Forum Discussion

Ragav's avatar
Ragav
Copper Contributor
Jul 11, 2025
Solved

sentinel monitoring

I would like to know we could monitor below device in sentinel.
 
    Microsoft Active Directory          
    Paloalto PrismaAccess(SWG)
    Fortigate UTM
    McAfee MWG

analytics
Content
integration
monitoring
  • SumanthSomireddy's avatar
    SumanthSomireddy
    Jul 31, 2025

    Hi Ragav​ 

    Absolutely yes. You can monitor all of the mentioned devices in Microsoft Sentinel. 

    1. Microsoft Active Directory (On-premise)
    • Monitor Azure AD events directly in Sentinel using Security Event Connector. 
    • This requires the installation of Azure Monitor Agent on the domain controllers 

         2. Palo Alto Prisma Access (SWG)

    • Monitor Prisma events indirectly via syslog to Sentinel as there is no native connector available
    • Prisma logs can be forwarded to syslog collector. Syslog/CEF Connector is used to ingest logs to Sentinel

         3.  Fortigate UTM

    • Monitor Fortigate events directly in Sentinel using Fortinet Data Connector (available in Content Hub)

         4. McAfee MWG

    • Monitor McAfee MWG events indirectly via syslog to Sentinel as there is no native connector available 
    • Logs are to be transferred to syslog collector. Connect syslog server to Sentinel using CEF data connector.

     

    If you find this useful, please Mark it as Solution as it helps other folks in Community to spot the answer quickly. 

     

1 Reply

  • SumanthSomireddy's avatar
    SumanthSomireddy
    Icon for Microsoft rankMicrosoft
    Jul 31, 2025

    Hi Ragav​ 

    Absolutely yes. You can monitor all of the mentioned devices in Microsoft Sentinel. 

    1. Microsoft Active Directory (On-premise)
    • Monitor Azure AD events directly in Sentinel using Security Event Connector. 
    • This requires the installation of Azure Monitor Agent on the domain controllers 

         2. Palo Alto Prisma Access (SWG)

    • Monitor Prisma events indirectly via syslog to Sentinel as there is no native connector available
    • Prisma logs can be forwarded to syslog collector. Syslog/CEF Connector is used to ingest logs to Sentinel

         3.  Fortigate UTM

    • Monitor Fortigate events directly in Sentinel using Fortinet Data Connector (available in Content Hub)

         4. McAfee MWG

    • Monitor McAfee MWG events indirectly via syslog to Sentinel as there is no native connector available 
    • Logs are to be transferred to syslog collector. Connect syslog server to Sentinel using CEF data connector.

     

    If you find this useful, please Mark it as Solution as it helps other folks in Community to spot the answer quickly. 

     

Resources