VMware vCenter

VMware vCenter Logo

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Attribute	Value
Publisher	Microsoft Corporation
Support Tier	Microsoft
Support Link	https://support.microsoft.com
Categories	domains
Version	3.0.3
Author	Microsoft - support@microsoft.com
First Published	2022-06-29
Solution Folder	VMware vCenter
Marketplace	Azure Marketplace · Popularity: 🟢 High (81%)
Pre-requisites	CustomLogsAma

The VMware vCenter Server solution allows you ingest logs from your vCenter platform using Syslog into Microsoft Sentinel.

This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.

NOTE: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost more details.

Pre-requisites
Data Connectors
Tables Used
Content Items

Pre-requisites

This solution depends on 1 other solution(s):

Solution
CustomLogsAma

Data Connectors

This solution has 1 discovered data connector(s)⚠️ (not in Solution definition):

[Deprecated] VMware vCenter ⚠️

Connectors from dependency solutions:

Custom logs via AMA 🔶 (dependency on CustomLogsAma)

🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.

🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Tables Used

This solution uses 16 table(s):

Table	Used By Connectors	Used By Content
`ApacheHTTPServer_CL`	Custom logs via AMA (dependency)	-
`JBossEvent_CL`	Custom logs via AMA (dependency)	-
`JuniperIDP_CL`	Custom logs via AMA (dependency)	-
`MarkLogicAudit_CL`	Custom logs via AMA (dependency)	-
`MongoDBAudit_CL`	Custom logs via AMA (dependency)	-
`NGINX_CL`	Custom logs via AMA (dependency)	-
`OracleWebLogicServer_CL`	Custom logs via AMA (dependency)	-
`PostgreSQL_CL`	Custom logs via AMA (dependency)	-
`SecurityBridgeLogs_CL`	Custom logs via AMA (dependency)	-
`SquidProxy_CL` 🔶	Custom logs via AMA (dependency)	-
`Tomcat_CL`	Custom logs via AMA (dependency)	-
`Ubiquiti_CL`	Custom logs via AMA (dependency)	-
`VectraStream_CL` 🔶	Custom logs via AMA (dependency)	-
`ZPA_CL`	Custom logs via AMA (dependency)	-
`meraki_CL`	Custom logs via AMA (dependency)	-
`vcenter_CL`	Custom logs via AMA (dependency), [Deprecated] VMware vCenter	Analytics, Workbooks

🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g. _s, _d, _b, _t, _g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.

Content Items

This solution includes 4 content item(s):

Content Type	Count
Analytic Rules	2
Workbooks	1
Parsers	1

Analytic Rules

Name	Severity	Tactics	Tables Used
VMware vCenter - Root login	High	InitialAccess, PrivilegeEscalation	`vcenter_CL`
vCenter - Root impersonation	Medium	PrivilegeEscalation	`vcenter_CL`

Workbooks

Name	Tables Used
vCenter	`vcenter_CL`

Parsers

Name	Description	Tables Used
vCenter	-	`vcenter_CL` (read)

Release Notes

Version	Date Modified (DD-MM-YYYY)	Change History
3.0.5	13-06-2025	Updating Parser to improve data parsing logic and adjusts entity mappings.
3.0.4	03-12-2024	Removed Deprecated Data Connector.
3.0.3	18-11-2024	Modified Parser vCenter.yaml for better parsing.
3.0.2	09-08-2024	Deprecating Data Connectors.
3.0.1	27-05-2024	Updated the Data Connector instructions.
3.0.0	27-07-2023	Corrected the links in the solution.