Merge pull request #301824 from guywi-ms/deprecated-connector-active-solution-parser

prmerger-automator[bot] · web-flow · commit fd24f667222c · 2025-06-25T09:19:37.000Z
Update unified-connector-syslog-device.md
diff --git a/articles/sentinel/unified-connector-syslog-device.md b/articles/sentinel/unified-connector-syslog-device.md
@@ -1,8 +1,8 @@
 ---
 title: Syslog via AMA connector - configure appliances and devices
 description: Learn how to configure specific appliances and devices that use the Syslog via AMA data connector for Microsoft Sentinel.
-author: cwatson-cat
-ms.author: cwatson
+author: EdB-MSFT
+ms.author: edbaynash
 ms.topic: reference
 ms.custom: linux-related-content
 ms.date: 06/27/2024
@@ -14,12 +14,15 @@ ms.date: 06/27/2024
 
 # Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion
 
-Log collection from many security appliances and devices  are supported by the **Syslog via AMA** data connector in Microsoft Sentinel. This article lists provider supplied installation instructions for specific security appliances and devices that use this data connector. Contact the provider for updates, more information, or where information is unavailable for your security appliance or device.
+The **Syslog via AMA** data connector in Microsoft Sentinel collects logs from many security appliances and devices. This article lists provider-supplied installation instructions for specific security appliances and devices that use this data connector. Contact the provider for updates, more information, or where information is unavailable for your security appliance or device.
 
 To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in [Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md). As you complete those steps, install the **Syslog via AMA** data connector in Microsoft Sentinel. Then, use the appropriate provider's instructions in this article to complete the setup.
 
 For more information about the related Microsoft Sentinel solution for each of these appliances or devices, search the [Azure Marketplace](https://azuremarketplace.microsoft.com/) for the **Product Type** > **Solution Templates** or review the solution from the **Content hub** in Microsoft Sentinel.
 
+> [!IMPORTANT]
+> Solutions provided by third-party vendors might still reference a deprecated **Log Analytics agent** connector. These connectors are not supported for new deployments. You can continue to use the same solutions with the **Syslog via AMA** data connector instead.
+
 ## Barracuda CloudGen Firewall
 
 [Follow instructions](https://aka.ms/sentinel-barracudacloudfirewall-connector) to configure syslog streaming. Use the IP address or hostname for the Linux machine with the Microsoft Sentinel agent installed for the **Destination IP** address.
@@ -68,7 +71,8 @@ This data connector was developed using Cisco Stealthwatch version 7.3.2
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CiscoUCS**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.yaml). It might take about 15-minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CiscoUCS**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.yaml). It might take about 15-minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## Cisco Web Security Appliance (WSA)
 
@@ -87,10 +91,12 @@ Configure Citrix ADC (former NetScaler) to forward logs via Syslog.
 2. Specify **Syslog action name**.
 3. Set IP address of remote Syslog server and port.
 4. Set **Transport type** as **TCP** or **UDP** depending on your remote syslog server configuration.
-5. For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).
+
+For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).
 
 > [!NOTE]
-> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CitrixADCEvent**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update.
+> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **CitrixADCEvent**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 >
 > This parser requires a watchlist named `Sources_by_SourceType`.
 >
@@ -161,7 +167,8 @@ This data connector was developed using Forescout Syslog Plugin version: v3.6
 > [!NOTE]
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **Infoblox**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parsers/Infoblox.yaml). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **Infoblox**. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parsers/Infoblox.yaml). It might take about 15 minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 > 
 > This parser requires a watchlist named **`Sources_by_SourceType`**.
 >
@@ -246,7 +253,8 @@ Complete the following steps.
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 > 
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **PulseConnectSecure**. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **PulseConnectSecure**. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## RSA SecurID
 
@@ -258,7 +266,8 @@ Complete the following steps to get RSA® SecurID Authentication Manager logs in
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **RSASecurIDAMEvent**. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **RSASecurIDAMEvent**. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 This data connector was developed using RSA SecurID Authentication Manager version: 8.4 and 8.5
 
@@ -271,7 +280,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SophosXGFirewall**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SophosXGFirewall**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 
 ## Symantec Endpoint Protection
@@ -283,7 +293,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 > The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed  as part of the solution installation.
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecEndpointProtection**. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecEndpointProtection**. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## Symantec ProxySG
 
@@ -304,7 +315,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 > 
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecProxySG**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecProxySG**. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## Symantec VIP
 
@@ -315,7 +327,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line. 
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecVIP**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.yaml). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias **SymantecVIP**. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.yaml). It might take about 15 minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## VMware ESXi
 
@@ -330,7 +343,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi
 >
 > Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.
 >
-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update.
+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update. 
+> Although the solution references the deprecated **Log Analytics agent** connector, you can continue to use the same solution, including the referenced parser, with the **Syslog via AMA** data connector instead.
 
 ## WatchGuard Firebox
 

Original file line number	Diff line number	Diff line change
`@@ -1,8 +1,8 @@`
`1`	`1`	`---`
`2`	`2`	`title: Syslog via AMA connector - configure appliances and devices`
`3`	`3`	`description: Learn how to configure specific appliances and devices that use the Syslog via AMA data connector for Microsoft Sentinel.`
`4`		`-author: cwatson-cat`
`5`		`-ms.author: cwatson`
	`4`	`+author: EdB-MSFT`
	`5`	`+ms.author: edbaynash`
`6`	`6`	`ms.topic: reference`
`7`	`7`	`ms.custom: linux-related-content`
`8`	`8`	`ms.date: 06/27/2024`
`@@ -14,12 +14,15 @@ ms.date: 06/27/2024`
`14`	`14`
`15`	`15`	`# Syslog via AMA data connector - Configure specific appliance or device for Microsoft Sentinel data ingestion`
`16`	`16`
`17`		`-Log collection from many security appliances and devices are supported by the Syslog via AMA data connector in Microsoft Sentinel. This article lists provider supplied installation instructions for specific security appliances and devices that use this data connector. Contact the provider for updates, more information, or where information is unavailable for your security appliance or device.`
	`17`	`+The Syslog via AMA data connector in Microsoft Sentinel collects logs from many security appliances and devices. This article lists provider-supplied installation instructions for specific security appliances and devices that use this data connector. Contact the provider for updates, more information, or where information is unavailable for your security appliance or device.`
`18`	`18`
`19`	`19`	`To forward data to your Log Analytics workspace for Microsoft Sentinel, complete the steps in [Ingest syslog and CEF messages to Microsoft Sentinel with the Azure Monitor Agent](connect-cef-syslog-ama.md). As you complete those steps, install the Syslog via AMA data connector in Microsoft Sentinel. Then, use the appropriate provider's instructions in this article to complete the setup.`
`20`	`20`
`21`	`21`	`For more information about the related Microsoft Sentinel solution for each of these appliances or devices, search the [Azure Marketplace](https://azuremarketplace.microsoft.com/) for the Product Type > Solution Templates or review the solution from the Content hub in Microsoft Sentinel.`
`22`	`22`
	`23`	`+> [!IMPORTANT]`
	`24`	`+> Solutions provided by third-party vendors might still reference a deprecated Log Analytics agent connector. These connectors are not supported for new deployments. You can continue to use the same solutions with the Syslog via AMA data connector instead.`
	`25`	`+`
`23`	`26`	`## Barracuda CloudGen Firewall`
`24`	`27`
`25`	`28`	`[Follow instructions](https://aka.ms/sentinel-barracudacloudfirewall-connector) to configure syslog streaming. Use the IP address or hostname for the Linux machine with the Microsoft Sentinel agent installed for the Destination IP address.`
`@@ -68,7 +71,8 @@ This data connector was developed using Cisco Stealthwatch version 7.3.2`
`68`	`71`	`>`
`69`	`72`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`70`	`73`	`>`
`71`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CiscoUCS. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.yaml). It might take about 15-minutes post-installation to update.`
	`74`	`+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CiscoUCS. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Cisco%20UCS/Parsers/CiscoUCS.yaml). It might take about 15-minutes post-installation to update.`
	`75`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`72`	`76`
`73`	`77`	`## Cisco Web Security Appliance (WSA)`
`74`	`78`
`@@ -87,10 +91,12 @@ Configure Citrix ADC (former NetScaler) to forward logs via Syslog.`
`87`	`91`	`2. Specify Syslog action name.`
`88`	`92`	`3. Set IP address of remote Syslog server and port.`
`89`	`93`	`4. Set Transport type as TCP or UDP depending on your remote syslog server configuration.`
`90`		`-5. For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).`
	`94`	`+`
	`95`	`+For more information, see the [Citrix ADC (former NetScaler) documentation](https://docs.netscaler.com/).`
`91`	`96`
`92`	`97`	`> [!NOTE]`
`93`		-> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CitrixADCEvent. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update.
	`98`	+> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation. To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias CitrixADCEvent. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Citrix%20ADC/Parsers/CitrixADCEvent.yaml). It might take about 15 minutes post-installation to update.
	`99`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`94`	`100`	`>`
`95`	`101`	> This parser requires a watchlist named `Sources_by_SourceType`.
`96`	`102`	`>`
`@@ -161,7 +167,8 @@ This data connector was developed using Forescout Syslog Plugin version: v3.6`
`161`	`167`	`> [!NOTE]`
`162`	`168`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`163`	`169`	`>`
`164`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias Infoblox. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parsers/Infoblox.yaml). It might take about 15 minutes post-installation to update.`
	`170`	`+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias Infoblox. Alternatively, you can directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Infoblox%20NIOS/Parsers/Infoblox.yaml). It might take about 15 minutes post-installation to update.`
	`171`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`165`	`172`	`>`
`166`	`173`	> This parser requires a watchlist named `Sources_by_SourceType`.
`167`	`174`	`>`
`@@ -246,7 +253,8 @@ Complete the following steps.`
`246`	`253`	`>`
`247`	`254`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`248`	`255`	`>`
`249`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias PulseConnectSecure. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update.`
	`256`	`+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias PulseConnectSecure. Alternatively, directly load the [function code](https://aka.ms/sentinel-PulseConnectSecure-parser). It might take about 15 minutes post-installation to update.`
	`257`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`250`	`258`
`251`	`259`	`## RSA SecurID`
`252`	`260`
`@@ -258,7 +266,8 @@ Complete the following steps to get RSA® SecurID Authentication Manager logs in`
`258`	`266`	`>`
`259`	`267`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`260`	`268`	`>`
`261`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias RSASecurIDAMEvent. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update.`
	`269`	`+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias RSASecurIDAMEvent. Alternatively, you can directly load the [function code](https://aka.ms/sentinel-rsasecuridam-parser). It might take about 15 minutes post-installation to update.`
	`270`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`262`	`271`
`263`	`272`	`This data connector was developed using RSA SecurID Authentication Manager version: 8.4 and 8.5`
`264`	`273`
`@@ -271,7 +280,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`271`	`280`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`272`	`281`	`>`
`273`	`282`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`274`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SophosXGFirewall. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update.`
	`283`	`+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SophosXGFirewall. Alternatively, directly load the [function code](https://aka.ms/sentinel-SophosXG-parser). It might take about 15 minutes post-installation to update.`
	`284`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`275`	`285`
`276`	`286`
`277`	`287`	`## Symantec Endpoint Protection`
`@@ -283,7 +293,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`283`	`293`	`> The functionality of this data connector is reliant on a Kusto Function-based parser, which is integral to its operation. This parser is deployed as part of the solution installation.`
`284`	`294`	`>`
`285`	`295`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`286`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecEndpointProtection. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update.`
	`296`	`+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecEndpointProtection. Alternatively, you can directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Symantec%20Endpoint%20Protection/Parsers/SymantecEndpointProtection.yaml). It might take about 15 minutes post-installation to update.`
	`297`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`287`	`298`
`288`	`299`	`## Symantec ProxySG`
`289`	`300`
`@@ -304,7 +315,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`304`	`315`	`>`
`305`	`316`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`306`	`317`	`>`
`307`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecProxySG. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update.`
	`318`	`+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecProxySG. Alternatively, directly load the [function code](https://aka.ms/sentinel-SymantecProxySG-parser). It might take about 15 minutes post-installation to update.`
	`319`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`308`	`320`
`309`	`321`	`## Symantec VIP`
`310`	`322`
`@@ -315,7 +327,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`315`	`327`	`>`
`316`	`328`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`317`	`329`	`>`
`318`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecVIP. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.yaml). It might take about 15 minutes post-installation to update.`
	`330`	`+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias SymantecVIP. Alternatively, directly load the [function code](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Symantec%20VIP/Parsers/SymantecVIP.yaml). It might take about 15 minutes post-installation to update.`
	`331`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`319`	`332`
`320`	`333`	`## VMware ESXi`
`321`	`334`
`@@ -330,7 +343,8 @@ This data connector was developed using RSA SecurID Authentication Manager versi`
`330`	`343`	`>`
`331`	`344`	`> Update the parser and specify the hostname of the source machines transmitting the logs in the parser's first line.`
`332`	`345`	`>`
`333`		`-> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update.`
	`346`	`+> To access the function code within Log Analytics, navigate to the Log Analytics/Microsoft Sentinel Logs section, select Functions, and search for the alias VMwareESXi. Alternatively, directly load the [function code](https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/VMWareESXi/Parsers/VMwareESXi.yaml). It might take about 15 minutes post-installation to update.`
	`347`	`+> Although the solution references the deprecated Log Analytics agent connector, you can continue to use the same solution, including the referenced parser, with the Syslog via AMA data connector instead.`
`334`	`348`
`335`	`349`	`## WatchGuard Firebox`
`336`	`350`