Merge pull request #273442 from cwatson-cat/4-25-24-dc-refresh-wfx

Sentinel - BULK auto gen data connector refresh April 2024

Author: JamesJBarnett

.openpublishing.redirection.sentinel.json

@@ -3,15 +3,18 @@ title: "AbnormalSecurity (using Azure Functions) connector for Microsoft Sentine
 description: "Learn how to install the connector AbnormalSecurity (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 07/26/2023
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
+ms.collection: sentinel-data-connector
 ---
 
 # AbnormalSecurity (using Azure Functions) connector for Microsoft Sentinel
 
 The Abnormal Security data connector provides the capability to ingest threat and case logs into Microsoft Sentinel using the [Abnormal Security Rest API.](https://app.swaggerhub.com/apis/abnormal-security/abx/)
 
+This is autogenerated content. For changes, contact the solution provider.
+
 ## Connector attributes
 
 | Connector attribute | Description |
@@ -25,13 +28,15 @@ The Abnormal Security data connector provides the capability to ingest threat an
 ## Query samples
 
 **All Abnormal Security Threat logs**
+
    ```kusto
 ABNORMAL_THREAT_MESSAGES_CL
 
    | sort by TimeGenerated desc
    ```
 
 **All Abnormal Security Case logs**
+
    ```kusto
 ABNORMAL_CASES_CL
 

articles/sentinel/TOC.yml

@@ -3,15 +3,18 @@ title: "AI Vectra Stream connector for Microsoft Sentinel"
 description: "Learn how to install the connector AI Vectra Stream to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 02/23/2023
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
+ms.collection: sentinel-data-connector
 ---
 
 # AI Vectra Stream connector for Microsoft Sentinel
 
 The AI Vectra Stream connector allows to send Network Metadata collected by Vectra Sensors accross the Network and Cloud to Microsoft Sentinel
 
+This is autogenerated content. For changes, contact the solution provider.
+
 ## Connector attributes
 
 | Connector attribute | Description |
@@ -23,6 +26,7 @@ The AI Vectra Stream connector allows to send Network Metadata collected by Vect
 ## Query samples
 
 **List all DNS Queries**
+
    ```kusto
 VectraStream 
 
@@ -32,6 +36,7 @@ VectraStream
    ```
 
 **Number of DNS requests per type**
+
    ```kusto
 VectraStream 
 
@@ -41,6 +46,7 @@ VectraStream
    ```
 
 **Top 10 of query to non existing domain**
+
    ```kusto
 VectraStream 
 
@@ -56,6 +62,7 @@ VectraStream
    ```
 
 **Host and Web sites using non-ephemeral Diffie-Hellman key exchange**
+
    ```kusto
 VectraStream 
 

articles/sentinel/data-connectors-reference.md

@@ -3,15 +3,18 @@ title: "AIShield connector for Microsoft Sentinel"
 description: "Learn how to install the connector AIShield to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 02/23/2023
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
+ms.collection: sentinel-data-connector
 ---
 
 # AIShield connector for Microsoft Sentinel
 
 [AIShield](https://www.boschaishield.com/) connector allows users to connect with AIShield custom defense mechanism logs with Microsoft Sentinel, allowing the creation of dynamic Dashboards, Workbooks, Notebooks and tailored Alerts to improve investigation and thwart attacks on AI systems. It gives users more insight into their organization's AI assets security posturing and improves their AI systems security operation capabilities.
 
+This is autogenerated content. For changes, contact the solution provider.
+
 ## Connector attributes
 
 | Connector attribute | Description |
@@ -23,13 +26,15 @@ ms.author: cwatson
 ## Query samples
 
 **Get all incidents order by time**
+
    ```kusto
 AIShield
             
    | order by TimeGenerated desc 
    ```
 
 **Get high risk incidents**
+
    ```kusto
 AIShield
             

articles/sentinel/data-connectors/abnormalsecurity-using-azure-functions.md renamed to articles/sentinel/data-connectors/abnormalsecurity.md

@@ -3,15 +3,18 @@ title: "AliCloud (using Azure Functions) connector for Microsoft Sentinel"
 description: "Learn how to install the connector AliCloud (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 07/26/2023
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
+ms.collection: sentinel-data-connector
 ---
 
 # AliCloud (using Azure Functions) connector for Microsoft Sentinel
 
 The [AliCloud](https://www.alibabacloud.com/product/log-service) data connector provides the capability to retrieve logs from cloud applications using the Cloud API and store events into Microsoft Sentinel through the [REST API](https://aliyun-log-python-sdk.readthedocs.io/api.html). The connector provides ability to get events which helps to examine potential security risks, analyze your team's use of collaboration, diagnose configuration problems and more.
 
+This is autogenerated content. For changes, contact the solution provider.
+
 ## Connector attributes
 
 | Connector attribute | Description |
@@ -25,6 +28,7 @@ The [AliCloud](https://www.alibabacloud.com/product/log-service) data connector
 ## Query samples
 
 **AliCloud Events - All Activities.**
+
    ```kusto
 AliCloud
  

articles/sentinel/data-connectors/ai-analyst-darktrace.md

@@ -3,9 +3,10 @@ title: "Amazon Web Services S3 connector for Microsoft Sentinel"
 description: "Learn how to install the connector Amazon Web Services S3 to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 04/16/2024
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
+ms.collection: sentinel-data-connector
 ---
 
 # Amazon Web Services S3 connector for Microsoft Sentinel
@@ -18,6 +19,8 @@ This connector allows you to ingest AWS service logs, collected in AWS S3 bucket
 
 For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2218883&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).
 
+This is autogenerated content. For changes, contact the solution provider.
+
 ## Connector attributes
 
 | Connector attribute | Description |
@@ -26,6 +29,60 @@ For more information, see the [Microsoft Sentinel documentation](https://go.micr
 | **Data collection rules support** | [Supported as listed](/azure/azure-monitor/logs/tables-feature-support) |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
 
+## Query samples
+
+**High severity findings summarized by activity type**
+
+   ```kusto
+AWSGuardDuty
+            
+   | where Severity > 7
+            
+   | summarize count() by ActivityType
+   ```
+
+**Top 10 rejected actions of type IPv4**
+
+   ```kusto
+AWSVPCFlow
+            
+   | where Action == "REJECT"
+            
+   | where Type == "IPv4"
+            
+   | take 10
+   ```
+
+**User creation events summarized by region**
+
+   ```kusto
+AWSCloudTrail
+            
+   | where EventName == "CreateUser"
+            
+   | summarize count() by AWSRegion
+   ```
+
+
+
+## Prerequisites
+
+To integrate with Amazon Web Services S3 make sure you have: 
+
+- **Environment**: you must have the following AWS resources defined and configured: S3, Simple Queue Service (SQS), IAM roles and permissions policies, and the AWS services whose logs you want to collect.
+
+
+## Vendor installation instructions
+
+1. Set up your AWS environment
+
+The​re are two options for setting up your AWS environment to send logs from an S3 bucket to your Log Analytics Workspace:
+
+
+2. Add connection
+
+
+
 
 ## Next steps
 

articles/sentinel/data-connectors/ai-vectra-stream.md

@@ -3,15 +3,18 @@ title: "Amazon Web Services connector for Microsoft Sentinel"
 description: "Learn how to install the connector Amazon Web Services to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 03/02/2024
+ms.date: 04/26/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
+ms.collection: sentinel-data-connector
 ---
 
 # Amazon Web Services connector for Microsoft Sentinel
 
 Follow these instructions to connect to AWS and stream your CloudTrail logs into Microsoft Sentinel. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2218883&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).
 
+This is autogenerated content. For changes, contact the solution provider.
+
 ## Connector attributes
 
 | Connector attribute | Description |