Merge pull request #263149 from cwatson-cat/1-06-24-dc-refresh

Sentinel auto-gen data connectors refresh Jan 24

Author: Jill Grant

.openpublishing.redirection.sentinel.json

@@ -215,11 +215,6 @@
             "redirect_url": "/azure/sentinel/data-connectors/rubrik-security-cloud-data-connector-using-azure-functions",
             "redirect_document_id": true
           },
-          {
-            "source_path": "articles/sentinel/data-connectors/cisco-asa-ftd-via-ama.md",
-            "redirect_url": "/azure/sentinel/data-connectors-reference",
-            "redirect_document_id": false
-          },
           {
             "source_path": "articles/sentinel/data-connectors/okta-single-sign-on-using-azure-function.md",
             "redirect_url": "/azure/sentinel/data-connectors/okta-single-sign-on-using-azure-functions",
@@ -484,6 +479,11 @@
             "source_path": "articles/sentinel/data-connectors/cyberpion-security-logs.md",
             "redirect_url": "/azure/sentinel/data-connectors-reference",
             "redirect_document_id": false
-          }  
+          },
+          {
+            "source_path": "articles/sentinel/data-connectors/azure-active-directory-identity-protection.md",
+            "redirect_url": "/azure/sentinel/data-connectors/microsoft-entra-id-protection",
+            "redirect_document_id": true
+          }
     ]
 }

articles/sentinel/TOC.yml

@@ -376,10 +376,6 @@
       href: data-connectors/automated-logic-webctrl.md
     - name: Awake Security
       href: data-connectors/awake-security.md
-    - name: Microsoft Entra ID
-      href: data-connectors/azure-active-directory.md
-    - name: Microsoft Entra ID Protection
-      href: data-connectors/azure-active-directory-identity-protection.md
     - name: Azure Activity
       href: data-connectors/azure-activity.md
     - name: Azure Batch Account
@@ -422,6 +418,8 @@
       href: data-connectors/cisco-application-centric-infrastructure.md
     - name: Cisco ASA
       href: data-connectors/cisco-asa.md
+    - name: Cisco ASA/FTD via AMA (Preview)
+      href: data-connectors/cisco-asa-ftd-via-ama.md
     - name: Cisco Duo Security (using Azure Functions)
       href: data-connectors/cisco-duo-security-using-azure-functions.md
     - name: Cisco Identity Services Engine
@@ -460,8 +458,12 @@
       href: data-connectors/cortex-xdr-incidents.md
     - name: Crowdstrike Falcon Data Replicator (using Azure Functions)
       href: data-connectors/crowdstrike-falcon-data-replicator-using-azure-functions.md
+    - name: Crowdstrike Falcon Data Replicator V2 (using Azure Functions)
+      href: data-connectors/crowdstrike-falcon-data-replicator-v2-using-azure-functions.md
     - name: CrowdStrike Falcon Endpoint Protection
       href: data-connectors/crowdstrike-falcon-endpoint-protection.md
+    - name: CyberArk Enterprise Password Vault (EPV) Events
+      href: data-connectors/cyberark-enterprise-password-vault-epv-events.md
     - name: CyberArkEPM (using Azure Functions)
       href: data-connectors/cyberarkepm-using-azure-functions.md
     - name: Cybersixgill Actionable Alerts (using Azure Functions)
@@ -546,6 +548,8 @@
       href: data-connectors/infoblox-nios.md
     - name: InfoSecGlobal Data Connector
       href: data-connectors/infosecglobal-data-connector.md
+    - name: IONIX Security Logs
+      href: data-connectors/ionix-security-logs.md
     - name: ISC Bind
       href: data-connectors/isc-bind.md
     - name: Island Enterprise Browser Admin Audit (Polling CCP)
@@ -598,6 +602,10 @@
       href: data-connectors/microsoft-defender-for-office-365.md
     - name: Microsoft Defender Threat Intelligence
       href: data-connectors/microsoft-defender-threat-intelligence.md
+    - name: Microsoft Entra ID
+      href: data-connectors/azure-active-directory.md
+    - name: Microsoft Entra ID Protection
+      href: data-connectors/microsoft-entra-id-protection.md
     - name: Microsoft Power BI (preview)
       href: data-connectors/microsoft-powerbi.md
     - name: Microsoft Project (preview)
@@ -684,6 +692,8 @@
       href: data-connectors/rsa-securid-authentication-manager.md
     - name: Rubrik Security Cloud data connector (using Azure Functions)
       href: data-connectors/rubrik-security-cloud-data-connector-using-azure-functions.md
+    - name: SaaS Security
+      href: data-connectors/saas-security.md
     - name: SailPoint IdentityNow (using Azure Functions)
       href: data-connectors/sailpoint-identitynow-using-azure-function.md
     - name: Salesforce Service Cloud (using Azure Functions)
@@ -696,6 +706,8 @@
       href: data-connectors/senservapro.md
     - name: SentinelOne (using Azure Functions)
       href: data-connectors/sentinelone-using-azure-functions.md
+    - name: Seraphic Web Security
+      href: data-connectors/seraphic-web-security.md
     - name: Slack Audit (using Azure Functions)
       href: data-connectors/slack-audit-using-azure-functions.md
     - name: Snowflake (using Azure Functions)

articles/sentinel/data-connectors-reference.md

@@ -3,7 +3,7 @@ title: Find your Microsoft Sentinel data connector | Microsoft Docs
 description: Learn about specific configuration steps for Microsoft Sentinel data connectors.
 author: cwatson-cat
 ms.topic: reference
-ms.date: 10/23/2023
+ms.date: 07/26/2023
 ms.author: cwatson
 ---
 
@@ -123,6 +123,7 @@ Data connectors are available as part of the following offerings:
 - [[Recommended] Cisco Secure Email Gateway via AMA](data-connectors/recommended-cisco-secure-email-gateway-via-ama.md)
 - [Cisco Application Centric Infrastructure](data-connectors/cisco-application-centric-infrastructure.md)
 - [Cisco ASA](data-connectors/cisco-asa.md)
+- [Cisco ASA/FTD via AMA (Preview)](data-connectors/cisco-asa-ftd-via-ama.md)
 - [Cisco Duo Security (using Azure Functions)](data-connectors/cisco-duo-security-using-azure-functions.md)
 - [Cisco Identity Services Engine](data-connectors/cisco-identity-services-engine.md)
 - [Cisco Meraki](data-connectors/cisco-meraki.md)
@@ -173,6 +174,7 @@ Data connectors are available as part of the following offerings:
 ## Crowdstrike
 
 - [Crowdstrike Falcon Data Replicator (using Azure Functions)](data-connectors/crowdstrike-falcon-data-replicator-using-azure-functions.md)
+- [Crowdstrike Falcon Data Replicator V2 (using Azure Functions) (Preview)](data-connectors/crowdstrike-falcon-data-replicator-v2-using-azure-functions.md)
 - [CrowdStrike Falcon Endpoint Protection](data-connectors/crowdstrike-falcon-endpoint-protection.md)
 
 ## Cyber Defense Group B.V.
@@ -184,6 +186,10 @@ Data connectors are available as part of the following offerings:
 - [CyberArk Enterprise Password Vault (EPV) Events](data-connectors/cyberark-enterprise-password-vault-epv-events.md)
 - [CyberArkEPM (using Azure Functions)](data-connectors/cyberarkepm-using-azure-functions.md)
 
+## CyberPion
+
+- [IONIX Security Logs](data-connectors/ionix-security-logs.md)
+
 ## Cybersixgill
 
 - [Cybersixgill Actionable Alerts (using Azure Functions)](data-connectors/cybersixgill-actionable-alerts-using-azure-functions.md)
@@ -390,11 +396,9 @@ Data connectors are available as part of the following offerings:
 ## Microsoft
 
 - [Automated Logic WebCTRL](data-connectors/automated-logic-webctrl.md)
-- [Microsoft Entra ID](data-connectors/azure-active-directory.md)
-- [Microsoft Entra ID Protection](data-connectors/azure-active-directory-identity-protection.md)
 - [Azure Activity](data-connectors/azure-activity.md)
 - [Azure Batch Account](data-connectors/azure-batch-account.md)
-- [Azure AI Search](data-connectors/azure-cognitive-search.md)
+- [Azure Cognitive Search](data-connectors/azure-cognitive-search.md)
 - [Azure Data Lake Storage Gen1](data-connectors/azure-data-lake-storage-gen1.md)
 - [Azure DDoS Protection](data-connectors/azure-ddos-protection.md)
 - [Azure Event Hub](data-connectors/azure-event-hub.md)
@@ -419,6 +423,8 @@ Data connectors are available as part of the following offerings:
 - [Microsoft Defender for IoT](data-connectors/microsoft-defender-for-iot.md)
 - [Microsoft Defender for Office 365 (preview)](data-connectors/microsoft-defender-for-office-365.md)
 - [Microsoft Defender Threat Intelligence](data-connectors/microsoft-defender-threat-intelligence.md)
+- [Microsoft Entra ID](data-connectors/azure-active-directory.md)
+- [Microsoft Entra ID Protection](data-connectors/microsoft-entra-id-protection.md)
 - [Microsoft PowerBI (preview)](data-connectors/microsoft-powerbi.md)
 - [Microsoft Project (preview)](data-connectors/microsoft-project.md)
 - [Microsoft Purview (preview)](data-connectors/microsoft-purview.md)
@@ -611,6 +617,9 @@ Data connectors are available as part of the following offerings:
 
 - [SentinelOne (using Azure Functions)](data-connectors/sentinelone-using-azure-functions.md)
 
+## SERAPHIC ALGORITHMS LTD
+- [Seraphic Web Security](data-connectors/seraphic-web-security.md)
+
 ## Slack
 
 - [Slack Audit (using Azure Functions)](data-connectors/slack-audit-using-azure-functions.md)
@@ -679,6 +688,10 @@ Data connectors are available as part of the following offerings:
 
 - [Ubiquiti UniFi (Preview)](data-connectors/ubiquiti-unifi.md)
 
+## Valence Security Inc.
+
+- [SaaS Security](data-connectors/saas-security.md)
+
 ## vArmour Networks
 
 - [vArmour Application Controller](data-connectors/varmour-application-controller.md)

articles/sentinel/data-connectors/armorblox-using-azure-functions.md

@@ -3,7 +3,7 @@ title: "Armorblox (using Azure Functions) connector for Microsoft Sentinel"
 description: "Learn how to install the connector Armorblox (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 07/26/2023
+ms.date: 01/06/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
@@ -20,7 +20,7 @@ The [Armorblox](https://www.armorblox.com/) data connector provides the capabili
 | **Azure function app code** | https://aka.ms/sentinel-armorblox-functionapp |
 | **Log Analytics table(s)** | Armorblox_CL<br/> |
 | **Data collection rules support** | Not currently supported |
-| **Supported by** | [armorblox](https://www.armorblox.com/contact/) |
+| **Supported by** | [Armorblox](https://www.armorblox.com/contact/) |
 
 ## Query samples
 

articles/sentinel/data-connectors/cisco-asa-ftd-via-ama.md

@@ -0,0 +1,63 @@
+---
+title: "Cisco ASA/FTD via AMA (Preview) connector for Microsoft Sentinel"
+description: "Learn how to install the connector Cisco ASA/FTD via AMA (Preview) to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: how-to
+ms.date: 01/06/2024
+ms.service: microsoft-sentinel
+ms.author: cwatson
+---
+
+# Cisco ASA/FTD via AMA (Preview) connector for Microsoft Sentinel
+
+The Cisco ASA firewall connector allows you to easily connect your Cisco ASA logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Log Analytics table(s)** | CommonSecurityLog<br/> |
+| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |
+| **Supported by** | [Microsoft Corporation](https://support.microsoft.com/) |
+
+## Query samples
+
+**All logs**
+   ```kusto
+CommonSecurityLog
+
+   | where DeviceVendor == "Cisco"
+
+   | where DeviceProduct == "ASA"
+            
+   | sort by TimeGenerated
+   ```
+
+
+
+## Prerequisites
+
+To integrate with Cisco ASA/FTD via AMA (Preview) make sure you have: 
+
+- To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)
+
+
+## Vendor installation instructions
+
+Enable data collection rule​
+
+Cisco ASA/FTD event logs are collected only from **Linux** agents.
+
+
+
+
+Run the following command to install and apply the Cisco ASA/FTD collector:
+
+
+   `sudo wget -O Forwarder_AMA_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Forwarder_AMA_installer.py&&sudo python Forwarder_AMA_installer.py`
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-ciscoasa?tab=Overview) in the Azure Marketplace.