MicrosoftDocs
diff --git a/‎articles/external-attack-surface-management/data-connections.md
Lines changed: 12 additions & 16 deletions b/‎articles/external-attack-surface-management/data-connections.md
Lines changed: 12 additions & 16 deletions
diff --git a/‎articles/external-attack-surface-management/media/data-connections/dataconnector-1.png
317 KB b/‎articles/external-attack-surface-management/media/data-connections/dataconnector-1.png
317 KB
diff --git a/‎articles/external-attack-surface-management/media/data-connections/dataconnector-2.png
234 KB b/‎articles/external-attack-surface-management/media/data-connections/dataconnector-2.png
234 KB
diff --git a/‎articles/external-attack-surface-management/media/data-connections/dataconnector-3.png
68.5 KB b/‎articles/external-attack-surface-management/media/data-connections/dataconnector-3.png
68.5 KB
diff --git a/‎articles/external-attack-surface-management/media/data-connections/dataconnector-4.png
55.9 KB b/‎articles/external-attack-surface-management/media/data-connections/dataconnector-4.png
55.9 KB
diff --git a/‎articles/external-attack-surface-management/media/data-connections/dataconnector-5.png
37.2 KB b/‎articles/external-attack-surface-management/media/data-connections/dataconnector-5.png
37.2 KB
diff --git a/‎articles/external-attack-surface-management/media/data-connections/dataconnector-7.png
28.9 KB b/‎articles/external-attack-surface-management/media/data-connections/dataconnector-7.png
28.9 KB
diff --git a/‎articles/external-attack-surface-management/media/data-connections/dataconnector-8.png
90.7 KB b/‎articles/external-attack-surface-management/media/data-connections/dataconnector-8.png
90.7 KB
diff --git a/‎articles/external-attack-surface-management/media/data-connections/dataconnector-9.png
65.1 KB b/‎articles/external-attack-surface-management/media/data-connections/dataconnector-9.png
65.1 KB
@@ -13,9 +13,7 @@ ms.topic:    how-to
 ms.date:     03/20/2023
 ---
 
-# Defender EASM Data Connections
-
-
+# Defender EASM data connections
 
 ## **Overview**
 
@@ -29,7 +27,7 @@ The data connector sends Defender EASM asset data to two different platforms: Mi
 
 
 **Data content options**
-Defender EASM Data Connections offers users the ability to integrate two different kinds of attack surface data into the tool of their choice. Users can elect to migrate asset data, attack surface insights or both data types. Asset data provides granular details about your entire inventory, whereas attack surface insights provide immediately actionable insights based on Defender EASM dashboards. 
+Defender EASM data connections offers users the ability to integrate two different kinds of attack surface data into the tool of their choice. Users can elect to migrate asset data, attack surface insights or both data types. Asset data provides granular details about your entire inventory, whereas attack surface insights provide immediately actionable insights based on Defender EASM dashboards. 
 
 To accurately present the infrastructure that matters most to your organization, please note that both content options will only include assets in the “Approved Inventory” state.
 
@@ -48,24 +46,24 @@ Attack Surface Insights provide an actionable set of results based on the key in
 **Accessing data connections**
 Users can access Data Connections from the **Manage** section of the left-hand navigation pane within their Defender EASM resource blade. This page displays the data connectors for both Log Analytics and Azure Data Explorer, listing any current connections and providing the option to add, edit or remove connections. 
 
-![Screenshot of Data Connections.](media/data-connections/picture-1.png)
+![Screenshot of Data Connector.](media/data-connections/dataconnector-1.png)
 
 
 
 **Connection prerequisites**
 To successfully create a data connection, users must first ensure that they have completed the required steps to grant Defender EASM permission to the tool of their choice. This process enables the application to ingest our exported data and provides the authentication credentials needed to configure the connection. 
 
-
 **Configuring Log Analytics permissions via UI** 
 
 1. Open the Log Analytics workspace that will ingest your Defender EASM data, or [create a new workspace](/azure/azure-monitor/logs/quick-create-workspace?tabs=azure-portal). 
 1. Select **Access control (IAM)** from the left-hand navigation pane. For more information on access control, see [identity documentation](/azure/cloud-adoption-framework/decision-guides/identity/).
-   ![Screenshot of Log Analytics Access control.](media/data-connections/picture-2.png)
+   ![Screenshot of Log Analytics.](media/data-connections/dataconnector-2.png)
 
 1. On this page, select **+Add** to create a new role assignment. 
 1. 1. From the **Role** tab, select **Contributor**. Click **Next**. 
 1. Open the **Members** tab. Click **+ Select members** to open a configuration pane. Search for **“EASM API”** and click on the value in the members list. Once done, click **Select**, then **Review + assign.** 
 1. Once the role assignment has been created, select **Agents** from the **Settings** section of the left-hand navigation menu.
+   ![Screenshot of Log Analytics Agents.](media/data-connections/dataconnector-3.png)
 
 1. Expand the **Log Analytics agent instructions** section to view your Workspace ID and Primary key. These values will be used to set up your data connection. Save the values in the following format: *WorkspaceId=XXX;ApiKey=YYY*
 
@@ -74,14 +72,12 @@ To successfully create a data connection, users must first ensure that they have
 1. Open the Data Explorer cluster that will ingest your Defender EASM data or [create a new cluster](/azure/data-explorer/create-cluster-database-portal). 
 1. Select **Databases** in the Data section of the left-hand navigation menu.
 1. Select **+ Add Database** to create a database to house your Defender EASM data.
-   ![Screenshot of Add Database.](media/data-connections/picture-4.png)
+   ![Screenshot of Add Database.](media/data-connections/dataconnector-4.png)
 
 1. Name your database, configure retention and cache periods, then select **Create**.
-   ![Screenshot of Azure Data Explorer Database.](media/data-connections/picture-5.png)
+   ![Screenshot of Azure Data Explorer Database.](media/data-connections/dataconnector-5.png)
 
 1. Once your Defender EASM database has been created, click on the database name to open the details page. Select **Permissions** from the Overview section of the left-hand navigation menu.
-   ![Screenshot of Permissions.](media/data-connections/picture-6.png)
-
    To successfully export Defender EASM data to Data Explorer, users must create two new permissions for the EASM API: **user** and **ingestor**. 
 1. First, select **+ Add** and create a user.  Search for “**EASM API**”, select the value then click **Select**. 
 1. Select **+ Add** to create an ingestor.  Follow the same steps outlined above to add the **"EASM API"** as an ingestor. 
@@ -97,11 +93,11 @@ A configuration pane will open on the right-hand side of the Data Connections sc
 - **Name**: enter a name for this data connection.
 - **Connection String**: enter the details required to connect your Defender EASM resource to another tool.  For Log Analytics, users enter the workspaceID and coinciding API key associated to their account. For Azure Data Explorer, users enter the cluster name, region and database name associated to their account. Both values must be entered in the format shown when the field is blank.
 - **Content**: users can select to integrate asset data, attack surface insights or both datasets. 
-- **Frequency**: select the frequency that the Defender EASM connection sends updated data to the tool of your choice. Available options are daily, weekly and monthly.
- 
--  ![Screenshot of Add data connection.](media/data-connections/picture-7.png)
+- - **Frequency**: select the frequency that the Defender EASM connection sends updated data to the tool of your choice. Available options are daily, weekly and monthly.
 
+   ![Screenshot of Add data connection.](media/data-connections/dataconnector-7.png)
 
+   
 Once all four fields are configured, select **Add** to create the data connection. At this point, the Data Connections page will display a banner that indicates the resource has been successfully created and data will begin populating within 30 minutes. Once connections are created, they will be listed under the applicable tool on the main Data Connections page. 
 
 
@@ -112,13 +108,13 @@ Users can edit or delete a data connection. For example, you may notice that a c
 To edit or delete a data connection: 
 
 1. Select the appropriate connection from the list on the main Data Connections page.
-   ![Screenshot of Disconnected data connection.](media/data-connections/picture-8.png)
+   ![Screenshot of Disconnected data connections.](media/data-connections/dataconnector-8.png)
 
 1. This action will open a page that provides additional data about the connection. This page displays the configurations you elected when creating the connection, as well as any error messages. Users will also see the following additional data:
    •	**Recurring on**: the day of the week or month that Defender EASM sends updated data to the connected tool.
    •	**Created**: the date and time that the data connection was created.
    •	**Updated**: the date and time that the data connection was last updated.
-   ![Screenshot of Test Connection.](media/data-connections/picture-9.png)
+   ![Screenshot of Test connections.](media/data-connections/dataconnector-9.png)
 
 1. From this page, users can elect to reconnect, edit or delete their data connection.
    •	**Reconnect**: this option attempts to validate the data connection without any changes to the configuration. This option is best for those who have validated the authentication credentials used for the data connection.