Merge pull request #124180 from didier-danloy/sysmon4sentinel

Jak-MS · web-flow · commit 9fc39c2722dd · 2024-08-22T16:01:09.000-06:00
remove instruction to deploy ASIM. Now built-in into Sentinel. Updated examples too
diff --git a/articles/sentinel/data-connectors/microsoft-sysmon-for-linux.md b/articles/sentinel/data-connectors/microsoft-sysmon-for-linux.md
@@ -3,7 +3,7 @@ title: "Microsoft Sysmon For Linux connector for Microsoft Sentinel"
 description: "Learn how to install the connector Microsoft Sysmon For Linux to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 04/26/2024
+ms.date: 08/20/2024
 ms.service: microsoft-sentinel
 ms.custom: linux-related-content
 ms.author: cwatson
@@ -13,7 +13,7 @@ ms.collection: sentinel-data-connector
 # Microsoft Sysmon For Linux connector for Microsoft Sentinel
 
 [Sysmon for Linux](https://github.com/Sysinternals/SysmonForLinux) provides detailed information about process creations, network connections and other system events.
-[Sysmon for linux link:]. The Sysmon for Linux connector uses [Syslog](https://aka.ms/sysLogInfo) as its data ingestion method. This solution depends on ASIM to work as expected. [Deploy ASIM](https://aka.ms/DeployASIM) to get the full value from the solution.
+[Sysmon for linux link:]. The Sysmon for Linux connector uses [Syslog](https://aka.ms/sysLogInfo) as its data ingestion method. This solution depends on ASIM to work as expected.
 
 This is autogenerated content. For changes, contact the solution provider.
 
@@ -30,7 +30,7 @@ This is autogenerated content. For changes, contact the solution provider.
 **Top 10 Events by ActingProcessName**
 
    ```kusto
-vimProcessCreateLinuxSysmon
+_Im_ProcessCreate_LinuxSysmonV03
             
    | summarize count() by ActingProcessName
              
@@ -42,15 +42,15 @@ vimProcessCreateLinuxSysmon
 ## Vendor installation instructions
 
 
->This data connector depends on ASIM parsers based on a Kusto Functions to work as expected. [Deploy the parsers](https://aka.ms/ASimSysmonForLinuxARM) 
+>This data connector depends on ASIM parsers based on a Kusto Functions to work as expected. 
 
- The following functions will be deployed:
+ The following functions are available:
 
- - vimFileEventLinuxSysmonFileCreated, vimFileEventLinuxSysmonFileDeleted
+ - _Im_FileEvent_LinuxSysmonFileCreatedV02, _Im_FileEvent_LinuxSysmonFileDeletedV02
 
- - vimProcessCreateLinuxSysmon, vimProcessTerminateLinuxSysmon
+ - _Im_ProcessCreate_LinuxSysmonV03, _Im_ProcessTerminate_LinuxSysmonV02
 
- - vimNetworkSessionLinuxSysmon 
+ - _Im_NetworkSession_LinuxSysmonV04 
 
 [Read more](https://aka.ms/AboutASIM)
 
