updates from Preeti and miriam

rkarlin · rkarlin · commit aebcf4be603b · 2020-02-19T08:34:59.000+02:00
diff --git a/articles/sentinel/connect-asc-iot.md b/articles/sentinel/connect-asc-iot.md
@@ -22,9 +22,7 @@ ms.author: rkarlin
 
 
 > [!IMPORTANT]
-> The Azure Security Center for IoT data connector is currently in public preview.
-> This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
-> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+> The Azure Security Center for IoT data connector is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 Use the Azure Security Center for IoT connector to stream all your Azure Security Center for IoT events into Azure Sentinel. 
 
@@ -36,7 +34,7 @@ Use the Azure Security Center for IoT connector to stream all your Azure Securit
 - **Read** and **Write** permissions on the **Azure IoT Hub resource group**
 
 > [!NOTE]
-> You must have the Azure Security Center Standard tier licensing running on your subscription to send general Azure resource alerts. With the free tier licensing required for Azure Security Center for IoT, only Azure Security Center for IoT related alerts will be forwarded to Azure Sentinel. 
+> While you must enable the Azure Security Center **Standard** tier license on your subscription to stream IoT resource alerts to Azure Sentinel, you only need to enable the Azure Security Center **Free** tier license on your subscription to view Azure Security Center for IoT alerts in Azure Sentinel. 
 
 ## Connect to Azure Security Center for IoT
 
diff --git a/articles/sentinel/connect-data-sources.md b/articles/sentinel/connect-data-sources.md
@@ -41,35 +41,46 @@ The following data connection methods are supported by Azure Sentinel:
 
 - **Service to service integration**:<br> Some services are connected natively, such as AWS and Microsoft services, these services leverage the Azure foundation for out-of-the box integration, the following solutions can be connected in a few clicks:
     - [Amazon Web Services - CloudTrail](connect-aws.md)
-    - [Office 365](connect-office-365.md)
-    - [Azure AD audit logs and sign-ins](connect-azure-active-directory.md)
     - [Azure Activity](connect-azure-activity.md)
+    - [Azure AD audit logs and sign-ins](connect-azure-active-directory.md)
     - [Azure AD Identity Protection](connect-azure-ad-Identity-protection.md)
-    - [Azure Security Center](connect-azure-security-center.md)
-    - [Azure Information Protection](connect-azure-information-protection.md)
     - [Azure Advanced Threat Protection](connect-azure-atp.md)
+    - [Azure Information Protection](connect-azure-information-protection.md)
+    - [Azure Security Center](connect-azure-security-center.md)
     - [Cloud App Security](connect-cloud-app-security.md)
+    - [Domain name server](connect-dns.md)
+    - [Office 365](connect-office-365.md)
+    - [Microsoft Defender ATP](connect-microsoft-defender-advanced-threat-protection.md)
+    - [Microsoft web application firewall](connect-microsoft-waf.md)
     - [Windows security events](connect-windows-security-events.md) 
     - [Windows firewall](connect-windows-firewall.md)
+    - [Windows security events](connect-windows-security-events.md)
 
 - **External solutions via API**: Some data sources are connected using APIs that are provided by the connected data source. Typically, most security technologies provide a set of APIs through which event logs can be retrieved.The APIs connect to Azure Sentinel and gather specific data types and send them to Azure Log Analytics. Appliances connected via API include:
     - [Barracuda](connect-barracuda.md)
-    - [Symantec](connect-symantec.md)
+    - [Barracuda CloudGen Firewall](connect-barracuda-cloudgen-firewall.md)
     - [Citrix Analytics (Security)](connect-citrix-analytics.md)
+    - [F5 BIG-IP](connect-f3-big-ip.md)
+    - [Forcepoint DLP](connect-forcepoint-dlp.md)
+    - [Squadra Technologies secRMM](connect-squadra-secrmm.md)
+    - [Symantec ICDX](connect-symantec.md)
+    - [Zimperium](connect-zimperium.md)
+
 
 - **External solutions via agent**: Azure Sentinel can be connected to all other data sources that can perform real-time log streaming using the Syslog protocol, via an agent. <br>Most appliances use the Syslog protocol to send event messages that include the log itself and data about the log. The format of the logs varies, but most appliances support the Common Event Format (CEF) based formatting for logs data. <br>The Azure Sentinel agent, which is based on the Log Analytics agent, converts CEF formatted logs into a format that can be ingested by Log Analytics. Depending on the appliance type, the agent is installed either directly on the appliance, or on a dedicated Linux server. The agent for Linux receives events from the Syslog daemon over UDP, but if a Linux machine is expected to collect a high volume of Syslog events, they are sent over TCP from the Syslog daemon to the agent and from there to Log Analytics.
     - Firewalls, proxies, and endpoints:
-        - [F5](connect-f5.md)
         - [Check Point](connect-checkpoint.md)
         - [Cisco ASA](connect-cisco.md)
+        - [ExtraHop Reveal(x)](connect-extrahop.md)
+        - [F5](connect-f5.md)
+        - [Forcepoint products](connect-forcepoint-casb-ngfw.md)
         - [Fortinet](connect-fortinet.md)
-        - [Palo Alto](connect-paloalto.md)
+        - [Palo Alto Networks](connect-paloalto.md)
+        - [One Identity Safeguard](connect-one-identity.md)
         - [Other CEF appliances](connect-common-event-format.md)
         - [Other Syslog appliances](connect-syslog.md)
-        - [Barracuda CloudGen Firewall](connect-barracuda-cloudgen-firewall.md)
-        - [ExtraHop Reveal(x)](connect-extrahop.md)
-        - [One Identity Safeguard](connect-one-identity.md)
         - [Trend Micro Deep Security](connect-trend-micro.md)
+        - [Zscaler](connect-zscaler.md)
     - DLP solutions
     - [Threat intelligence providers](connect-threat-intelligence.md)
     - [DNS machines](connect-dns.md) - agent installed directly on the DNS machine
diff --git a/articles/sentinel/connect-forcepoint-casb-ngfw.md b/articles/sentinel/connect-forcepoint-casb-ngfw.md
@@ -19,10 +19,8 @@ ms.author: rkarlin
 
 # Connect your Forcepoint products to Azure Sentinel
 
-​> [!IMPORTANT]
-> The Forcepoint products data connector in Azure Sentinel is currently in public preview.
-> This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
-> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+> [!IMPORTANT]
+> The Forcepoint products data connector in Azure Sentinel is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 
 This article explains how to connect your Forcepoint products to Azure Sentinel. 
diff --git a/articles/sentinel/connect-forcepoint-dlp.md b/articles/sentinel/connect-forcepoint-dlp.md
@@ -19,10 +19,8 @@ ms.author: rkarlin
 
 # Connect your Forcepoint DLP to Azure Sentinel
 
-​> [!IMPORTANT]
-> The Forcepoint DLP data connector in Azure Sentinel is currently in public preview.
-> This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
-> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+> [!IMPORTANT]
+> The Forcepoint DLP data connector in Azure Sentinel is currently in public preview. This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 
 
diff --git a/articles/sentinel/connect-squadra-secrmm.md b/articles/sentinel/connect-squadra-secrmm.md
@@ -18,7 +18,7 @@ ms.author: rkarlin
 
 # Connect your Squadra Technologies secRMM data to Azure Sentinel 
 
-​> [!IMPORTANT]
+> [!IMPORTANT]
 > The Squadra Technologies secRMM data connector in Azure Sentinel is currently in public preview.
 > This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
 > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
diff --git a/articles/sentinel/connect-zimperium-mtd.md b/articles/sentinel/connect-zimperium-mtd.md
@@ -19,7 +19,7 @@ ms.author: rkarlin
 # Connect your Zimperium Mobile Threat Defense to Azure Sentinel
 
 
-​> [!IMPORTANT]
+> [!IMPORTANT]
 > The Zimperium Mobile Threat Defense data connector in Azure Sentinel is currently in public preview.
 > This feature is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
 > For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
diff --git a/articles/sentinel/fusion.md b/articles/sentinel/fusion.md
@@ -17,6 +17,14 @@ ms.author: rkarlin
 ---
 # Advanced multistage attack detection in Azure Sentinel
 
+
+> [!IMPORTANT]
+> Some Fusion features in Azure Sentinel are currently in public preview.
+> These features are provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
+> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
+
+
+
 By using Fusion technology that’s based on machine learning, Azure Sentinel can automatically detect multistage attacks by combining anomalous behaviors and suspicious activities that are observed at various stages of the kill-chain. Azure Sentinel then generates incidents that would otherwise be very difficult to catch. These incidents encase two or more alerts or activities. By design, these incidents are low volume, high fidelity, and high severity.
 
 Customized for your environment, this detection not only reduces false positive rates but can also detect attacks with limited or missing information.
