"></a><details><summary>**Google Cloud Platform Cloud IDS (via Codeless Connector Framework) (Preview)** </summary> <br> The Google Cloud Platform IDS data connector provides the capability to ingest Cloud IDS Traffic logs, Threat logs and Audit logs into Microsoft Sentinel using the Google Cloud IDS API. Refer to [Cloud IDS API](https://cloud.google.com/intrusion-detection-system/docs/audit-logging#google.cloud.ids.v1.IDS) documentation for more information.<p> **Log Analytics table(s):** <br> - `GCPIDS`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
128 | | -|<a name="google-cloud-platform-cloud-monitoring-using-azure-functions"></a><details><summary>**Google Cloud Platform Cloud Monitoring (using Azure Functions)** </summary> <br> The Google Cloud Platform Cloud Monitoring data connector provides the capability to ingest [GCP Monitoring metrics](https://cloud.google.com/monitoring/api/metrics_gcp) into Microsoft Sentinel using the GCP Monitoring API. Refer to [GCP Monitoring API documentation](https://cloud.google.com/monitoring/api/v3) for more information.<p> **Log Analytics table(s):** <br> - `GCP_MONITORING_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **GCP service account**: GCP service account with permissions to read Cloud Monitoring metrics is required for GCP Monitoring API (required *Monitoring Viewer* role). Also json file with service account key is required. See the documentation to learn more about [creating service account](https://cloud.google.com/iam/docs/creating-managing-service-accounts) and [creating service account key](https://cloud.google.com/iam/docs/creating-managing-service-account-keys).</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
| 128 | +|<a name="google-cloud-platform-cloud-monitoring-via-codeless-connector-framework-preview"></a><details><summary>**Google Cloud Platform Cloud Monitoring (via Codeless Connector Framework) (Preview)** </summary> <br> The Google Cloud Platform Cloud Monitoring data connector ingests Monitoring logs from Google Cloud into Microsoft Sentinel using the Google Cloud Monitoring API. Refer to [Cloud Monitoring API](https://cloud.google.com/monitoring/api/v3) documentation for more details.<p> **Log Analytics table(s):** <br> - `GCPMonitoring`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
129 | 129 | |<a name="google-cloud-platform-dns-via-codeless-connector-framework"></a><details><summary>**Google Cloud Platform DNS (via Codeless Connector Framework)** </summary> <br> The Google Cloud Platform DNS data connector provides the capability to ingest Cloud DNS Query logs and Cloud DNS Audit logs into Microsoft Sentinel using the Google Cloud DNS API. Refer to [Cloud DNS API](https://cloud.google.com/dns/docs/reference/rest/v1) documentation for more information.<p> **Log Analytics table(s):** <br> - `GCPDNS`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
130 | 130 | |<a name="google-cloud-platform-iam-via-codeless-connector-framework"></a><details><summary>**Google Cloud Platform IAM (via Codeless Connector Framework)** </summary> <br> The Google Cloud Platform IAM data connector provides the capability to ingest the Audit logs relating to Identity and Access Management (IAM) activities within Google Cloud into Microsoft Sentinel using the Google IAM API. Refer to [GCP IAM API](https://cloud.google.com/iam/docs/reference/rest) documentation for more information.<p> **Log Analytics table(s):** <br> - `GCPIAM`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
131 | 131 | |<a name="google-security-command-center"></a><details><summary>**Google Security Command Center** </summary> <br> The Google Cloud Platform (GCP) Security Command Center is a comprehensive security and risk management platform for Google Cloud, ingested from Sentinel's connector. It offers features such as asset inventory and discovery, vulnerability and threat detection, and risk mitigation and remediation to help you gain insight into your organization's security and data attack surface. This integration enables you to perform tasks related to findings and assets more effectively.<p> **Log Analytics table(s):** <br> - `GoogleCloudSCC`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
@@ -231,8 +231,8 @@ ms.date: 07/11/2025 |
231 | 231 | |<a name="syslog-via-ama"></a><details><summary>**Syslog via AMA** </summary> <br> Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to the workspace.<br><br>[Learn more >](https://aka.ms/sysLogInfo)<p> **Log Analytics table(s):** <br> - `Syslog`<p>**Data collection rule support:** <br>[Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
232 | 232 | |<a name="talon-insights"></a><details><summary>**Talon Insights** </summary> <br> The Talon Security Logs connector allows you to easily connect your Talon events and audit logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation.<p> **Log Analytics table(s):** <br> - `Talon_CL`<p>**Data collection rule support:** <br>Not currently supported</details> | [Talon Security](https://talon-sec.com/contact/) | |
233 | 233 | |<a name="team-cymru-scout-data-connector-using-azure-functions"></a><details><summary>**Team Cymru Scout Data Connector (using Azure Functions)** </summary> <br> The [TeamCymruScout](https://scout.cymru.com/) Data Connector allows users to bring Team Cymru Scout IP, domain and account usage data in Microsoft Sentinel for enrichment.<p> **Log Analytics table(s):** <br> - `Cymru_Scout_Domain_Data_CL`<br>- `Cymru_Scout_IP_Data_Foundation_CL`<br>- `Cymru_Scout_IP_Data_Details_CL`<br>- `Cymru_Scout_IP_Data_Communications_CL`<br>- `Cymru_Scout_IP_Data_PDNS_CL`<br>- `Cymru_Scout_IP_Data_Fingerprints_CL`<br>- `Cymru_Scout_IP_Data_OpenPorts_CL`<br>- `Cymru_Scout_IP_Data_x509_CL`<br>- `Cymru_Scout_IP_Data_Summary_Details_CL`<br>- `Cymru_Scout_IP_Data_Summary_PDNS_CL`<br>- `Cymru_Scout_IP_Data_Summary_OpenPorts_CL`<br>- `Cymru_Scout_IP_Data_Summary_Certs_CL`<br>- `Cymru_Scout_IP_Data_Summary_Fingerprints_CL`<br>- `Cymru_Scout_Account_Usage_Data_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **Team Cymru Scout Credentials/permissions**: Team Cymru Scout account credentials(Username, Password) is required.</details> | [Team Cymru](https://www.team-cymru.com/contact-us) | |
234 | | -|<a name="tenable-identity-exposure"></a><details><summary>**Tenable Identity Exposure** </summary> <br> Tenable Identity Exposure connector allows Indicators of Exposure, Indicators of Attack and trailflow logs to be ingested into Microsoft Sentinel.The different work books and data parsers allow you to more easily manipulate logs and monitor your Active Directory environment. The analytic templates allow you to automate responses regarding different events, exposures and attacks.<p> **Log Analytics table(s):** <br> - `Tenable_IE_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Access to TenableIE Configuration**: Permissions to configure syslog alerting engine</details> | [Tenable](https://www.tenable.com/support/technical-support) | |
235 | | -|<a name="tenable-vulnerability-management-using-azure-functions"></a><details><summary>**Tenable Vulnerability Management (using Azure Functions)** </summary> <br> The TVM data connector provides the ability to ingest Asset, Vulnerability and Compliance data into Microsoft Sentinel using TVM REST APIs. Refer to [API documentation](https://developer.tenable.com/reference) for more information. The connector provides the ability to get data which helps to examine potential security risks, get insight into your computing assets, diagnose configuration problems and more<p> **Log Analytics table(s):** <br> - `Tenable_VM_Assets_CL`<br>- `Tenable_VM_Vuln_CL`<br>- `Tenable_VM_Compliance_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **REST API Credentials/permissions**: Both a **TenableAccessKey** and a **TenableSecretKey** is required to access the Tenable REST API. For more information, see [API](https://developer.tenable.com/reference#vulnerability-management). Check all [requirements and follow the instructions](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) for obtaining credentials.</details> | [Tenable](https://www.tenable.com/support/technical-support) | |
| 234 | +|<a name="tenable-identity-exposure"></a><details><summary>**Tenable Identity Exposure** </summary> <br> Tenable Identity Exposure connector allows Indicators of Exposure, Indicators of Attack and trailflow logs to be ingested into Microsoft Sentinel.The different work books and data parsers allow you to more easily manipulate logs and monitor your Active Directory environment. The analytic templates allow you to automate responses regarding different events, exposures and attacks.<p> **Log Analytics table(s):** <br> <p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Access to TenableIE Configuration**: Permissions to configure syslog alerting engine</details> | [Tenable](https://www.tenable.com/support/technical-support) | |
| 235 | +|<a name="tenable-vulnerability-management-using-azure-functions"></a><details><summary>**Tenable Vulnerability Management (using Azure Functions)** </summary> <br> The TVM data connector provides the ability to ingest Asset, Vulnerability, Compliance, WAS assets and WAS vulnerabilities data into Microsoft Sentinel using TVM REST APIs. Refer to [API documentation](https://developer.tenable.com/reference) for more information. The connector provides the ability to get data which helps to examine potential security risks, get insight into your computing assets, diagnose configuration problems and more<p> **Log Analytics table(s):** <br> - `Tenable_VM_Asset_CL`<br>- `Tenable_VM_Vuln_CL`<br>- `Tenable_VM_Compliance_CL`<br>- `Tenable_WAS_Asset_CL`<br>- `Tenable_WAS_Vuln_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **REST API Credentials/permissions**: Both a **TenableAccessKey** and a **TenableSecretKey** is required to access the Tenable REST API. For more information, see [API](https://developer.tenable.com/reference#vulnerability-management). Check all [requirements and follow the instructions](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) for obtaining credentials.</details> | [Tenable](https://www.tenable.com/support/technical-support) | |
236 | 236 | |<a name="tenant-based-microsoft-defender-for-cloud"></a><details><summary>**Tenant-based Microsoft Defender for Cloud** </summary> <br> Microsoft Defender for Cloud is a security management tool that allows you to detect and quickly respond to threats across Azure, hybrid, and multi-cloud workloads. This connector allows you to stream your MDC security alerts from Microsoft 365 Defender into Microsoft Sentinel, so you can can leverage the advantages of XDR correlations connecting the dots across your cloud resources, devices and identities and view the data in workbooks, queries and investigate and respond to incidents. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2269832&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).<p> **Log Analytics table(s):** <br> - `SecurityAlert`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
237 | 237 | |<a name="thehive-project---thehive-using-azure-functions"></a><details><summary>**TheHive Project - TheHive (using Azure Functions)** </summary> <br> The [TheHive](http://thehive-project.org/) data connector provides the capability to ingest common TheHive events into Microsoft Sentinel through Webhooks. TheHive can notify external system of modification events (case creation, alert update, task assignment) in real time. When a change occurs in the TheHive, an HTTPS POST request with event information is sent to a callback data connector URL. Refer to [Webhooks documentation](https://docs.thehive-project.org/thehive/legacy/thehive3/admin/webhooks/) for more information. The connector enables event retrieval to assess potential security risks, monitor collaboration, and diagnose and troubleshoot configuration issues.<p> **Log Analytics table(s):** <br> - `TheHive_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **Webhooks Credentials/permissions**: **TheHiveBearerToken**, **Callback URL** are required for working Webhooks. See the documentation to learn more about [configuring Webhooks](https://docs.thehive-project.org/thehive/installation-and-configuration/configuration/webhooks/).</details> | [Microsoft Corporation](https://support.microsoft.com/) | |
238 | 238 | |<a name="theom"></a><details><summary>**Theom** </summary> <br> Theom Data Connector enables organizations to connect their Theom environment to Microsoft Sentinel. This solution enables users to receive alerts on data security risks, create and enrich incidents, check statistics and trigger SOAR playbooks in Microsoft Sentinel<p> **Log Analytics table(s):** <br> - `TheomAlerts_CL`<p>**Data collection rule support:** <br>Not currently supported</details> | [Theom](https://www.theom.ai/contact-us) | |
|
0 commit comments