Merge pull request #177320 from yelevin/yelevin/sec-events-ga

Security events connector GA

Author: PRMerger17

articles/sentinel/connect-windows-security-events.md

@@ -31,7 +31,7 @@ The Windows Security Events connector supports the following versions:
 |Connector version  |Description  |
 |---------|---------|
 |**Security events**     |Legacy version, based on the Log Analytics Agent, and sometimes known as the Microsoft Monitoring Agent (MMA) or the OMS agent. <br><br>Limited to 10,000 events per second. To ensure optimal performance, make sure to keep to 8,500 events per second or fewer.       |
-|**Windows Security Events**     |Newer version, currently in preview, and based on the Azure Monitor Agent (AMA.)   <br><br>Supports additional features, such as pre-ingestion log filtering and individual data collection rules for certain groups of machines.      |
+|**Windows Security Events**     |Newer version **(now in general availability!)** based on the Azure Monitor Agent (AMA.)   <br><br>Supports additional features, such as pre-ingestion log filtering and individual data collection rules for certain groups of machines.      |
 |     |         |
 
 
@@ -66,9 +66,9 @@ You can select which events to stream from among the following sets: <a name="ev
 
 # [Azure Monitor Agent (New)](#tab/AMA)
 
-> [!IMPORTANT]
+> [!NOTE]
 >
-> - The Windows Security Events data connector based on the Azure Monitor Agent (AMA) is currently in **PREVIEW**. See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+> - The Windows Security Events data connector based on the Azure Monitor Agent (AMA) has now been released into general availability.
 
 The [Azure Monitor agent](../azure-monitor/agents/azure-monitor-agent-overview.md) uses **Data collection rules (DCR)** to define the data to collect from each agent. Data collection rules let you manage collection settings at scale while still allowing unique, scoped configurations for subsets of machines. They are independent of the workspace and independent of the virtual machine, which means they can be defined once and reused across machines and environments. See [Configure data collection for the Azure Monitor agent](../azure-monitor/agents/data-collection-rule-azure-monitor-agent.md).
 
@@ -168,8 +168,8 @@ You'll see all your data collection rules (including those created through the A
 > Get-WinEvent -LogName 'Application' -FilterXPath $XPath
 > ```
 > - If events are returned, the query is valid.
-> - If you receive the message No events were found that match the specified selection criteria., the query may be valid, but there are no matching events on the local machine.
-> - If you receive the message The specified query is invalid , the query syntax is invalid.
+> - If you receive the message "*No events were found that match the specified selection criteria*," the query may be valid, but there are no matching events on the local machine.
+> - If you receive the message "*The specified query is invalid*," the query syntax is invalid.
 
 ### Create data collection rules using the API
 

articles/sentinel/data-connectors-reference.md

@@ -1327,7 +1327,7 @@ If a longer timeout duration is required, consider upgrading to an [App Service
 | | |
 
 
-## Security events (Windows)
+## Security events via Legacy Agent (Windows)
 
 | Connector attribute | Description |
 | --- | --- |
@@ -1338,6 +1338,8 @@ If a longer timeout duration is required, consider upgrading to an [App Service
 
 For more information, see [Insecure protocols workbook setup](./get-visibility.md#use-built-in-workbooks).
 
+See also: [**Windows Security Events via AMA**](#windows-security-events-via-ama) connector based on Azure Monitor Agent (AMA)
+
 ## SentinelOne (Preview)
 
 | Connector attribute | Description |
@@ -1565,15 +1567,17 @@ Follow the instructions to obtain the credentials.
 | **Supported by** | Microsoft |
 | | |
 
-## Windows security events
+## Windows security events via AMA
 
 | Connector attribute | Description |
 | --- | --- |
-| **Data ingestion method** | **Azure service-to-service integration: <br>[Connect to Windows servers to collect security events](connect-windows-security-events.md)** (Top connector article) |
+| **Data ingestion method** | **Azure service-to-service integration: <br>[Connect to Windows servers to collect security events](connect-windows-security-events.md?tabs=AMA)** (Top connector article) |
 | **Log Analytics table(s)** | SecurityEvents |
 | **Supported by** | Microsoft |
 | | |
 
+See also: [**Security events via legacy agent**](#security-events-via-legacy-agent-windows) connector.
+
 ## Workplace from Facebook (Preview)
 
 | Connector attribute | Description |

articles/sentinel/whats-new.md

@@ -30,11 +30,16 @@ If you're looking for items older than six months, you'll find them in the [Arch
 
 ## October 2021
 
+- [Windows Security Events connector using Azure Monitor Agent now in GA](#windows-security-events-connector-using-azure-monitor-agent-now-in-ga)
 - [Defender for Office 365 events now available in the Microsoft 365 Defender connector (Public preview)](#defender-for-office-365-events-now-available-in-the-microsoft-365-defender-connector-public-preview)
 - [Playbook templates and gallery now available (Public preview)](#playbook-templates-and-gallery-now-available-public-preview)
 - [Manage template versions for your scheduled analytics rules (Public preview)](#manage-template-versions-for-your-scheduled-analytics-rules-public-preview)
 - [DHCP normalization schema (Public preview)](#dhcp-normalization-schema-public-preview)
 
+### Windows Security Events connector using Azure Monitor Agent now in GA
+
+The new version of the Windows Security Events connector, based on the Azure Monitor Agent, is now generally available! See [Connect to Windows servers to collect security events](connect-windows-security-events.md?tabs=AMA) for more information.
+
 ### Defender for Office 365 events now available in the Microsoft 365 Defender connector (Public preview)
 
 In addition to those from Microsoft Defender for Endpoint, you can now ingest raw [advanced hunting events](/microsoft-365/security/defender/advanced-hunting-overview) from [Microsoft Defender for Office 365](/microsoft-365/security/office-365-security/overview) through the [Microsoft 365 Defender connector](connect-microsoft-365-defender.md). [Learn more](microsoft-365-defender-sentinel-integration.md#advanced-hunting-event-collection).