Revert unnecessary changes

Author: Saisang

articles/sentinel/data-connectors/amazon-web-services-s3.md

@@ -3,7 +3,7 @@ title: "Amazon Web Services S3 connector for Microsoft Sentinel"
 description: "Learn how to install the connector Amazon Web Services S3 to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 11/20/2024
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -25,10 +25,64 @@ This is autogenerated content. For changes, contact the solution provider.
 
 | Connector attribute | Description |
 | --- | --- |
-| **Log Analytics table(s)** | AWSGuardDuty<br/> AWSVPCFlow<br/> AWSCloudTrail<br/> AWSCloudWatch<br/> |
-| **Data collection rules support** | Not currently supported |
+| **Log Analytics table(s)** | AWSGuardDuty<br/> AWSVPCFlow<br/> AWSCloudTrail<br/> AWSCloudWatch<br/>|
+| **Data collection rules support** | [Supported as listed](/azure/azure-monitor/logs/tables-feature-support) |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
 
+## Query samples
+
+**High severity findings summarized by activity type**
+
+   ```kusto
+AWSGuardDuty
+            
+   | where Severity > 7
+            
+   | summarize count() by ActivityType
+   ```
+
+**Top 10 rejected actions of type IPv4**
+
+   ```kusto
+AWSVPCFlow
+            
+   | where Action == "REJECT"
+            
+   | where Type == "IPv4"
+            
+   | take 10
+   ```
+
+**User creation events summarized by region**
+
+   ```kusto
+AWSCloudTrail
+            
+   | where EventName == "CreateUser"
+            
+   | summarize count() by AWSRegion
+   ```
+
+
+
+## Prerequisites
+
+To integrate with Amazon Web Services S3 make sure you have: 
+
+- **Environment**: you must have the following AWS resources defined and configured: S3, Simple Queue Service (SQS), IAM roles and permissions policies, and the AWS services whose logs you want to collect.
+
+
+## Vendor installation instructions
+
+1. Set up your AWS environment
+
+The​re are two options for setting up your AWS environment to send logs from an S3 bucket to your Log Analytics Workspace:
+
+
+2. Add connection
+
+
+
 
 ## Next steps
 

articles/sentinel/data-connectors/api-protection.md

@@ -3,7 +3,7 @@ title: "API Protection connector for Microsoft Sentinel"
 description: "Learn how to install the connector API Protection to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 11/20/2024
+ms.date: 10/28/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -72,7 +72,7 @@ Copy the values shown below and save them for configuration of the API log forwa
 
 Step 3: Install the 42Crunch protection and log forwarder
 
-The next step is to install the 42Crunch protection and log forwarder to protect your API. Both components are availabe as containers from the [42Crunch repository](https://hub.docker.com/u/42crunch). The exact installation will depend on your environment, consult the [42Crunch protection documentation](https://docs.42crunch.com/latest/content/concepts/api_firewall_deployment_architecture.htm) for full details. Two common installation scenarios are described below:
+The next step is to install the 42Crunch protection and log forwarder to protect your API. Both components are availabe as containers from the [42Crunch repository](https://hub.docker.com/u/42crunch). The exact installation depends on your environment, consult the [42Crunch protection documentation](https://docs.42crunch.com/latest/content/concepts/api_firewall_deployment_architecture.htm) for full details. Two common installation scenarios are described below:
 
 
 Installation via Docker Compose
@@ -89,11 +89,11 @@ In order to test the data ingestion the user should deploy the sample *httpbin*
 
 4.1 Install the sample
 
-The sample application can be installed locally using a [Docker compose file](https://github.com/42Crunch/azure-sentinel-integration/blob/main/sample-deployment/docker-compose.yml) which will install the httpbin API server, the 42Crunch API protection and the Microsoft Sentinel log forwarder. Set the environment variables as required using the values copied from step 2.
+The sample application can be installed locally using a [Docker compose file](https://github.com/42Crunch/azure-sentinel-integration/blob/main/sample-deployment/docker-compose.yml) which installs the httpbin API server, the 42Crunch API protection, and the Microsoft Sentinel log forwarder. Set the environment variables as required using the values copied from step 2.
 
 4.2 Run the sample
 
-Verfify the API protection is connected to the 42Crunch platform, and then exercise the API locally on the *localhost* at port 8080 using Postman, curl, or similar. You should see a mixture of passing and failing API calls. 
+Verfify the API protection is connected to the 42Crunch platform, and then exercise the API locally on the *localhost* at port 8080 using curl, or similar. You should see a mixture of passing and failing API calls. 
 
 4.3 Verify the data ingestion on Log Analytics
 

articles/sentinel/data-connectors/atlassian-confluence-audit.md

@@ -3,7 +3,7 @@ title: "Atlassian Confluence Audit (using Azure Functions) connector for Microso
 description: "Learn how to install the connector Atlassian Confluence Audit (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 11/20/2024
+ms.date: 10/15/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -20,7 +20,7 @@ This is autogenerated content. For changes, contact the solution provider.
 | Connector attribute | Description |
 | --- | --- |
 | **Application settings** | ConfluenceUsername<br/>ConfluenceAccessToken<br/>ConfluenceHomeSiteName<br/>WorkspaceID<br/>WorkspaceKey<br/>logAnalyticsUri (optional) |
-| **Azure function app code** | https://aka.ms/sentinel-confluenceauditapi-functionapp |
+| **Azure function app code** | [https://aka.ms/sentinel-confluenceauditapi-functionapp](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AtlassianConfluenceAudit/Data%20Connector/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConn.zip) |
 | **Log Analytics table(s)** | Confluence_Audit_CL<br/> |
 | **Data collection rules support** | Not currently supported |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
@@ -89,7 +89,7 @@ Use the following step-by-step instructions to deploy the Confluence Audit data
 
 > **NOTE:** You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.
 
-1. Download the [Azure Function App](https://aka.ms/sentinel-confluenceauditapi-functionapp) file. Extract archive to your local development computer.
+1. Download the [Azure Function App](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AtlassianConfluenceAudit/Data%20Connector/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConn.zip) file. Extract archive to your local development computer.
 2. Start VS Code. Choose File in the main menu and select Open Folder.
 3. Select the top level folder from extracted files.
 4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.

articles/sentinel/data-connectors/bitglass.md

@@ -3,7 +3,7 @@ title: "Bitglass (using Azure Functions) connector for Microsoft Sentinel"
 description: "Learn how to install the connector Bitglass (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 11/20/2024
+ms.date: 10/15/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -63,7 +63,7 @@ To integrate with Bitglass (using Azure Functions) make sure you have:
 
  Follow the instructions to obtain the credentials.
 
-1. Please contact Bitglass [support](https://www.forcepoint.com/company/contact-us) and obtain the **BitglassToken** and **BitglassServiceURL** ntation].
+1. Please contact Bitglass [support](https://pages.bitglass.com/Contact.html) and obtain the **BitglassToken** and **BitglassServiceURL** ntation].
 2. Save credentials for using in the data connector.
 
 

articles/sentinel/data-connectors/cohesity.md

@@ -3,7 +3,7 @@ title: "Cohesity (using Azure Functions) connector for Microsoft Sentinel"
 description: "Learn how to install the connector Cohesity (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 11/20/2024
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -50,7 +50,7 @@ To integrate with Cohesity (using Azure Functions) make sure you have:
    >  This connector uses Azure Functions that connect to the Azure Blob Storage and KeyVault. This might result in additional costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/), [Azure Blob Storage pricing page](https://azure.microsoft.com/pricing/details/storage/blobs/) and [Azure KeyVault pricing page](https://azure.microsoft.com/pricing/details/key-vault/) for details.
 
 
->**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.
+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Functions App.
 
 
 **STEP 1 - Get a Cohesity DataHawk API key (see troubleshooting [instruction 1](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CohesitySecurity/Data%20Connectors/Helios2Sentinel/IncidentProducer))**

articles/sentinel/data-connectors/dataminr-pulse-alerts-data-connector.md

@@ -3,7 +3,7 @@ title: "Dataminr Pulse Alerts Data Connector (using Azure Functions) connector f
 description: "Learn how to install the connector Dataminr Pulse Alerts Data Connector (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 11/20/2024
+ms.date: 10/28/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -223,7 +223,7 @@ If you're already signed in, go to the next step.
 
 2) To add integration settings in Dataminr RTAP using the function URL
 
-1. Open any API request tool like Postman.
+1. Open any API request tool.
 2. Click on '+' to create a new request.
 3. Select HTTP request method as **'POST'**.
 4. Enter the url prepapred in **point 1)**, in the request URL part.

articles/sentinel/data-connectors/forescout.md

@@ -3,7 +3,7 @@ title: "Forescout connector for Microsoft Sentinel"
 description: "Learn how to install the connector Forescout to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 11/20/2024
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -41,7 +41,7 @@ ForescoutEvent
 
 
 > [!NOTE]
-   >  This data connector depends on a parser based on a Kusto Function to work as expected [**ForescoutEvent**](https://aka.ms/sentinel-forescout-parser) which is deployed with the Microsoft Sentinel Solution.
+   >  This data connector depends on a parser based on a Kusto Function to work as expected [**ForescoutEvent**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Forescout%20(Legacy)/Parsers/ForescoutEvent.yaml) which is deployed with the Microsoft Sentinel Solution.
 
 
 > [!NOTE]

articles/sentinel/data-connectors/microsoft-exchange-logs-and-events.md

@@ -3,23 +3,23 @@ title: "Microsoft Exchange Logs and Events connector for Microsoft Sentinel"
 description: "Learn how to install the connector Microsoft Exchange Logs and Events to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 11/20/2024
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
 ---
 
 # Microsoft Exchange Logs and Events connector for Microsoft Sentinel
 
-[Option 2] - Using Azure Monitor Agent - You can stream all Exchange Security & Application Event logs from the Windows machines connected to your Microsoft Sentinel workspace using the Windows agent. This connection enables you to create custom alerts, and improve investigation.
+You can stream all Exchange Audit events, IIS Logs, HTTP Proxy logs and Security Event logs from the Windows machines connected to your Microsoft Sentinel workspace using the Windows agent. This connection enables you to view dashboards, create custom alerts, and improve investigation. This is used by Microsoft Exchange Security Workbooks to provide security insights of your On-Premises Exchange environment
 
 This is autogenerated content. For changes, contact the solution provider.
 
 ## Connector attributes
 
 | Connector attribute | Description |
 | --- | --- |
-| **Log Analytics table(s)** | Event<br/> |
+| **Log Analytics table(s)** | Event<br/> W3CIISLog<br/> MessageTrackingLog_CL<br/> ExchangeHttpProxy_CL<br/> |
 | **Data collection rules support** | Not currently supported |
 | **Supported by** | [Community](https://github.com/Azure/Azure-Sentinel/issues) |
 
@@ -29,7 +29,7 @@ This is autogenerated content. For changes, contact the solution provider.
 
    ```kusto
 Event 
-   | where EventLog == 'Application' 
+   | where EventLog == 'MSExchange Management' 
    | sort by TimeGenerated
    ```
 
@@ -39,26 +39,30 @@ Event
 
 To integrate with Microsoft Exchange Logs and Events make sure you have: 
 
-- **Azure Log Analytics will be deprecated**: Azure Log Analytics will be deprecated, to collect data from non-Azure VMs, Azure Arc is recommended. [Learn more](/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)
-- **Detailled documentation**: >**NOTE:** Detailled documentation on Installation procedure and usage can be found [here](https://aka.ms/MicrosoftExchangeSecurityGithub)
+- ****: Azure Log Analytics will be deprecated, to collect data from non-Azure VMs, Azure Arc is recommended. [Learn more](/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)
 
 
 ## Vendor installation instructions
 
 
 > [!NOTE]
-   >  This solution is based on options. This allows you to choose which data will be ingest as some options can generate a very high volume of data. Depending on what you want to collect, track in your Workbooks, Analytics Rules, Hunting capabilities you will choose the option(s) you will deploy. Each options are independant for one from the other. To learn more about each option: ['Microsoft Exchange Security' wiki](https://aka.ms/ESI_DataConnectorOptions)
+   >  This data connector depends on a parser based on a Kusto Function to work as expected. Follow the steps to create the Kusto Functions alias : [**ExchangeAdminAuditLogs**](https://aka.ms/sentinel-ESI-ExchangeCollector-ExchangeAdminAuditLogs-parser)
+
 
->This Data Connector is the **option 2** of the wiki.
+
+> [!NOTE]
+   >  This solution is based on options. This allows you to choose which data will be ingest as some options can generate a very high volume of data. Depending on what you want to collect, track in your Workbooks, Analytics Rules, Hunting capabilities you will choose the option(s) you will deploy. Each options are independant for one from the other. To learn more about each option: ['Microsoft Exchange Security' wiki](https://aka.ms/ESI_DataConnectorOptions)
 
 1.  Download and install the agents needed to collect logs for Microsoft Sentinel
 
 Type of servers (Exchange Servers, Domain Controllers linked to Exchange Servers or all Domain Controllers) depends on the option you want to deploy.
 
 
-2. [Option 2] Security/Application/System logs of Exchange Servers
+2.  Deploy log injestion following choosed options
+
+
+
 
-The Security/Application/System logs of Exchange Servers are collected using Data Collection Rules (DCR).