Fix formatting on new files

Author: cwatson-cat

articles/sentinel/data-connectors/tenable-identity-exposure.md

@@ -118,57 +118,55 @@ To integrate with Tenable Identity Exposure make sure you have:
 
 ## Vendor installation instructions
 
-
 This data connector depends on [afad_parser](https://aka.ms/sentinel-TenableApp-afad-parser) based on a Kusto Function to work as expected which is deployed with the Microsoft Sentinel Solution.
 
 1. Configure the Syslog server
 
-You will first need a **linux Syslog** server that TenableIE will send logs to. Typically you can run **rsyslog** on **Ubuntu**.
-You can then configure this server as you wish, but it is recommended to be able to output TenableIE logs in a separate file.
-
-Configure rsyslog to accept logs from your TenableIE IP address.:
-
-```shell
-sudo -i
-
-# Set TenableIE source IP address
-export TENABLE_IE_IP={Enter your IP address}
-
-# Create rsyslog configuration file
-cat > /etc/rsyslog.d/80-tenable.conf << EOF
-\$ModLoad imudp
-\$UDPServerRun 514
-\$ModLoad imtcp
-\$InputTCPServerRun 514
-\$AllowedSender TCP, 127.0.0.1, $TENABLE_IE_IP
-\$AllowedSender UDP, 127.0.0.1, $TENABLE_IE_IP
-\$template MsgTemplate,"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %programname%[%procid%]:%msg%\n"
-\$template remote-incoming-logs, "/var/log/%PROGRAMNAME%.log"
-*.* ?remote-incoming-logs;MsgTemplate
-EOF
-
-# Restart rsyslog
-systemctl restart rsyslog
-```
+   You will first need a **linux Syslog** server that TenableIE will send logs to. Typically you can run **rsyslog** on **Ubuntu**. You can then configure this server as you wish, but it is recommended to be able to output TenableIE logs in a separate file.
+
+   Configure rsyslog to accept logs from your TenableIE IP address.:
+
+   ```shell
+   sudo -i
+   
+   # Set TenableIE source IP address
+   export TENABLE_IE_IP={Enter your IP address}
+   
+   # Create rsyslog configuration file
+   cat > /etc/rsyslog.d/80-tenable.conf << EOF
+   \$ModLoad imudp
+   \$UDPServerRun 514
+   \$ModLoad imtcp
+   \$InputTCPServerRun 514
+   \$AllowedSender TCP, 127.0.0.1, $TENABLE_IE_IP
+   \$AllowedSender UDP, 127.0.0.1, $TENABLE_IE_IP
+   \$template MsgTemplate,"%TIMESTAMP:::date-rfc3339% %HOSTNAME% %programname%[%procid%]:%msg%\n"
+   \$template remote-incoming-logs, "/var/log/%PROGRAMNAME%.log"
+   *.* ?remote-incoming-logs;MsgTemplate
+   EOF
+   
+   # Restart rsyslog
+   systemctl restart rsyslog
+   ```
 
 2. Install and onboard the Microsoft agent for Linux
 
-The OMS agent will receive the TenableIE syslog events and publish it in Microsoft Sentinel :
+   The OMS agent will receive the TenableIE syslog events and publish it in Microsoft Sentinel :
 
 
 3. Check agent logs on the Syslog server
 
-```shell
-tail -f /var/opt/microsoft/omsagent/log/omsagent.log
-```
+   ```shell
+   tail -f /var/opt/microsoft/omsagent/log/omsagent.log
+   ```
 
 4. Configure TenableIE to send logs to your Syslog server
 
-On your **TenableIE** portal, go to *System*, *Configuration* and then *Syslog*.
-From there you can create a new Syslog alert toward your Syslog server.
+   On your **TenableIE** portal, go to *System*, *Configuration* and then *Syslog*.
+   From there you can create a new Syslog alert toward your Syslog server.
 
-Once this is done, check that the logs are correctly gathered on your server in a separate file (to do this, you can use the *Test the configuration* button in the Syslog alert configuration in TenableIE).
-If you used the Quickstart template, the Syslog server will by default listen on port 514 in UDP and 1514 in TCP, without TLS.
+   Once this is done, check that the logs are correctly gathered on your server in a separate file (to do this, you can use the *Test the configuration* button in the Syslog alert configuration in TenableIE).
+   If you used the Quickstart template, the Syslog server will by default listen on port 514 in UDP and 1514 in TCP, without TLS.
 
 5. Configure the custom logs
 
@@ -180,10 +178,10 @@ Configure the agent to collect the logs.
 4. Set the record delimiter to **New Line** if not already the case and click **Next**.
 5. Select **Linux** and enter the file path to the **Syslog** file, click **+** then **Next**. The default location of the file is `/var/log/TenableIE.log` if you have a Tenable version <3.1.0, you must also add this linux file location `/var/log/AlsidForAD.log`.
 6. Set the **Name** to *Tenable_IE_CL* (Azure automatically adds *_CL* at the end of the name, there must be only one, make sure the name is not *Tenable_IE_CL_CL*).
-7. Click **Next**, you will see a resume, then click **Create**
+7. Click **Next**, you will see a resume, then click **Create**.
 
 
-6. Enjoy !
+6. Enjoy!
 
 You should now be able to receive logs in the *Tenable_IE_CL* table, logs data can be parse using the **afad_parser()** function, used by all query samples, workbooks and analytic templates.
 

articles/sentinel/data-connectors/tenable-vulnerability-management.md

@@ -85,17 +85,15 @@ To integrate with Tenable Vulnerability Management (using Azure Functions) make
    >  This data connector depends on a [**TenableVM parser for vulnerabilities**](https://aka.ms/sentinel-TenableApp-TenableVMVulnerabilities-parser) and a [**TenableVM parser for assets**](https://aka.ms/sentinel-TenableApp-TenableVMAssets-parser) based on a Kusto Function to work as expected which is deployed with the Microsoft Sentinel Solution.
 
 
-**STEP 1 - Configuration steps for TenableVM
+**STEP 1 - Configuration steps for TenableVM**
 
 [Follow the instructions](https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm) to obtain the required API credentials. 
 
 
 
 **STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function App**
 
-**IMPORTANT:** Before deploying the Workspace data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following).
-
-
+Before deploying the Workspace data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following).
 
 Option 1 - Azure Resource Manager (ARM) Template
 

articles/sentinel/data-connectors/transmit-security-connector.md

@@ -75,9 +75,7 @@ Follow the instructions to obtain the credentials.
 
 **STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**
 
-**IMPORTANT:** Before deploying the Transmit Security data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following).
-
-
+Before deploying the Transmit Security data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following).
 
 Option 1 - Azure Resource Manager (ARM) Template
 
@@ -88,7 +86,8 @@ Use this method for automated deployment of the Transmit Security Audit data con
 	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-TransmitSecurityAPI-azuredeploy) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://aka.ms/sentinel-TransmitSecurityAPI-azuredeploy-gov)
 
 2. Select the preferred **Subscription**, **Resource Group** and **Location**. 
-> **NOTE:** Within the same resource group, you can't mix Windows and Linux apps in the same region. Select existing resource group without Windows apps in it or create new resource group.
+  
+   Within the same resource group, you can't mix Windows and Linux apps in the same region. Select existing resource group without Windows apps in it or create new resource group.
 3. Enter the **TransmitSecurityClientID**, **TransmitSecurityClientSecret**, **TransmitSecurityUserActivityEndpoint**, **TransmitSecurityAdminActivityEndpoint**, **TransmitSecurityTokenEndpoint** and deploy. 
 4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. 
 5. Click **Purchase** to deploy.
@@ -134,8 +133,8 @@ If you're already signed in, go to the next step.
 
  3. Add each of the following application settings individually, with their respective string values (case-sensitive):
 
-	- TransmitSecurityClientID
-	- TransmitSecurityClientSecret
+    - TransmitSecurityClientID
+    - TransmitSecurityClientSecret
 	- TransmitSecurityAdminActivityEndpoint
 	- TransmitSecurityUserActivityEndpoint
 	- TransmitSecurityTokenEndpoint