Merge pull request #295276 from Saisang/sai-dataconnectors20250225

v-ccolin · web-flow · commit a419f3c668ad · 2025-02-26T09:10:51.000Z
[Autogen] Data connectors Feb 2025
diff --git a/articles/sentinel/TOC.yml b/articles/sentinel/TOC.yml
@@ -394,6 +394,8 @@
       href: data-connectors/derdack-signl4.md
     - name: Digital Shadows Searchlight (using Azure Functions)
       href: data-connectors/digital-shadows-searchlight-using-azure-functions.md
+    - name: Doppel Data Connector
+      href: data-connectors/doppel-data-connector.md
     - name: Dynamics 365
       href: data-connectors/dynamics-365.md
     - name: Dynatrace Attacks
@@ -426,6 +428,8 @@
       href: data-connectors/forescout-host-property-monitor.md
     - name: Fortinet FortiNDR Cloud (using Azure Functions)
       href: data-connectors/fortinet-fortindr-cloud.md
+    - name: Garrison ULTRA Remote Logs (using Azure Functions)
+      href: data-connectors/garrison-ultra-remote-logs.md
     - name: Gigamon AMX Data Connector
       href: data-connectors/gigamon-amx-data-connector.md
     - name: GitHub (using Webhooks) (using Azure Functions)
diff --git a/articles/sentinel/data-connectors-reference.md b/articles/sentinel/data-connectors-reference.md
@@ -241,6 +241,10 @@ For more information about the codeless connector platform, see [Create a codele
 
 - [Digital Shadows Searchlight (using Azure Functions)](data-connectors/digital-shadows-searchlight.md)
 
+## Doppel
+
+- [Doppel Data Connector](data-connectors/doppel-data-connector.md)
+
 ## Dynatrace
 
 - [Dynatrace Attacks](data-connectors/dynatrace-attacks.md)
@@ -281,6 +285,10 @@ For more information about the codeless connector platform, see [Create a codele
 
 - [Fortinet FortiNDR Cloud (using Azure Functions)](data-connectors/fortinet-fortindr-cloud.md)
 
+## Garrison Technology
+
+- [Garrison ULTRA Remote Logs (using Azure Functions)](data-connectors/garrison-ultra-remote-logs.md)
+
 ## Gigamon, Inc
 
 - [Gigamon AMX Data Connector](data-connectors/gigamon-amx-data-connector.md)
diff --git a/articles/sentinel/data-connectors/doppel-data-connector.md b/articles/sentinel/data-connectors/doppel-data-connector.md
@@ -0,0 +1,56 @@
+---
+title: "Doppel Data connector for Microsoft Sentinel"
+description: "Learn how to install the connector Doppel Data to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: generated-reference
+ms.date: 02/20/2025
+ms.service: microsoft-sentinel
+ms.author: cwatson
+ms.collection: sentinel-data-connector
+---
+
+# Doppel Data connector for Microsoft Sentinel
+
+The data connector is built on Microsoft Sentinel for Doppel events and alerts and supports DCR-based [ingestion time transformations](/azure/azure-monitor/logs/ingestion-time-transformations) that parses the received security event data into a custom column so that queries don't need to parse it again, thus resulting in better performance.
+
+This is autogenerated content. For changes, contact the solution provider.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Log Analytics table(s)** | DoppelTable_CL<br/> |
+| **Data collection rules support** | Not currently supported |
+| **Supported by** | [Doppel](https://www.doppel.com/request-a-demo) |
+
+## Query samples
+
+**One event log**
+
+   ```kusto
+DoppelTable_CL 
+   | take 1
+   ```
+
+
+
+## Prerequisites
+
+To integrate with Doppel Data Connector make sure you have: 
+
+- **Microsoft Entra Tenant ID, Client ID and Client Secret**: Microsoft Entra ID requires a Client ID and Client Secret to authenticate your application. Additionally, Global Admin/Owner level access is required to assign the Entra-registered application a Resource Group Monitoring Metrics Publisher role.
+- **Requires Workspace ID, DCE-URI, DCR-ID**: You will need to get the Log Analytics Workspace ID, DCE Logs Ingestion URI and DCR Immutable ID for the configuration.
+
+
+## Vendor installation instructions
+
+Configure Doppel Webhook
+
+Configure the Webhook in Doppel and Endpoint with permissions in Microsoft Sentinel to send data.
+
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/doppel.azure-sentinel-solution-doppel?tab=Overview) in the Azure Marketplace.
diff --git a/articles/sentinel/data-connectors/garrison-ultra-remote-logs.md b/articles/sentinel/data-connectors/garrison-ultra-remote-logs.md
@@ -0,0 +1,66 @@
+---
+title: "Garrison ULTRA Remote Logs (using Azure Functions) connector for Microsoft Sentinel"
+description: "Learn how to install the connector Garrison ULTRA Remote Logs (using Azure Functions) to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: generated-reference
+ms.date: 02/20/2025
+ms.service: microsoft-sentinel
+ms.author: cwatson
+ms.collection: sentinel-data-connector
+---
+
+# Garrison ULTRA Remote Logs (using Azure Functions) connector for Microsoft Sentinel
+
+The [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) Remote Logs connector allows you to ingest Garrison ULTRA Remote Logs into Microsoft Sentinel.
+
+This is autogenerated content. For changes, contact the solution provider.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Log Analytics table(s)** | Garrison_ULTRARemoteLogs_CL<br/> |
+| **Data collection rules support** | Not currently supported |
+| **Supported by** | [Garrison](https://support.ultra.garrison.com) |
+
+## Query samples
+
+**Last 10 logs**
+
+   ```kusto
+Garrison_ULTRARemoteLogs_CL
+ 
+   | top 10 by TimeGenerated desc
+   ```
+
+
+
+## Prerequisites
+
+To integrate with Garrison ULTRA Remote Logs (using Azure Functions) make sure you have: 
+
+- **Garrison ULTRA**: To use this data connector you must have an active [Garrison ULTRA](https://www.garrison.com/en/garrison-ultra-cloud-platform) license.
+
+
+## Vendor installation instructions
+
+Deployment - Azure Resource Manager (ARM) Template
+
+These steps outline the automated deployment of the Garrison ULTRA Remote Logs data connector using an ARM Template.
+
+1. Click the **Deploy to Azure** button below. 
+	
+ 	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzure-Sentinel%2Frefs%2Fheads%2Fmaster%2FSolutions%2FGarrison%2520ULTRA%2FData%2520Connectors%2FGarrisonULTRARemoteLogs%2Fazuredeploy_DataCollectionResources.json) 			
+2. Provide the required details such as Resource Group, Microsoft Sentinel Workspace and ingestion configurations 
+
+	> [!NOTE]
+	> It is recommended to create a new Resource Group for deployment of these resources.
+
+3. Mark the checkbox labeled **I agree to the terms and conditions stated above**. 
+4. Click **Purchase** to deploy.
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/garrisontechnologyltd1725375696148.microsoft-sentinel-solution-garrison-ultra?tab=Overview) in the Azure Marketplace.
