Merge pull request #312512 from v-alje/AUTOGEN-Sentinel-connectors-Mon_Mar_02_2026-1500

denrea · web-flow · commit 533109721214 · 2026-03-02T16:16:27.000-08:00
[AUTOGEN] PR for Sentinel connectors
diff --git a/articles/sentinel/includes/connector-details.md b/articles/sentinel/includes/connector-details.md
@@ -2,9 +2,9 @@
 author: EdB-MSFT
 ms.author: edbaynash
 ms.topic: include
-ms.date: 02/26/2026
+ms.date: 03/02/2026
 
-# This file is auto-generated. Do not edit manually. Changes will be overwritten.
+# This file is auto-generated . Do not edit manually. Changes will be overwritten.
 ---
 
 <a name="1password-serverless"></a><details><summary>**1Password (Serverless)**</summary>
@@ -880,6 +880,31 @@ The BETTER MTD Connector allows Enterprises to connect their Better MTD instance
 
  ---
    
+<a name="beyondtrust-pm-cloud"></a><details><summary>**BeyondTrust PM Cloud**</summary>
+
+**Supported by:** [BeyondTrust](https://www.beyondtrust.com/docs/index.htm)
+
+The BeyondTrust Privilege Management Cloud data connector provides the capability to ingest activity audit logs and client event logs from BeyondTrust PM Cloud into Microsoft Sentinel.
+
+This connector uses Azure Functions to pull data from the BeyondTrust PM Cloud API and ingest it into custom Log Analytics tables.
+
+**Log Analytics table(s):**  
+
+|Table|DCR support|Lake-only ingestion|
+|---|---|---|
+|`BeyondTrustPM_ActivityAudits_CL`|No|No|
+|`BeyondTrustPM_ClientEvents_CL`|No|No|
+
+**Data collection rule support:** Not currently supported
+
+**Prerequisites:**
+
+- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).
+- **BeyondTrust PM Cloud API credentials**: BeyondTrust PM Cloud OAuth Client ID and Client Secret are required. The API account requires the following permissions: Audit - Read Only and Reporting - Read Only<br><br>
+</details> 
+
+ ---
+   
 <a name="bigid-dspm-connector"></a><details><summary>**BigID DSPM connector**</summary>
 
 **Supported by:** [BigID](https://support.bigid.com/)
@@ -1117,8 +1142,8 @@ The Cisco Cloud Security solution for Microsoft Sentinel enables you to ingest [
 |`Cisco_Umbrella_dns_CL`|Yes|Yes|
 |`Cisco_Umbrella_proxy_CL`|Yes|Yes|
 |`Cisco_Umbrella_ip_CL`|Yes|Yes|
-|`Cisco_Umbrella_cloudfirewall_CL`|Yes|Yes|
-|`Cisco_Umbrella_firewall_CL`|Yes|Yes|
+|`Cisco_Umbrella_cloudfirewall_CL`|No|No|
+|`Cisco_Umbrella_firewall_CL`|No|No|
 |`Cisco_Umbrella_dlp_CL`|No|No|
 |`Cisco_Umbrella_ravpnlogs_CL`|No|No|
 |`Cisco_Umbrella_audit_CL`|No|No|
@@ -1152,8 +1177,8 @@ The Cisco Umbrella data connector provides the capability to ingest [Cisco Umbre
 |`Cisco_Umbrella_dns_CL`|Yes|Yes|
 |`Cisco_Umbrella_proxy_CL`|Yes|Yes|
 |`Cisco_Umbrella_ip_CL`|Yes|Yes|
-|`Cisco_Umbrella_cloudfirewall_CL`|Yes|Yes|
-|`Cisco_Umbrella_firewall_CL`|Yes|Yes|
+|`Cisco_Umbrella_cloudfirewall_CL`|No|No|
+|`Cisco_Umbrella_firewall_CL`|No|No|
 |`Cisco_Umbrella_dlp_CL`|No|No|
 |`Cisco_Umbrella_ravpnlogs_CL`|No|No|
 |`Cisco_Umbrella_audit_CL`|No|No|
@@ -2391,11 +2416,11 @@ The F5 firewall connector allows you to easily connect your F5 logs with Microso
 
  ---
    
-<a name="feedly"></a><details><summary>**Feedly**</summary>
+<a name="feedly-ioc"></a><details><summary>**Feedly IoC**</summary>
 
 **Supported by:** [Feedly Inc](https://blog.feedly.com/help/)
 
-This connector allows you to ingest IoCs from Feedly.
+The [Feedly](https://feedly.com/) IoC data connector provides the capability to ingest Indicators of Compromise (IoCs) from Feedly API into Microsoft Sentinel.
 
 **Log Analytics table(s):**  
 
@@ -2407,8 +2432,7 @@ This connector allows you to ingest IoCs from Feedly.
 
 **Prerequisites:**
 
-- **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).
-- **Custom prerequisites if necessary, otherwise delete this customs tag**: Description for any custom pre-requisites<br><br>
+- **Feedly API access**: Access to the Feedly API is required. You need a Feedly API token with access to the IoC streams you want to ingest. Generate your API token at https://feedly.com/i/team/api<br><br>
 </details> 
 
  ---
@@ -2423,9 +2447,9 @@ The [Flare](https://flare.io) connector provides the capability to ingest threat
 
 |Table|DCR support|Lake-only ingestion|
 |---|---|---|
-|`FireworkV2_CL`|No|No|
+|`FireworkV2_CL`|Yes|Yes|
 
-**Data collection rule support:** Not currently supported
+**Data collection rule support:** [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)
 
 **Prerequisites:**
 
@@ -4069,12 +4093,12 @@ The Mimecast products included within the connector are:
 
 |Table|DCR support|Lake-only ingestion|
 |---|---|---|
-|`Awareness_Performance_Details_CL`|No|No|
-|`Awareness_SafeScore_Details_CL`|No|No|
-|`Awareness_User_Data_CL`|No|No|
-|`Awareness_Watchlist_Details_CL`|No|No|
+|`Awareness_Performance_Details_CL`|Yes|Yes|
+|`Awareness_SafeScore_Details_CL`|Yes|Yes|
+|`Awareness_User_Data_CL`|Yes|Yes|
+|`Awareness_Watchlist_Details_CL`|Yes|Yes|
 
-**Data collection rule support:** Not currently supported
+**Data collection rule support:** [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)
 
 **Prerequisites:**
 
@@ -4164,10 +4188,10 @@ The data connector for [Mimecast Secure Email Gateway](https://integrations.mime
 
 |Table|DCR support|Lake-only ingestion|
 |---|---|---|
-|`Seg_Cg_CL`|No|No|
-|`Seg_Dlp_CL`|No|No|
+|`Seg_Cg_CL`|Yes|Yes|
+|`Seg_Dlp_CL`|Yes|Yes|
 
-**Data collection rule support:** Not currently supported
+**Data collection rule support:** [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)
 
 **Prerequisites:**
 
@@ -4236,11 +4260,11 @@ The Mimecast products included within the connector are:
 
 |Table|DCR support|Lake-only ingestion|
 |---|---|---|
-|`Ttp_Url_CL`|No|No|
-|`Ttp_Attachment_CL`|No|No|
-|`Ttp_Impersonation_CL`|No|No|
+|`Ttp_Url_CL`|Yes|Yes|
+|`Ttp_Attachment_CL`|Yes|Yes|
+|`Ttp_Impersonation_CL`|Yes|Yes|
 
-**Data collection rule support:** Not currently supported
+**Data collection rule support:** [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)
 
 **Prerequisites:**
 
diff --git a/articles/sentinel/includes/deprecated-connectors.md b/articles/sentinel/includes/deprecated-connectors.md
@@ -2,9 +2,9 @@
 author: EdB-MSFT
 ms.author: edbaynash
 ms.topic: include
-ms.date: 02/26/2026
+ms.date: 03/02/2026
 
-# This file is auto-generated. Do not edit manually. Changes will be overwritten.
+# This file is auto-generated . Do not edit manually. Changes will be overwritten.
 ---
 
 <a name="deprecated-github-enterprise-audit-log"></a><details><summary>**[Deprecated] GitHub Enterprise Audit Log**</summary>
diff --git a/articles/sentinel/includes/sentinel-tables-connectors.md b/articles/sentinel/includes/sentinel-tables-connectors.md
@@ -2,7 +2,7 @@
 author: EdB-MSFT
 ms.author: edbaynash
 ms.topic: include
-ms.date: 02/26/2026    
+ms.date: 03/02/2026    
 # This file is auto-generated. Do not edit manually. Changes will be overwritten.
 ---
 
@@ -53,10 +53,10 @@ ms.date: 02/26/2026
 |Audits_Data_CL|[Vectra XDR (using Azure Functions)](/azure/sentinel/data-connectors-reference#vectra-xdr-using-azure-functions)|Yes|Yes|
 |Auth0AM_CL|[Auth0 Access Management (using Azure Functions)](/azure/sentinel/data-connectors-reference#auth0-access-management-using-azure-functions)|No|No|
 |Auth0Logs_CL|[Auth0 Logs](/azure/sentinel/data-connectors-reference#auth0-logs)|Yes|Yes|
-|Awareness_Performance_Details_CL|[Mimecast Awareness Training](/azure/sentinel/data-connectors-reference#mimecast-awareness-training)|No|No|
-|Awareness_SafeScore_Details_CL|[Mimecast Awareness Training](/azure/sentinel/data-connectors-reference#mimecast-awareness-training)|No|No|
-|Awareness_User_Data_CL|[Mimecast Awareness Training](/azure/sentinel/data-connectors-reference#mimecast-awareness-training)|No|No|
-|Awareness_Watchlist_Details_CL|[Mimecast Awareness Training](/azure/sentinel/data-connectors-reference#mimecast-awareness-training)|No|No|
+|Awareness_Performance_Details_CL|[Mimecast Awareness Training](/azure/sentinel/data-connectors-reference#mimecast-awareness-training)|Yes|Yes|
+|Awareness_SafeScore_Details_CL|[Mimecast Awareness Training](/azure/sentinel/data-connectors-reference#mimecast-awareness-training)|Yes|Yes|
+|Awareness_User_Data_CL|[Mimecast Awareness Training](/azure/sentinel/data-connectors-reference#mimecast-awareness-training)|Yes|Yes|
+|Awareness_Watchlist_Details_CL|[Mimecast Awareness Training](/azure/sentinel/data-connectors-reference#mimecast-awareness-training)|Yes|Yes|
 |AWSCloudFront_AccessLog_CL|[Amazon Web Services CloudFront (via Codeless Connector Framework) (Preview)](/azure/sentinel/data-connectors-reference#amazon-web-services-cloudfront-via-codeless-connector-framework-preview)|Yes|Yes|
 |[AWSCloudTrail](/azure/azure-monitor/reference/tables/AWSCloudTrail)|[Amazon Web Services S3](/azure/sentinel/data-connectors-reference#amazon-web-services-s3)<br>[Amazon Web Services](/azure/sentinel/data-connectors-reference#amazon-web-services)|Yes|Yes|
 |[AWSCloudWatch](/azure/azure-monitor/reference/tables/AWSCloudWatch)|[Amazon Web Services S3](/azure/sentinel/data-connectors-reference#amazon-web-services-s3)|Yes|Yes|
@@ -83,6 +83,8 @@ ms.date: 02/26/2026
 |BetterMTDDeviceLog_CL|[BETTER Mobile Threat Defense (MTD)](/azure/sentinel/data-connectors-reference#better-mobile-threat-defense-mtd)|No|No|
 |BetterMTDIncidentLog_CL|[BETTER Mobile Threat Defense (MTD)](/azure/sentinel/data-connectors-reference#better-mobile-threat-defense-mtd)|No|No|
 |BetterMTDNetflowLog_CL|[BETTER Mobile Threat Defense (MTD)](/azure/sentinel/data-connectors-reference#better-mobile-threat-defense-mtd)|No|No|
+|BeyondTrustPM_ActivityAudits_CL|[BeyondTrust PM Cloud](/azure/sentinel/data-connectors-reference#beyondtrust-pm-cloud)|No|No|
+|BeyondTrustPM_ClientEvents_CL|[BeyondTrust PM Cloud](/azure/sentinel/data-connectors-reference#beyondtrust-pm-cloud)|No|No|
 |BigIDDSPMCatalog_CL|[BigID DSPM connector](/azure/sentinel/data-connectors-reference#bigid-dspm-connector)|Yes|Yes|
 |BitglassLogs_CL|[Bitglass (using Azure Functions)](/azure/sentinel/data-connectors-reference#bitglass-using-azure-functions)|No|No|
 |BitsightAlerts_data_CL|[Bitsight data connector (using Azure Functions)](/azure/sentinel/data-connectors-reference#bitsight-data-connector-using-azure-functions)|Yes|Yes|
@@ -105,11 +107,11 @@ ms.date: 02/26/2026
 |CarbonBlackNotifications_CL|[VMware Carbon Black Cloud (using Azure Functions)](/azure/sentinel/data-connectors-reference#vmware-carbon-black-cloud-using-azure-functions)|No|No|
 |CBSLog_Azure_1_CL|[Cyber Blind Spot Integration (using Azure Functions)](/azure/sentinel/data-connectors-reference#cyber-blind-spot-integration-using-azure-functions)|No|No|
 |Cisco_Umbrella_audit_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|No|No|
-|Cisco_Umbrella_cloudfirewall_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|Yes|Yes|
+|Cisco_Umbrella_cloudfirewall_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|No|No|
 |Cisco_Umbrella_dlp_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|No|No|
 |Cisco_Umbrella_dns_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|Yes|Yes|
 |Cisco_Umbrella_fileevent_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|No|No|
-|Cisco_Umbrella_firewall_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|Yes|Yes|
+|Cisco_Umbrella_firewall_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|No|No|
 |Cisco_Umbrella_intrusion_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|No|No|
 |Cisco_Umbrella_ip_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|Yes|Yes|
 |Cisco_Umbrella_proxy_CL|[Cisco Cloud Security (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-azure-functions)<br>[Cisco Cloud Security (using elastic premium plan) (using Azure Functions)](/azure/sentinel/data-connectors-reference#cisco-cloud-security-using-elastic-premium-plan-using-azure-functions)|Yes|Yes|
@@ -238,9 +240,9 @@ ms.date: 02/26/2026
 |F5Telemetry_LTM_CL|[F5 BIG-IP](/azure/sentinel/data-connectors-reference#f5-big-ip)|No|No|
 |F5Telemetry_system_CL|[F5 BIG-IP](/azure/sentinel/data-connectors-reference#f5-big-ip)|Yes|Yes|
 |Failed_Range_To_Ingest_CL|[Infoblox Data Connector via REST API](/azure/sentinel/data-connectors-reference#infoblox-data-connector-via-rest-api)|No|No|
-|feedly_indicators_CL|[Feedly](/azure/sentinel/data-connectors-reference#feedly)|No|No|
+|feedly_indicators_CL|[Feedly IoC](/azure/sentinel/data-connectors-reference#feedly-ioc)|No|No|
 |FinanceOperationsActivity_CL|[Dynamics 365 Finance and Operations](/azure/sentinel/data-connectors-reference#dynamics-365-finance-and-operations)|Yes|Yes|
-|FireworkV2_CL|[Flare Push Connector](/azure/sentinel/data-connectors-reference#flare-push-connector)|No|No|
+|FireworkV2_CL|[Flare Push Connector](/azure/sentinel/data-connectors-reference#flare-push-connector)|Yes|Yes|
 |fluentbit_CL|[Azure CloudNGFW By Palo Alto Networks](/azure/sentinel/data-connectors-reference#azure-cloudngfw-by-palo-alto-networks)|Yes|Yes|
 |FncEventsDetections_CL|[Fortinet FortiNDR Cloud](/azure/sentinel/data-connectors-reference#fortinet-fortindr-cloud)|No|No|
 |FncEventsObservation_CL|[Fortinet FortiNDR Cloud](/azure/sentinel/data-connectors-reference#fortinet-fortindr-cloud)|No|No|
@@ -393,8 +395,8 @@ ms.date: 02/26/2026
 |SecurityBridgeLogs_CL|[Custom logs via AMA](/azure/sentinel/data-connectors-reference#custom-logs-via-ama)|Yes|Yes|
 |[SecurityEvent](/azure/azure-monitor/reference/tables/SecurityEvent)|[Cyborg Security HUNTER Hunt Packages](/azure/sentinel/data-connectors-reference#cyborg-security-hunter-hunt-packages)<br>[Microsoft Active-Directory Domain Controllers Security Event Logs](/azure/sentinel/data-connectors-reference#microsoft-active-directory-domain-controllers-security-event-logs)<br>[Security Events via Legacy Agent](/azure/sentinel/data-connectors-reference#security-events-via-legacy-agent)<br>[Windows Security Events via AMA](/azure/sentinel/data-connectors-reference#windows-security-events-via-ama)<br>[[Deprecated] Microsoft Exchange Logs and Events](/azure/sentinel/data-connectors-reference#deprecated-microsoft-exchange-logs-and-events)|Yes|Yes|
 |SecurityIncident|[Derdack SIGNL4](/azure/sentinel/data-connectors-reference#derdack-signl4)<br>[Microsoft Defender XDR](/azure/sentinel/data-connectors-reference#microsoft-defender-xdr)|Yes|Yes|
-|Seg_Cg_CL|[Mimecast Secure Email Gateway](/azure/sentinel/data-connectors-reference#mimecast-secure-email-gateway)|No|No|
-|Seg_Dlp_CL|[Mimecast Secure Email Gateway](/azure/sentinel/data-connectors-reference#mimecast-secure-email-gateway)|No|No|
+|Seg_Cg_CL|[Mimecast Secure Email Gateway](/azure/sentinel/data-connectors-reference#mimecast-secure-email-gateway)|Yes|Yes|
+|Seg_Dlp_CL|[Mimecast Secure Email Gateway](/azure/sentinel/data-connectors-reference#mimecast-secure-email-gateway)|Yes|Yes|
 |SentinelOne_CL|[SentinelOne (using Azure Functions)](/azure/sentinel/data-connectors-reference#sentinelone-using-azure-functions)|Yes|Yes|
 |SentinelOneActivities_CL|[SentinelOne](/azure/sentinel/data-connectors-reference#sentinelone)|Yes|Yes|
 |SentinelOneAgents_CL|[SentinelOne](/azure/sentinel/data-connectors-reference#sentinelone)|Yes|Yes|
@@ -443,9 +445,9 @@ ms.date: 02/26/2026
 |TrendMicro_XDR_RCA_Result_CL|[Trend Vision One (using Azure Functions)](/azure/sentinel/data-connectors-reference#trend-vision-one-using-azure-functions)|No|No|
 |TrendMicro_XDR_RCA_Task_CL|[Trend Vision One (using Azure Functions)](/azure/sentinel/data-connectors-reference#trend-vision-one-using-azure-functions)|No|No|
 |TrendMicro_XDR_WORKBENCH_CL|[Trend Vision One (using Azure Functions)](/azure/sentinel/data-connectors-reference#trend-vision-one-using-azure-functions)|No|No|
-|Ttp_Attachment_CL|[Mimecast Targeted Threat Protection](/azure/sentinel/data-connectors-reference#mimecast-targeted-threat-protection)|No|No|
-|Ttp_Impersonation_CL|[Mimecast Targeted Threat Protection](/azure/sentinel/data-connectors-reference#mimecast-targeted-threat-protection)|No|No|
-|Ttp_Url_CL|[Mimecast Targeted Threat Protection](/azure/sentinel/data-connectors-reference#mimecast-targeted-threat-protection)|No|No|
+|Ttp_Attachment_CL|[Mimecast Targeted Threat Protection](/azure/sentinel/data-connectors-reference#mimecast-targeted-threat-protection)|Yes|Yes|
+|Ttp_Impersonation_CL|[Mimecast Targeted Threat Protection](/azure/sentinel/data-connectors-reference#mimecast-targeted-threat-protection)|Yes|Yes|
+|Ttp_Url_CL|[Mimecast Targeted Threat Protection](/azure/sentinel/data-connectors-reference#mimecast-targeted-threat-protection)|Yes|Yes|
 |Ubiquiti_CL|[Custom logs via AMA](/azure/sentinel/data-connectors-reference#custom-logs-via-ama)|Yes|Yes|
 |union isfuzzy=true (WizAuditLogs_CL),(WizAuditLogsV2_CL)|[Wiz (using Azure Functions)](/azure/sentinel/data-connectors-reference#wiz-using-azure-functions)|No|No|
 |union isfuzzy=true (WizIssues_CL),(WizIssuesV2_CL)|[Wiz (using Azure Functions)](/azure/sentinel/data-connectors-reference#wiz-using-azure-functions)|No|No|
