CyrenThreatIntelligence v3.0.3: Fix duplicate data ingestion (follow-up to Azure#13603)

Changes in this PR:
- Increased 'count' from 100 to 1000 in both IP Reputation and Malware URLs pollers
  (Cyren IP Rep feed has ~800 indicators, Malware URLs ~200 — all fit in one page)
- Increased 'queryWindowInMin' from 15 to 360 minutes (6 hours)
  (Threat intelligence feeds are relatively static and do not require frequent polling)
- Preserved PersistentToken paging from v3.0.2
- Added 3.0.3.zip package (all previous versions preserved: 3.0.0, 3.0.1, 3.0.2)
- Updated ReleaseNotes.md

Root cause of duplication:
With count=100, the connector made 8+ page requests per poll cycle to fetch all ~800
indicators. Combined with 15-minute polling, this re-ingested the same data 96 times
per day. Observed: 304,000 rows with only 198 unique IPs (1,535:1 duplicate ratio).

Files changed:
- Cyren_PollerConfig.json: count 100→1000, queryWindowInMin 15→360
- Package/mainTemplate.json: Same fixes + version bump to 3.0.3
- Package/3.0.3.zip: Updated package with all changes
- ReleaseNotes.md: Added 3.0.3 entry

Author: mazamizo21

Solutions/CyrenThreatIntelligence/Data Connectors/CyrenThreatIntel_CCF/Cyren_PollerConfig.json

@@ -1,98 +1,102 @@
 [
-  {
-    "name": "CyrenIPReputation",
-    "apiVersion": "2025-09-01",
-    "type": "Microsoft.SecurityInsights/dataConnectors",
-    "location": "{{location}}",
-    "kind": "RestApiPoller",
-    "properties": {
-      "connectorDefinitionName": "CyrenThreatIntel",
-      "dataType": "Cyren_Indicators_CL",
-      "dcrConfig": {
-        "streamName": "Custom-Cyren_Indicators_CL",
-        "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
-        "dataCollectionRuleImmutableId": "{{cyrenIPDcrImmutableId}}"
-      },
-      "auth": {
-        "type": "APIKey",
-        "ApiKeyName": "Authorization",
-        "ApiKeyIdentifier": "Bearer",
-        "ApiKey": "{{cyrenIpReputationToken}}"
-      },
-      "request": {
-        "apiEndpoint": "https://api-feeds.cyren.com/v1/feed/data?feedId=ip_reputation",
-        "httpMethod": "GET",
-        "queryParameters": {
-          "count": 100,
-          "offset": 0,
-          "format": "jsonl"
-        },
-        "queryWindowInMin": 15,
-        "rateLimitQps": 1,
-        "retryCount": 3,
-        "timeoutInSeconds": 60,
-        "headers": {
-          "Accept": "application/json",
-          "User-Agent": "Microsoft-Sentinel-Cyren/1.0"
+    {
+        "name": "CyrenIPReputation",
+        "apiVersion": "2025-09-01",
+        "type": "Microsoft.SecurityInsights/dataConnectors",
+        "location": "{{location}}",
+        "kind": "RestApiPoller",
+        "properties": {
+            "connectorDefinitionName": "CyrenThreatIntel",
+            "dataType": "Cyren_Indicators_CL",
+            "dcrConfig": {
+                "streamName": "Custom-Cyren_Indicators_CL",
+                "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
+                "dataCollectionRuleImmutableId": "{{cyrenIPDcrImmutableId}}"
+            },
+            "auth": {
+                "type": "APIKey",
+                "ApiKeyName": "Authorization",
+                "ApiKeyIdentifier": "Bearer",
+                "ApiKey": "{{cyrenIpReputationToken}}"
+            },
+            "request": {
+                "apiEndpoint": "https://api-feeds.cyren.com/v1/feed/data?feedId=ip_reputation",
+                "httpMethod": "GET",
+                "queryParameters": {
+                    "count": 1000,
+                    "offset": 0,
+                    "format": "jsonl"
+                },
+                "queryWindowInMin": 360,
+                "rateLimitQps": 1,
+                "retryCount": 3,
+                "timeoutInSeconds": 60,
+                "headers": {
+                    "Accept": "application/json",
+                    "User-Agent": "Microsoft-Sentinel-Cyren/1.0"
+                }
+            },
+            "paging": {
+                "pagingType": "PersistentToken",
+                "nextPageTokenJsonPath": "$.[-1:].offset",
+                "nextPageParaName": "offset"
+            },
+            "response": {
+                "eventsJsonPaths": [
+                    "$"
+                ],
+                "format": "jsonl"
+            }
         }
-      },
-      "paging": {
-        "pagingType": "PersistentToken",
-        "nextPageTokenJsonPath": "$.[-1:].offset",
-        "nextPageParaName": "offset"
-      },
-      "response": {
-        "eventsJsonPaths": ["$"],
-        "format": "jsonl"
-      }
-    }
-  },
-  {
-    "name": "CyrenMalwareURLs",
-    "apiVersion": "2025-09-01",
-    "type": "Microsoft.SecurityInsights/dataConnectors",
-    "location": "{{location}}",
-    "kind": "RestApiPoller",
-    "properties": {
-      "connectorDefinitionName": "CyrenThreatIntel",
-      "dataType": "Cyren_Indicators_CL",
-      "dcrConfig": {
-        "streamName": "Custom-Cyren_Indicators_CL",
-        "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
-        "dataCollectionRuleImmutableId": "{{cyrenMalwareDcrImmutableId}}"
-      },
-      "auth": {
-        "type": "APIKey",
-        "ApiKeyName": "Authorization",
-        "ApiKeyIdentifier": "Bearer",
-        "ApiKey": "{{cyrenMalwareUrlToken}}"
-      },
-      "request": {
-        "apiEndpoint": "https://api-feeds.cyren.com/v1/feed/data?feedId=malware_urls",
-        "httpMethod": "GET",
-        "queryParameters": {
-          "count": 100,
-          "offset": 0,
-          "format": "jsonl"
-        },
-        "queryWindowInMin": 15,
-        "rateLimitQps": 1,
-        "retryCount": 3,
-        "timeoutInSeconds": 60,
-        "headers": {
-          "Accept": "application/json",
-          "User-Agent": "Microsoft-Sentinel-Cyren/1.0"
+    },
+    {
+        "name": "CyrenMalwareURLs",
+        "apiVersion": "2025-09-01",
+        "type": "Microsoft.SecurityInsights/dataConnectors",
+        "location": "{{location}}",
+        "kind": "RestApiPoller",
+        "properties": {
+            "connectorDefinitionName": "CyrenThreatIntel",
+            "dataType": "Cyren_Indicators_CL",
+            "dcrConfig": {
+                "streamName": "Custom-Cyren_Indicators_CL",
+                "dataCollectionEndpoint": "{{dataCollectionEndpoint}}",
+                "dataCollectionRuleImmutableId": "{{cyrenMalwareDcrImmutableId}}"
+            },
+            "auth": {
+                "type": "APIKey",
+                "ApiKeyName": "Authorization",
+                "ApiKeyIdentifier": "Bearer",
+                "ApiKey": "{{cyrenMalwareUrlToken}}"
+            },
+            "request": {
+                "apiEndpoint": "https://api-feeds.cyren.com/v1/feed/data?feedId=malware_urls",
+                "httpMethod": "GET",
+                "queryParameters": {
+                    "count": 1000,
+                    "offset": 0,
+                    "format": "jsonl"
+                },
+                "queryWindowInMin": 360,
+                "rateLimitQps": 1,
+                "retryCount": 3,
+                "timeoutInSeconds": 60,
+                "headers": {
+                    "Accept": "application/json",
+                    "User-Agent": "Microsoft-Sentinel-Cyren/1.0"
+                }
+            },
+            "paging": {
+                "pagingType": "PersistentToken",
+                "nextPageTokenJsonPath": "$.[-1:].offset",
+                "nextPageParaName": "offset"
+            },
+            "response": {
+                "eventsJsonPaths": [
+                    "$"
+                ],
+                "format": "jsonl"
+            }
         }
-      },
-      "paging": {
-        "pagingType": "PersistentToken",
-        "nextPageTokenJsonPath": "$.[-1:].offset",
-        "nextPageParaName": "offset"
-      },
-      "response": {
-        "eventsJsonPaths": ["$"],
-        "format": "jsonl"
-      }
     }
-  }
-]
+]