2: Data Connectors Flashcards
(13 cards)
What is a data connector in Microsoft Sentinel?
A data connector is a way to bring external log data into Sentinel for analysis, detection, and visualization.
What kinds of sources can Sentinel connect to?
Microsoft services like Defender, Azure AD, and Office 365, plus non-Microsoft tools like AWS, Syslog, CEF, and custom sources.
Where do you go to configure a data connector in Sentinel?
Microsoft Sentinel > [Workspace] > Configuration > Data connectors
What is the Content Hub in Sentinel?
It’s where you can discover and install solution packages—bundles of connectors, rules, workbooks, and more.
What’s inside a connector’s solution bundle?
Prebuilt analytics rules, workbooks, hunting queries, and parsers designed for that log source.
What is the benefit of a connector solution bundle?
It gives you detection logic, dashboards, and queries tuned to that tool—no need to build content from scratch.
What happens if there’s no connector bundle for your tool?
You’ll need to identify log types, write your own queries, build dashboards, and handle parsing manually.
Can you ingest data even if there’s no connector bundle?
Yes, using Syslog, Common Event Format (CEF), Azure Monitor Agent (AMA), or custom ingestion methods.
What makes connector bundles helpful for analysts?
They give you curated content that helps you start detecting and investigating right away—no guesswork.
How do parser functions in connector bundles help?
They normalize and structure logs so that queries and visualizations are accurate and consistent.
What is the difference between a connector with a bundle vs. one without?
With a bundle, you get ready-made content. Without one, you must build detections, queries, and visuals yourself.
Can I edit the analytics rules or workbooks included in a bundle?
Yes, they are fully customizable after installation.
Why should I care about connector bundles as a customer?
They save you time, reduce configuration complexity, and give you immediate security value out of the box.
