Merge pull request #314658 from v-alje/AUTOGEN-Sentinel-connectors-Mon_Apr_13_2026-1302

v-dirichards · web-flow · commit b13d8df574c3 · 2026-04-13T16:58:13.000-05:00
[AUTOGEN] PR for Sentinel connectors
diff --git a/articles/sentinel/includes/connector-details.md b/articles/sentinel/includes/connector-details.md
@@ -2,7 +2,7 @@
 author: EdB-MSFT
 ms.author: edbaynash
 ms.topic: include
-ms.date: 04/06/2026
+ms.date: 04/13/2026
 
 # This file is auto-generated. Do not edit manually. Changes will be overwritten.
 ---
@@ -2028,6 +2028,23 @@ Ingest IP reputation and malware URL indicators from Cyren using the Common Conn
 
  ---
    
+<a name="d3-smart-soar-incidents"></a><details><summary>**D3 Smart SOAR Incidents**</summary>
+
+**Supported by:** [D3 Security](https://d3security.com/company/contact/)
+
+The D3 Smart SOAR data connector pulls incidents from D3 Smart SOAR into Microsoft Sentinel using the D3 codeless REST API command endpoint.
+
+**Log Analytics table(s):**  
+
+|Table|DCR support|Lake-only ingestion|
+|---|---|---|
+|`D3SOARIncidents_CL`|No|No|
+
+**Data collection rule support:** Not currently supported<br><br>
+</details> 
+
+ ---
+   
 <a name="darktrace-connector-for-microsoft-sentinel-rest-api"></a><details><summary>**Darktrace Connector for Microsoft Sentinel REST API**</summary>
 
 **Supported by:** [Darktrace](https://darktrace.com/contact)
@@ -5055,6 +5072,42 @@ The [Netskope](https://docs.netskope.com/en/netskope-help/admin-console/rest-api
 
  ---
    
+<a name="netskope-web-transaction-connector-via-blob-storage"></a><details><summary>**Netskope Web Transaction Connector (via Blob Storage)**</summary>
+
+**Supported by:** [Netskope](https://support.netskope.com/access/)
+
+The Netskope Web Transaction connector ingests web transaction logs from Netskope Log Streaming into Microsoft Sentinel via Azure Blob Storage using the Codeless Connector Framework (CCF).
+
+**Log Analytics table(s):**  
+
+|Table|DCR support|Lake-only ingestion|
+|---|---|---|
+|`NetskopeWebTransactions_CL`|Yes|Yes|
+
+**Data collection rule support:** [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)
+
+**Prerequisites:**
+
+- **Subscription permissions**: You need permissions to create the data flow resources: 
+- storage queues (notification queue and dead-letter queue) 
+- event grid topic and subscription (to send 'blob created event' notifications to the notification queue) 
+- role assignments (to grant access for Microsoft Sentinel app to the blob container and the storage queues.)
+- **Storage Account Network Configuration**: Network restrictions (firewall/IP rules) on the Azure Blob Storage account are **not supported** for this connector due to [Azure Storage firewall restrictions and limitations](/azure/storage/common/storage-network-security-limitations):
+- IP network rules have**no effect**on requests originating from the same Azure region as the storage account.
+- IP network rules**cannot restrict**access to Azure services deployed in the same region, as these services use private Azure IP addresses for communication.
+- Virtual network service endpoint rules do not apply to clients in a paired region.
+
+Ensure the storage account's **Networking** blade is set to **Enabled from all networks**.
+- **Storage Account Role Assignments**: The following Azure RBAC roles must be assigned to the Microsoft Sentinel enterprise application service principal (displayed below) on the **Storage Account** that contains your blob container:
+- **Storage Blob Data Contributor** — required for reading blob data from the container.
+- **Storage Queue Data Contributor** — required for managing notification and dead-letter queue messages.
+
+To assign these roles: navigate to the Storage Account → **Access Control (IAM)** → **Add role assignment**, search for the service principal ID shown below, and assign both roles.
+- **Collecting data from Netskope to your blob container**: Follow the steps in the [Netskope Log Streaming documentation](https://docs.netskope.com/en/log-streaming.html) to configure Netskope to stream Web Transaction logs to your Azure Blob Storage container.<br><br>
+</details> 
+
+ ---
+   
 <a name="netskope-web-transactions-data-connector"></a><details><summary>**Netskope Web Transactions Data Connector**</summary>
 
 **Supported by:** [Netskope](https://support.netskope.com/access/)
@@ -5279,12 +5332,12 @@ The Open Systems Logs API Microsoft Sentinel Connector provides the capability t
 
 |Table|DCR support|Lake-only ingestion|
 |---|---|---|
-|`OpenSystemsZtnaLogs_CL`|No|No|
+|`OpenSystemsZtnaLogs_CL`|Yes|Yes|
 |`OpenSystemsFirewallLogs_CL`|No|No|
 |`OpenSystemsAuthenticationLogs_CL`|No|No|
 |`OpenSystemsProxyLogs_CL`|No|No|
 
-**Data collection rule support:** Not currently supported
+**Data collection rule support:** [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)
 
 **Prerequisites:**
 
@@ -5652,6 +5705,27 @@ Ingest Qscout application events into Microsoft Sentinel
 
  ---
    
+<a name="qualys-knowledge-base-via-codeless-connector-framework"></a><details><summary>**Qualys Knowledge Base (via Codeless Connector Framework)**</summary>
+
+**Supported by:** [Microsoft Corporation](https://support.microsoft.com/)
+
+Ingest Qualys Knowledge Base Vulnerability Data into Microsoft Sentinel using version 2.0 of the Qualys API.
+
+**Log Analytics table(s):**  
+
+|Table|DCR support|Lake-only ingestion|
+|---|---|---|
+|[`QualysKnowledgeBase`](/azure/azure-monitor/reference/tables/QualysKnowledgeBase)|Yes|Yes|
+
+**Data collection rule support:** [Workspace transform DCR](/azure/azure-monitor/logs/tutorial-workspace-transformations-portal)
+
+**Prerequisites:**
+
+- **Qualys API access**: Requires a Qualys User Account with read access to the Knowledge Base endpoints.<br><br>
+</details> 
+
+ ---
+   
 <a name="qualys-vm-knowledgebase-using-azure-functions"></a><details><summary>**Qualys VM KnowledgeBase (using Azure Functions)**</summary>
 
 **Supported by:** [Microsoft Corporation](https://support.microsoft.com/)
diff --git a/articles/sentinel/includes/sentinel-tables-connectors.md b/articles/sentinel/includes/sentinel-tables-connectors.md
@@ -2,7 +2,7 @@
 author: EdB-MSFT
 ms.author: edbaynash
 ms.topic: include
-ms.date: 04/06/2026    
+ms.date: 04/13/2026    
 # This file is auto-generated. Do not edit manually. Changes will be overwritten.
 ---
 
@@ -184,6 +184,7 @@ ms.date: 04/06/2026
 |Cymru_Scout_IP_Data_x509_CL|[Team Cymru Scout Data Connector (using Azure Functions)](/azure/sentinel/data-connectors-reference#team-cymru-scout-data-connector-using-azure-functions)|No|No|
 |CynerioEvent_CL|[Cynerio Security Events](/azure/sentinel/data-connectors-reference#cynerio-security-events)|No|No|
 |Cyren_Indicators_CL|[Cyren Threat Intelligence](/azure/sentinel/data-connectors-reference#cyren-threat-intelligence)|No|No|
+|D3SOARIncidents_CL|[D3 Smart SOAR Incidents](/azure/sentinel/data-connectors-reference#d3-smart-soar-incidents)|No|No|
 |darktrace_model_alerts_CL|[Darktrace Connector for Microsoft Sentinel REST API](/azure/sentinel/data-connectors-reference#darktrace-connector-for-microsoft-sentinel-rest-api)|Yes|Yes|
 |databahn_alerts_CL|[DataBahn](/azure/sentinel/data-connectors-reference#databahn)|No|No|
 |databahn_audit_logs_CL|[DataBahn](/azure/sentinel/data-connectors-reference#databahn)|No|No|
@@ -350,6 +351,7 @@ ms.date: 04/06/2026
 |net_assets_CL|[Holm Security Asset Data (using Azure Functions)](/azure/sentinel/data-connectors-reference#holm-security-asset-data-using-azure-functions)|No|No|
 |Netskope_WebTx_metrics_CL|[Netskope Data Connector](/azure/sentinel/data-connectors-reference#netskope-data-connector)|No|No|
 |NetskopeAlerts_CL|[Netskope Alerts and Events](/azure/sentinel/data-connectors-reference#netskope-alerts-and-events)|Yes|Yes|
+|NetskopeWebTransactions_CL|[Netskope Web Transaction Connector (via Blob Storage)](/azure/sentinel/data-connectors-reference#netskope-web-transaction-connector-via-blob-storage)|Yes|Yes|
 |NetskopeWebtxData_CL|[Netskope Web Transactions Data Connector](/azure/sentinel/data-connectors-reference#netskope-web-transactions-data-connector)|No|No|
 |NetskopeWebtxErrors_CL|[Netskope Web Transactions Data Connector](/azure/sentinel/data-connectors-reference#netskope-web-transactions-data-connector)|No|No|
 |[NetworkAccessTraffic](/azure/azure-monitor/reference/tables/NetworkAccessTraffic)|[Microsoft Entra ID](/azure/sentinel/data-connectors-reference#microsoft-entra-id)|Yes|Yes|
@@ -371,7 +373,7 @@ ms.date: 04/06/2026
 |OpenSystemsAuthenticationLogs_CL|[Open Systems Data Connector](/azure/sentinel/data-connectors-reference#open-systems-data-connector)|No|No|
 |OpenSystemsFirewallLogs_CL|[Open Systems Data Connector](/azure/sentinel/data-connectors-reference#open-systems-data-connector)|No|No|
 |OpenSystemsProxyLogs_CL|[Open Systems Data Connector](/azure/sentinel/data-connectors-reference#open-systems-data-connector)|No|No|
-|OpenSystemsZtnaLogs_CL|[Open Systems Data Connector](/azure/sentinel/data-connectors-reference#open-systems-data-connector)|No|No|
+|OpenSystemsZtnaLogs_CL|[Open Systems Data Connector](/azure/sentinel/data-connectors-reference#open-systems-data-connector)|Yes|Yes|
 |OracleWebLogicServer_CL|[Custom logs via AMA](/azure/sentinel/data-connectors-reference#custom-logs-via-ama)|Yes|Yes|
 |OrcaAlerts_CL|[Orca Security Alerts](/azure/sentinel/data-connectors-reference#orca-security-alerts)|Yes|Yes|
 |PaloAltoCortexXDR_Alerts_CL|[Palo Alto Cortex XDR](/azure/sentinel/data-connectors-reference#palo-alto-cortex-xdr)|Yes|Yes|
@@ -400,6 +402,7 @@ ms.date: 04/06/2026
 |QscoutAppEvents_CL|[QscoutAppEventsConnector (via Codeless Connector Framework)](/azure/sentinel/data-connectors-reference#qscoutappeventsconnector-via-codeless-connector-framework)|No|No|
 |QualysHostDetectionV3_CL|[Qualys Vulnerability Management (via Codeless Connector Framework)](/azure/sentinel/data-connectors-reference#qualys-vulnerability-management-via-codeless-connector-framework)|Yes|Yes|
 |QualysKB_CL|[Qualys VM KnowledgeBase (using Azure Functions)](/azure/sentinel/data-connectors-reference#qualys-vm-knowledgebase-using-azure-functions)|Yes|Yes|
+|[QualysKnowledgeBase](/azure/azure-monitor/reference/tables/QualysKnowledgeBase)|[Qualys Knowledge Base (via Codeless Connector Framework)](/azure/sentinel/data-connectors-reference#qualys-knowledge-base-via-codeless-connector-framework)|Yes|Yes|
 |RadiflowEvent|[Radiflow iSID via AMA](/azure/sentinel/data-connectors-reference#radiflow-isid-via-ama)|No|No|
 |RSAIDPlus_AdminLogs_CL|[RSA ID Plus Admin Logs Connector](/azure/sentinel/data-connectors-reference#rsa-id-plus-admin-logs-connector)|No|No|
 |Rubrik_Anomaly_Data_CL|[Rubrik Security Cloud data connector (using Azure Functions)](/azure/sentinel/data-connectors-reference#rubrik-security-cloud-data-connector-using-azure-functions)|Yes|Yes|
