Revert dupe files

cdpark · cdpark · commit 0bdfc23736e9 · 2024-09-09T10:57:37.000-07:00
diff --git a/articles/sentinel/data-connectors/blackberry-cylanceprotect.md b/articles/sentinel/data-connectors/blackberry-cylanceprotect.md
@@ -0,0 +1,90 @@
+---
+title: "Blackberry CylancePROTECT connector for Microsoft Sentinel"
+description: "Learn how to install the connector Blackberry CylancePROTECT to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: how-to
+ms.date: 04/26/2024
+ms.service: microsoft-sentinel
+ms.author: cwatson
+ms.collection: sentinel-data-connector
+---
+
+# Blackberry CylancePROTECT connector for Microsoft Sentinel
+
+The [Blackberry CylancePROTECT](https://www.blackberry.com/us/en/products/blackberry-protect) connector allows you to easily connect your CylancePROTECT logs with Microsoft Sentinel. This gives you more insight into your organization's network and improves your security operation capabilities.
+
+This is autogenerated content. For changes, contact the solution provider.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Log Analytics table(s)** | Syslog (CylancePROTECT)<br/> |
+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |
+| **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
+
+## Query samples
+
+**Top 10 Event Types**
+
+   ```kusto
+CylancePROTECT​
+            
+   | summarize count() by EventName
+            
+   | top 10 by count_
+   ```
+
+**Top 10 Triggered Policies**
+
+   ```kusto
+CylancePROTECT​
+            
+   | where EventType == "Threat" 
+            
+   | summarize count() by PolicyName 
+            
+   | top 10 by count_
+   ```
+
+
+
+## Prerequisites
+
+To integrate with Blackberry CylancePROTECT make sure you have: 
+
+- **CylancePROTECT**: must be configured to export logs via Syslog.
+
+
+## Vendor installation instructions
+
+
+> [!NOTE]
+   >  This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias CyclanePROTECT and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Blackberry%20CylancePROTECT/Parsers/CylancePROTECT.txt), on the second line of the query, enter the hostname(s) of your CyclanePROTECT device(s) and any other unique identifiers for the logstream. The function usually takes 10-15 minutes to activate after solution installation/update.
+
+1. Install and onboard the agent for Linux
+
+Typically, you should install the agent on a different computer from the one on which the logs are generated.
+
+>  Syslog logs are collected only from **Linux** agents.
+
+
+2. Configure the logs to be collected
+
+Configure the facilities you want to collect and their severities.
+
+1.  Select the link below to open your workspace **agents configuration**, and select the **Syslog** tab.
+2.  Select **Add facility** and choose from the drop-down list of facilities. Repeat for all the facilities you want to add.
+3.  Mark the check boxes for the desired severities for each facility.
+4.  Click **Apply**.
+
+
+3. Configure and connect the CylancePROTECT
+
+[Follow these instructions](https://docs.blackberry.com/) to configure the CylancePROTECT to forward syslog. Use the IP address or hostname for the Linux device with the Linux agent installed as the Destination IP address.
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-blackberrycylanceprotect?tab=Overview) in the Azure Marketplace.
diff --git a/articles/sentinel/data-connectors/cisco-application-centric-infrastructure.md b/articles/sentinel/data-connectors/cisco-application-centric-infrastructure.md
@@ -0,0 +1,75 @@
+---
+title: "Cisco Application Centric Infrastructure connector for Microsoft Sentinel"
+description: "Learn how to install the connector Cisco Application Centric Infrastructure to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: how-to
+ms.date: 04/26/2024
+ms.service: microsoft-sentinel
+ms.author: cwatson
+ms.collection: sentinel-data-connector
+---
+
+# Cisco Application Centric Infrastructure connector for Microsoft Sentinel
+
+[Cisco Application Centric Infrastructure (ACI)](https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/solution-overview-c22-741487.html) data connector provides the capability to ingest [Cisco ACI logs](https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/all/syslog/guide/b_ACI_System_Messages_Guide/m-aci-system-messages-reference.html) into Microsoft Sentinel.
+
+This is autogenerated content. For changes, contact the solution provider.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Log Analytics table(s)** | Syslog (CiscoACIEvent)<br/> |
+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |
+| **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
+
+## Query samples
+
+**Top 10 Resources (DstResourceId)**
+
+   ```kusto
+CiscoACIEvent
+ 
+   | where notempty(DstResourceId)
+ 
+   | summarize count() by DstResourceId
+ 
+   | top 10 by count_
+   ```
+
+
+
+## Vendor installation instructions
+
+
+> [!NOTE]
+   >  This data connector depends on a parser based on a Kusto Function to work as expected [**CiscoACIEvent**](https://aka.ms/sentinel-CiscoACI-parser) which is deployed with the Microsoft Sentinel Solution.
+
+
+> [!NOTE]
+   >   This data connector has been developed using Cisco ACI Release 1.x
+
+1. Configure Cisco ACI system sending logs via Syslog to remote server where you will install the agent.
+
+[Follow these steps](https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/basic-config/b_ACI_Config_Guide/b_ACI_Config_Guide_chapter_010.html#d2933e4611a1635) to configure Syslog Destination, Destination Group, and Syslog Source.
+
+2. Install and onboard the agent for Linux or Windows
+
+Install the agent on the Server to which the logs will be forwarded.
+
+> Logs on Linux or Windows servers are collected by **Linux** or **Windows** agents.
+
+
+
+
+3. Check logs in Microsoft Sentinel
+
+Open Log Analytics to check if the logs are received using the Syslog schema.
+
+>**NOTE:** It may take up to 15 minutes before new logs will appear in Syslog table.
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-ciscoaci?tab=Overview) in the Azure Marketplace.
