Update parser instructions

haim-na · web-flow · commit aaf0e63c9c5d · 2024-07-07T14:19:36.000+03:00
Instruct the update the hostnames in the parser's first line instead of the second
diff --git a/articles/sentinel/unified-connector-syslog-device.md b/articles/sentinel/unified-connector-syslog-device.md
@@ -62,7 +62,7 @@ This data connector was developed using Cisco Stealthwatch version 7.3.2
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.
+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
 > To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CiscoUCS**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.txt). It might take about 15-minutes post-installation to update.
 
@@ -240,7 +240,7 @@ Complete the following steps.
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.
+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 > 
 > To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **PulseConnectSecure**. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update.
 
@@ -252,7 +252,7 @@ Complete the following steps to get RSA® SecurID Authentication Manager logs in
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.
+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
 > To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **RSASecurIDAMEvent**. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update.
 
@@ -266,7 +266,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line. 
+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
 > To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SophosXGFirewall**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update.
 
 
@@ -278,7 +278,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line. 
+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
 > To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecEndpointProtection**. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update.
 
 ## Symantec ProxySG
@@ -298,7 +298,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.
+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 > 
 > To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecProxySG**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update.
 
@@ -309,7 +309,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line. 
+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
 >
 > To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecVIP**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.txt). It might take about 15 minutes post-installation to update.
 
@@ -325,7 +325,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.
+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
 > To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update.
 
@@ -336,4 +336,4 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 ## Related content
 
 - [Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md)
-- [Syslog via AMA and Common Event Format (CEF) via AMA connectors for Microsoft Sentinel](cef-syslog-ama-overview.md)
+- [Syslog via AMA and Common Event Format (CEF) via AMA connectors for Microsoft Sentinel](cef-syslog-ama-overview.md)

Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,7 @@ This data connector was developed using Cisco Stealthwatch version 7.3.2`
`62`	`62`	`> [!NOTE]`
`63`	`63`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`64`	`64`	`>`
`65`		`-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.`
	`65`	`+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`66`	`66`	`>`
`67`	`67`	`> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CiscoUCS. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.txt). It might take about 15-minutes post-installation to update.`
`68`	`68`
`@@ -240,7 +240,7 @@ Complete the following steps.`
`240`	`240`	`> [!NOTE]`
`241`	`241`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`242`	`242`	`>`
`243`		`-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.`
	`243`	`+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`244`	`244`	`>`
`245`	`245`	`> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias PulseConnectSecure. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update.`
`246`	`246`
`@@ -252,7 +252,7 @@ Complete the following steps to get RSA® SecurID Authentication Manager logs in`
`252`	`252`	`> [!NOTE]`
`253`	`253`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`254`	`254`	`>`
`255`		`-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.`
	`255`	`+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`256`	`256`	`>`
`257`	`257`	`> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias RSASecurIDAMEvent. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update.`
`258`	`258`
`@@ -266,7 +266,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`266`	`266`	`> [!NOTE]`
`267`	`267`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`268`	`268`	`>`
`269`		`-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.`
	`269`	`+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`270`	`270`	`> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SophosXGFirewall. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update.`
`271`	`271`
`272`	`272`
`@@ -278,7 +278,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`278`	`278`	`> [!NOTE]`
`279`	`279`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`280`	`280`	`>`
`281`		`-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.`
	`281`	`+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`282`	`282`	`> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecEndpointProtection. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update.`
`283`	`283`
`284`	`284`	`## Symantec ProxySG`
`@@ -298,7 +298,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`298`	`298`	`> [!NOTE]`
`299`	`299`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`300`	`300`	`>`
`301`		`-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.`
	`301`	`+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`302`	`302`	`>`
`303`	`303`	`> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecProxySG. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update.`
`304`	`304`
`@@ -309,7 +309,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`309`	`309`	`> [!NOTE]`
`310`	`310`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`311`	`311`	`>`
`312`		`-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.`
	`312`	`+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`313`	`313`	`>`
`314`	`314`	`> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecVIP. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.txt). It might take about 15 minutes post-installation to update.`
`315`	`315`
`@@ -325,7 +325,7 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`325`	`325`	`> [!NOTE]`
`326`	`326`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`327`	`327`	`>`
`328`		`-> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's second line.`
	`328`	`+> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`329`	`329`	`>`
`330`	`330`	`> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update.`
`331`	`331`
`@@ -336,4 +336,4 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`336`	`336`	`## Related content`
`337`	`337`
`338`	`338`	`- [Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md)`
`339`		`-- [Syslog via AMA and Common Event Format (CEF) via AMA connectors for Microsoft Sentinel](cef-syslog-ama-overview.md)`
	`339`	`+- [Syslog via AMA and Common Event Format (CEF) via AMA connectors for Microsoft Sentinel](cef-syslog-ama-overview.md)`