| author | EdB-MSFT |
|---|---|
| ms.author | edbaynash |
| ms.topic | include |
| ms.date | 03/30/2026 |
[Deprecated] GitHub Enterprise Audit Log
Supported by: Microsoft Corporation
The GitHub audit log connector provides the capability to ingest GitHub logs into Microsoft Sentinel. By connecting GitHub audit logs into Microsoft Sentinel, you can view this data in workbooks, use it to create custom alerts, and improve your investigation process.
Note: If you intended to ingest GitHub subscribed events into Microsoft Sentinel, please refer to GitHub (using Webhooks) Connector from "Data Connectors" gallery.
NOTE: This data connector has been deprecated, consider moving to the CCF data connector available in the solution which replaces ingestion via the deprecated HTTP Data Collector API.
Log Analytics table(s):
| Table | DCR support | Lake-only ingestion |
|---|---|---|
GitHubAuditLogPolling_CL |
Yes | Yes |
Data collection rule support: Workspace transform DCR
Prerequisites:
- GitHub API personal access token: You need a GitHub personal access token to enable polling for the organization audit log. You may use either a classic token with 'read:org' scope OR a fine-grained token with 'Administration: Read-only' scope.
- GitHub Enterprise type: This connector will only function with GitHub Enterprise Cloud; it will not support GitHub Enterprise Server.
[Deprecated] Infoblox SOC Insight Data Connector via Legacy Agent
Supported by: Infoblox
The Infoblox SOC Insight Data Connector allows you to easily connect your Infoblox BloxOne SOC Insight data with Microsoft Sentinel. By connecting your logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.
This data connector ingests Infoblox SOC Insight CDC logs into your Log Analytics Workspace using the legacy Log Analytics agent.
Microsoft recommends installation of Infoblox SOC Insight Data Connector via AMA Connector. The legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024, and should only be installed where AMA is not supported.
Using MMA and AMA on the same machine can cause log duplication and extra ingestion cost. More details.
Log Analytics table(s):
| Table | DCR support | Lake-only ingestion |
|---|---|---|
CommonSecurityLog |
Yes | Yes |
Data collection rule support: Workspace transform DCR
[Deprecated] IONIX Security Logs (Push)
Supported by: IONIX
The IONIX Security Logs data connector ingests logs from the IONIX system directly into Sentinel. The connector allows users to visualize their data, create alerts and incidents and improve security investigations.
Log Analytics table(s):
| Table | DCR support | Lake-only ingestion |
|---|---|---|
CyberpionActionItems_CL |
No | No |
Data collection rule support: Not currently supported
Prerequisites:
- IONIX Subscription: A subscription and account is required for IONIX logs. One can be acquired here.
[Deprecated] Lookout
Supported by: Lookout
The Lookout data connector provides the capability to ingest Lookout events into Microsoft Sentinel through the Mobile Risk API. Refer to API documentation for more information. The Lookout data connector provides ability to get events which helps to examine potential security risks and more.
NOTE: This data connector has been deprecated, consider moving to the CCF data connector available in the solution which replaces ingestion via the deprecated HTTP Data Collector API.
Log Analytics table(s):
| Table | DCR support | Lake-only ingestion |
|---|---|---|
Lookout_CL |
No | No |
Data collection rule support: Not currently supported
Prerequisites:
- Microsoft.Web/sites permissions: Read and write permissions to Azure Functions to create a Function App is required. For more information, see Azure Functions.
- Mobile Risk API Credentials/permissions: EnterpriseName & ApiKey are required for Mobile Risk API. For more information, see API. Check all requirements and follow the instructions for obtaining credentials.
[Deprecated] Microsoft Exchange Logs and Events
Supported by: Community
Deprecated, use the 'ESI-Opt' dataconnectors. You can stream all Exchange Audit events, IIS Logs, HTTP Proxy logs and Security Event logs from the Windows machines connected to your Microsoft Sentinel workspace using the Windows agent. This connection enables you to view dashboards, create custom alerts, and improve investigation. This is used by Microsoft Exchange Security Workbooks to provide security insights of your On-Premises Exchange environment
Log Analytics table(s):
| Table | DCR support | Lake-only ingestion |
|---|---|---|
Event |
Yes | No |
SecurityEvent |
Yes | Yes |
W3CIISLog |
Yes | No |
MessageTrackingLog_CL |
Yes | Yes |
ExchangeHttpProxy_CL |
Yes | Yes |
Data collection rule support: Workspace transform DCR
Prerequisites:
- Azure Log Analytics will be deprecated, to collect data from non-Azure VMs, Azure Arc is recommended. Learn more
- Detailed documentation: >NOTE: Detailed documentation on Installation procedure and usage can be found here
Security Events via Legacy Agent
Supported by: Microsoft Corporation
You can stream all security events from the Windows machines connected to your Microsoft Sentinel workspace using the Windows agent. This connection enables you to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization’s network and improves your security operation capabilities. For more information, see the Microsoft Sentinel documentation.
Log Analytics table(s):
| Table | DCR support | Lake-only ingestion |
|---|---|---|
SecurityEvent |
Yes | Yes |
Data collection rule support: Workspace transform DCR
Subscription-based Microsoft Defender for Cloud (Legacy)
Supported by: Microsoft Corporation
Microsoft Defender for Cloud is a security management tool that allows you to detect and quickly respond to threats across Azure, hybrid, and multi-cloud workloads. This connector allows you to stream your security alerts from Microsoft Defender for Cloud into Microsoft Sentinel, so you can view Defender data in workbooks, query it to produce alerts, and investigate and respond to incidents.
Log Analytics table(s):
| Table | DCR support | Lake-only ingestion |
|---|---|---|
SecurityAlert |
Yes | Yes |
Data collection rule support: Workspace transform DCR
Syslog via Legacy Agent
Supported by: Microsoft Corporation
Syslog is an event logging protocol that is common to Linux. Applications will send messages that may be stored on the local machine or delivered to a Syslog collector. When the Agent for Linux is installed, it configures the local Syslog daemon to forward messages to the agent. The agent then sends the message to the workspace.
Log Analytics table(s):
| Table | DCR support | Lake-only ingestion |
|---|---|---|
Syslog |
Yes | Yes |
Data collection rule support: Workspace transform DCR