Integrate with AcronisPartner PortalSupportResourcesAcronis Cloud Platform
Menu

Integration with Microsoft Sentinel

Back to integrationsHave a question or need help?
Integration: Microsoft Sentinel
Category: SOAR & SIEM
Company: Microsoft

Acronis Cyber Protect Cloud integration with Microsoft Sentinel

Microsoft Sentinel, one of the leading SIEM platforms, allows MSPs to perform security incident investigation and threat hunting. Integrating Acronis Cyber Protect Cloud as additional data source, enables MSPs to collect more telemetry and enrich existing telemetry with detections from Acronis Advanced security, while keeping Acronis as a crucial service monitored for dangerous events.

Acronis Cyber Protect for Microsoft Sentinel includes 12 custom hunting queries and 4 detection rules which are uploaded directly into the Microsoft Sentinel Content library

This integration is enabled through the Acronis SIEM Connector. The SIEM Connector uses the Acronis agent as a log writer, enabling MSPs to store Acronis Alerts, Events, Activities, and Audit Log on any endpoint in the customer network from where they can be ingested by the SIEM, or send those logs to a syslog server. The Connector supports CEF and JSON log formats.

The custom Acronis detection rules and hunting queries can be added to the Microsoft Sentinel instance of the MSP by activating the Acronis Cyber Protect Cloud subscription in the Microsoft Azure Marketplace

Acronis SIEM ConnectorRelease notesIntegration Overview
  • Acronis
  • Acronis

Simplify security posture by integrating Acronis Cyber Protect Cloud with Microsoft Sentinel.

Now with Microsoft Sentinel integration, MSPs will gain full visibility into customers networks and will be able to search for threats across all managed workloads, and correlate events from both security and data protection applications, and run response actions based on collected telemetry, that is now enriched with Acronis data. The integration includes 12 custom hunting queries and 4 detection rules which are uploaded directly into the Microsoft Sentinel Content library.

Features

Simple integration enablement

Acronis SIEM Connector 2.0 is built on the principle that enterprise-grade security integrations shouldn't require development-level configuration — they should be easy to use. Enabled through the Acronis SIEM LogForwarding plan, it eliminates manual syslog configuration and certificate generation by leveraging the Acronis agent capabilities. Once activated on Acronis side, it should be enabled for Microsoft Sentinel through the Azure Marketplace.

Compliance-first architecture

With the Acronis SIEM Connector each customer tenant has an independent, dedicated connection to their preferred SIEM instance, ensuring complete data isolation and eliminating compliance risks associated with shared data destinations across multiple tenants. This architectural decision addresses critical compliance requirements by guaranteeing that security events and logs from one customer remain completely separate from those of other customers, even within the same MSP account.

Select data you want to see

It is possible to select what Acronis data should be sent to Microsodt Sentinel: Alerts, Activities, Events, or Audit Log. This comprehensive data collection provides security teams with the extensive visibility required for effective threat detection and incident response.

Microsoft

Company website

Microsoft SentinelFAQ

Support website

Other integrations by Microsoft

  • Featured

Microsoft Entra ID

Microsoft Entra ID simplifies access control and enhances security by allowing employees to use their universal company credentials to access external resources without the need for separate logins.
  • Featured

Microsoft Intune

Deliver all-in-one cyber protection to Microsoft Intune managed workstations easily across your customers.

Microsoft Teams

Acronis Cyber Protect Cloud offers a security toolbox that extends to Microsoft Teams and is designed to support the five vectors of cyber protection.

Microsoft 365

Protect clients’ Microsoft 365 applications and data with comprehensive cyber protection.

Microsoft Azure

Pre-built integration to configure Azure Storage as a destination for Acronis Cyber Protect Cloud backups.

Microsoft 365 for Acronis XDR

Integrate with Microsoft 365 apps, such as Entra ID, SharePoint, OneDrive, Teams and Outlook to gain visibility for your incidents and enable a swift response to suspicious users and files.

Discover the Acronis Technology Ecosystem

Explore how Acronis partners with top technologies to deliver secure, integrated, and automated solutions. Stay informed and unlock new opportunities through our growing ecosystem.

  • Build an Integration
    Learn how to build with Acronis Technology Partner Program
  • Ecosystem Resources
    Datasheet - Integration with RMM, PSA, and RPA
  • Request an Integration
    Tell us your suggestion for our next integration
  • Ecosystem Events
    Five takeaways from MSP Global 2025
  • Ecosystem Webinar
    Learn more about the Rewst and Acronis Integration
  • Ecosystem News
    Acronis Ecosystem Reaches 300 Technology Integrations