![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 69%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,041 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@LXF Thank you for reaching out to us, Yes, there are several resources available that provide detailed explanations and guidance on how to properly configure data connectors in Azure. Here are some resources that you may find helpful:
Azure Sentinel documentation: The official Azure Sentinel documentation provides detailed information on how to configure and use data connectors. You can find information on each connector type, including how to configure the connector, what data is collected, and how to troubleshoot issues. You can access the documentation here: https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources
- Microsoft Learn: Microsoft Learn provides a variety of learning paths and modules that cover Azure Sentinel and data connectors. You can find modules that cover specific connector types, as well as more general modules that cover Azure Sentinel concepts and best practices. You can access Microsoft Learn here: https://video2.skills-academy.com/en-us/training/browse/?terms=microsoft%20sentinel
GitHub: The Azure Sentinel GitHub repository contains sample data connector configurations that you can use as a reference when configuring your own connectors. You can find the repository here: https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors
Regarding your specific questions, 'availability->isPreview' signifies whether the data connector is in preview mode or not. Preview mode means that the connector is still in development and may not be fully supported or feature-complete. 'graphQueries' and 'sampleQueries' are both used to define the queries that the data connector will use to collect data. 'graphQueries' are used for connectors that collect data from Microsoft Graph, while 'sampleQueries' are used for connectors that collect data from other sources. The main difference between the two is the syntax used for the queries.
Let me know if you have any further questions, feel free to post back.
Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.