| title | Find your Microsoft Sentinel data connector | Microsoft Docs | ||
|---|---|---|---|
| description | Learn about specific configuration steps for Microsoft Sentinel data connectors. | ||
| author | EdB-MSFT | ||
| ms.topic | reference | ||
| ms.date | 02/05/2026 | ||
| ms.custom | linux-related-content | ||
| ms.author | edbaynash | ||
| appliesto |
|
||
| ms.collection | usx-security |
This article lists all supported, out-of-the-box data connectors and links to each connector's deployment steps.
Important
- Note that Microsoft Sentinel data connectors are currently in Preview. The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
- [!INCLUDE unified-soc-preview-without-alert]
Data connectors are available as part of the following offerings:
-
Solutions: Many data connectors are deployed as part of Microsoft Sentinel solution together with related content like analytics rules, workbooks, and playbooks. For more information, see the Microsoft Sentinel solutions catalog.
-
Community connectors: More data connectors are provided by the Microsoft Sentinel community and can be found in the Azure Marketplace. Documentation for community data connectors is the responsibility of the organization that created the connector.
-
Custom connectors: If you have a data source that isn't listed or currently supported, you can also create your own, custom connector. For more information, see Resources for creating Microsoft Sentinel custom connectors.
[!INCLUDE reference-to-feature-availability]
[!INCLUDE data-connector-prereq]
Azure Monitor agent (AMA) based data connectors require an internet connection from the system where the agent is installed. Enable port 443 outbound to allow a connection between the system where the agent is installed and Microsoft Sentinel.
Log collection from many security appliances and devices are supported by the data connectors Syslog via AMA or Common Event Format (CEF) via AMA in Microsoft Sentinel. To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent. These steps include installing the Microsoft Sentinel solution for a security appliance or device from the Content hub in Microsoft Sentinel. Then, configure the Syslog via AMA or Common Event Format (CEF) via AMA data connector that's appropriate for the Microsoft Sentinel solution you installed. Complete the setup by configuring the security device or appliance. Find instructions to configure your security device or appliance in one of the following articles:
- CEF via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion
- Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion
Contact the solution provider for more information or where information is unavailable for the appliance or device.
Filter and ingest logs in text-file format from network or security applications installed on Windows or Linux machines by using the Custom Logs via AMA connector in Microsoft Sentinel. For more information, see the following articles:
- Collect logs from text files with the Azure Monitor Agent and ingest to Microsoft Sentinel
- Custom Logs via AMA data connector - Configure data ingestion to Microsoft Sentinel from specific applications
Note
The following table lists the data connectors that are available in the Microsoft Sentinel Content hub. The connectors are supported by the product vendor. For support, see the Supported by link.
Tip
For a list of tables ingested into Microsoft Sentinel and the connectors that ingest them, see Microsoft Sentinel tables and associated connectors.
[!INCLUDE connector-details]
Note
The following table lists the deprecated and legacy data connectors. Deprecated connectors are no longer supported.
[!INCLUDE deprecated-connectors]
For more information, see: