Acronis Cyber Protect Cloud

The new Acronis Cyber Protect Cloud for Microsoft Sentinel offers easier configuration, broader data coverage and improved compliance. Integrated directly into protection plans, it uses the Acronis agent as the data writer - eliminating complex syslog server setup - and exports alerts, events, activities and tasks in either CEF or JSON format to a designated file path for ingestion by any SIEM platform. This simplifies data consolidation.

The Acronis integration eliminates the time-consuming and complex process of manually configuring syslog servers and generating security certificates. Instead of spending hours on infrastructure setup, MSPs simply select a destination device, either an existing machine on the customer's network (Windows or Linux) or a designated syslog server, and the Acronis agent automatically writes Acronis logs to a specified path on that device without requiring additional certificate generation, firewall rule adjustments, or gateway server setup.

Acronis Cyber Protect for Microsoft Sentinel includes 12 custom hunting queries and detection rules which are uploaded directly into the Microsoft Sentinel Content library

The connector now forwards a comprehensive suite of security telemetry including event logs, custom alerts, EDR data, DLP data, URL filtering logs, and activity records—providing MSPs with richer security intelligence than the previous alerts-and-audit-logs-only approach. This expanded data scope enables MSPs to deliver more complete security visibility to their customers.

Each customer tenant now has an independent, dedicated connection to their preferred SIEM platform, ensuring complete data isolation and eliminating compliance risks associated with shared data destinations across multiple tenants. This architectural change addresses critical compliance requirements by guaranteeing that security events and logs from one customer remain completely separate from those of other customers, even within the same MSP account.