revert changes for DCs w/ broken links

cwatson-cat · cwatson-cat · commit 8216156402f3 · 2024-01-12T15:08:19.000-08:00
diff --git a/articles/sentinel/data-connectors/blackberry-cylanceprotect.md b/articles/sentinel/data-connectors/blackberry-cylanceprotect.md
@@ -3,7 +3,7 @@ title: "Blackberry CylancePROTECT connector for Microsoft Sentinel"
 description: "Learn how to install the connector Blackberry CylancePROTECT to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 01/06/2024
+ms.date: 03/25/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
@@ -76,7 +76,7 @@ Configure the facilities you want to collect and their severities.
 
 3. Configure and connect the CylancePROTECT
 
-[Follow these instructions](https://docs.blackberry.com/content/dam/docs-blackberry-com/release-pdfs/en/cylance-products/syslog-guides/Cylance%20Syslog%20Guide%20v2.0%20rev12.pdf) to configure the CylancePROTECT to forward syslog. Use the IP address or hostname for the Linux device with the Linux agent installed as the Destination IP address.
+ Use the IP address or hostname for the Linux device with the Linux agent installed as the Destination IP address.
 
 
 
diff --git a/articles/sentinel/data-connectors/cisco-stealthwatch.md b/articles/sentinel/data-connectors/cisco-stealthwatch.md
@@ -3,21 +3,21 @@ title: "Cisco Stealthwatch connector for Microsoft Sentinel"
 description: "Learn how to install the connector Cisco Stealthwatch to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 01/06/2024
+ms.date: 02/23/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
 
 # Cisco Stealthwatch connector for Microsoft Sentinel
 
-The [Cisco Stealthwatch](https://www.cisco.com/c/en/us/products/security/stealthwatch/index.html) data connector provides the capability to ingest [Cisco Stealthwatch events](https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/management_console/securit_events_alarm_categories/SW_7_2_1_Security_Events_and_Alarm_Categories_DV_1_0.pdf) into Microsoft Sentinel. Refer to [Cisco Stealthwatch documentation](https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/system_installation_configuration/SW_7_3_2_System_Configuration_Guide_DV_1_0.pdf) for more information.
+The [Cisco Stealthwatch](https://www.cisco.com/c/en/us/products/security/stealthwatch/index.html) data connector provides the capability to ingest [Cisco Stealthwatch events](https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/management_console/securit_events_alarm_categories/SW_7_2_1_Security_Events_and_Alarm_Categories_DV_1_0.pdf) into Microsoft Sentinel.
 
 ## Connector attributes
 
 | Connector attribute | Description |
 | --- | --- |
 | **Log Analytics table(s)** | Syslog (StealthwatchEvent)<br/> |
-| **Data collection rules support** | [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal) |
+| **Data collection rules support** | [Workspace transform DCR](../../azure-monitor/logs/tutorial-workspace-transformations-portal.md) |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
 
 ## Query samples
diff --git a/articles/sentinel/data-connectors/crowdstrike-falcon-data-replicator-using-azure-functions.md b/articles/sentinel/data-connectors/crowdstrike-falcon-data-replicator-using-azure-functions.md
@@ -3,7 +3,7 @@ title: "Crowdstrike Falcon Data Replicator (using Azure Functions) connector for
 description: "Learn how to install the connector Crowdstrike Falcon Data Replicator (using Azure Functions) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 01/06/2024
+ms.date: 07/26/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
@@ -19,7 +19,6 @@ The [Crowdstrike](https://www.crowdstrike.com/) Falcon Data Replicator connector
 | **Application settings** | AWS_KEY<br/>AWS_SECRET<br/>AWS_REGION_NAME<br/>QUEUE_URL<br/>WorkspaceID<br/>WorkspaceKey<br/>logAnalyticsUri (optional) |
 | **Azure function app code** | https://aka.ms/sentinel-CrowdstrikeReplicator-functionapp |
 | **Kusto function alias** | CrowdstrikeReplicator |
-| **Kusto function url** | https://aka.ms/sentinel-crowdstrikereplicator-parser |
 | **Log Analytics table(s)** | CrowdstrikeReplicatorLogs_CL<br/> |
 | **Data collection rules support** | Not currently supported |
 | **Supported by** | [Microsoft Corporation](https://support.microsoft.com) |
@@ -50,11 +49,11 @@ To integrate with Crowdstrike Falcon Data Replicator (using Azure Functions) mak
    >  This connector uses Azure Functions to connect to the S3 bucket to pull logs into Microsoft Sentinel. This might result in additional data ingestion costs. Check the [Azure Functions pricing page](https://azure.microsoft.com/pricing/details/functions/) for details.
 
 
-**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.
+>**(Optional Step)** Securely store workspace and API authorization key(s) or token(s) in Azure Key Vault. Azure Key Vault provides a secure mechanism to store and retrieve key values. [Follow these instructions](/azure/app-service/app-service-key-vault-references) to use Azure Key Vault with an Azure Function App.
 
 
 > [!NOTE]
-   >  This data connector depends on a parser based on a Kusto Function to work as expected. [Follow these steps](https://aka.ms/sentinel-crowdstrikereplicator-parser) to create the Kusto functions alias, **CrowdstrikeReplicator**.
+   >  This data connector depends on a parser based on a Kusto Function to work as expected.
 
 
 **STEP 1 - Contact CrowdStrike support to obtain the credentials and Queue URL.**
@@ -63,8 +62,7 @@ To integrate with Crowdstrike Falcon Data Replicator (using Azure Functions) mak
 
 **STEP 2 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**
 
-> [!IMPORTANT]
-> Before deploying the Crowdstrike Falcon Data Replicator connector, have the Workspace ID and Workspace Primary Key (can be copied from the following).
+>**IMPORTANT:** Before deploying the Crowdstrike Falcon Data Replicator connector, have the Workspace ID and Workspace Primary Key (can be copied from the following).
 
 
 
@@ -76,8 +74,7 @@ Use this method for automated deployment of the Crowdstrike Falcon Data Replicat
 
 	[![Deploy To Azure](https://aka.ms/deploytoazurebutton)](https://aka.ms/sentinel-CrowdstrikeReplicator-azuredeploy)
 2. Select the preferred **AWS_SECRET**, **AWS_REGION_NAME**, **AWS_KEY**, **QUEUE_URL**. 
-  
-   Within the same resource group, you can't mix Windows and Linux apps in the same region. Select existing resource group without Windows apps in it or create new resource group.
+> **NOTE:** Within the same resource group, you can't mix Windows and Linux apps in the same region. Select existing resource group without Windows apps in it or create new resource group.
 3. Enter the **AWS_SECRET**, **AWS_REGION_NAME**, **AWS_KEY**, **QUEUE_URL** and deploy. 
 4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. 
 5. Click **Purchase** to deploy.
@@ -89,7 +86,7 @@ Use the following step-by-step instructions to deploy the Crowdstrike Falcon Dat
 
 **1. Deploy a Function App**
 
-You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.
+> **NOTE:** You will need to [prepare VS code](/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.
 
 1. Download the [Azure Function App](https://aka.ms/sentinel-CrowdstrikeReplicator-functionapp) file. Extract archive to your local development computer.
 2. Start VS Code. Choose File in the main menu and select Open Folder.
@@ -119,17 +116,15 @@ If you're already signed in, go to the next step.
 
 1. In the Function App, select the Function App Name and select **Configuration**.
 2. In the **Application settings** tab, select ** New application setting**.
-3. Add each of the following application settings individually, with their respective string values (case-sensitive):
-
-	- AWS_KEY
-	- AWS_SECRET
-	- AWS_REGION_NAME
-	- QUEUE_URL
-	- WorkspaceID
-	- WorkspaceKey
-	- logAnalyticsUri (optional)
-  
-   Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://<CustomerId>.ods.opinsights.azure.us`.
+3. Add each of the following application settings individually, with their respective string values (case-sensitive): 
+		AWS_KEY
+		AWS_SECRET
+		AWS_REGION_NAME
+		QUEUE_URL
+		WorkspaceID
+		WorkspaceKey
+		logAnalyticsUri (optional)
+> - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://<CustomerId>.ods.opinsights.azure.us`.
 4. Once all application settings have been entered, click **Save**.
 
 
diff --git a/articles/sentinel/data-connectors/mcafee-epolicy-orchestrator-epo.md b/articles/sentinel/data-connectors/mcafee-epolicy-orchestrator-epo.md
@@ -3,14 +3,14 @@ title: "McAfee ePolicy Orchestrator (ePO) connector for Microsoft Sentinel"
 description: "Learn how to install the connector McAfee ePolicy Orchestrator (ePO) to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 01/06/2024
+ms.date: 03/25/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
 
 # McAfee ePolicy Orchestrator (ePO) connector for Microsoft Sentinel
 
-The McAfee ePolicy Orchestrator data connector provides the capability to ingest [McAfee ePO](https://www.mcafee.com/enterprise/en-us/products/epolicy-orchestrator.html) events into Microsoft Sentinel through the syslog. Refer to [documentation](https://docs.mcafee.com/bundle/epolicy-orchestrator-landing/page/GUID-0C40020F-5B7F-4549-B9CC-0E017BC8797F.html) for more information.
+The McAfee ePolicy Orchestrator data connector provides the capability to ingest [McAfee ePO](https://www.mcafee.com/enterprise/en-us/products/epolicy-orchestrator.html) events into Microsoft Sentinel through the syslog.
 
 ## Connector attributes
 
@@ -55,13 +55,6 @@ Configure the facilities you want to collect and their severities.
 2.  Select **Apply below configuration to my machines** and select the facilities and severities.
 3.  Click **Save**.
 
-
-3. Configure McAfee ePolicy Orchestrator event forwarding to Syslog server
-
-[Follow these instructions](https://docs.mcafee.com/bundle/epolicy-orchestrator-5.10.0-product-guide/page/GUID-5C5332B3-837A-4DDA-BE5C-1513A230D90A.html) to add register syslog server.
-
-
-
 ## Next steps
 
 For more information, go to the [related solution](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/azuresentinel.azure-sentinel-solution-mcafeeepo?tab=Overview) in the Azure Marketplace.
diff --git a/articles/sentinel/data-connectors/mcafee-network-security-platform.md b/articles/sentinel/data-connectors/mcafee-network-security-platform.md
@@ -3,14 +3,14 @@ title: "McAfee Network Security Platform connector for Microsoft Sentinel"
 description: "Learn how to install the connector McAfee Network Security Platform to connect your data source to Microsoft Sentinel."
 author: cwatson-cat
 ms.topic: how-to
-ms.date: 01/06/2024
+ms.date: 03/25/2023
 ms.service: microsoft-sentinel
 ms.author: cwatson
 ---
 
 # McAfee Network Security Platform connector for Microsoft Sentinel
 
-The [McAfee® Network Security Platform](https://www.mcafee.com/enterprise/en-us/products/network-security-platform.html) data connector provides the capability to ingest [McAfee® Network Security Platform events](https://docs.mcafee.com/bundle/network-security-platform-10.1.x-integration-guide-unmanaged/page/GUID-8C706BE9-6AC9-4641-8A53-8910B51207D8.html) into Microsoft Sentinel. Refer to [McAfee® Network Security Platform](https://docs.mcafee.com/bundle/network-security-platform-10.1.x-integration-guide-unmanaged/page/GUID-F7D281EC-1CC9-4962-A7A3-5A9D9584670E.html) for more information.
+The [McAfee® Network Security Platform](https://www.mcafee.com/enterprise/en-us/products/network-security-platform.html) data connector provides the capability to ingest McAfee® Network Security Platform events into Microsoft Sentinel.
 
 ## Connector attributes
 
@@ -23,46 +23,35 @@ The [McAfee® Network Security Platform](https://www.mcafee.com/enterprise/en-us
 ## Query samples
 
 **Top 10 Sources**
+
    ```kusto
-McAfeeNSPEvent
- 
+   McAfeeNSPEvent
    | summarize count() by tostring(DvcHostname)
- 
    | top 10 by count_
    ```
-
-
-
 ## Vendor installation instructions
 
-
 > [!NOTE]
-   >  This data connector depends on a parser based on a Kusto Function to work as expected [**McAfeeNSPEvent**](https://aka.ms/sentinel-mcafeensp-parser) which is deployed with the Microsoft Sentinel Solution.
-
-
-> [!NOTE]
-   >  This data connector has been developed using McAfee® Network Security Platform version: 10.1.x
-
-1. Install and onboard the agent for Linux or Windows
-
-Install the agent on the Server where the McAfee® Network Security Platform logs are forwarded.
-
-> Logs from McAfee® Network Security Platform Server deployed on Linux or Windows servers are collected by **Linux** or **Windows** agents.
-
-
+>  This data connector depends on a parser based on a Kusto Function to work as expected [**McAfeeNSPEvent**](https://aka.ms/sentinel-mcafeensp-parser) which is deployed with the Microsoft Sentinel Solution. This data connector has been developed using McAfee® Network Security Platform version: 10.1.x
 
+1. Install and onboard the agent for Linux or Windows.
 
-2. Configure McAfee® Network Security Platform event forwarding
+   Install the agent on the Server where the McAfee® Network Security Platform logs are forwarded.
 
-Follow the configuration steps below to get McAfee® Network Security Platform logs into Microsoft Sentinel.
-1. [Follow these instructions](https://docs.mcafee.com/bundle/network-security-platform-10.1.x-product-guide/page/GUID-E4A687B0-FAFB-4170-AC94-1D968A10380F.html) to forward alerts from the Manager to a syslog server.
-2. Add a syslog notification profile, [more details here](https://docs.mcafee.com/bundle/network-security-platform-10.1.x-product-guide/page/GUID-5BADD5D7-21AE-4E3B-AEE2-A079F3FD6A38.html). This is mandatory. While creating profile, to make sure that events are formatted correctly, enter the following text in the Message text box:
-		<SyslogAlertForwarderNSP>:|SENSOR_ALERT_UUID|ALERT_TYPE|ATTACK_TIME|ATTACK_NAME|ATTACK_ID
-		|ATTACK_SEVERITY|ATTACK_SIGNATURE|ATTACK_CONFIDENCE|ADMIN_DOMAIN|SENSOR_NAME|INTERFACE
-		|SOURCE_IP|SOURCE_PORT|DESTINATION_IP|DESTINATION_PORT|CATEGORY|SUB_CATEGORY
-		|DIRECTION|RESULT_STATUS|DETECTION_MECHANISM|APPLICATION_PROTOCOL|NETWORK_PROTOCOL|
+   Logs from McAfee® Network Security Platform Server deployed on Linux or Windows servers are collected by **Linux** or **Windows** agents.
 
+2. Configure McAfee® Network Security Platform event forwarding.
 
+   Follow the configuration steps below to get McAfee® Network Security Platform logs into Microsoft Sentinel.
+   
+   1. While creating a profile, to make sure that events are formatted correctly, enter the following text in the Message text box:
+   
+      ```text
+      <SyslogAlertForwarderNSP>:|SENSOR_ALERT_UUID|ALERT_TYPE|ATTACK_TIME|ATTACK_NAME|ATTACK_ID
+      |ATTACK_SEVERITY|ATTACK_SIGNATURE|ATTACK_CONFIDENCE|ADMIN_DOMAIN|SENSOR_NAME|INTERFACE
+      |SOURCE_IP|SOURCE_PORT|DESTINATION_IP|DESTINATION_PORT|CATEGORY|SUB_CATEGORY
+      |DIRECTION|RESULT_STATUS|DETECTION_MECHANISM|APPLICATION_PROTOCOL|NETWORK_PROTOCOL|
+      ```
 
 ## Next steps
 
