Merge pull request #291294 from Saisang/sai-dataconnectorupdate-202411

[Auto-generated] Data Connectors update - Nov 2024

Author: denrea

articles/sentinel/TOC.yml

@@ -363,6 +363,8 @@
       href: data-connectors/cohesity.md
     - name: Common Event Format (CEF) via AMA
       href: data-connectors/common-event-format-cef-via-ama.md
+    - name: CommvaultSecurityIQ (using Azure Functions)
+      href: data-connectors/commvaultsecurityiq.md
     - name: Corelight Connector Exporter
       href: data-connectors/corelight-connector-exporter.md
     - name: Cortex XDR - Incidents
@@ -489,6 +491,8 @@
       href: data-connectors/microsoft-365-defender.md
     - name: Microsoft 365 Insider Risk Management
       href: data-connectors/microsoft-365-insider-risk-management.md
+    - name: Microsoft Active-Directory Domain Controllers Security Event Logs
+      href: data-connectors/microsoft-active-directory-domain-controllers-security-event-logs.md
     - name: Microsoft Defender for Cloud Apps
       href: data-connectors/microsoft-defender-for-cloud-apps.md
     - name: Microsoft Defender for Endpoint
@@ -507,8 +511,14 @@
       href: data-connectors/microsoft-entra-id.md
     - name: Microsoft Entra ID Protection
       href: data-connectors/microsoft-entra-id-protection.md
+    - name: Microsoft Exchange Admin Audit Logs by Event Logs
+      href: data-connectors/microsoft-exchange-admin-audit-logs-by-event-logs.md
+    - name: Microsoft Exchange HTTP Proxy Logs
+      href: data-connectors/microsoft-exchange-http-proxy-logs.md
     - name: Microsoft Exchange Logs and Events
       href: data-connectors/microsoft-exchange-logs-and-events.md
+    - name: Microsoft Exchange Message Tracking Logs
+      href: data-connectors/microsoft-exchange-message-tracking-logs.md
     - name: Microsoft Power BI
       href: data-connectors/microsoft-powerbi.md
     - name: Microsoft Project
@@ -637,6 +647,8 @@
       href: data-connectors/transmit-security-connector.md
     - name: Trend Vision One (using Azure Functions)
       href: data-connectors/trend-vision-one.md
+    - name: Varonis SaaS
+      href: data-connectors/varonis-saas.md
     - name: Vectra XDR (using Azure Functions)
       href: data-connectors/vectra-xdr.md
     - name: VMware Carbon Black Cloud (using Azure Functions)

articles/sentinel/data-connectors-reference.md

@@ -174,6 +174,10 @@ For more information about the codeless connector platform, see [Create a codele
 
 - [Cohesity (using Azure Functions)](data-connectors/cohesity.md)
 
+## Commvault
+
+- [CommvaultSecurityIQ (using Azure Functions)](data-connectors/commvaultsecurityiq.md)
+
 ## Corelight Inc.
 
 - [Corelight Connector Exporter](data-connectors/corelight-connector-exporter.md)
@@ -394,7 +398,11 @@ For more information about the codeless connector platform, see [Create a codele
 
 - [Exchange Security Insights Online Collector (using Azure Functions)](data-connectors/exchange-security-insights-online-collector.md)
 - [Exchange Security Insights On-Premises Collector](data-connectors/exchange-security-insights-on-premises-collector.md)
+- [Microsoft Active-Directory Domain Controllers Security Event Logs](data-connectors/microsoft-active-directory-domain-controllers-security-event-logs.md)
+- [Microsoft Exchange Admin Audit Logs by Event Logs](data-connectors/microsoft-exchange-admin-audit-logs-by-event-logs.md)
+- [Microsoft Exchange HTTP Proxy Logs](data-connectors/microsoft-exchange-http-proxy-logs.md)
 - [Microsoft Exchange Logs and Events](data-connectors/microsoft-exchange-logs-and-events.md)
+- [Microsoft Exchange Message Tracking Logs](data-connectors/microsoft-exchange-message-tracking-logs.md)
 - [Forcepoint DLP](data-connectors/forcepoint-dlp.md)
 - [MISP2Sentinel](data-connectors/misp2sentinel.md)
 
@@ -560,6 +568,10 @@ For more information about the codeless connector platform, see [Create a codele
 
 - [SaaS Security](data-connectors/saas-security.md)
 
+## Varonis
+
+- [Varonis SaaS](data-connectors/varonis-saas.md)
+
 ## Vectra AI, Inc
 
 - [Vectra XDR (using Azure Functions)](data-connectors/vectra-xdr.md)

articles/sentinel/data-connectors/atlassian-confluence-audit.md

@@ -3,7 +3,7 @@ title: "Atlassian Confluence Audit (using Azure Functions) connector for Microso
 description: "Learn how to install the connector Atlassian Confluence Audit (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 10/15/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -20,7 +20,7 @@ This is autogenerated content. For changes, contact the solution provider.
 | Connector attribute | Description |
 | --- | --- |
 | **Application settings** | ConfluenceUsername<br/>ConfluenceAccessToken<br/>ConfluenceHomeSiteName<br/>WorkspaceID<br/>WorkspaceKey<br/>logAnalyticsUri (optional) |
-| **Azure function app code** | [https://aka.ms/sentinel-confluenceauditapi-functionapp](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AtlassianConfluenceAudit/Data%20Connector/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConn.zip) |
+| **Azure function app code** | https://aka.ms/sentinel-confluenceauditapi-functionapp |
 | **Log Analytics table(s)** | Confluence_Audit_CL<br/> |
 | **Data collection rules support** | Not currently supported |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
@@ -89,7 +89,7 @@ Use the following step-by-step instructions to deploy the Confluence Audit data
 
 > **NOTE:** You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.
 
-1. Download the [Azure Function App](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AtlassianConfluenceAudit/Data%20Connector/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConn.zip) file. Extract archive to your local development computer.
+1. Download the [Azure Function App](https://aka.ms/sentinel-confluenceauditapi-functionapp) file. Extract archive to your local development computer.
 2. Start VS Code. Choose File in the main menu and select Open Folder.
 3. Select the top level folder from extracted files.
 4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.

articles/sentinel/data-connectors/bitglass.md

@@ -3,7 +3,7 @@ title: "Bitglass (using Azure Functions) connector for Microsoft Sentinel"
 description: "Learn how to install the connector Bitglass (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 10/15/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -63,7 +63,7 @@ To integrate with Bitglass (using Azure Functions) make sure you have:
 
  Follow the instructions to obtain the credentials.
 
-1. Please contact Bitglass [support](https://pages.bitglass.com/Contact.html) and obtain the **BitglassToken** and **BitglassServiceURL** ntation].
+1. Please contact Bitglass [support](https://www.forcepoint.com/company/contact-us) and obtain the **BitglassToken** and **BitglassServiceURL** ntation].
 2. Save credentials for using in the data connector.
 
 

articles/sentinel/data-connectors/commvaultsecurityiq.md

@@ -0,0 +1,131 @@
+---
+title: "CommvaultSecurityIQ (using Azure Functions) connector for Microsoft Sentinel"
+description: "Learn how to install the connector CommvaultSecurityIQ (using Azure Functions) to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: how-to
+ms.date: 11/20/2024
+ms.service: microsoft-sentinel
+ms.author: cwatson
+ms.collection: sentinel-data-connector
+---
+
+# CommvaultSecurityIQ (using Azure Functions) connector for Microsoft Sentinel
+
+This Azure Function enables Commvault users to ingest alerts/events into their Microsoft Sentinel instance. With Analytic Rules,Microsoft Sentinel can automatically create Microsoft Sentinel incidents from incoming events and logs.
+
+This is autogenerated content. For changes, contact the solution provider.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Application settings** | apiUsername<br/>apipassword<br/>apiToken<br/>workspaceID<br/>workspaceKey<br/>uri<br/>logAnalyticsUri (optional)(add any other settings required by the Function App)Set the <code>uri</code> value to: <code>&lt;add uri value&gt;</code> |
+| **Azure function app code** | Add%20GitHub%20link%20to%20Function%20App%20code |
+| **Log Analytics table(s)** | CommvaultSecurityIQ_CL<br/> |
+| **Data collection rules support** | Not currently supported |
+| **Supported by** | [Commvault](https://www.commvault.com/support) |
+
+## Query samples
+
+**Last 10 events/alerts **
+
+   ```kusto
+CommvaultSecurityIQ_CL 
+
+   | where TimeGenerated > ago(24h) 
+
+   | limit 10
+   ```
+
+
+
+## Prerequisites
+
+To integrate with CommvaultSecurityIQ (using Azure Functions) make sure you have: 
+
+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).
+- **Commvault Environment Endpoint URL**: Make sure to follow the documentation and set the secret value in KeyVault
+- **Commvault QSDK Token**: Make sure to follow the documentation and set the secret value in KeyVault
+
+
+## Vendor installation instructions
+
+
+> [!NOTE]
+   >  This connector uses Azure Functions to connect to a Commvault Instance to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.
+
+
+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.
+
+
+**STEP 1 - Configuration steps for the Commvalut QSDK Token**
+
+[Follow these instructions](/cloud-app-security/api-authentication) to create an API Token.
+
+
+**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**
+
+>**IMPORTANT:** Before deploying the CommvaultSecurityIQ data connector, have the Workspace ID  and Workspace Primary Key (can be copied from the following), as well as the Commvault Endpoint URL and QSDK Token, readily available.
+
+
+
+
+**Option 1 - Azure Resource Manager (ARM) Template**
+
+Use this method for automated deployment of the Commvault Security IQ data connector.
+
+1. Click the **Deploy to Azure** button below. 
+
+	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-CommvaultSecurityIQ-azuredeploy)
+2. Select the preferred **Subscription**, **Resource Group** and **Location**. 
+3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password**, 'and/or Other required fields'. 
+>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](/azure/app-service/app-service-key-vault-references) for further details. 
+4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. 
+5. Click **Purchase** to deploy.
+
+
+**Option 2 - Manual Deployment of Azure Functions**
+
+ Use the following step-by-step instructions to deploy the CommvaultSecurityIQ data connector manually with Azure Functions.
+
+1. Create a Function App
+
+1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp).
+2. Click **+ Add** at the top.
+3. In the **Basics** tab, ensure Runtime stack is set to **'Add Required Language'**. 
+4. In the **Hosting** tab, ensure **Plan type** is set to **'Add Plan Type'**.
+5. 'Add other required configurations'. 
+5. 'Make other preferable configuration changes', if needed, then click **Create**.
+
+2. Import Function App Code
+
+1. In the newly created Function App, select **Functions** from the navigation menu and click **+ Add**.
+2. Select **Timer Trigger**.
+3. Enter a unique Function **Name** in the New Function field and leave the default cron schedule of every 5 minutes, then click **Create Function**.
+4. Click on the function name and click **Code + Test** from the left pane.
+5. Copy the **Function App Code** and paste into the Function App `run.ps1` editor.
+6. Click **Save**.
+
+3. Configure the Function App
+
+1. In the Function App screen, click the Function App name and select **Configuration**.
+2. In the **Application settings** tab, select **+ New application setting**.
+3. Add each of the following 'x (number of)' application settings individually, under Name, with their respective string values (case-sensitive) under Value: 
+		apiUsername
+		apipassword
+		apiToken
+		workspaceID
+		workspaceKey
+		uri
+		logAnalyticsUri (optional)
+(add any other settings required by the Function App)
+Set the `uri` value to: `<add uri value>` 
+>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Azure Key Vault references documentation](/azure/app-service/app-service-key-vault-references) for further details.
+ - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://<CustomerId>.ods.opinsights.azure.us`. 
+4. Once all application settings have been entered, click **Save**.
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/commvault.microsoft-sentinel-solution-commvaultsecurityiq?tab=Overview) in the Azure Marketplace.

articles/sentinel/data-connectors/forescout.md

@@ -3,7 +3,7 @@ title: "Forescout connector for Microsoft Sentinel"
 description: "Learn how to install the connector Forescout to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 04/26/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -41,7 +41,7 @@ ForescoutEvent
 
 
 > [!NOTE]
-   >  This data connector depends on a parser based on a Kusto Function to work as expected [**ForescoutEvent**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Forescout%20(Legacy)/Parsers/ForescoutEvent.yaml) which is deployed with the Microsoft Sentinel Solution.
+   >  This data connector depends on a parser based on a Kusto Function to work as expected [**ForescoutEvent**](https://aka.ms/sentinel-forescout-parser) which is deployed with the Microsoft Sentinel Solution.
 
 
 > [!NOTE]

articles/sentinel/data-connectors/microsoft-active-directory-domain-controllers-security-event-logs.md

@@ -0,0 +1,68 @@
+---
+title: "Microsoft Active-Directory Domain Controllers Security Event Logs connector for Microsoft Sentinel"
+description: "Learn how to install the connector Microsoft Active-Directory Domain Controllers Security Event Logs to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: how-to
+ms.date: 11/20/2024
+ms.service: microsoft-sentinel
+ms.author: cwatson
+ms.collection: sentinel-data-connector
+---
+
+# Microsoft Active-Directory Domain Controllers Security Event Logs connector for Microsoft Sentinel
+
+[Option 3 & 4] - Using Azure Monitor Agent -You can stream a part or all Domain Controllers Security Event logs from the Windows machines connected to your Microsoft Sentinel workspace using the Windows agent. This connection enables you to create custom alerts, and improve investigation.
+
+This is autogenerated content. For changes, contact the solution provider.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Log Analytics table(s)** | SecurityEvent<br/> |
+| **Data collection rules support** | Not currently supported |
+| **Supported by** | [Community](https://github.com/Azure/Azure-Sentinel/issues) |
+
+## Query samples
+
+**All Audit logs**
+
+   ```kusto
+SecurityEvent 
+   | sort by TimeGenerated
+   ```
+
+
+
+## Prerequisites
+
+To integrate with Microsoft Active-Directory Domain Controllers Security Event Logs make sure you have: 
+
+- ****: Azure Log Analytics will be deprecated, to collect data from non-Azure VMs, Azure Arc is recommended. [Learn more](/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)
+- **Detailled documentation**: >**NOTE:** Detailled documentation on Installation procedure and usage can be found [here](https://aka.ms/MicrosoftExchangeSecurityGithub)
+
+
+## Vendor installation instructions
+
+
+> [!NOTE]
+   >  This solution is based on options. This allows you to choose which data will be ingest as some options can generate a very high volume of data. Depending on what you want to collect, track in your Workbooks, Analytics Rules, Hunting capabilities you will choose the option(s) you will deploy. Each options are independant for one from the other. To learn more about each option: ['Microsoft Exchange Security' wiki](https://aka.ms/ESI_DataConnectorOptions)
+
+>This Data Connector is the **option 3 and 4** of the wiki.
+
+1.  Download and install the agents needed to collect logs for Microsoft Sentinel
+
+Type of servers (Exchange Servers, Domain Controllers linked to Exchange Servers or all Domain Controllers) depends on the option you want to deploy.
+
+
+Security logs of Domain Controllers
+
+Select how to stream Security logs of Domain Controllers. If you want to implement Option 3, you just need to select DC on same site as Exchange Servers. If you want to implement Option 4, you can select all DCs of your forest.
+
+
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/microsoftsentinelcommunity.azure-sentinel-solution-exchangesecurityinsights?tab=Overview) in the Azure Marketplace.