Rmv > and minor edits

Author: cwatson-cat

.openpublishing.redirection.sentinel.json

@@ -1160,6 +1160,11 @@
             "redirect_url": "/azure/sentinel/notebooks-hunt",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/sentinel/data-connectors/dns.md",
+            "redirect_url": "/azure/sentinel/data-connectors/windows-dns-events-via-ama",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/sentinel/data-connectors/ai-analyst-darktrace.md",
             "redirect_url": "/azure/sentinel/data-connectors-reference",
@@ -1595,11 +1600,6 @@
             "redirect_url": "/azure/sentinel/data-connectors/crowdstrike-falcon-data-replicator-v2",
             "redirect_document_id": true
         },
-        {
-            "source_path_from_root": "/articles/sentinel/data-connectors/dns.md",
-            "redirect_url": "/azure/sentinel/data-connectors/windows-dns-events-via-ama",
-            "redirect_document_id": false
-        },
         {
             "source_path_from_root": "/articles/sentinel/data-connectors/fortinet-fortiweb-web-application-firewall.md",
             "redirect_url": "/azure/sentinel/data-connectors/deprecated-fortinet-fortiweb-web-application-firewall-via-legacy-agent",

articles/sentinel/TOC.yml

@@ -320,8 +320,6 @@
       href: data-connectors/recommended-cisco-secure-email-gateway-via-ama.md
     - name: '[Recommended] Claroty via AMA'
       href: data-connectors/recommended-claroty-via-ama.md
-    - name: '[Recommended] CrowdStrike Falcon Endpoint Protection via AMA'
-      href: data-connectors/recommended-crowdstrike-falcon-endpoint-protection-via-ama.md
     - name: '[Recommended] FireEye Network Security (NX) via AMA'
       href: data-connectors/recommended-fireeye-network-security-nx-via-ama.md
     - name: '[Recommended] Forcepoint CASB via AMA'

articles/sentinel/data-connectors-reference.md

@@ -36,7 +36,7 @@ Data connectors are available as part of the following offerings:
 
 ## Syslog and Common Event Format (CEF) connectors
 
-Some Microsoft Sentinel solutions are supported by the data connectors Syslog via AMA or Common Event Format (CEF) via AMA in Microsoft Sentinel. To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in [Ingest Syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md). These steps include installing either the **Common Event Format** or **Syslog** solution from the **Content hub** in Microsoft Sentinel. Then, configure the related AMA connector that's installed with the solution. Complete the set up by configuring the appropriate devices or appliances. For more information, refer to the solution provider's installation instructions or contact the solution provider.
+Some Microsoft Sentinel solutions are supported by the data connectors Syslog via AMA or Common Event Format (CEF) via AMA in Microsoft Sentinel. To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in [Ingest Syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md). These steps include installing either the **Common Event Format** or **Syslog** solution from the **Content hub** in Microsoft Sentinel. Then, configure the related AMA connector that's installed with the solution. Complete the setup by configuring the appropriate devices or appliances. For more information, see the solution provider's installation instructions or contact the solution provider.
 
 [comment]: <> (DataConnector includes start)
 
@@ -187,7 +187,6 @@ Some Microsoft Sentinel solutions are supported by the data connectors Syslog vi
 ## Crowdstrike
 
 - [[Deprecated] CrowdStrike Falcon Endpoint Protection via Legacy Agent](data-connectors/deprecated-crowdstrike-falcon-endpoint-protection-via-legacy-agent.md)
-- [[Recommended] CrowdStrike Falcon Endpoint Protection via AMA](data-connectors/recommended-crowdstrike-falcon-endpoint-protection-via-ama.md)
 - [Crowdstrike Falcon Data Replicator (using Azure Functions)](data-connectors/crowdstrike-falcon-data-replicator.md)
 - [Crowdstrike Falcon Data Replicator V2 (using Azure Functions)](data-connectors/crowdstrike-falcon-data-replicator-v2.md)
 

articles/sentinel/data-connectors/bitsight-data-connector.md

@@ -131,7 +131,7 @@ To integrate with Bitsight data connector (using Azure Functions) make sure you
    >  This connector uses Azure Functions to connect to the BitSight API to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.
 
 
->**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.
+**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.
 
 
 **STEP 1 - Steps to Create/Get Bitsight API Token**
@@ -187,7 +187,7 @@ To integrate with Bitsight data connector (using Azure Functions) make sure you
 
 **STEP 5 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**
 
->**IMPORTANT:** Before deploying the BitSight data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the BitSight API Token.
+**IMPORTANT:** Before deploying the BitSight data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the BitSight API Token.
 
 
 
@@ -233,7 +233,7 @@ Use the following step-by-step instructions to deploy the BitSight data connecto
 
 **1. Deploy a Function App**
 
-> **NOTE:** You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.
+**NOTE:** You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.
 
 1. Download the [Azure Function App](https://aka.ms/sentinel-BitSight-functionapp) file. Extract archive to your local development computer.
 2. Start VS Code. Choose File in the main menu and select Open Folder.

articles/sentinel/data-connectors/claroty-xdome.md

@@ -39,11 +39,11 @@ CommonSecurityLog
 
 ## Vendor installation instructions
 
-1. Linux Syslog agent configuration
+1.0 Linux Syslog agent configuration
 
 Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.
 
-> Notice that the data from all regions will be stored in the selected workspace
+Notice that the data from all regions will be stored in the selected workspace
 
 1.1 Select or create a Linux machine
 
@@ -53,31 +53,31 @@ Select or create a Linux machine that Microsoft Sentinel will use as the proxy b
 
 Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.
 
-> 1. Make sure that you have Python on your machine using the following command: python --version.
+1. Make sure that you have Python on your machine using the following command: python --version.
 
-> 2. You must have elevated permissions (sudo) on your machine.
+2. You must have elevated permissions (sudo) on your machine.
 
    Run the following command to install and apply the CEF collector:
 
    `sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}`
 
 2. Forward Common Event Format (CEF) logs to Syslog agent
 
-Configure the Claroty xDome - Microsoft Sentinel integration to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.
+   Configure the Claroty xDome - Microsoft Sentinel integration to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.
 
 3. Validate connection
 
 Follow the instructions to validate your connectivity:
 
 Open Log Analytics to check if the logs are received using the CommonSecurityLog schema.
 
->It may take about 20 minutes until the connection streams data to your workspace.
+It may take about 20 minutes until the connection streams data to your workspace.
 
 If the logs are not received, run the following connectivity validation script:
 
-> 1. Make sure that you have Python on your machine using the following command: python --version
+1. Make sure that you have Python on your machine using the following command: python --version
 
->2. You must have elevated permissions (sudo) on your machine
+2. You must have elevated permissions (sudo) on your machine
 
    Run the following command to validate your connectivity:
 
@@ -88,7 +88,7 @@ If the logs are not received, run the following connectivity validation script:
 Make sure to configure the machine's security according to your organization's security policy
 
 
-[Learn more >](https://aka.ms/SecureCEF)
+[Learn more](https://aka.ms/SecureCEF)
 
 
 

articles/sentinel/data-connectors/deprecated-crowdstrike-falcon-endpoint-protection-via-legacy-agent.md

@@ -56,11 +56,11 @@ CrowdStrikeFalconEventStream
 
 **NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias Crowd Strike Falcon Endpoint Protection and load the function code or click [here](https://aka.ms/sentinel-crowdstrikefalconendpointprotection-parser), on the second line of the query, enter the hostname(s) of your CrowdStrikeFalcon device(s) and any other unique identifiers for the logstream. The function usually takes 10-15 minutes to activate after solution installation/update.
 
-1. Linux Syslog agent configuration
+1.0 Linux Syslog agent configuration
 
 Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.
 
-> Notice that the data from all regions will be stored in the selected workspace
+Notice that the data from all regions will be stored in the selected workspace
 
 1.1 Select or create a Linux machine
 
@@ -70,9 +70,9 @@ Select or create a Linux machine that Microsoft Sentinel will use as the proxy b
 
 Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.
 
-> 1. Make sure that you have Python on your machine using the following command: python -version.
+1. Make sure that you have Python on your machine using the following command: python -version.
 
-> 2. You must have elevated permissions (sudo) on your machine.
+2. You must have elevated permissions (sudo) on your machine.
 
    Run the following command to install and apply the CEF collector:
 
@@ -90,13 +90,13 @@ Follow the instructions to validate your connectivity:
 
 Open Log Analytics to check if the logs are received using the CommonSecurityLog schema.
 
->It may take about 20 minutes until the connection streams data to your workspace.
+It may take about 20 minutes until the connection streams data to your workspace.
 
 If the logs are not received, run the following connectivity validation script:
 
-> 1. Make sure that you have Python on your machine using the following command: python -version.
+1. Make sure that you have Python on your machine using the following command: python -version.
 
-> 2. You must have elevated permissions (sudo) on your machine
+2. You must have elevated permissions (sudo) on your machine
 
    Run the following command to validate your connectivity:
 
@@ -107,7 +107,7 @@ If the logs are not received, run the following connectivity validation script:
 Make sure to configure the machine's security according to your organization's security policy
 
 
-[Learn more >](https://aka.ms/SecureCEF)
+[Learn more](https://aka.ms/SecureCEF)
 
 
 

articles/sentinel/data-connectors/deprecated-fortinet-fortiweb-web-application-firewall-via-legacy-agent.md

@@ -41,11 +41,11 @@ Fortiweb
 
 ## Vendor installation instructions
 
-1. Linux Syslog agent configuration
+1.0 Linux Syslog agent configuration
 
 Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.
 
-> Notice that the data from all regions will be stored in the selected workspace
+Notice that the data from all regions will be stored in the selected workspace
 
 1.1 Select or create a Linux machine
 
@@ -90,7 +90,7 @@ If the logs are not received, run the following connectivity validation script:
 Make sure to configure the machine's security according to your organization's security policy
 
 
-[Learn more >](https://aka.ms/SecureCEF)
+[Learn more](https://aka.ms/SecureCEF)
 
 
 

articles/sentinel/data-connectors/deprecated-fortinet-via-legacy-agent.md

@@ -59,11 +59,11 @@ CommonSecurityLog
 
 ## Vendor installation instructions
 
-1. Linux Syslog agent configuration
+1.0 Linux Syslog agent configuration
 
 Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.
 
-> Notice that the data from all regions will be stored in the selected workspace
+Notice that the data from all regions will be stored in the selected workspace
 
 1.1 Select or create a Linux machine
 
@@ -94,16 +94,20 @@ Copy the CLI commands below and:
 
 For more information, go to the  [Fortinet Document Library](https://aka.ms/asi-syslog-fortinet-fortinetdocumentlibrary), choose your version, and use the "Handbook" and "Log Message Reference" PDFs.
 
-[Learn more >](https://aka.ms/CEF-Fortinet)
+[Learn more](https://aka.ms/CEF-Fortinet)
 
    Set up the connection using the CLI to run the following commands:
 
-   config log syslogd setting
+   
+```bash
+config log syslogd setting
     set status enable
 set format cef
 set port 514
 set server <ip_address_of_Receiver>
 end
+```
+
 
 3. Validate connection
 
@@ -128,7 +132,7 @@ If the logs are not received, run the following connectivity validation script:
 Make sure to configure the machine's security according to your organization's security policy
 
 
-[Learn more >](https://aka.ms/SecureCEF)
+[Learn more](https://aka.ms/SecureCEF)
 
 
 

articles/sentinel/data-connectors/netskope-data-connector.md

@@ -218,7 +218,7 @@ To integrate with Netskope Data Connector (using Azure Functions) make sure you
  5. Select **Add**. 
  6. *Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.* The secret value is required as configuration parameter for the execution of TriggersSync playbook. 
 
-> **Reference link:** [/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)
+**Reference link:** [/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)
 
 
 **STEP 3 - Assign role of Contributor to application in Microsoft Entra ID**