Log Sources & Connectors
Managed Detection and Response
Log Sources & Connectors
Officially supported Microsoft Security tools:
- Microsoft Sentinel, including (but not limited to) the following:
Log Sources:
- Azure Activity
- Microsoft 365
- Azure Key Vault
- Azure Web Application Firewall
- Windows Security Event via AMA
- Entra ID
- Syslog
- Common Event Format
- Threat Intelligence
- Microsoft Defender for Cloud
- Darktrace (optional)
Firewalls:
-
- Cisco ASA
- Cisco Firepower
- Cisco Meraki
- Palo Alto PAN-OS
- Palo Alto NGFW
- Fortinet FortiGate Next-Generation Firewall connector
- Checkpoint NGFW
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Entra ID Protection
- Microsoft Defender for Cloud, Excluding the following:
-
- Alerts for containers - Kubernetes clusters
- Microsoft Defender for Office 365, Excluding the following:
- Informational Alerts
- Outbound-Email related alerts
- Darktrace, including (but not limited to) the following log sources:
- Detect - Model Breaches
- Respond - Model Breaches