Chg text around installed connector w/ solution

Author: cwatson-cat

articles/sentinel/cef-syslog-ama-overview.md

@@ -5,7 +5,7 @@ author: yelevin
 ms.author: yelevin
 ms.topic: concept-article
 ms.custom: linux-related-content
-ms.date: 05/13/2024
+ms.date: 06/27/2024
 #Customer intent: As a security operator, I want to understand how Microsoft Sentinel collects Syslog and CEF messages with the Azure Monitor Agent so that I can determine if this solution fits my organization's needs.  
 ---
 
@@ -87,7 +87,7 @@ For more information, see the following articles:
 
 - [Ingest Syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md)
 - [CEF via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion](unified-connector-cef-device.md)
-- [Syslog via AMA data connector - Configure specific appliance or device for the Microsoft Sentinel data ingestion](unified-connector-syslog-device.md)
+- [Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion](unified-connector-syslog-device.md)
 
 ## Data ingestion duplication avoidance
 

articles/sentinel/connect-cef-syslog-ama.md

@@ -5,7 +5,7 @@ author: yelevin
 ms.author: yelevin
 ms.topic: how-to
 ms.custom: linux-related-content
-ms.date: 06/11/2024
+ms.date: 06/27/2024
 appliesto:
     - Microsoft Sentinel in the Azure portal
     - Microsoft Sentinel in the Microsoft Defender portal
@@ -26,15 +26,18 @@ Before you begin, you must have the resources configured and the appropriate per
 
 ### Microsoft Sentinel prerequisites
 
-For Microsoft Sentinel, install the appropriate solution and make sure you have the permissions to complete the steps in this article.
+Install the appropriate Microsoft Sentinel solution and make sure you have the permissions to complete the steps in this article.
 
 - Install the appropriate solution from the **Content hub** in Microsoft Sentinel. For more information, see [Discover and manage Microsoft Sentinel out-of-the-box content](sentinel-solutions-deploy.md).
-- Identify which data connector the solution requires — **Syslog via AMA** or **Common Event Format (CEF) via AMA**. In the **Content hub**, select **Manage** on the installed solution and review the data connector listed. Or, find the solution in the one of the following articles:
+- Identify which data connector the Microsoft Sentinel solution requires — **Syslog via AMA** or **Common Event Format (CEF) via AMA** and whether you need to install the **Syslog** or **Common Event Format** solution. To fulfill this prerequisite, 
+  - In the **Content hub**, select **Manage** on the installed solution and review the data connector listed. 
+  - If either **Syslog via AMA** or **Common Event Format (CEF) via AMA** isn't installed with the solution, identify whether you need to install the **Syslog** or **Common Event Format** solution by finding your appliance or device from one of the following articles:
 
-  - [CEF via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion](unified-connector-cef-device.md)
-  - [Syslog via AMA data connector - Configure specific appliance or device for the Microsoft Sentinel data ingestion](unified-connector-syslog-device.md)
+    - [CEF via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion](unified-connector-cef-device.md)
+    - [Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion](unified-connector-syslog-device.md)
 
-- Your Azure account must have the following Azure role-based access control (Azure RBAC) roles:
+    Then install either the **Syslog** or **Common Event Format** solution from the content hub to get the related AMA data connector.
+- Have an Azure account with the following Azure role-based access control (Azure RBAC) roles:
 
   | Built-in role | Scope | Reason |
   | ------------- | ----- | ------ |
@@ -84,7 +87,7 @@ Select the appropriate tab for instructions.
 
 ### Create data collection rule
 
-To get started, open the data connector in Microsoft Sentinel and create a data connector rule.
+To get started, open either the **Syslog via AMA** or **Common Event Format (CEF) via AMA** data connector in Microsoft Sentinel and create a data connector rule.
 
 1. For Microsoft Sentinel in the [Azure portal](https://portal.azure.com), under **Configuration**, select **Data connectors**.<br> For Microsoft Sentinel in the [Defender portal](https://security.microsoft.com/), select **Microsoft Sentinel** > **Configuration** > **Data connectors**.
 
@@ -365,7 +368,7 @@ If you're using a log forwarder, configure the syslog daemon to listen for messa
 Get specific instructions to configure your security device or appliance by going to one of the following articles:
 
 - [CEF via AMA data connector - Configure specific appliances and devices for Microsoft Sentinel data ingestion](unified-connector-cef-device.md)
-- [Syslog via AMA data connector - Configure specific appliances and devices for the Microsoft Sentinel data ingestion](unified-connector-syslog-device.md)
+- [Syslog via AMA data connector - Configure specific appliances and devices for Microsoft Sentinel data ingestion](unified-connector-syslog-device.md)
 
 Contact the solution provider for more information or where information is unavailable for the appliance or device.
 

articles/sentinel/data-connectors-reference.md

@@ -3,7 +3,7 @@ title: Find your Microsoft Sentinel data connector | Microsoft Docs
 description: Learn about specific configuration steps for Microsoft Sentinel data connectors.
 author: cwatson-cat
 ms.topic: reference
-ms.date: 06/11/2024
+ms.date: 06/27/2024
 ms.custom: linux-related-content
 ms.author: cwatson
 appliesto:
@@ -18,7 +18,7 @@ This article lists all supported, out-of-the-box data connectors and links to ea
 
 > [!IMPORTANT]
 > - Noted Microsoft Sentinel data connectors are currently in **Preview**. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
-> - For connectors that use the Log Analytics agent, the agent will be [retired on **31 August, 2024**](https://azure.microsoft.com/updates/were-retiring-the-log-analytics-agent-in-azure-monitor-on-31-august-2024/). If you are using the Log Analytics agent in your Microsoft Sentinel deployment, we recommend that you start planning your migration to the AMA. For more information, see [AMA migration for Microsoft Sentinel](ama-migrate.md).
+> - For connectors that use the Log Analytics agent, the agent will be [retired on **31 August, 2024**](https://azure.microsoft.com/updates/were-retiring-the-log-analytics-agent-in-azure-monitor-on-31-august-2024/). If you are using the Log Analytics agent in your Microsoft Sentinel deployment, we recommend that you migrate to the the Azure Monitor Agent (AMA). For more information, see [AMA migration for Microsoft Sentinel](ama-migrate.md).
 > - [!INCLUDE [unified-soc-preview-without-alert](includes/unified-soc-preview-without-alert.md)]
 
 Data connectors are available as part of the following offerings:
@@ -37,10 +37,10 @@ Data connectors are available as part of the following offerings:
 
 ## Syslog and Common Event Format (CEF) connectors
 
-Log collection from many security appliances and devices  are supported by the data connectors **Syslog via AMA** or **Common Event Format (CEF) via AMA** in Microsoft Sentinel. To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in [Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md). These steps include installing the Microsoft Sentinel solution for a security appliance or device from the **Content hub** in Microsoft Sentinel. Then, configure either the **Syslog via AMA** or **Common Event Format (CEF) via AMA** data connector that's installed with the solution. Complete the setup by configuring the security device or appliance. Find instructions to configure your security device or appliance in one of the following articles:
+Log collection from many security appliances and devices are supported by the data connectors **Syslog via AMA** or **Common Event Format (CEF) via AMA** in Microsoft Sentinel. To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in [Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md). These steps include installing the Microsoft Sentinel solution for a security appliance or device from the **Content hub** in Microsoft Sentinel. Then, configure the **Syslog via AMA** or **Common Event Format (CEF) via AMA** data connector that's appropriate for the Microsoft Sentinel solution you installed. Complete the setup by configuring the security device or appliance. Find instructions to configure your security device or appliance in one of the following articles:
 
 - [CEF via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion](unified-connector-cef-device.md)
-- [Syslog via AMA data connector - Configure specific appliance or device for the Microsoft Sentinel data ingestion](unified-connector-syslog-device.md)
+- [Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion](unified-connector-syslog-device.md)
 
 Contact the solution provider for more information or where information is unavailable for the appliance or device.
 

articles/sentinel/unified-connector-cef-device.md

@@ -5,7 +5,7 @@ author: cwatson-cat
 ms.author: cwatson
 ms.topic: reference
 ms.custom: linux-related-content
-ms.date: 06/07/2024
+ms.date: 06/27/2024
 ---
 
 #  CEF via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion
@@ -409,7 +409,7 @@ From the Vectra UI, navigate to Settings > Notifications and Edit syslog configu
 1. Select on **Save**.
 1. Select the **Test** button to send some test events.
 
-For more information, refer to Cognito Detect Syslog Guide, which can be downloaded from the resource page in Detect UI.
+For more information, see the Cognito Detect Syslog Guide, which can be downloaded from the resource page in Detect UI.
 
 ## Votiro
 

articles/sentinel/unified-connector-syslog-device.md

@@ -5,10 +5,10 @@ author: cwatson-cat
 ms.author: cwatson
 ms.topic: reference
 ms.custom: linux-related-content
-ms.date: 06/07/2024
+ms.date: 06/27/2024
 ---
 
-# Syslog via AMA data connector - Configure specific appliance or device for the Microsoft Sentinel data ingestion
+# Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion
 
 Log collection from many security appliances and devices  are supported by the **Syslog via AMA** data connector in Microsoft Sentinel. This article lists provider supplied installation instructions for specific security appliances and devices that use this data connector. Contact the provider for updates, more information, or where information is unavailable for your security appliance or device.