NetApp
diff --git a/‎Tools/Solutions Analyzer/connector-docs/connectors-index.md‎
Lines changed: 35 additions & 689 deletions b/‎Tools/Solutions Analyzer/connector-docs/connectors-index.md‎
Lines changed: 35 additions & 689 deletions
diff --git a/‎Tools/Solutions Analyzer/connector-docs/connectors/cyeradspmccf.md‎
Lines changed: 2 additions & 2 deletions b/‎Tools/Solutions Analyzer/connector-docs/connectors/cyeradspmccf.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎Tools/Solutions Analyzer/connector-docs/connectors/cyerafunctionsconnector.md‎
Lines changed: 3 additions & 3 deletions b/‎Tools/Solutions Analyzer/connector-docs/connectors/cyerafunctionsconnector.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎Tools/Solutions Analyzer/connector-docs/connectors/ermesbrowsersecurityevents.md‎
Lines changed: 2 additions & 1 deletion b/‎Tools/Solutions Analyzer/connector-docs/connectors/ermesbrowsersecurityevents.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎Tools/Solutions Analyzer/connector-docs/connectors/esetsmc.md‎
Lines changed: 136 additions & 136 deletions b/‎Tools/Solutions Analyzer/connector-docs/connectors/esetsmc.md‎
Lines changed: 136 additions & 136 deletions
@@ -1,4 +1,4 @@
-# Cyera DSPM Azure Sentinel Data Connector
+# Cyera DSPM Microsoft Sentinel Data Connector
 
 | | |
 |----------|-------|
@@ -8,7 +8,7 @@
 | **Used in Solutions** | [CyeraDSPM](../solutions/cyeradspm.md) |
 | **Connector Definition Files** | [CyeraDSPMLogs_ConnectorDefinitionCCF.json](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/CyeraDSPM/Data%20Connectors/CyeraDSPM_CCF/CyeraDSPMLogs_ConnectorDefinitionCCF.json) |
 
-The [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM tenant and ingesting Classifications, Assets, Issues, and Identity Resources/Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Framework and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once recieced can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.
+The [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM tenant and ingesting Classifications, Assets, Issues, and Identity Resources/Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Framework and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once received can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.
 
 ## Permissions
 
 
@@ -1,4 +1,4 @@
-# Cyera DSPM Azure Functions Sentinel Data Connector
+# Cyera DSPM Azure Functions Microsoft Sentinel Data Connector
 
 | | |
 |----------|-------|
@@ -8,7 +8,7 @@
 | **Used in Solutions** | [CyeraDSPM](../solutions/cyeradspm.md) |
 | **Connector Definition Files** | [FunctionAppDC.json](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/CyeraDSPM/Data%20Connectors/CyeraDSPM_Functions/FunctionAppDC.json) |
 
-The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera’s **Data Security Posture Management (DSPM)** telemetry — *Assets*, *Identities*, *Issues*, and *Classifications* — into **Microsoft Sentinel**.\n\nThis connector uses an **Azure Function App** to call Cyera’s REST API on a schedule, fetch the latest DSPM telemetry, and send it to Sentinel through the **Azure Monitor Logs Ingestion API** via a **Data Collection Endpoint (DCE)** and **Data Collection Rule (DCR, kind: Direct)** — no agents required.\n\n**Tables created/used**\n\n| Entity | Table | Purpose |\n|---|---|---|\n| Assets | `CyeraAssets_CL` | Raw asset metadata and data-store context |\n| Identities | `CyeraIdentities_CL` | Identity definitions and sensitivity context |\n| Issues | `CyeraIssues_CL` | Findings and remediation details |\n| Classifications | `CyeraClassifications_CL` | Data class & sensitivity definitions |\n| MS View | `CyeraAssets_MS_CL` | Normalized asset view for dashboards |\n\n> **Note:** This v7 connector supersedes the earlier CCF-based approach and aligns with Microsoft’s recommended Direct ingestion path for Sentinel.
+The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera’s **Data Security Posture Management (DSPM)** telemetry — *Assets*, *Identities*, *Issues*, and *Classifications* — into **Microsoft Sentinel**.\n\nThis connector uses an **Azure Function App** to call Cyera’s REST API on a schedule, fetch the latest DSPM telemetry, and send it to Microsoft Sentinel through the **Azure Monitor Logs Ingestion API** via a **Data Collection Endpoint (DCE)** and **Data Collection Rule (DCR, kind: Direct)** — no agents required.\n\n**Tables created/used**\n\n| Entity | Table | Purpose |\n|---|---|---|\n| Assets | `CyeraAssets_CL` | Raw asset metadata and data-store context |\n| Identities | `CyeraIdentities_CL` | Identity definitions and sensitivity context |\n| Issues | `CyeraIssues_CL` | Findings and remediation details |\n| Classifications | `CyeraClassifications_CL` | Data class & sensitivity definitions |\n| MS View | `CyeraAssets_MS_CL` | Normalized asset view for dashboards |\n\n> **Note:** This v7 connector supersedes the earlier CCF-based approach and aligns with Microsoft’s recommended Direct ingestion path for Microsoft Sentinel.
 
 ## Permissions
 
@@ -36,7 +36,7 @@ The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera
 > Before deploying, have these values handy:
 - **Cyera Function Connector Name**: `CyeraDSPMConnector`
   > *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
-- **Workspace Name**: `{{workspace}}`
+- **Workspace Name**: `{{workspace-location}}`
   > *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
 - **Workspace Location**: `{{workspace-location}}`
   > *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
 
@@ -6,7 +6,7 @@
 | **Publisher** | Ermes Cyber Security S.p.A. |
 | **Tables Ingested** | [`ErmesBrowserSecurityEvents_CL`](../tables-index.md#ermesbrowsersecurityevents_cl) |
 | **Used in Solutions** | [Ermes Browser Security](../solutions/ermes-browser-security.md) |
-| **Connector Definition Files** | [data_connector_definition.json](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Ermes%20Browser%20Security/Data%20Connectors/ErmesBrowserSecurityEvents_ccp/data_connector_definition.json) |
+| **Connector Definition Files** | [ErmesBrowserSecurityEvents_ConnectorDefinition.json](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Ermes%20Browser%20Security/Data%20Connectors/ErmesBrowserSecurityEvents_CCF/ErmesBrowserSecurityEvents_ConnectorDefinition.json) |
 
 Ermes Browser Security Events
 
@@ -26,6 +26,7 @@ Ermes Browser Security Events
 **1. Connect Ermes Browser Security Events to Microsoft Sentinel**
 
 Connect using OAuth2 credentials
+- **API URL (optional)**: https://api.shield.ermessecurity.com
 - **OAuth Configuration**:
   - Client ID
   - Client Secret
 
@@ -1,139 +1,139 @@
-# Eset Security Management Center
-
-| | |
-|----------|-------|
-| **Connector ID** | `EsetSMC` |
-| **Publisher** | Eset |
-| **Tables Ingested** | [`eset_CL`](../tables-index.md#eset_cl) |
-| **Used in Solutions** | [Eset Security Management Center](../solutions/eset-security-management-center.md) |
-| **Connector Definition Files** | [esetSmc.json](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Eset%20Security%20Management%20Center/Data%20Connectors/esetSmc.json) |
-
-Connector for [Eset SMC](https://help.eset.com/esmc_admin/72/en-US/) threat events, audit logs, firewall events and web sites filter.
-
-## Permissions
-
-**Resource Provider Permissions:**
-- **Workspace** (Workspace): read and write permissions are required.
-- **Keys** (Workspace): read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).
-
-**Custom Permissions:**
-- **Access to Eset SMC console**: Permissions to configure log export
-
-## Setup Instructions
-
-> ⚠️ **Note**: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
-
-**1. Install and onboard the agent for Linux**
-
-Typically, you should install the agent on a different computer from the one on which the logs are generated.
-
->  Syslog logs are collected only from **Linux** agents.
-**Choose where to install the agent:**
-
-**Install agent on Azure Linux Virtual Machine**
-
-  Select the machine to install the agent on and then click **Connect**.
-  - **Install agent on Linux Virtual Machine**
-
-  **Install agent on a non-Azure Linux Machine**
-
-  Download the agent on the relevant machine and follow the instructions.
-  - **Install agent on Linux (Non-Azure)**
-
-**2. Configure the logs to be collected**
-
-Configure rsyslog to accept logs from your Eset SMC IP address.
+# Eset Security Management Center
+
+| | |
+|----------|-------|
+| **Connector ID** | `EsetSMC` |
+| **Publisher** | Eset |
+| **Tables Ingested** | [`eset_CL`](../tables-index.md#eset_cl) |
+| **Used in Solutions** | [Eset Security Management Center](../solutions/eset-security-management-center.md) |
+| **Connector Definition Files** | [esetSmc.json](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Eset%20Security%20Management%20Center/Data%20Connectors/esetSmc.json) |
+
+Connector for [Eset SMC](https://help.eset.com/esmc_admin/72/en-US/) threat events, audit logs, firewall events and web sites filter.
+
+## Permissions
+
+**Resource Provider Permissions:**
+- **Workspace** (Workspace): read and write permissions are required.
+- **Keys** (Workspace): read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).
+
+**Custom Permissions:**
+- **Access to Eset SMC console**: Permissions to configure log export
+
+## Setup Instructions
+
+> ⚠️ **Note**: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
+
+**1. Install and onboard the agent for Linux**
+
+Typically, you should install the agent on a different computer from the one on which the logs are generated.
+
+>  Syslog logs are collected only from **Linux** agents.
+**Choose where to install the agent:**
+
+**Install agent on Azure Linux Virtual Machine**
+
+  Select the machine to install the agent on and then click **Connect**.
+  - **Install agent on Linux Virtual Machine**
+
+  **Install agent on a non-Azure Linux Machine**
+
+  Download the agent on the relevant machine and follow the instructions.
+  - **Install agent on Linux (Non-Azure)**
+
+**2. Configure the logs to be collected**
+
+Configure rsyslog to accept logs from your Eset SMC IP address.
+
+```
+sudo -i
+
+# Set ESET SMC source IP address
+export ESETIP={Enter your IP address}
+
+# Create rsyslog configuration file
+cat > /etc/rsyslog.d/80-remote.conf << EOF
+\$ModLoad imudp
+\$UDPServerRun 514
+\$ModLoad imtcp
+\$InputTCPServerRun 514
+\$AllowedSender TCP, 127.0.0.1, $ESETIP
+\$AllowedSender UDP, 127.0.0.1, $ESETIP
+user.=alert;user.=crit;user.=debug;user.=emerg;user.=err;user.=info;user.=notice;user.=warning  @127.0.0.1:25224
+EOF
+
+# Restart rsyslog
+systemctl restart rsyslog```
+
+**3. Configure OMS agent to pass Eset SMC data in API format**
+
+In order to easily recognize Eset data we will push it to separate table and parse at agent so query in Azure Sentinel is easier and fast. To make it simple we will just modify ```match oms.**``` section to send data as API objects by changing type to out_oms_api. Modify file on /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsagent.conf. Full ```match oms.**``` section looks like this:
 
 ```
-sudo -i
-
-# Set ESET SMC source IP address
-export ESETIP={Enter your IP address}
-
-# Create rsyslog configuration file
-cat > /etc/rsyslog.d/80-remote.conf << EOF
-\$ModLoad imudp
-\$UDPServerRun 514
-\$ModLoad imtcp
-\$InputTCPServerRun 514
-\$AllowedSender TCP, 127.0.0.1, $ESETIP
-\$AllowedSender UDP, 127.0.0.1, $ESETIP
-user.=alert;user.=crit;user.=debug;user.=emerg;user.=err;user.=info;user.=notice;user.=warning  @127.0.0.1:25224
-EOF
-
-# Restart rsyslog
-systemctl restart rsyslog```
-
-**3. Configure OMS agent to pass Eset SMC data in API format**
-
-In order to easily recognize Eset data we will push it to separate table and parse at agent so query in Azure Sentinel is easier and fast. To make it simple we will just modify ```match oms.**``` section to send data as API objects by changing type to out_oms_api. Modify file on /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsagent.conf. Full ```match oms.**``` section looks like this:
-
-```
-<match oms.** docker.**>
-  type out_oms_api
-  log_level info
-  num_threads 5
-  run_in_background false
-
-  omsadmin_conf_path /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsadmin.conf
-  cert_path /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/certs/oms.crt
-  key_path /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/certs/oms.key
-
-  buffer_chunk_limit 15m
-  buffer_type file
-  buffer_path /var/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/state/out_oms_common*.buffer
-
-  buffer_queue_limit 10
-  buffer_queue_full_action drop_oldest_chunk
-  flush_interval 20s
-  retry_limit 10
-  retry_wait 30s
-  max_retry_wait 9m
-</match>
-```
-
-**4. Change OMS agent configuration to catch tag oms.api.eset and parse structured data**
-
-Modify file /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsagent.d/syslog.conf
-```
-<source>
-  type syslog
-  port 25224
-  bind 127.0.0.1
-  protocol_type udp
-  tag oms.api.eset
-</source>
-
-<filter oms.api.**>
-  @type parser
-  key_name message
-  format /(?<message>.*?{.*})/
-</filter>
-
-<filter oms.api.**>
-  @type parser
-  key_name message
-  format json
-</filter>
+<match oms.** docker.**>
+  type out_oms_api
+  log_level info
+  num_threads 5
+  run_in_background false
+
+  omsadmin_conf_path /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsadmin.conf
+  cert_path /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/certs/oms.crt
+  key_path /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/certs/oms.key
+
+  buffer_chunk_limit 15m
+  buffer_type file
+  buffer_path /var/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/state/out_oms_common*.buffer
+
+  buffer_queue_limit 10
+  buffer_queue_full_action drop_oldest_chunk
+  flush_interval 20s
+  retry_limit 10
+  retry_wait 30s
+  max_retry_wait 9m
+</match>
+```
+
+**4. Change OMS agent configuration to catch tag oms.api.eset and parse structured data**
+
+Modify file /etc/opt/microsoft/omsagent/{REPLACEyourworkspaceid}/conf/omsagent.d/syslog.conf
 ```
-
-**5. Disable automatic configuration and restart agent**
-
-```bash
-# Disable changes to configuration files from Portal
-sudo su omsagent -c 'python /opt/microsoft/omsconfig/Scripts/OMS_MetaConfigHelper.py --disable'
-
-# Restart agent
-sudo /opt/microsoft/omsagent/bin/service_control restart
-
-# Check agent logs
-tail -f /var/opt/microsoft/omsagent/log/omsagent.log
-```
-
-**6. Configure Eset SMC to send logs to connector**
-
-Configure Eset Logs using BSD style and JSON format.
-- Go to Syslog server configuration as described in [Eset documentation](https://help.eset.com/esmc_admin/72/en-US/admin_server_settings.html?admin_server_settings_syslog.html) and configure Host (your connector), Format BSD, Transport TCP
-- Go to Logging section as described in [Eset documentation](https://help.eset.com/esmc_admin/72/en-US/admin_server_settings.html?admin_server_settings_export_to_syslog.html) and enable JSON
-
-[← Back to Connectors Index](../connectors-index.md)
+<source>
+  type syslog
+  port 25224
+  bind 127.0.0.1
+  protocol_type udp
+  tag oms.api.eset
+</source>
+
+<filter oms.api.**>
+  @type parser
+  key_name message
+  format /(?<message>.*?{.*})/
+</filter>
+
+<filter oms.api.**>
+  @type parser
+  key_name message
+  format json
+</filter>
+```
+
+**5. Disable automatic configuration and restart agent**
+
+```bash
+# Disable changes to configuration files from Portal
+sudo su omsagent -c 'python /opt/microsoft/omsconfig/Scripts/OMS_MetaConfigHelper.py --disable'
+
+# Restart agent
+sudo /opt/microsoft/omsagent/bin/service_control restart
+
+# Check agent logs
+tail -f /var/opt/microsoft/omsagent/log/omsagent.log
+```
+
+**6. Configure Eset SMC to send logs to connector**
+
+Configure Eset Logs using BSD style and JSON format.
+- Go to Syslog server configuration as described in [Eset documentation](https://help.eset.com/esmc_admin/72/en-US/admin_server_settings.html?admin_server_settings_syslog.html) and configure Host (your connector), Format BSD, Transport TCP
+- Go to Logging section as described in [Eset documentation](https://help.eset.com/esmc_admin/72/en-US/admin_server_settings.html?admin_server_settings_export_to_syslog.html) and enable JSON
+
+[← Back to Connectors Index](../connectors-index.md)