Datacnnectors update

Author: Saisang

articles/sentinel/data-connectors/amazon-web-services-s3.md

@@ -3,7 +3,7 @@ title: "Amazon Web Services S3 connector for Microsoft Sentinel"
 description: "Learn how to install the connector Amazon Web Services S3 to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 04/26/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -25,64 +25,10 @@ This is autogenerated content. For changes, contact the solution provider.
 
 | Connector attribute | Description |
 | --- | --- |
-| **Log Analytics table(s)** | AWSGuardDuty<br/> AWSVPCFlow<br/> AWSCloudTrail<br/> AWSCloudWatch<br/>|
-| **Data collection rules support** | [Supported as listed](/azure/azure-monitor/logs/tables-feature-support) |
+| **Log Analytics table(s)** | AWSGuardDuty<br/> AWSVPCFlow<br/> AWSCloudTrail<br/> AWSCloudWatch<br/> |
+| **Data collection rules support** | Not currently supported |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
 
-## Query samples
-
-**High severity findings summarized by activity type**
-
-   ```kusto
-AWSGuardDuty
-            
-   | where Severity > 7
-            
-   | summarize count() by ActivityType
-   ```
-
-**Top 10 rejected actions of type IPv4**
-
-   ```kusto
-AWSVPCFlow
-            
-   | where Action == "REJECT"
-            
-   | where Type == "IPv4"
-            
-   | take 10
-   ```
-
-**User creation events summarized by region**
-
-   ```kusto
-AWSCloudTrail
-            
-   | where EventName == "CreateUser"
-            
-   | summarize count() by AWSRegion
-   ```
-
-
-
-## Prerequisites
-
-To integrate with Amazon Web Services S3 make sure you have: 
-
-- **Environment**: you must have the following AWS resources defined and configured: S3, Simple Queue Service (SQS), IAM roles and permissions policies, and the AWS services whose logs you want to collect.
-
-
-## Vendor installation instructions
-
-1. Set up your AWS environment
-
-The​re are two options for setting up your AWS environment to send logs from an S3 bucket to your Log Analytics Workspace:
-
-
-2. Add connection
-
-
-
 
 ## Next steps
 

articles/sentinel/data-connectors/api-protection.md

@@ -3,7 +3,7 @@ title: "API Protection connector for Microsoft Sentinel"
 description: "Learn how to install the connector API Protection to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 10/28/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -72,7 +72,7 @@ Copy the values shown below and save them for configuration of the API log forwa
 
 Step 3: Install the 42Crunch protection and log forwarder
 
-The next step is to install the 42Crunch protection and log forwarder to protect your API. Both components are availabe as containers from the [42Crunch repository](https://hub.docker.com/u/42crunch). The exact installation depends on your environment, consult the [42Crunch protection documentation](https://docs.42crunch.com/latest/content/concepts/api_firewall_deployment_architecture.htm) for full details. Two common installation scenarios are described below:
+The next step is to install the 42Crunch protection and log forwarder to protect your API. Both components are availabe as containers from the [42Crunch repository](https://hub.docker.com/u/42crunch). The exact installation will depend on your environment, consult the [42Crunch protection documentation](https://docs.42crunch.com/latest/content/concepts/api_firewall_deployment_architecture.htm) for full details. Two common installation scenarios are described below:
 
 
 Installation via Docker Compose
@@ -89,11 +89,11 @@ In order to test the data ingestion the user should deploy the sample *httpbin*
 
 4.1 Install the sample
 
-The sample application can be installed locally using a [Docker compose file](https://github.com/42Crunch/azure-sentinel-integration/blob/main/sample-deployment/docker-compose.yml) which installs the httpbin API server, the 42Crunch API protection, and the Microsoft Sentinel log forwarder. Set the environment variables as required using the values copied from step 2.
+The sample application can be installed locally using a [Docker compose file](https://github.com/42Crunch/azure-sentinel-integration/blob/main/sample-deployment/docker-compose.yml) which will install the httpbin API server, the 42Crunch API protection and the Microsoft Sentinel log forwarder. Set the environment variables as required using the values copied from step 2.
 
 4.2 Run the sample
 
-Verfify the API protection is connected to the 42Crunch platform, and then exercise the API locally on the *localhost* at port 8080 using curl, or similar. You should see a mixture of passing and failing API calls. 
+Verfify the API protection is connected to the 42Crunch platform, and then exercise the API locally on the *localhost* at port 8080 using Postman, curl, or similar. You should see a mixture of passing and failing API calls. 
 
 4.3 Verify the data ingestion on Log Analytics
 

articles/sentinel/data-connectors/atlassian-confluence-audit.md

@@ -3,7 +3,7 @@ title: "Atlassian Confluence Audit (using Azure Functions) connector for Microso
 description: "Learn how to install the connector Atlassian Confluence Audit (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 10/15/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -20,7 +20,7 @@ This is autogenerated content. For changes, contact the solution provider.
 | Connector attribute | Description |
 | --- | --- |
 | **Application settings** | ConfluenceUsername<br/>ConfluenceAccessToken<br/>ConfluenceHomeSiteName<br/>WorkspaceID<br/>WorkspaceKey<br/>logAnalyticsUri (optional) |
-| **Azure function app code** | [https://aka.ms/sentinel-confluenceauditapi-functionapp](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AtlassianConfluenceAudit/Data%20Connector/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConn.zip) |
+| **Azure function app code** | https://aka.ms/sentinel-confluenceauditapi-functionapp |
 | **Log Analytics table(s)** | Confluence_Audit_CL<br/> |
 | **Data collection rules support** | Not currently supported |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
@@ -89,7 +89,7 @@ Use the following step-by-step instructions to deploy the Confluence Audit data
 
 > **NOTE:** You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.
 
-1. Download the [Azure Function App](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/AtlassianConfluenceAudit/Data%20Connector/AtlassianConfluenceAuditDataConnector/ConfluenceAuditAPISentinelConn.zip) file. Extract archive to your local development computer.
+1. Download the [Azure Function App](https://aka.ms/sentinel-confluenceauditapi-functionapp) file. Extract archive to your local development computer.
 2. Start VS Code. Choose File in the main menu and select Open Folder.
 3. Select the top level folder from extracted files.
 4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.

articles/sentinel/data-connectors/bitglass.md

@@ -3,7 +3,7 @@ title: "Bitglass (using Azure Functions) connector for Microsoft Sentinel"
 description: "Learn how to install the connector Bitglass (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 10/15/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -63,7 +63,7 @@ To integrate with Bitglass (using Azure Functions) make sure you have:
 
  Follow the instructions to obtain the credentials.
 
-1. Please contact Bitglass [support](https://pages.bitglass.com/Contact.html) and obtain the **BitglassToken** and **BitglassServiceURL** ntation].
+1. Please contact Bitglass [support](https://www.forcepoint.com/company/contact-us) and obtain the **BitglassToken** and **BitglassServiceURL** ntation].
 2. Save credentials for using in the data connector.
 
 

articles/sentinel/data-connectors/cohesity.md

@@ -3,7 +3,7 @@ title: "Cohesity (using Azure Functions) connector for Microsoft Sentinel"
 description: "Learn how to install the connector Cohesity (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 04/26/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -50,7 +50,7 @@ To integrate with Cohesity (using Azure Functions) make sure you have:
    >  This connector uses Azure Functions that connect to the Azure Blob Storage and KeyVault. This might result in additional costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/), [Azure Blob Storage pricing page](https://azure.microsoft.com/pricing/details/storage/blobs/) and [Azure KeyVault pricing page](https://azure.microsoft.com/pricing/details/key-vault/) for details.
 
 
->**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Functions App.
+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.
 
 
 **STEP 1 - Get a Cohesity DataHawk API key (see troubleshooting [instruction 1](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CohesitySecurity/Data%20Connectors/Helios2Sentinel/IncidentProducer))**

articles/sentinel/data-connectors/commvaultsecurityiq.md

@@ -0,0 +1,131 @@
+---
+title: "CommvaultSecurityIQ (using Azure Functions) connector for Microsoft Sentinel"
+description: "Learn how to install the connector CommvaultSecurityIQ (using Azure Functions) to connect your data source to Microsoft Sentinel."
+author: cwatson-cat
+ms.topic: how-to
+ms.date: 11/20/2024
+ms.service: microsoft-sentinel
+ms.author: cwatson
+ms.collection: sentinel-data-connector
+---
+
+# CommvaultSecurityIQ (using Azure Functions) connector for Microsoft Sentinel
+
+This Azure Function enables Commvault users to ingest alerts/events into their Microsoft Sentinel instance. With Analytic Rules,Microsoft Sentinel can automatically create Microsoft Sentinel incidents from incoming events and logs.
+
+This is autogenerated content. For changes, contact the solution provider.
+
+## Connector attributes
+
+| Connector attribute | Description |
+| --- | --- |
+| **Application settings** | apiUsername<br/>apipassword<br/>apiToken<br/>workspaceID<br/>workspaceKey<br/>uri<br/>logAnalyticsUri (optional)(add any other settings required by the Function App)Set the <code>uri</code> value to: <code>&lt;add uri value&gt;</code> |
+| **Azure function app code** | Add%20GitHub%20link%20to%20Function%20App%20code |
+| **Log Analytics table(s)** | CommvaultSecurityIQ_CL<br/> |
+| **Data collection rules support** | Not currently supported |
+| **Supported by** | [Commvault](https://www.commvault.com/support) |
+
+## Query samples
+
+**Last 10 events/alerts **
+
+   ```kusto
+CommvaultSecurityIQ_CL 
+
+   | where TimeGenerated > ago(24h) 
+
+   | limit 10
+   ```
+
+
+
+## Prerequisites
+
+To integrate with CommvaultSecurityIQ (using Azure Functions) make sure you have: 
+
+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. [See the documentation to learn more about Azure Functions](/azure/azure-functions/).
+- **Commvault Environment Endpoint URL**: Make sure to follow the documentation and set the secret value in KeyVault
+- **Commvault QSDK Token**: Make sure to follow the documentation and set the secret value in KeyVault
+
+
+## Vendor installation instructions
+
+
+> [!NOTE]
+   >  This connector uses Azure Functions to connect to a Commvault Instance to pull its logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.
+
+
+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.
+
+
+**STEP 1 - Configuration steps for the Commvalut QSDK Token**
+
+[Follow these instructions](/cloud-app-security/api-authentication) to create an API Token.
+
+
+**STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**
+
+>**IMPORTANT:** Before deploying the CommvaultSecurityIQ data connector, have the Workspace ID  and Workspace Primary Key (can be copied from the following), as well as the Commvault Endpoint URL and QSDK Token, readily available.
+
+
+
+
+**Option 1 - Azure Resource Manager (ARM) Template**
+
+Use this method for automated deployment of the Commvault Security IQ data connector.
+
+1. Click the **Deploy to Azure** button below. 
+
+	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-CommvaultSecurityIQ-azuredeploy)
+2. Select the preferred **Subscription**, **Resource Group** and **Location**. 
+3. Enter the **Workspace ID**, **Workspace Key**, **API Username**, **API Password**, 'and/or Other required fields'. 
+>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Key Vault references documentation](/azure/app-service/app-service-key-vault-references) for further details. 
+4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. 
+5. Click **Purchase** to deploy.
+
+
+**Option 2 - Manual Deployment of Azure Functions**
+
+ Use the following step-by-step instructions to deploy the CommvaultSecurityIQ data connector manually with Azure Functions.
+
+1. Create a Function App
+
+1.  From the Azure Portal, navigate to [Function App](https://portal.azure.com/#blade/HubsExtension/BrowseResource/resourceType/Microsoft.Web%2Fsites/kind/functionapp).
+2. Click **+ Add** at the top.
+3. In the **Basics** tab, ensure Runtime stack is set to **'Add Required Language'**. 
+4. In the **Hosting** tab, ensure **Plan type** is set to **'Add Plan Type'**.
+5. 'Add other required configurations'. 
+5. 'Make other preferable configuration changes', if needed, then click **Create**.
+
+2. Import Function App Code
+
+1. In the newly created Function App, select **Functions** from the navigation menu and click **+ Add**.
+2. Select **Timer Trigger**.
+3. Enter a unique Function **Name** in the New Function field and leave the default cron schedule of every 5 minutes, then click **Create Function**.
+4. Click on the function name and click **Code + Test** from the left pane.
+5. Copy the [Function App Code](<Add GitHub link to Function App code>) and paste into the Function App `run.ps1` editor.
+6. Click **Save**.
+
+3. Configure the Function App
+
+1. In the Function App screen, click the Function App name and select **Configuration**.
+2. In the **Application settings** tab, select **+ New application setting**.
+3. Add each of the following 'x (number of)' application settings individually, under Name, with their respective string values (case-sensitive) under Value: 
+		apiUsername
+		apipassword
+		apiToken
+		workspaceID
+		workspaceKey
+		uri
+		logAnalyticsUri (optional)
+(add any other settings required by the Function App)
+Set the `uri` value to: `<add uri value>` 
+>Note: If using Azure Key Vault secrets for any of the values above, use the`@Microsoft.KeyVault(SecretUri={Security Identifier})`schema in place of the string values. Refer to [Azure Key Vault references documentation](/azure/app-service/app-service-key-vault-references) for further details.
+ - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: https://<CustomerId>.ods.opinsights.azure.us. 
+4. Once all application settings have been entered, click **Save**.
+
+
+
+## Next steps
+
+For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/commvault.microsoft-sentinel-solution-commvaultsecurityiq?tab=Overview) in the Azure Marketplace.

articles/sentinel/data-connectors/dataminr-pulse-alerts-data-connector.md

@@ -3,7 +3,7 @@ title: "Dataminr Pulse Alerts Data Connector (using Azure Functions) connector f
 description: "Learn how to install the connector Dataminr Pulse Alerts Data Connector (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 10/28/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -223,7 +223,7 @@ If you're already signed in, go to the next step.
 
 2) To add integration settings in Dataminr RTAP using the function URL
 
-1. Open any API request tool.
+1. Open any API request tool like Postman.
 2. Click on '+' to create a new request.
 3. Select HTTP request method as **'POST'**.
 4. Enter the url prepapred in **point 1)**, in the request URL part.

articles/sentinel/data-connectors/forescout.md

@@ -3,7 +3,7 @@ title: "Forescout connector for Microsoft Sentinel"
 description: "Learn how to install the connector Forescout to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 04/26/2024
+ms.date: 11/20/2024
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ms.collection: sentinel-data-connector
@@ -41,7 +41,7 @@ ForescoutEvent
 
 
 > [!NOTE]
-   >  This data connector depends on a parser based on a Kusto Function to work as expected [**ForescoutEvent**](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Forescout%20(Legacy)/Parsers/ForescoutEvent.yaml) which is deployed with the Microsoft Sentinel Solution.
+   >  This data connector depends on a parser based on a Kusto Function to work as expected [**ForescoutEvent**](https://aka.ms/sentinel-forescout-parser) which is deployed with the Microsoft Sentinel Solution.
 
 
 > [!NOTE]