Merge pull request Azure#13246 from cyeragit/cyera-dspm

Cyera DSPM Update

Author: v-dvedak

Solutions/CyeraDSPM/Data Connectors/CyeraDSPM_CCF/CyeraDSPMLogs_ConnectorDefinitionCCF.json

@@ -36,7 +36,7 @@
           "name": "CyeraIdentities_CL"
         }
       ],
-      "descriptionMarkdown": "The [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM tenant and ingesting Classifications, Assets, Issues, and Identity Resources/Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Framework and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once recieced can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.",
+      "descriptionMarkdown": "The [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM tenant and ingesting Classifications, Assets, Issues, and Identity Resources/Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Framework and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once received can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.",
       "graphQueries": [
         {
           "baseQuery": "CyeraClassifications_CL",
@@ -372,7 +372,7 @@
         ]
       },
       "publisher": "Cyera Inc",
-      "title": "Cyera DSPM Azure Sentinel Data Connector"
+      "title": "Cyera DSPM Microsoft Sentinel Data Connector"
     },
     "createdTimeUtc": "2025-10-31T15:13:26.2481931Z",
     "lastModifiedUtc": "2025-10-31T15:13:26.2481931Z"

Solutions/CyeraDSPM/Data Connectors/CyeraDSPM_CCF/CyeraDSPM_DCR.json

@@ -2,9 +2,9 @@
           "type": "Microsoft.Insights/dataCollectionRules",
           "apiVersion": "2025-09-01",
           "name": "CyeraDSPMDCR",
-          "location": "{{location}}",
+          "location": "{{workspace-location}}",
           "properties": {
-            "dataCollectionEndpointId": "CyeraDSPMDataCollectionEndpoint",
+            "dataCollectionEndpointId": "[concat('/subscriptions/',parameters('subscription'),'/resourceGroups/',parameters('resourceGroupName'),'/providers/Microsoft.Insights/dataCollectionEndpoints/',parameters('workspace'))]",
             "streamDeclarations": {
               "Custom-CyeraAssets_SRC": {
                 "columns": [
@@ -546,7 +546,7 @@
             "destinations": {
               "logAnalytics": [
                 {
-                  "workspaceResourceId": "{workspaceName}",
+                  "workspaceResourceId": "{{workspaceResourceId}}",
                   "name": "cyeradspm"
                 }
               ]

Solutions/CyeraDSPM/Data Connectors/CyeraDSPM_Functions/FunctionAppDC.json

@@ -1,9 +1,9 @@
 {
     "id": "CyeraFunctionsConnector",
-    "title": "Cyera DSPM Azure Functions Sentinel Data Connector",
+    "title": "Cyera DSPM Azure Functions Microsoft Sentinel Data Connector",
     "publisher": "Cyera Inc",
     "logo": "{{icon-url}}",
-    "descriptionMarkdown": "The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera\u2019s **Data Security Posture Management (DSPM)** telemetry \u2014 *Assets*, *Identities*, *Issues*, and *Classifications* \u2014 into **Microsoft Sentinel**.\\n\\nThis connector uses an **Azure Function App** to call Cyera\u2019s REST API on a schedule, fetch the latest DSPM telemetry, and send it to Sentinel through the **Azure Monitor Logs Ingestion API** via a **Data Collection Endpoint (DCE)** and **Data Collection Rule (DCR, kind: Direct)** \u2014 no agents required.\\n\\n**Tables created/used**\\n\\n| Entity | Table | Purpose |\\n|---|---|---|\\n| Assets | `CyeraAssets_CL` | Raw asset metadata and data-store context |\\n| Identities | `CyeraIdentities_CL` | Identity definitions and sensitivity context |\\n| Issues | `CyeraIssues_CL` | Findings and remediation details |\\n| Classifications | `CyeraClassifications_CL` | Data class & sensitivity definitions |\\n| MS View | `CyeraAssets_MS_CL` | Normalized asset view for dashboards |\\n\\n> **Note:** This v7 connector supersedes the earlier CCF-based approach and aligns with Microsoft\u2019s recommended Direct ingestion path for Sentinel.",
+    "descriptionMarkdown": "The **Cyera DSPM Azure Function Connector** enables seamless ingestion of Cyera\u2019s **Data Security Posture Management (DSPM)** telemetry \u2014 *Assets*, *Identities*, *Issues*, and *Classifications* \u2014 into **Microsoft Sentinel**.\\n\\nThis connector uses an **Azure Function App** to call Cyera\u2019s REST API on a schedule, fetch the latest DSPM telemetry, and send it to Microsoft Sentinel through the **Azure Monitor Logs Ingestion API** via a **Data Collection Endpoint (DCE)** and **Data Collection Rule (DCR, kind: Direct)** \u2014 no agents required.\\n\\n**Tables created/used**\\n\\n| Entity | Table | Purpose |\\n|---|---|---|\\n| Assets | `CyeraAssets_CL` | Raw asset metadata and data-store context |\\n| Identities | `CyeraIdentities_CL` | Identity definitions and sensitivity context |\\n| Issues | `CyeraIssues_CL` | Findings and remediation details |\\n| Classifications | `CyeraClassifications_CL` | Data class & sensitivity definitions |\\n| MS View | `CyeraAssets_MS_CL` | Normalized asset view for dashboards |\\n\\n> **Note:** This v7 connector supersedes the earlier CCF-based approach and aligns with Microsoft\u2019s recommended Direct ingestion path for Microsoft Sentinel.",
     "additionalRequirementBanner": "This connector deploys KQL transforms in the DCR. No parser function is required.",
     "graphQueries": [
         {
@@ -157,7 +157,7 @@
                 {
                     "parameters": {
                         "fillWith": [
-                            "{{workspace}}"
+                            "{{workspace-location}}"
                         ],
                         "label": "Workspace Name"
                     },

Solutions/CyeraDSPM/Data/Solution_Cyera.json

@@ -1,7 +1,7 @@
 {
   "Name": "CyeraDSPM",
   "Author": "Cyera DSPM OCTO Team - [email protected]",
-  "Logo": "<img src=\"https://raw.githubusercontent.com/joshua-acklin-cyera/Azure-Sentinel/refs/heads/cyera-dspm/Logos/CyeraDSPM_logo.svg\" width=\"75px\" height=\"75px\">",
+  "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cyera_icon.svg\" width=\"75px\" height=\"75px\">",
   "Description": "The [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM instance and ingesting Classifications, Assets, Issues, and Identity Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Platform and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once recieced can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.",
   "Data Connectors": [
     "Data Connectors/CyeraDSPM_CCF/CyeraDSPMLogs_ConnectorDefinitionCCF.json",

Solutions/CyeraDSPM/Package/3.0.0.zip

@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/joshua-acklin-cyera/Azure-Sentinel/refs/heads/cyera-dspm/Logos/CyeraDSPM_logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyeraDSPM/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM instance and ingesting Classifications, Assets, Issues, and Identity Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Platform and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once recieced can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.\n\n**Data Connectors:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cyera_icon.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyeraDSPM/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Cyera DSPM](https://api.cyera.io/) data connector allows you to connect to your Cyera's DSPM instance and ingesting Classifications, Assets, Issues, and Identity Definitions into Microsoft Sentinel. The data connector is built on Microsoft Sentinel's Codeless Connector Platform and uses the Cyera's API to fetch Cyera's [DSPM Telemetry](https://www.cyera.com/) once recieced can be correlated with security events creating custom columns so that queries don't need to parse it again, thus resulting in better performance.\n\n**Data Connectors:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -60,7 +60,7 @@
             "name": "dataconnectors1-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "This Solution installs the data connector for Cyera DSPM Azure Sentinel Data Connector. You can get Cyera DSPM Azure Sentinel Data Connector data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
+              "text": "This Solution installs the data connector for Cyera DSPM Microsoft Sentinel Data Connector. You can get Cyera DSPM Microsoft Sentinel Data Connector data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
             }
           },
           {