You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/data-connectors-reference.md
-3Lines changed: 0 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,9 +18,6 @@ ms.collection: usx-security
18
18
19
19
# Find your Microsoft Sentinel data connector
20
20
21
-
>[!NOTE]
22
-
> This article contains references to the term *whitelist*, a term that Microsoft no longer uses. When the term is removed from the software, we'll remove it from this article.
23
-
24
21
This article lists all supported, out-of-the-box data connectors and links to each connector's deployment steps.
Copy file name to clipboardExpand all lines: articles/sentinel/includes/connector-details.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -132,7 +132,7 @@ ms.date: 05/26/2025
132
132
|<a name="illumio-saas-using-azure-functions"></a><details><summary>**Illumio SaaS (using Azure Functions)** </summary> <br> [Illumio](https://www.illumio.com/) connector provides the capability to ingest events into Microsoft Sentinel. The connector provides ability to ingest auditable and flow events from AWS S3 bucket.<p> **Log Analytics table(s):** <br> - `Illumio_Auditable_Events_CL`<br>- `Illumio_Flow_Events_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **SQS and AWS S3 account credentials/permissions**: **AWS_SECRET**, **AWS_REGION_NAME**, **AWS_KEY**, **QUEUE_URL** is required. If you are using s3 bucket provided by Illumio, contact Illumio support. At your request they will provide you with the AWS S3 bucket name, AWS SQS url and AWS credentials to access them.<p> - **Illumio API key and secret**: **ILLUMIO_API_KEY**, **ILLUMIO_API_SECRET** is required for a workbook to make connection to SaaS PCE and fetch api responses.</details> | [Illumio](https://www.illumio.com/) |
133
133
|<a name="imperva-cloud-waf-using-azure-functions"></a><details><summary>**Imperva Cloud WAF (using Azure Functions)** </summary> <br> The [Imperva Cloud WAF](https://www.imperva.com/resources/resource-library/datasheets/imperva-cloud-waf/) data connector provides the capability to integrate and ingest Web Application Firewall events into Microsoft Sentinel through the REST API. Refer to Log integration [documentation](https://docs.imperva.com/bundle/cloud-application-security/page/settings/log-integration.htm#Download) for more information. The connector enables event retrieval to assess potential security risks, monitor collaboration, and diagnose and troubleshoot configuration issues.<p> **Log Analytics table(s):** <br> - `ImpervaWAFCloud_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **REST API Credentials/permissions**: **ImpervaAPIID**, **ImpervaAPIKey**, **ImpervaLogServerURI** are required for the API. For more information, see [Setup Log Integration process](https://docs.imperva.com/bundle/cloud-application-security/page/settings/log-integration.htm#Setuplogintegration). Check all [requirements and follow the instructions](https://docs.imperva.com/bundle/cloud-application-security/page/settings/log-integration.htm#Setuplogintegration) for obtaining credentials. Please note that this connector uses CEF log event format. [More information](https://docs.imperva.com/bundle/cloud-application-security/page/more/log-file-structure.htm#Logfilestructure) about log format.</details> | [Microsoft Corporation](https://support.microsoft.com/) |
134
134
|<aname="infoblox-cloud-data-connector-via-ama"></a><details><summary>**Infoblox Cloud Data Connector via AMA** </summary> <br> The Infoblox Cloud Data Connector allows you to easily connect your Infoblox data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.<p> **Log Analytics table(s):** <br> - `CommonSecurityLog`<p>**Data collection rule support:** <br>[Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)</details> |[Infoblox](https://support.infoblox.com/)|
135
-
|<a name="infoblox-data-connector-via-rest-api-using-azure-functions"></a><details><summary>**Infoblox Data Connector via REST API (using Azure Functions)** </summary> <br> The Infoblox Data Connector allows you to easily connect your Infoblox TIDE data and Dossier data with Microsoft Sentinel. By connecting your data to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.<p> **Log Analytics table(s):** <br> - `Failed_Range_To_Ingest_CL`<br>- `Infoblox_Failed_Indicators_CL`<br>- `dossier_whois_CL`<br>- `dossier_whitelist_CL`<br>- `dossier_tld_risk_CL`<br>- `dossier_threat_actor_CL`<br>- `dossier_rpz_feeds_records_CL`<br>- `dossier_rpz_feeds_CL`<br>- `dossier_nameserver_matches_CL`<br>- `dossier_nameserver_CL`<br>- `dossier_malware_analysis_v3_CL`<br>- `dossier_inforank_CL`<br>- `dossier_infoblox_web_cat_CL`<br>- `dossier_geo_CL`<br>- `dossier_dns_CL`<br>- `dossier_atp_threat_CL`<br>- `dossier_atp_CL`<br>- `dossier_ptr_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Azure Subscription**: Azure Subscription with owner role is required to register an application in Microsoft Entra ID and assign role of contributor to app in resource group.<p> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **REST API Credentials/permissions**: **Infoblox API Key** is required. See the documentation to learn more about API on the [Rest API reference](https://csp.infoblox.com/apidoc?url=https://csp.infoblox.com/apidoc/docs/Infrastructure#/Services/ServicesRead)</details> | [Infoblox](https://support.infoblox.com/) |
135
+
|<a name="infoblox-data-connector-via-rest-api-using-azure-functions"></a><details><summary>**Infoblox Data Connector via REST API (using Azure Functions)** </summary> <br> The Infoblox Data Connector allows you to easily connect your Infoblox TIDE data and Dossier data with Microsoft Sentinel. By connecting your data to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.<p> **Log Analytics table(s):** <br> - `Failed_Range_To_Ingest_CL`<br>- `Infoblox_Failed_Indicators_CL`<br>- `dossier_whois_CL`<br>- `dossier_tld_risk_CL`<br>- `dossier_threat_actor_CL`<br>- `dossier_rpz_feeds_records_CL`<br>- `dossier_rpz_feeds_CL`<br>- `dossier_nameserver_matches_CL`<br>- `dossier_nameserver_CL`<br>- `dossier_malware_analysis_v3_CL`<br>- `dossier_inforank_CL`<br>- `dossier_infoblox_web_cat_CL`<br>- `dossier_geo_CL`<br>- `dossier_dns_CL`<br>- `dossier_atp_threat_CL`<br>- `dossier_atp_CL`<br>- `dossier_ptr_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Azure Subscription**: Azure Subscription with owner role is required to register an application in Microsoft Entra ID and assign role of contributor to app in resource group.<p> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **REST API Credentials/permissions**: **Infoblox API Key** is required. See the documentation to learn more about API on the [Rest API reference](https://csp.infoblox.com/apidoc?url=https://csp.infoblox.com/apidoc/docs/Infrastructure#/Services/ServicesRead)</details> | [Infoblox](https://support.infoblox.com/) |
136
136
|<a name="infoblox-soc-insight-data-connector-via-ama"></a><details><summary>**Infoblox SOC Insight Data Connector via AMA** </summary> <br> The Infoblox SOC Insight Data Connector allows you to easily connect your Infoblox BloxOne SOC Insight data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log. <br><br>This data connector ingests Infoblox SOC Insight CDC logs into your Log Analytics Workspace using the new Azure Monitor Agent. Learn more about ingesting using the new Azure Monitor Agent [here](/azure/sentinel/connect-cef-ama). **Microsoft recommends using this Data Connector.**<p> **Log Analytics table(s):** <br> - `CommonSecurityLog`<p>**Data collection rule support:** <br>[Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)<p>**Prerequisites:**<br> - To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)<p> - Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed. [Learn more](/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)</details> | [Infoblox](https://support.infoblox.com/) |
137
137
|<aname="infoblox-soc-insight-data-connector-via-rest-api"></a><details><summary>**Infoblox SOC Insight Data Connector via REST API** </summary> <br> The Infoblox SOC Insight Data Connector allows you to easily connect your Infoblox BloxOne SOC Insight data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.<p> **Log Analytics table(s):** <br> - `InfobloxInsight_CL`<p>**Data collection rule support:** <br>Not currently supported</details> |[Infoblox](https://support.infoblox.com/)|
138
138
|<aname="infosecglobal-data-connector"></a><details><summary>**InfoSecGlobal Data Connector** </summary> <br> Use this data connector to integrate with InfoSec Crypto Analytics and get data sent directly to Microsoft Sentinel.<p> **Log Analytics table(s):** <br> - `InfoSecAnalytics_CL`<p>**Data collection rule support:** <br>Not currently supported</details> |[InfoSecGlobal](https://www.infosecglobal.com/request-a-demo)|
0 commit comments