Synqly Integration Connector

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Connectors Index

Attribute Value
Connector ID SynqlyIntegrationConnector
Publisher Synqly
Used in Solutions SynqlyIntegrationConnector
Collection Method CCF Push
Connector Definition Files SynqlyIntegrationConnector_ConnectorDefinition.json
DCR Definition Files SynqlyIntegrationConnector_DCR.json
CCF Configuration SynqlyIntegrationConnector_DataConnector.json
CCF Capabilities Push
Ingestion API Log Ingestion APICCF Push connectors use DCR-based Log Ingestion API
Microsoft Learn View on Learn

The Synqly connector provides the capability to push security events from Synqly integrations into Microsoft Sentinel using the Azure Logs Ingestion API. Events are automatically normalized to ASIM (Advanced Security Information Model) tables for use with Microsoft Sentinel analytics, workbooks, and hunting queries.

Tables Ingested

This connector ingests data into the following tables:

Table Transformations Ingestion API Lake-Only
ASimAuditEventLogs
ASimAuthenticationEventLogs ?
ASimDhcpEventLogs ?
ASimDnsActivityLogs
ASimFileEventLogs ?
ASimNetworkSessionLogs
ASimProcessEventLogs ?
ASimRegistryEventLogs ?
ASimUserManagementActivityLogs ?
ASimWebSessionLogs ?

💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.

Permissions

Resource Provider Permissions:

Custom Permissions:

Setup Instructions

⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.

1. Create ARM Resources and Provide the Required Permissions

This connector enables push-based ingestion of security events from Synqly integrations into Microsoft Sentinel. Events are automatically normalized to ASIM (Advanced Security Information Model) tables.

Deploy Connector Resources

Clicking "Deploy" creates a Data Collection Rule (DCR), Data Collection Endpoint (DCE), and Entra application with the necessary permissions to securely send data to Microsoft Sentinel. Deploy Synqly Integration connector resources

2. Grant Additional Permissions (Based on Use Case)

Additional roles may be required depending on how you plan to use Synqly with Microsoft Sentinel. Sink Connector (Write-Only): No additional permissions needed.

SIEM Connector (Read/Write): Assign Microsoft Sentinel Contributor role to the Entra application via the Azure UI in your Log Analytics workspace.

See Synqly documentation for detailed setup guides.

3. Push your logs into the workspace

Provide these parameters to your Synqly integration. The Synqly service will automatically handle the technical details of data ingestion, including formatting events to one of the 10 supported ASIM schemas (Authentication, AuditEvent, Dhcp, Dns, FileEvent, NetworkSession, ProcessEvent, RegistryEvent, UserManagement, WebSession). Important: Events with unsupported schema types are silently dropped by Azure. If expected data is not appearing, verify with your Synqly integration provider that events are being sent with one of the supported schema types listed above.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

Back to Connectors Index