About the Microsoft Azure Sentinel connector

The Microsoft Azure Sentinel connector allows UiPath automations to create, update, list, modify, close, and enrich security incidents directly in Azure Sentinel. It acts as the communication channel between the workflow and the organization's SOC environment. Whenever data is classified as harmful, the connector sends all relevant details collected during the process. This ensures that SecOps receives immediate visibility into threats discovered during document intake, without waiting for manual reporting or human intervention.

note

This connector is built by UiPath and receives official support selectively. The connector supports a limited set of commonly used APIs for the target application and may cover most typical use cases. Also, they are retained in a stable state until the requirements for a new version release are met. Learn more

Authentication

Before automating processes, you need to establish a connection with your Azure Sentinel instance. Step-by-step instructions are available in the Microsoft Azure Sentinel authentication page.

Events

The Azure Sentinel connector does not currently support events.

Activities

You can use the connection to enable the Microsoft Azure Sentinel activities in UiPath® Studio.

API Documentation

You can read more on the Microsoft Azure Sentinel API by accessing the Microsoft documentation. The connector was tested with API version 2025-09-01.

Authentication​

Events​

Activities​

API Documentation​

Authentication

Events

Activities

API Documentation