Log Sources & Connectors

Managed Detection and Response

Log Sources & Connectors

The following types of alerts and data are excluded from support across all tools:

• Informational Alerts
• Compliance Alerts

Officially Supported Security tools:

• Microsoft Sentinel:

Including (but not limited to) the following:

• • Supported Log Sources:
    • Azure Activity
    • Microsoft 365
    • Azure Key Vault
    • Azure Web Application Firewall
    • Windows Security Event via AMA
    • Entra ID
    • Syslog
    • Common Event Format
    • Threat Intelligence
    • Microsoft Defender for Cloud
    • Darktrace (optional)
  • Supported Firewalls:
    • Cisco ASA
    • Cisco Firepower
    • Cisco Meraki
    • Palo Alto PAN-OS
    • Palo Alto NGFW
    • Fortinet FortiGate Next-Generation Firewall connector
    • Checkpoint NGFW
• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft Entra ID Protection
• Microsoft Defender for Cloud
  • Additional exclusion: Alerts for containers (e.g., Kubernetes clusters).
• Microsoft Defender for Office 365
  • Additional exclusions: Outbound-Email related alerts.
• Darktrace

Including (but not limited to) the following:

• • • Detect - Model Breaches
    • Respond - Model Breaches