Merge pull request #302574 from EdB-MSFT/AUTOGEN-Sentinel-connectors-Fri_Jul_11_2025-0940

[AUTOGEN] PR for Sentinel connectors

Author: v-dirichards

articles/sentinel/cisco-ftd-firewall.md

@@ -15,7 +15,7 @@ Microsoft Sentinel provides two connectors that collect logs from Cisco Firepowe
 
 ## Collect logs from a Cisco FTD ASA firewall device
 
-To collect logs from FTD ASA firewall devices, use the [Cisco ASA/FTD via AMA (Preview) connector](../sentinel/data-connectors-reference.md#cisco-asaftd-via-ama-preview). 
+To collect logs from FTD ASA firewall devices, use the [Cisco ASA/FTD via AMA connector](../sentinel/data-connectors-reference.md#cisco-asaftd-via-ama). 
 
 ## Collect logs from a Cisco FTD FXOS firewall device
 

articles/sentinel/feature-availability.md

@@ -61,7 +61,7 @@ For more information, see [Microsoft Defender XDR for US Government customers](/
 |[Azure Kubernetes Service (AKS)](data-connectors-reference.md#azure-kubernetes-service-aks) |Public preview |Yes| Yes|Yes|
 |[Azure SQL Databases](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/azure-sentinel-sql-solution-query-deep-dive/ba-p/2597961) |GA |Yes |Yes|Yes |
 |[Azure Web Application Firewall (WAF)](data-connectors-reference.md#azure-web-application-firewall-waf) |GA |Yes |Yes|Yes |
-|[Cisco ASA](data-connectors-reference.md#cisco-asaftd-via-ama-preview) |GA |Yes |Yes|Yes |
+|[Cisco ASA](data-connectors-reference.md#cisco-asaftd-via-ama) |GA |Yes |Yes|Yes |
 |[Codeless Connectors Platform](create-codeless-connector.md?tabs=deploy-via-arm-template%2Cconnect-via-the-azure-portal) |Public preview |Yes |No|No |
 |[Common Event Format (CEF)](connect-common-event-format.md) |GA |Yes |Yes|Yes |
 |[Common Event Format (CEF) via AMA](connect-cef-syslog-ama.md) |GA |Yes |Yes |Yes |

articles/sentinel/includes/connector-details.md

@@ -2,7 +2,7 @@
 author: EdB-MSFT
 ms.author: edbayansh
 ms.topic: include
-ms.date: 07/10/2025
+ms.date: 07/11/2025
 ---
 
 ##  Sentinel data connectors
@@ -57,7 +57,7 @@ ms.date: 07/10/2025
 |<a name="box-using-azure-functions"></a><details><summary>**Box (using Azure Functions)** </summary> <br> The Box data connector provides the capability to ingest [Box enterprise's events](https://developer.box.com/guides/events/#admin-events) into Microsoft Sentinel using the Box REST API. Refer to [Box  documentation](https://developer.box.com/guides/events/enterprise-events/for-enterprise/) for more information.<p> **Log Analytics table(s):** <br> - `BoxEvents_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **Box API Credentials**: Box config JSON file is required for Box REST API JWT authentication. For more information, see [JWT authentication](https://developer.box.com/guides/authentication/jwt/).</details> | [Microsoft Corporation](https://support.microsoft.com/) | 
 |<a name="box-events-ccp"></a><details><summary>**Box Events (CCF)** </summary> <br> The Box data connector provides the capability to ingest [Box enterprise's events](https://developer.box.com/guides/events/#admin-events) into Microsoft Sentinel using the Box REST API. Refer to [Box  documentation](https://developer.box.com/guides/events/enterprise-events/for-enterprise/) for more information.<p> **Log Analytics table(s):** <br> - `BoxEventsV2_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Box API credentials**: Box API requires a Box App client ID and client secret to authenticate. For more information, see [Client Credentials grant](https://developer.box.com/guides/authentication/client-credentials/client-credentials-setup/)<p> - **Box Enterprise ID**: Box Enterprise ID is required to make the connection. See documentation to [find Enterprise ID](https://developer.box.com/platform/appendix/locating-values/)</details> | [Microsoft Corporation](https://support.microsoft.com/) | 
 |<a name="check-point-cloudguard-cnapp-connector-for-microsoft-sentinel"></a><details><summary>**Check Point CloudGuard CNAPP Connector for Microsoft Sentinel** </summary> <br> The [CloudGuard](https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Overview/CloudGuard-CSPM-Introduction.htm?cshid=help_center_documentation) data connector enables the ingestion of security events from the CloudGuard API into Microsoft Sentinel™, using Microsoft Sentinel’s Codeless Connector Framework. The connector supports DCR-based [ingestion time transformations](/azure/azure-monitor/logs/custom-logs-overview) which parses incoming security event data into custom columns. This pre-parsing process eliminates the need for query-time parsing, resulting in improved performance for data queries.<p> **Log Analytics table(s):** <br> - `CloudGuard_SecurityEvents_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **CloudGuard API Key**: Refer to the instructions provided [here](https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Settings/Users-Roles.htm#add_service) to generate an API key.</details> | [Check Point](https://www.checkpoint.com/support-services/contact-support/) | 
-|<a name="cisco-asaftd-via-ama-preview"></a><details><summary>**Cisco ASA/FTD via AMA (Preview)** </summary> <br> The Cisco ASA firewall connector allows you to easily connect your Cisco ASA logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.<p> **Log Analytics table(s):** <br> - `CommonSecurityLog`<p>**Data collection rule support:** <br>[Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)<p>**Prerequisites:**<br> - To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)</details> | [Microsoft Corporation](https://support.microsoft.com/) | 
+|<a name="cisco-asaftd-via-ama"></a><details><summary>**Cisco ASA/FTD via AMA** </summary> <br> The Cisco ASA firewall connector allows you to easily connect your Cisco ASA logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.<p> **Log Analytics table(s):** <br> - `CommonSecurityLog`<p>**Data collection rule support:** <br>[Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)<p>**Prerequisites:**<br> - To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)</details> | [Microsoft Corporation](https://support.microsoft.com/) | 
 |<a name="cisco-duo-security-using-azure-functions"></a><details><summary>**Cisco Duo Security (using Azure Functions)** </summary> <br> The Cisco Duo Security data connector provides the capability to ingest [authentication logs](https://duo.com/docs/adminapi#authentication-logs), [administrator logs](https://duo.com/docs/adminapi#administrator-logs), [telephony logs](https://duo.com/docs/adminapi#telephony-logs), [offline enrollment logs](https://duo.com/docs/adminapi#offline-enrollment-logs) and [Trust Monitor events](https://duo.com/docs/adminapi#trust-monitor) into Microsoft Sentinel using the Cisco Duo Admin API. Refer to [API documentation](https://duo.com/docs/adminapi) for more information.<p> **Log Analytics table(s):** <br> - `CiscoDuo_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **Cisco Duo API credentials**: Cisco Duo API credentials with permission *Grant read log* is required for Cisco Duo API. See the [documentation](https://duo.com/docs/adminapi#first-steps) to learn more about creating Cisco Duo API credentials.</details> | [Microsoft Corporation](https://support.microsoft.com/) | 
 |<a name="cisco-etd-using-azure-functions"></a><details><summary>**Cisco ETD (using Azure Functions)** </summary> <br> The connector fetches data from ETD api for threat analysis<p> **Log Analytics table(s):** <br> - `CiscoETD_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **Email Threat Defense API, API key, Client ID and Secret**: Ensure you have the API key, Client ID and Secret key.</details> | [N/A](https://globalcontacts.cloudapps.cisco.com/contacts/contactDetails/en_US/c1o1-c2o2-c3o8) | 
 |<a name="cisco-meraki-using-rest-api"></a><details><summary>**Cisco Meraki (using REST API)** </summary> <br> The [Cisco Meraki](https://aka.ms/ciscomeraki) connector allows you to easily connect your Cisco Meraki organization events (Security events, Configuration Changes and API Requests) to Microsoft Sentinel. The data connector uses the [Cisco Meraki REST API](https://developer.cisco.com/meraki/api-v1/#!get-organization-appliance-security-events) to fetch logs and supports DCR-based [ingestion time transformations](/azure/azure-monitor/logs/custom-logs-overview) that parses the received data and ingests into ASIM and custom tables in your Log Analytics workspace. This data connector benefits from capabilities such as DCR based ingestion-time filtering, data normalization.<br><br> **Supported ASIM schema:** <br> 1. Network Session <br> 2. Web Session  <br> 3. Audit Event<p> **Log Analytics table(s):** <br> - `ASimNetworkSessionLogs`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Cisco Meraki REST API Key**: Enable API access in Cisco Meraki and generate API Key. Please refer to Cisco Meraki official [documentation](https://aka.ms/ciscomerakiapikey) for more information.<p> - **Cisco Meraki Organization Id**: Obtain your Cisco Meraki organization id to fetch security events. Follow the steps in the [documentation](https://aka.ms/ciscomerakifindorg) to obtain the Organization Id using the Meraki API Key obtained in previous step.</details> | [Microsoft Corporation](https://support.microsoft.com/) |