Synqly Integration Connector
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | SynqlyIntegrationConnector |
| Publisher | Synqly |
| Used in Solutions | SynqlyIntegrationConnector |
| Collection Method | CCF Push |
| Connector Definition Files | SynqlyIntegrationConnector_ConnectorDefinition.json |
| CCF Configuration | SynqlyIntegrationConnector_DataConnector.json |
| CCF Capabilities | Push |
| Ingestion API | Log Ingestion API — CCF Push connectors use DCR-based Log Ingestion API |
The Synqly connector provides the capability to push security events from Synqly integrations into Microsoft Sentinel using the Azure Logs Ingestion API. Events are automatically normalized to ASIM (Advanced Security Information Model) tables for use with Microsoft Sentinel analytics, workbooks, and hunting queries.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
ASimAuditEventLogs |
✓ | ✓ | ? |
ASimAuthenticationEventLogs |
✓ | ✓ | ? |
ASimDhcpEventLogs |
✓ | ✓ | ? |
ASimDnsActivityLogs |
✓ | ✓ | ? |
ASimFileEventLogs |
✓ | ✓ | ? |
ASimNetworkSessionLogs |
✓ | ✓ | ? |
ASimProcessEventLogs |
✓ | ✓ | ? |
ASimRegistryEventLogs |
✓ | ✓ | ? |
ASimUserManagementActivityLogs |
✓ | ✓ | ? |
ASimWebSessionLogs |
✓ | ✓ | ? |
💡 Tip: Tables with Ingestion API support allow data ingestion via the Azure Monitor Data Collector API, which also enables custom transformations during ingestion.
Permissions
Resource Provider Permissions: - Workspace (Workspace): Read and Write permissions are required for the Log Analytics workspace.
Custom Permissions: - Microsoft Entra ID: Application Developer role (or higher) to create app registrations. - Microsoft Azure: Owner or User Access Administrator role on the resource group to deploy DCR and assign Monitoring Metrics Publisher role.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Create ARM Resources and Provide the Required Permissions
This connector enables push-based ingestion of security events from Synqly integrations into Microsoft Sentinel. Events are automatically normalized to ASIM (Advanced Security Information Model) tables.
Deploy Connector Resources
Clicking "Deploy" creates a Data Collection Rule (DCR), Data Collection Endpoint (DCE), and Entra application with the necessary permissions to securely send data to Microsoft Sentinel. Deploy Synqly Integration connector resources
2. Grant Additional Permissions (Based on Use Case)
Additional roles may be required depending on how you plan to use Synqly with Microsoft Sentinel. Sink Connector (Write-Only): No additional permissions needed.
SIEM Connector (Read/Write): Assign Microsoft Sentinel Contributor role to the Entra application via the Azure UI in your Log Analytics workspace.
See Synqly documentation for detailed setup guides.
3. Push your logs into the workspace
Provide these parameters to your Synqly integration. The Synqly service will automatically handle the technical details of data ingestion, including formatting events to one of the 10 supported ASIM schemas (Authentication, AuditEvent, Dhcp, Dns, FileEvent, NetworkSession, ProcessEvent, RegistryEvent, UserManagement, WebSession).
Important: Events with unsupported schema types are silently dropped by Azure. If expected data is not appearing, verify with your Synqly integration provider that events are being sent with one of the supported schema types listed above.
- Tenant ID (Directory ID): TenantId
Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Entra App Registration Application ID:
ApplicationIdNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Entra App Registration Secret:ApplicationSecretNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Data Collection Endpoint Uri:DataCollectionEndpointNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Data Collection Rule Immutable ID:DataCollectionRuleIdNote: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel. - Stream Name:Custom-SynqlyASIM
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊