MicrosoftDocs
diff --git a/‎articles/sentinel/TOC.yml
Lines changed: 7 additions & 1 deletion b/‎articles/sentinel/TOC.yml
Lines changed: 7 additions & 1 deletion
diff --git a/‎articles/sentinel/data-connectors-reference.md
Lines changed: 11 additions & 2 deletions b/‎articles/sentinel/data-connectors-reference.md
Lines changed: 11 additions & 2 deletions
diff --git a/‎articles/sentinel/data-connectors/akamai-security-events.md
Lines changed: 4 additions & 6 deletions b/‎articles/sentinel/data-connectors/akamai-security-events.md
Lines changed: 4 additions & 6 deletions
diff --git a/‎articles/sentinel/data-connectors/azure-ddos-protection.md
Lines changed: 2 additions & 2 deletions b/‎articles/sentinel/data-connectors/azure-ddos-protection.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/sentinel/data-connectors/blackberry-cylanceprotect.md
Lines changed: 5 additions & 6 deletions b/‎articles/sentinel/data-connectors/blackberry-cylanceprotect.md
Lines changed: 5 additions & 6 deletions
diff --git a/‎articles/sentinel/data-connectors/braodcom-symantec-dlp.md
Lines changed: 12 additions & 15 deletions b/‎articles/sentinel/data-connectors/braodcom-symantec-dlp.md
Lines changed: 12 additions & 15 deletions
diff --git a/‎articles/sentinel/data-connectors/cisco-application-centric-infrastructure.md
Lines changed: 3 additions & 3 deletions b/‎articles/sentinel/data-connectors/cisco-application-centric-infrastructure.md
Lines changed: 3 additions & 3 deletions
diff --git a/‎articles/sentinel/data-connectors/cisco-meraki.md
Lines changed: 2 additions & 8 deletions b/‎articles/sentinel/data-connectors/cisco-meraki.md
Lines changed: 2 additions & 8 deletions
@@ -345,7 +345,7 @@
         href: data-connectors/blackberry-cylanceprotect.md
       - name: Box (using Azure Function)
         href: data-connectors/box-using-azure-function.md
-      - name: Braodcom Symantec DLP
+      - name: Broadcom Symantec DLP
         href: data-connectors/braodcom-symantec-dlp.md
       - name: Cisco Application Centric Infrastructure
         href: data-connectors/cisco-application-centric-infrastructure.md
@@ -403,6 +403,8 @@
         href: data-connectors/cyberarkepm.md
       - name: Cyberpion Security Logs
         href: data-connectors/cyberpion-security-logs.md
+      - name: Cybersixgill Actionable Alerts (using Azure Function)
+        href: data-connectors/cybersixgill-actionable-alerts-using-azure-function.md
       - name: Darktrace Connector for Microsoft Sentinel REST API
         href: data-connectors/darktrace-connector-for-microsoft-sentinel-rest-api.md
       - name: Delinea Secret Server
@@ -529,6 +531,8 @@
         href: data-connectors/microsoft-defender-for-iot.md
       - name: Microsoft Defender for Office 365
         href: data-connectors/microsoft-defender-for-office-365.md
+      - name: Microsoft Defender Threat Intelligence (Preview)
+        href: data-connectors/microsoft-defender-threat-intelligence.md
       - name: Microsoft PowerBI
         href: data-connectors/microsoft-powerbi.md
       - name: Microsoft Project
@@ -651,6 +655,8 @@
         href: data-connectors/symantec-vip.md
       - name: Syslog
         href: data-connectors/syslog.md
+      - name: Talon Insights
+        href: data-connectors/talon-insights.md
       - name: Tenable.io Vulnerability Management (using Azure Function)
         href: data-connectors/tenable-io-vulnerability-management-using-azure-function.md
       - name: TheHive Project - TheHive (using Azure Function)
 
@@ -3,7 +3,7 @@ title: Find your Microsoft Sentinel data connector | Microsoft Docs
 description: Learn about specific configuration steps for Microsoft Sentinel data connectors.
 author: cwatson-cat
 ms.topic: reference
-ms.date: 03/06/2023
+ms.date: 03/25/2023
 ms.author: cwatson
 ---
 
@@ -134,14 +134,14 @@ Data connectors are available as part of the following offerings:
 ## Citrix
 
 - [Citrix ADC (former NetScaler)](data-connectors/citrix-adc-former-netscaler.md)
-- [CITRIX SECURITY ANALYTICS](data-connectors/citrix-security-analytics.md)
 
 ## Claroty
 
 - [Claroty](data-connectors/claroty.md)
 
 ## Cloud Software Group
 
+- [CITRIX SECURITY ANALYTICS](data-connectors/citrix-security-analytics.md)
 - [Citrix WAF (Web App Firewall)](data-connectors/citrix-waf-web-app-firewall.md)
 
 ## Cloudflare
@@ -182,6 +182,10 @@ Data connectors are available as part of the following offerings:
 
 - [Cyberpion Security Logs](data-connectors/cyberpion-security-logs.md)
 
+## Cybersixgill
+
+- [Cybersixgill Actionable Alerts (using Azure Function)](data-connectors/cybersixgill-actionable-alerts-using-azure-function.md)
+
 ## Darktrace
 
 - [AI Analyst Darktrace](data-connectors/ai-analyst-darktrace.md)
@@ -362,6 +366,7 @@ Data connectors are available as part of the following offerings:
 - [Microsoft Defender for Identity](data-connectors/microsoft-defender-for-identity.md)
 - [Microsoft Defender for IoT](data-connectors/microsoft-defender-for-iot.md)
 - [Microsoft Defender for Office 365](data-connectors/microsoft-defender-for-office-365.md)
+- [Microsoft Defender Threat Intelligence (Preview)](data-connectors/microsoft-defender-threat-intelligence.md)
 - [Microsoft PowerBI](data-connectors/microsoft-powerbi.md)
 - [Microsoft Project](data-connectors/microsoft-project.md)
 - [Microsoft Purview (Preview)](data-connectors/microsoft-purview.md)
@@ -555,6 +560,10 @@ Data connectors are available as part of the following offerings:
 - [Symantec ProxySG](data-connectors/symantec-proxysg.md)
 - [Symantec VIP](data-connectors/symantec-vip.md)
 
+## TALON CYBER SECURITY LTD
+
+- [Talon Insights](data-connectors/talon-insights.md)
+
 ## Tenable
 
 - [Tenable.io Vulnerability Management (using Azure Function)](data-connectors/tenable-io-vulnerability-management-using-azure-function.md)
 
@@ -3,7 +3,7 @@ title: "Akamai Security Events connector for Microsoft Sentinel"
 description: "Learn how to install the connector Akamai Security Events to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 02/23/2023
+ms.date: 03/25/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
@@ -16,10 +16,8 @@ Akamai Solution for Sentinel provides the capability to ingest [Akamai Security
 
 | Connector attribute | Description |
 | --- | --- |
-| **Kusto function alias** | AkamaiSIEMEvent |
-| **Kusto function url** | https://aka.ms/sentinel-akamaisecurityevents-parser |
 | **Log Analytics table(s)** | CommonSecurityLog (AkamaiSecurityEvents)<br/> |
-| **Data collection rules support** | [Workspace transform DCR](../../azure-monitor/logs/tutorial-workspace-transformations-portal.md) |
+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
 
 ## Query samples
@@ -39,7 +37,7 @@ AkamaiSIEMEvent
 
 
 > [!NOTE]
-   >  This data connector depends on a parser based on a Kusto Function to work as expected. [Follow these steps](https://aka.ms/sentinel-akamaisecurityevents-parser) to create the Kusto functions alias, **AkamaiSIEMEvent**
+   >  This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias Akamai Security Events and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Akamai%20Security%20Events/Parsers/AkamaiSIEMEvent.txt), on the second line of the query, enter the hostname(s) of your Akamai Security Events device(s) and any other unique identifiers for the logstream. The function usually takes 10-15 minutes to activate after solution installation/update.
 
 1. Linux Syslog agent configuration
 
@@ -96,4 +94,4 @@ Make sure to configure the machine's security according to your organization's s
 
 ## Next steps
 
-For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-akamai?tab=Overview) in the Azure Marketplace.
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-akamai?tab=Overview) in the Azure Marketplace.
@@ -3,14 +3,14 @@ title: "Azure DDoS Protection connector for Microsoft Sentinel"
 description: "Learn how to install the connector Azure DDoS Protection to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 03/14/2023
+ms.date: 03/25/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
 
 # Azure DDoS Protection connector for Microsoft Sentinel
 
-Connect to Azure DDoS Protection logs via Public IP Address Diagnostic Logs. In addition to the core DDoS protection in the platform, Azure DDoS Protection provides advanced DDoS mitigation capabilities against network attacks. It's automatically tuned to protect your specific Azure resources. Protection is simple to enable during the creation of new virtual networks. It can also be done after creation and requires no application or resource changes. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219760&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).
+Connect to Azure DDoS Protection Standard logs via Public IP Address Diagnostic Logs. In addition to the core DDoS protection in the platform, Azure DDoS Protection Standard provides advanced DDoS mitigation capabilities against network attacks. It's automatically tuned to protect your specific Azure resources. Protection is simple to enable during the creation of new virtual networks. It can also be done after creation and requires no application or resource changes. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2219760&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).
 
 ## Connector attributes
 
 
@@ -3,7 +3,7 @@ title: "Blackberry CylancePROTECT connector for Microsoft Sentinel"
 description: "Learn how to install the connector Blackberry CylancePROTECT to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 02/23/2023
+ms.date: 03/25/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
@@ -16,10 +16,8 @@ The [Blackberry CylancePROTECT](https://www.blackberry.com/us/en/products/blackb
 
 | Connector attribute | Description |
 | --- | --- |
-| **Kusto function alias** | CylancePROTECT |
-| **Kusto function url** | https://aka.ms/sentinel-cylanceprotect-parser |
 | **Log Analytics table(s)** | Syslog (CylancePROTECT)<br/> |
-| **Data collection rules support** | [Workspace transform DCR](../../azure-monitor/logs/tutorial-workspace-transformations-portal.md) |
+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
 
 ## Query samples
@@ -56,7 +54,8 @@ To integrate with Blackberry CylancePROTECT make sure you have:
 ## Vendor installation instructions
 
 
->This data connector depends on a parser based on a Kusto Function to work as expected. [Follow the steps](https://aka.ms/sentinel-cylanceprotect-parser) to use the Kusto function alias, **CylancePROTECT**
+> [!NOTE]
+   >  This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias CyclanePROTECT and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Blackberry%20CylancePROTECT/Parsers/CylancePROTECT.txt), on the second line of the query, enter the hostname(s) of your CyclanePROTECT device(s) and any other unique identifiers for the logstream. The function usually takes 10-15 minutes to activate after solution installation/update.
 
 1. Install and onboard the agent for Linux
 
@@ -83,4 +82,4 @@ Configure the facilities you want to collect and their severities.
 
 ## Next steps
 
-For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-blackberrycylanceprotect?tab=Overview) in the Azure Marketplace.
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-blackberrycylanceprotect?tab=Overview) in the Azure Marketplace.
@@ -1,25 +1,23 @@
 ---
-title: "Braodcom Symantec DLP connector for Microsoft Sentinel"
-description: "Learn how to install the connector Braodcom Symantec DLP to connect your data source to Microsoft Sentinel."
+title: "Broadcom Symantec DLP connector for Microsoft Sentinel"
+description: "Learn how to install the connector Broadcom Symantec DLP to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 02/23/2023
+ms.date: 03/25/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
 
-# Braodcom Symantec DLP connector for Microsoft Sentinel
+# Broadcom Symantec DLP connector for Microsoft Sentinel
 
-The [Broadcom Symantec Data Loss Prevention (DLP)](https://www.broadcom.com/products/cyber-security/information-protection/data-loss-prevention) connector allows you to easily connect your Symantec DLP with Azure Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization’s information, where it travels, and improves your security operation capabilities.
+The [Broadcom Symantec Data Loss Prevention (DLP)](https://www.broadcom.com/products/cyber-security/information-protection/data-loss-prevention) connector allows you to easily connect your Symantec DLP with Microsoft Sentinel, to create custom dashboards, alerts, and improve investigation. This gives you more insight into your organization’s information, where it travels, and improves your security operation capabilities.
 
 ## Connector attributes
 
 | Connector attribute | Description |
 | --- | --- |
-| **Kusto function alias** | SymantecDLP |
-| **Kusto function url** | https://aka.ms/sentinel-symantecdlp-parser |
 | **Log Analytics table(s)** | CommonSecurityLog (SymantecDLP)<br/> |
-| **Data collection rules support** | [Workspace transform DCR](../../azure-monitor/logs/tutorial-workspace-transformations-portal.md) |
+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
 
 ## Query samples
@@ -43,25 +41,24 @@ SymantecDLP
    ```
 
 
-
 ## Vendor installation instructions
 
 
->This data connector depends on a parser based on a Kusto Function to work as expected. [Follow the steps](https://aka.ms/sentinel-symantecdlp-parser) to use the Kusto function alias, **SymantecDLP**
+**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias SymantecDLP and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Broadcom%20SymantecDLP/Parsers/SymantecDLP.txt). The function usually takes 10-15 minutes to activate after solution installation/update.
 
 1. Linux Syslog agent configuration
 
-Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Azure Sentinel.
+Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.
 
 > Notice that the data from all regions will be stored in the selected workspace
 
 1.1 Select or create a Linux machine
 
-Select or create a Linux machine that Azure Sentinel will use as the proxy between your security solution and Azure Sentinel this machine can be on your on-prem environment, Azure or other clouds.
+Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds.
 
 1.2 Install the CEF collector on the Linux machine
 
-Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Azure Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.
+Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.
 
 > 1. Make sure that you have Python on your machine using the following command: python –version.
 
@@ -73,7 +70,7 @@ Install the Microsoft Monitoring Agent on your Linux machine and configure the m
 
 2. Forward Symantec DLP logs to a Syslog agent
 
-Configure Symantec DLP to forward Syslog messages in CEF format to your Azure Sentinel workspace via the Syslog agent.
+Configure Symantec DLP to forward Syslog messages in CEF format to your Microsoft Sentinel workspace via the Syslog agent.
 1. [Follow these instructions](https://help.symantec.com/cs/DLP15.7/DLP/v27591174_v133697641/Configuring-the-Log-to-a-Syslog-Server-action?locale=EN_US) to configure the Symantec DLP to forward syslog
 2. Use the IP address or hostname for the Linux device with the Linux agent installed as the Destination IP address.
 
@@ -106,4 +103,4 @@ Make sure to configure the machine's security according to your organization's s
 
 ## Next steps
 
-For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-broadcomsymantecdlp?tab=Overview) in the Azure Marketplace.
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-broadcomsymantecdlp?tab=Overview) in the Azure Marketplace.
@@ -3,7 +3,7 @@ title: "Cisco Application Centric Infrastructure connector for Microsoft Sentine
 description: "Learn how to install the connector Cisco Application Centric Infrastructure to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 02/23/2023
+ms.date: 03/25/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
@@ -17,7 +17,7 @@ ms.author: cwatson
 | Connector attribute | Description |
 | --- | --- |
 | **Log Analytics table(s)** | Syslog (CiscoACIEvent)<br/> |
-| **Data collection rules support** | [Workspace transform DCR](../../azure-monitor/logs/tutorial-workspace-transformations-portal.md) |
+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
 
 ## Query samples
@@ -68,4 +68,4 @@ Open Log Analytics to check if the logs are received using the Syslog schema.
 
 ## Next steps
 
-For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-ciscoaci?tab=Overview) in the Azure Marketplace.
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-ciscoaci?tab=Overview) in the Azure Marketplace.
@@ -3,7 +3,7 @@ title: "Cisco Meraki connector for Microsoft Sentinel"
 description: "Learn how to install the connector Cisco Meraki to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 02/23/2023
+ms.date: 03/25/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
@@ -16,8 +16,6 @@ The [Cisco Meraki](https://meraki.cisco.com/) connector allows you to easily con
 
 | Connector attribute | Description |
 | --- | --- |
-| **Kusto function alias** | CiscoMeraki |
-| **Kusto function url** | https://aka.ms/sentinel-ciscomeraki-parser |
 | **Log Analytics table(s)** | meraki_CL<br/> |
 | **Data collection rules support** | Not currently supported |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
@@ -56,11 +54,7 @@ To integrate with Cisco Meraki make sure you have:
 ## Vendor installation instructions
 
 
->This data connector depends on a parser (based on a Kusto Function) to work as expected. You have 2 options to get this parser into workspace
-
-> 1. If you have installed this connector via Meraki solution in ContentHub then navigate to parser definition from your workspace (Logs --> Functions --> CiscoMeraki --> Load the function code) to add your Meraki device list in the query and save the function.
-
-> 2. If you have not installed the Meraki solution from ContentHub then [Follow the steps](https://aka.ms/sentinel-ciscomeraki-parser) to use the Kusto function alias, **CiscoMeraki**
+**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias CiscoMeraki and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/CiscoMeraki/Parsers/CiscoMeraki.txt). The function usually takes 10-15 minutes to activate after solution installation/update.
 
 1. Install and onboard the agent for Linux