NC Protect Data Connector for Microsoft Sentinel
Solution: NC Protect Data Connector
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
| Attribute | Value |
|---|---|
| Publisher | archTIS |
| Support Tier | Partner |
| Support Link | https://www.archtis.com/nc-protect-support/ |
| Categories | Security - Information Protection |
| Version | 3.0.0 |
| Author | archTIS |
| First Published | 2021-10-20 |
| Last Updated | 2026-06-05 |
| Solution Folder | NC Protect Data Connector |
| Marketplace | Azure Marketplace · Popularity: 🔵 Medium (68%) |
The NC Protect Data Connector (archtis.com) provides the capability to ingest user activity logs and events into Microsoft Sentinel. The connector provides visibility into NC Protect user activity logs and events in Microsoft Sentinel to improve monitoring and investigation capabilities
Contents
Data Connectors
This solution provides 1 data connector(s):
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 1 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
NCProtectUAL_CL 🔶 |
NC Protect | Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 1 content item(s):
| Content Type | Count |
|---|---|
| Workbooks | 1 |
Workbooks
| Name | Tables Used |
|---|---|
| NucleusCyber_NCProtect_Workbook | NCProtectUAL_CL |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.0.0 | 15-01-2026 | Added NRT Analytic Rule (DownloadRateHighRule) that creates Microsoft Sentinel security incidents when a user's document download rate exceeds a configurable threshold within a defined time window. Added four Automation Rules (High, Medium, Low, Informational) that dynamically set incident severity based on watchlist configuration. Added Watchlist (NCP File Download Monitoring / NCPFDM) for externally configurable detection thresholds (download count, time window, severity). Renamed solution from "archTIS" to "NC Protect Data Connector". |
| 2.0.2 | 20-10-2021 | Updated Data Connector version |
| 2.0.1 | 20-10-2021 | Updated Data Connector configuration |
| 2.0.0 | 20-10-2021 | Updated Data Connector and Workbook |
| 1.1.0 | 20-10-2021 | Added Workbook for NC Protect user activity logs |
| 1.0.2 | 20-10-2021 | Updated Data Connector |
| 1.0.1 | 20-10-2021 | Updated Data Connector |
| 1.0.0 | 20-10-2021 | Initial solution release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊