Merge pull request #236360 from cwatson-cat/4-29-23-dc-rfh

Sentinel auto gen data connectors - refresh list EO April

Author: ttorble

.openpublishing.redirection.json

@@ -22567,6 +22567,11 @@
           "source_path_from_root": "/articles/healthcare-apis/dicom/dicom-cast-access-request.md",
           "redirect_url": "/azure/healthcare-apis/dicom/dicom-cast-overview",
           "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/azure-information-protection.md",
+            "redirect_url": "/azure/sentinel/data-connectors-reference",
+            "redirect_document_id": false
         }
     ]
 }

articles/sentinel/TOC.yml

@@ -321,8 +321,6 @@
         href: data-connectors/azure-event-hub.md
       - name: Azure Firewall
         href: data-connectors/azure-firewall.md
-      - name: Azure Information Protection
-        href: data-connectors/azure-information-protection.md
       - name: Azure Key Vault
         href: data-connectors/azure-key-vault.md
       - name: Azure Kubernetes Service (AKS)
@@ -407,6 +405,8 @@
         href: data-connectors/cyberpion-security-logs.md
       - name: Cybersixgill Actionable Alerts (using Azure Function)
         href: data-connectors/cybersixgill-actionable-alerts-using-azure-function.md
+      - name: Cynerio Security Events
+        href: data-connectors/cynerio-security-events.md
       - name: Darktrace Connector for Microsoft Sentinel REST API
         href: data-connectors/darktrace-connector-for-microsoft-sentinel-rest-api.md
       - name: Delinea Secret Server

articles/sentinel/data-connectors-reference.md

@@ -3,7 +3,7 @@ title: Find your Microsoft Sentinel data connector | Microsoft Docs
 description: Learn about specific configuration steps for Microsoft Sentinel data connectors.
 author: cwatson-cat
 ms.topic: reference
-ms.date: 04/18/2023
+ms.date: 03/25/2023
 ms.author: cwatson
 ---
 
@@ -188,6 +188,10 @@ Data connectors are available as part of the following offerings:
 
 - [Cybersixgill Actionable Alerts (using Azure Function)](data-connectors/cybersixgill-actionable-alerts-using-azure-function.md)
 
+## Cynerio
+
+- [Cynerio Security Events](data-connectors/cynerio-security-events.md)
+
 ## Darktrace
 
 - [AI Analyst Darktrace](data-connectors/ai-analyst-darktrace.md)
@@ -352,7 +356,6 @@ Data connectors are available as part of the following offerings:
 - [Azure Data Lake Storage Gen1](data-connectors/azure-data-lake-storage-gen1.md)
 - [Azure DDoS Protection](data-connectors/azure-ddos-protection.md)
 - [Azure Event Hub](data-connectors/azure-event-hub.md)
-- [Azure Information Protection](data-connectors/azure-information-protection.md)
 - [Azure Key Vault](data-connectors/azure-key-vault.md)
 - [Azure Kubernetes Service (AKS)](data-connectors/azure-kubernetes-service-aks.md)
 - [Azure Logic Apps](data-connectors/azure-logic-apps.md)

articles/sentinel/data-connectors/auth0-access-management-using-azure-function.md

@@ -56,7 +56,7 @@ To integrate with Auth0 Access Management (using Azure Function) make sure you h
  Follow the instructions to obtain the credentials.
 
 1. In Auth0 Dashboard, go to **Applications > Applications**.
-2. Select your Application.
+2. Select your Application. This should be a "Machine-to-Machine" Application configured with at least **read:logs** and **read:logs_users** permissions.
 3. Copy **Domain, ClientID, Client Secret**
 
 

articles/sentinel/data-connectors/azure-information-protection.md

@@ -0,0 +1,54 @@
+---
+title: "Cynerio Security Events connector for Microsoft Sentinel"
+description: "Learn how to install the connector Cynerio Security Events to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: how-to
+ms.date: 04/29/2023
+ms.service: microsoft-sentinel
+ms.author: cwatson
+---
+
+# Cynerio Security Events connector for Microsoft Sentinel
+
+The [Cynerio](https://www.cynerio.com/) connector allows you to easily connect your Cynerio Security Events with Microsoft Sentinel, to view IDS Events. This gives you more insight into your organization network security posture and improves your security operation capabilities. 
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Log Analytics table(s)** | CynerioEvent_CL<br/> |
+| **Data collection rules support** | Not currently supported |
+| **Supported by** | [Cynerio](https://cynerio.com) |
+
+## Query samples
+
+**SSH Connections events in the last 24 hours**
+   ```kusto
+CynerioEvent_CL
+ 
+   | where date_t > ago(24h) and title_s == 'SSH Connection'
+   ```
+
+
+
+## Vendor installation instructions
+
+Configure and connect Cynerio
+
+Cynerio can integrate with and export events directly to Microsoft Sentinel via Azure Server. Follow these steps to establish integration:
+
+1. In the Cynerio console, go to Settings > Integrations tab (default), and click on the **+Add Integration** button at the top right.
+
+2. Scroll down to the **SIEM** section.
+
+3. On the Microsoft Sentinel card, click the Connect button.
+
+4. The Integration Details window opens. Use the parameters below to fill out the form and set up the connection.
+
+
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/cynerio1681887657820.cynerio-medical-device-security-sentinel-connector?tab=Overview) in the Azure Marketplace.