Merge pull request #295332 from MicrosoftDocs/main

PMEds28 · web-flow · commit 30e4da7026a4 · 2025-02-26T12:21:41.000Z
Publish to live, Wednesday 4AM PST, 2/26
diff --git a/articles/automation/change-tracking/overview-monitoring-agent.md b/articles/automation/change-tracking/overview-monitoring-agent.md
@@ -3,7 +3,7 @@ title: Azure Automation Change Tracking and Inventory overview using Azure Monit
 description: This article describes the Change Tracking and Inventory feature using Azure monitoring agent, which helps you identify software and Microsoft service changes in your environment.
 services: automation
 ms.subservice: change-inventory-management
-ms.date: 12/09/2024
+ms.date: 02/26/2025
 ms.topic: overview
 ms.service: azure-automation
 ---
@@ -39,10 +39,9 @@ Azure Change Tracking & Inventory service enhances the auditing and governance f
 
 |**Component**| **Applies to**|
 |---| ---|
-| Operating systems| Windows </br> Linux | 
-| Resource types | Azure VMs </br> Azure Arc-enabled VMs </br> Virtual machines scale set|
-| Data types     | Windows registry </br> Windows services </br> Linux Daemons |
-| Files | Windows </br> Linux |
+|Operating systems| Windows </br> Linux | 
+|Resource types | Azure VMs </br> Azure Arc-enabled VMs </br> Virtual machines scale set|
+|Data types | Windows registry </br> Windows services </br> Linux Daemons </br> Files </br> Software
 
 ## Key benefits
 
diff --git a/articles/partner-solutions/dynatrace/manage.md b/articles/partner-solutions/dynatrace/manage.md
@@ -109,7 +109,7 @@ To install the Dynatrace OneAgent, select the App Service and select **Install E
 
 ## Monitor Arc enabled servers using Dynatrace OneAgent
  
-Azure Arc delivers a consistent multicloud and on-premises management platform, allowing users to manage applications and services extending across data centers, multiple clouds and edge. [Learn More] ()
+Azure Arc delivers a consistent multicloud and on-premises management platform, allowing users to manage applications and services extending across data centers, multiple clouds and edge. 
  
 You can install Dynatrace OneAgent to monitor Azure Arc-enabled servers as an extension. Select ARC Machine Extension under Dynatrace environment config in the Resource menu. In the working pane, you see a list of all Arc-enabled servers in the subscription. Filters include _Resource Group, Subscription, Resource Status and Agent Status_.
  
diff --git a/articles/sentinel/TOC.yml b/articles/sentinel/TOC.yml
@@ -394,6 +394,8 @@
       href: data-connectors/derdack-signl4.md
     - name: Digital Shadows Searchlight (using Azure Functions)
       href: data-connectors/digital-shadows-searchlight-using-azure-functions.md
+    - name: Doppel Data Connector
+      href: data-connectors/doppel-data-connector.md
     - name: Dynamics 365
       href: data-connectors/dynamics-365.md
     - name: Dynatrace Attacks
@@ -426,6 +428,8 @@
       href: data-connectors/forescout-host-property-monitor.md
     - name: Fortinet FortiNDR Cloud (using Azure Functions)
       href: data-connectors/fortinet-fortindr-cloud.md
+    - name: Garrison ULTRA Remote Logs (using Azure Functions)
+      href: data-connectors/garrison-ultra-remote-logs.md
     - name: Gigamon AMX Data Connector
       href: data-connectors/gigamon-amx-data-connector.md
     - name: GitHub (using Webhooks) (using Azure Functions)
diff --git a/articles/sentinel/data-connectors-reference.md b/articles/sentinel/data-connectors-reference.md
@@ -241,6 +241,10 @@ For more information about the codeless connector platform, see [Create a codele
 
 - [Digital Shadows Searchlight (using Azure Functions)](data-connectors/digital-shadows-searchlight.md)
 
+## Doppel
+
+- [Doppel Data Connector](data-connectors/doppel-data-connector.md)
+
 ## Dynatrace
 
 - [Dynatrace Attacks](data-connectors/dynatrace-attacks.md)
@@ -281,6 +285,10 @@ For more information about the codeless connector platform, see [Create a codele
 
 - [Fortinet FortiNDR Cloud (using Azure Functions)](data-connectors/fortinet-fortindr-cloud.md)
 
+## Garrison Technology
+
+- [Garrison ULTRA Remote Logs (using Azure Functions)](data-connectors/garrison-ultra-remote-logs.md)
+
 ## Gigamon, Inc
 
 - [Gigamon AMX Data Connector](data-connectors/gigamon-amx-data-connector.md)
diff --git a/articles/sentinel/data-connectors/doppel-data-connector.md b/articles/sentinel/data-connectors/doppel-data-connector.md
@@ -0,0 +1,56 @@
+---
+title: "Doppel Data connector for Microsoft Sentinel"
+description: "Learn how to install the connector Doppel Data to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: generated-reference
+ms.date: 02/20/2025
+ms.service: microsoft-sentinel
+ms.author: cwatson
+ms.collection: sentinel-data-connector
+---
+
+# Doppel Data connector for Microsoft Sentinel
+
+The data connector is built on Microsoft Sentinel for Doppel events and alerts and supports DCR-based [ingestion time transformations](/azure/azure-monitor/logs/ingestion-time-transformations) that parses the received security event data into a custom column so that queries don't need to parse it again, thus resulting in better performance.
+
+This is autogenerated content. For changes, contact the solution provider.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Log Analytics table(s)** | DoppelTable_CL<br/> |
+| **Data collection rules support** | Not currently supported |
+| **Supported by** | [Doppel](https://www.doppel.com/request-a-demo) |
+
+## Query samples
+
+**One event log**
+
+   ```kusto
+DoppelTable_CL 
+   | take 1
+   ```
+
+
+
+## Prerequisites
+
+To integrate with Doppel Data Connector make sure you have: 
+
+- **Microsoft Entra Tenant ID, Client ID and Client Secret**: Microsoft Entra ID requires a Client ID and Client Secret to authenticate your application. Additionally, Global Admin/Owner level access is required to assign the Entra-registered application a Resource Group Monitoring Metrics Publisher role.
+- **Requires Workspace ID, DCE-URI, DCR-ID**: You will need to get the Log Analytics Workspace ID, DCE Logs Ingestion URI and DCR Immutable ID for the configuration.
+
+
+## Vendor installation instructions
+
+Configure Doppel Webhook
+
+Configure the Webhook in Doppel and Endpoint with permissions in Microsoft Sentinel to send data.
+
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/doppel.azure-sentinel-solution-doppel?tab=Overview) in the Azure Marketplace.
diff --git a/articles/sentinel/data-connectors/garrison-ultra-remote-logs.md b/articles/sentinel/data-connectors/garrison-ultra-remote-logs.md
@@ -0,0 +1,66 @@
+---
+title: "Garrison ULTRA Remote Logs (using Azure Functions) connector for Microsoft Sentinel"
+description: "Learn how to install the connector Garrison ULTRA Remote Logs (using Azure Functions) to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: generated-reference
+ms.date: 02/20/2025
+ms.service: microsoft-sentinel
+ms.author: cwatson
+ms.collection: sentinel-data-connector
+---
+
+# Garrison ULTRA Remote Logs (using Azure Functions) connector for Microsoft Sentinel
+
+The [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) Remote Logs connector allows you to ingest Garrison ULTRA Remote Logs into Microsoft Sentinel.
+
+This is autogenerated content. For changes, contact the solution provider.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Log Analytics table(s)** | Garrison_ULTRARemoteLogs_CL<br/> |
+| **Data collection rules support** | Not currently supported |
+| **Supported by** | [Garrison](https://support.ultra.garrison.com) |
+
+## Query samples
+
+**Last 10 logs**
+
+   ```kusto
+Garrison_ULTRARemoteLogs_CL
+ 
+   | top 10 by TimeGenerated desc
+   ```
+
+
+
+## Prerequisites
+
+To integrate with Garrison ULTRA Remote Logs (using Azure Functions) make sure you have: 
+
+- **Garrison ULTRA**: To use this data connector you must have an active [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) license.
+
+
+## Vendor installation instructions
+
+Deployment - Azure Resource Manager (ARM) Template
+
+These steps outline the automated deployment of the Garrison ULTRA Remote Logs data connector using an ARM Template.
+
+1. Click the **Deploy to Azure** button below. 
+	
+ 	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FSolutions%2FGarrison%2520ULTRA%2FData%2520Connectors%2FGarrisonULTRARemoteLogs%2Fazuredeploy_DataCollectionResources.json) 			
+2. Provide the required details such as Resource Group, Microsoft Sentinel Workspace and ingestion configurations 
+
+	> [!NOTE]
+	> It is recommended to create a new Resource Group for deployment of these resources.
+
+3. Mark the checkbox labeled **I agree to the terms and conditions stated above**. 
+4. Click **Purchase** to deploy.
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/garrisontechnologyltd1725375696148.microsoft-sentinel-solution-garrison-ultra?tab=Overview) in the Azure Marketplace.
diff --git a/articles/sentinel/sap/deploy-sap-btp-solution.md b/articles/sentinel/sap/deploy-sap-btp-solution.md
@@ -41,7 +41,7 @@ To set up the BTP account and the solution:
 
     :::image type="content" source="./media/deploy-sap-btp-solution/btp-audit-log-sub-account.png" alt-text="Screenshot that shows creating an instance of the BTP subaccount." lightbox="./media/deploy-sap-btp-solution/btp-audit-log-sub-account.png":::
 
-1. Create a service key and record the values for `url`, `uaa.clientid`, `uaa.clientecret`, and `uaa.url`. These values are required to deploy the data connector.
+1. Create a service key and record the values for `url`, `uaa.clientid`, `uaa.clientsecret`, and `uaa.url`. These values are required to deploy the data connector.
 
     Here are examples of these field values:
 
diff --git a/articles/sentinel/soc-optimization/soc-optimization-api.md b/articles/sentinel/soc-optimization/soc-optimization-api.md
@@ -42,7 +42,7 @@ Use the following examples of the [`recommendations`](/rest/api/securityinsights
 - **Get a list of all current SOC optimization recommendations in your workspace**:
 
     ```rest
-    GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations 
+    GET /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/recommendations?api-version=2024-01-01-preview 
     ```
 
 - **Get a specific recommendation by recommendation ID**:
