From b0e0ed2049856559a6ecb7f89b99d4430740fb69 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 3 Jan 2025 15:15:23 +0530
Subject: [PATCH] Repackage - Nasuni

---
 .../RansomwareAttackDetected.yaml             |   5 +-
 .../RansomwareClientBlocked.yaml              |   5 +-
 Solutions/Nasuni/Data/Solution_Nasuni.json    |   7 +-
 .../Hunting Queries/FileDeleteEvents.yaml     |   5 +-
 Solutions/Nasuni/Package/3.0.3.zip            | Bin 0 -> 6756 bytes
 .../Nasuni/Package/createUiDefinition.json    |  28 +-
 Solutions/Nasuni/Package/mainTemplate.json    | 431 ++----------------
 Solutions/Nasuni/ReleaseNotes.md              |   1 +
 8 files changed, 44 insertions(+), 438 deletions(-)
 create mode 100644 Solutions/Nasuni/Package/3.0.3.zip

diff --git a/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml b/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml
index c999b916d40..54bc8395551 100644
--- a/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml	
+++ b/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml	
@@ -4,9 +4,6 @@ description: 'Identifies ransomware attacks detected by the Ransomware Protectio
 kind: Scheduled
 severity: High
 requiredDataConnectors:
-  - connectorId: NasuniEdgeAppliance
-    datatypes: 
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -50,4 +47,4 @@ entityMappings:
     columnName: pattern
 suppressionDuration: 5h
 suppressionEnabled: false
-version: 1.0.2
\ No newline at end of file
+version: 1.0.3
\ No newline at end of file
diff --git a/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml b/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml
index f8f1b03f330..5829b44d92e 100644
--- a/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml	
+++ b/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml	
@@ -4,9 +4,6 @@ description: 'Identifies malicious clients blocked by the Ransomware Protection
 kind: Scheduled
 severity: High
 requiredDataConnectors:
-  - connectorId: NasuniEdgeAppliance
-    datatypes: 
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -47,4 +44,4 @@ entityMappings:
     columnName: SrcIpAddr
 suppressionDuration: 5h
 suppressionEnabled: false
-version: 1.0.2
\ No newline at end of file
+version: 1.0.3
\ No newline at end of file
diff --git a/Solutions/Nasuni/Data/Solution_Nasuni.json b/Solutions/Nasuni/Data/Solution_Nasuni.json
index 60a20dceba6..db0105f1161 100644
--- a/Solutions/Nasuni/Data/Solution_Nasuni.json
+++ b/Solutions/Nasuni/Data/Solution_Nasuni.json
@@ -2,7 +2,7 @@
     "Name": "Nasuni",
     "Author": "Nasuni - support@nasuni.com",
     "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Nasuni/Data%20Connectors/Logo/Nasuni.svg\" width=\"75px\" height=\"75px\">",
-    "Description": "The [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+    "Description": "The [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
     "Analytic Rules": [
       "/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml",
       "/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml"
@@ -10,14 +10,11 @@
     "Hunting Queries": [
       "/Nasuni/Hunting Queries/FileDeleteEvents.yaml"
     ],
-    "Data Connectors": [
-      "/Nasuni/Data Connectors/Nasuni Data Connector.json"
-    ],
     "dependentDomainSolutionIds": [
       "azuresentinel.azure-sentinel-solution-syslog"
     ],
     "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions",
-    "Version": "3.0.2",
+    "Version": "3.0.3",
     "Metadata": "SolutionMetadata.json",
     "TemplateSpec": true,
     "Is1PConnector": false
diff --git a/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml b/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml
index 589887be5c5..b5a9ddadbf3 100644
--- a/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml	
+++ b/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml	
@@ -3,9 +3,6 @@ name: Nasuni File Delete Activity
 description: |
   'This query looks for file delete audit events generated by a Nasuni Edge Appliance.'
 requiredDataConnectors:
-  - connectorId: NasuniEdgeAppliance
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -71,4 +68,4 @@ entityMappings:
         columnName: filename
       - identifier: Directory
         columnName: directorypath
-version: 1.0.1
\ No newline at end of file
+version: 1.0.2
\ No newline at end of file
diff --git a/Solutions/Nasuni/Package/3.0.3.zip b/Solutions/Nasuni/Package/3.0.3.zip
new file mode 100644
index 0000000000000000000000000000000000000000..efa28b713b5654a173505d98c182cd6e1faaff89
GIT binary patch
literal 6756
zcmZ{JWl$VYmn;%AxWnM?9wZPv1a}EKI1Dm`!QBG{26qN`4ek&i*x&^B3{D_u@Bo|d
zy<fXqd+w>~y0^~hpSQZYwNz1Gksu)<VIqBWWHKHa>>^XeL_$iWMnWS0_i7EXwe+yn
z2PxRvfxsXSkSmzi(cKli@$nc8=pcOt7M#hbnS2y1N%{?*9dPg}TwO6ky#YJ=i%N4d
z71*)k9%muA;Ymd$=r=|W4uQ!*QSNlg8b6pFw7&C8?jkw@Bn^9?e!Eg!1-XVPF|SM5
zn%lV8X|SbO4Qcv}WiS#}Uf<`KzLwTf?yzV5@Z1nAIMw`7xgie*>aV>!+BW63;jGoG
z3{D#{c!u4*@N+)pib5J0^FBAsFdwU+8&kH_KhIx)-PmIc<pBJQ+wt`fiJfe=fiO%G
zR}fZgs0uk`h1)_oJL3{}iGhq<Qp8H{Y@#D66hv$-K*BmB*i^dvZOjH9hnF|$=phVz
zR0S0W<N*p9W{Kn?piL!r621LJYVReHKWafB#oMsVY&ib<ZY2!nKK}9v;!*ZP@09^a
zs6$Ux|MbDG1?KC_BM*@MlmC+1Gi=YiE7*8_yVT^7PD}e-P$TwE(uU8fA8KLD9bso6
z0KjV1a;sSsG;8em$j+0g2HkU0<7#$Qsnwvoc)0!gVzq>~GsW7~MTX`|WP6H1N`!{}
zsNQBA-E)&6Nuw%_6;*=7gbQXueox#RI(2f&pnsgIY<<~k^Ne&WOsuO?CHyA7lb*Iw
z&0!o7Z^PBkfLq;6(clcIwE-~aH;2ic)Xj9xTJ)Gdg4_)2gO@|l@M^rk2A2I|W)YTv
zv=m_lgKl3`85)e?D=lMI1A39=*H{i6iOAlH4M=U6bc75h%2QwwRs+?1vybdlgW{5{
zKkX5dY6k+n$_ik86m(=}*JYg&Ii|kl_f(@ZaH9{5wlGj0Ra%Ys$^PQyPh^WGg3!HJ
z$%1`^iY#&VSq53@gP$iF0qZ*HglbcPpWMZaQ4z~Fj4U9WtzDhSQ(WBlnx5|`MU2FI
zvVVXH0XCXgVa2FP7jW$=V%(9IIBN*(5)c0Bdm>lCK+$=qVt?3RsHt&?!^6eRJputb
z#%}3DV|x9$%suSx`cJL(ihYI^JY0PoWfyzL<3nl_D9}u)UdEmVPH*LO=`VvG3ad9P
znHB~%O4BAR!)M`!Qbm8+<Soo(smySd(XwP&2hCm)nnKa2+aaS&nIALl-Hwz_BYa%m
zL@}sZjsf`7H(17EhRp_R+2x}T=QV$+sfY6Za09c}(as}85m<C=5M?}(Ke07>S)+Au
z1`g@mIE$%UaT=q>ZwGSYR!^CD>t@N^`+t7Ar>)TlG?PAS#Hz$FJhH9r>y+n~<1b+`
z>-En7T7HGX4}OQuaFQ;+LQOlC>7H?ntbmjr)~WZeMxKtu$t9MUE~I(tsDf2Dyc0*r
zD+{SCSe;7g)P_+lS&di%2eeIVQU79rX~^75Y4aFAw~h5_^Rfr~x(qz-?=;{V)nEs&
zg}vU(j$-$J!u^F~6D=uAdh1V_9ImIPi22%vZ};sunK6t0-!>g{-1i^4M&h+MRj9-h
z-Y=k?X!mr^oHdU%@jRK~1wR{8K`c*<bK5BOU(#Rn;&P;ly`Wy-lNi0=;AJ22K%<-=
zi(_EH+22`?Z8zm_v+RhnMjT1KH91JPR2m1|V|*E`f2A)6%+V`y#1vm9sw-jRtsfJi
z?#oyxlC+e62l(=&>L+-#dGzGa4l<gpI?N!u@&ADjAPyaT&O8gB(ezhOA<0VGZTo?@
ze_M~U4)2|JndPL`t!MBwFq0971*EuV0GX|GwfJ%H73Jm0?A;;XPVo*Zd-t)IQ<~St
z_QN~Aa~u{l{R3*WYib_VsJHv>gv9q?*HNn)1x~zJ#fRYyeC&JL*>`-H3<4$TW29r5
zr)H&Y<1EIsmQph;I4ZFUP7M;D6z+r)-1bgUX2o!@qo_#`0%C{gef={)!u#kn5BZyu
z<0>FOYBg`ac7}iZJtA7)N#e;BGc2^3(Jf$xfI@)1=kVw6n!bSj+^OzxLMB0P$3Z;1
zO^1DPb+0oi+K}tOX-#-rDH*~m-hpYcq(nsf$l+H1M&=gQBjh^||J25$?hR)0<5m4~
z>RE`|uMe*u+uqCqRBQ3&ik^@tj?AcdOy^cN=cY<5PFvG{F#*va`3pznYbUL9RzLk}
zK>NO2G`+&<<p2GgY(7|i$anc|QDc#qt3J2Y2f?cLU*2hDqQUxA9q76Jkp#oS_w`38
zc-^kNfQG)k#Uf8t@%7Sic%;LuhA`*Ms{?<tK)SX3jnzA_aN&}Oa6W}PoArp|T0+iE
z-Sq10p0Qu8J<cCU*;3EVgF!4M)|Hwh?|yCr6w^fr4-$?z%E@R8BI-^?G?8Pc*htp#
z1n!}482%QG?R}fD5t$J3a`%+<EtHVN?+Nuy$kJrJH<>EcyY=^;x*ZaYe18t@muOr-
zJwmT&j-n*uC2k_FNSwz%br*yZ&k0#E$%<f?j0wm|IL-bg+1DZ7#Wo4Y@bfY0i+U(C
zBwElos065kJgOA04;UC-vMnpNLG%yWiqZ*BrJDnRk5}JK5xZCI1I?L_)8mCNDUSp2
zjGwPf&Zuh*<N1aG*$IA6M?pfI`$xbpZhqd^XOrtRMPSmPFPHL8ZiY>KU+FU*8g%--
z$*fGJYbj=>l@oNEcg>&2up8Srn-ciO-&wo>o!mkD_Utu0NTT_T?djqOlNi?D)QGTF
zmoH3QAklp8QZJ8}{8D{#3k?jiIn-qLC$tqBGB0o1=IS>44Ex*CsqKq)8snVH`(>?R
z9&_VzEc-tp^L~ajsjl^W4n=b~Ty66#_|mGJyw8;%gwocy&*Hl#QTy7jarQTON<_TQ
zff_vy&lq$9_woGD%Vj;b^+V$rplGr`QzO8g3-FeyZmFT>fx<&6djzv+g`w8Z#4U3h
zKj;Nj>%Zv_d-G`)03i}mx-}BgKR|M^1cCKzT|PPgQz8FPdHk0A4OtUQera>uLN4v%
zGHNPg9tXN{!s|q*)Vhh;dY6SvJR3AoQxXT?yoX@U(5f%$-*VqNJTk9A@rhDpVj!?_
z+r?}>D4Iwo;3@JHeK6tM3k^eU@WFG0I_Q`Kq#mJkKWDB9^(YrEvlg*!IQ#*;it~K3
zsmj0DEcoX6^V+-n*?`XilsZ9h3R9np#$J2^Xl@5Pxu~E75xw@gVH)?z98|KeUK@G&
zbHza{T!12e7mdoV;4Yvn_$pA<mo{pUNm6r;nK<~%9#UgbnJS7d^AzDTcMJsCCVHkO
zQ9GG1vNZDC`-_8$5Ozc;TdZ^HogO>wH37~SqcH*@awCcaT<u+nxUG60Zq{>;YHGaY
z=>4R-B*hNcErYcrTqr*<gT=RV_K1ozL!=Ik(!q3ndO+`L-Y*9;*`3Tex!N=_vmpdc
zftk4!Mx3qwj-k#HVVan~>A<+T!VE9&3$NVF&$`XF3(fCq&hL!)o0i1CA2y5BKqO$f
zTfWBJwa;;#WxxD4W?e%rSWZp@B|TD929nC6i}k#pNJ4D<`Ap(^Bv*Tyam?;Amwb11
z`vEB(<CW;@*~-Uk1-aBpB5=*%;b&rewYWn40{G7doF;y10lF7Q*K~uXS&`|r+^M}^
zEr#jcHn!J`iw^MMH-D6H;#AgxQ{v#3YQ<TYfq0!ZluT@e`7Dx@SP=Ah;$d#NYY6M5
zhb2e)-1-c6i6LQAAbOZAg>w8cjmJl%Kz1$X<~@rpccU=MmTt67)dOGvI5OD<lX(p-
z0$B|2JZpPUQ}Cy1RaLd3WF2`=w2^vq2Y3E*jSkPut?%Hb*%R)Gb#;;DW5>SNxI(Xs
zYPCE-3uA0YChX=Z{9UIihI#!Ges^wv(9d@(Qex+MuZo`t{ReKm+HSekL>Qrk(UK$m
zid|a1w{iErWM5X?Cca-NoNrnV3Wi>(-R=KY{{fcUB7#%DMqe-*3(z}A|DD(hAf^3r
z>fGwD+V1RHm;HNo!pSu(EO;vGG9UW6`cQ8Xp)&?bf7RjYVNJ$(_-3s>&ep+Xd>>4g
z<>=Z9T1*cn7+TBPR^O?}<t-=6i|uCTo?I-!Y%T4tM4O5%drwSTBZ!c7Cr&T$e@=ON
zdOjSx%0D^vk$7_1pY6%*JI2Rr{d#yarBN?Y^#;*jp7V+LVN%`aJW{QFg>#V~(VroT
zP;@c|4Wv--+}%mLr%#${F9%7{MPjrzJNG$~Y_1`LZ*H^5|J*8WPEGZv-@bxPuK{SN
zPi`@s>)Tv&>Y<0R5q<FK*qb>EER74YPMBzc|1y5Usf#pgsUc?i0MU|et*>d3d9jB5
zmtFkDE7@9K0Un-(3tn4JXn}TNlH6T)h8<iTlTz>u<VIRJ8qWuEVBrgYwlG=HGS6<v
zN!&0lXwV2du^CMAYL?h2eXOG)t@+z^-4BvC&sta|W^l1{>)RSCE!n-pxOrVel5y1=
zH+P!YW9nDXNtJUd^XlU^(Xeo3Fm4OyR{>;U0xs2W+=l4JsKW{l2hD!)w84jWP+!5G
zQc8cyNSX6#`U)p99Q9Adgev(aSt3DfZH1YsrH4?RcPn+^LK$2g#BxR580P(7Qa@RT
z1|8t^omyNE?7In1>sb{(*ZZM$p{S_r>5*TC<s%|W#8ogA$w`{8tp49T=sm@s`;P90
zQjhu5lWuVSP$Gr)A-e+;cnRiLf|2<TFh-CUHJC!!bg3ePGIwEjKUl;%bTnk^>>4Gs
z9&kcy<trGeswPfYBT(Lq?@-(zp~&lrI*e9ZOpID)D>6U>7tMCbDY3;Xz;=!bvC)@m
zMP_s2Swj_CB*)Q;unw7^;U1H*z~N$>0K%8tkVLJ$T}fEu*~hq0oE(0>6i{|}yJ!r`
zJ4;x&#5Rt;o#AJA1Ozhs7Nb7^5Joe0#{HRSV}utEM^m0KUVoZFU8YqibrLtCo}<fw
z!GO{Q6_S2Ga%4$hvn!6cPuo1;8Wh2zz<*?+oWut<i|`ufN;~r)ANEOaFGw0*_0+}>
zC0Mz!OW@riM!6fVqMqJXydIrE9a>T(mZX8xX$po8f1Cx##(Ggj&Hrtq41XEv6%L)d
z+DP%6(M^w3t|y5XioPcZB{+ODNH40DCr9#=f;#@P=KNsps&=XRC$P5FerCvLLa^nf
zs_d6HC91N`0Wp;X)*;6Mae<&Rqr#TAAY;X-?b`ME=g)+V+k;VzxI$#q+Oj}aH=N#7
zoA}H+sd)AXy7k<7wX_h<Yr28nLwXK2i!L0|NMjWu6$GdwAK3Z%j0}S>*Q!Ly4#jic
zWJDKpW<YiY3cV*zTUuh2+*<W*Tq2<xb`y{&1Y!4fwhCHcM2G38T<C@)Nf&5;S}s~M
zjA(fqIVN7X5>mp#B<3Rry@6E?B&gEg&B}={Wer|b61(X>g`bVcc|FN0*{fmlaFr_=
zdq_@YV!v!1=K{;P2yE#)rkFAc*E>cZ#L3}*qOm@~{UFj~79bnf$n!EAcER$>?r`>u
zP`h8`<sq?p+iT1@I-#l8QwceR%5)VP>=t}Tz2|)lgVYRM-hP~YZFTzjc@I*<a-+<S
zKQKdB>7)&ALb@c{pd3=#*jG4GEY~rL@}ZFpd{A=6pX}5bp_@Dn4XrtfGf+VQ7JBR@
zTgXjBjB*i_+b`09t~1&49hXY-F;}9Gr~j%aSQ8>QOkW!ZRK&9HZ!mAOoIKJ2d)`5c
z8wsMhy(fU5Mms`%Pt+Zwh8Kd|_~+=4GALhulzd~CGVt`Hx{j&p5p_;fNR7o+D)_Fl
zWa|mSu*IF3f0wGs$JAUrr9W;mb%Lxwe_Ulyob4PB!e}aC_sH3HHa|#ebgqux#PYrB
z^K4bDR@q<e(@9P16xAWdf-)FP|J)BzE4B~9N*f-xokKE$J#<mJ4klfdxP7F4BeJWI
zZyQ9#C3nDHPSQ$Zkh0KR#NVsPKDR;{Wt9wsE5=LJMs#Q2;x+W_WX%~by)_t;d8|%b
zTs_7xOmS&G%gBrltppMAc$x8;HK}hRU|;Z^_G^XT_{ZPO3$5ViNC=&F(bEaiQoy#p
zVq@GoI#8S}r2p-q;L{YT{u`B#e1NJT8SZjgHe|TePFLfwj!z4?MSK@I#kZYBB7Lp&
z0_<^@b`9JQc>xx>OIJXDUX5oc1&8N8MygPKz2RuP)9LZwgAMwWyWjjGx_xQ&1&+og
zXKwJSwESq+w2ZU8=%LyLg2sDQgK&J=Y1eLEpC`CHj<g11U3#|t_Oz(hEr)5ltbX(K
z&RRH_dwatsJb?6fxpidvz<KQ(&|!FuGC~8(6zXknrInc7uOs&|ui@gT*1Ragz_YOQ
zi%UYiCy?_;b{Wq78G``6T;-fl|Buccmh#F@+!jRtKmggiR(S&3>wgWLgbxH9Vc9Mn
zNE=bKpMan#Xc%+(0gd(MG%8Z#aJlbNA&QSajrDy~JMe*jjhf3X48_2AYpgHXfFu-0
zzMUEe!fJw>>v^XzFn!V2mOPt(-Vx%|d^*C{rcEFlh!QjI)A&gk8}iNYqu?dtSm$ur
zZUGphH{kk9#<FGdDfp2iWPDz%$FiTYm{JMu3Hzzk*!DpGodw>q+6raBDP{j$hjr`O
zh0;IPotZl)VD&PbH8$yj`_@S@mUXNIUdT59I0@}6L$!B?RTy-+?7u193;^cMx2)I_
z#;}n%PXzT(wLQP_wcnB7k`Vjz9P9VZJSYHiumbd6yzlf}sx&WaJ9<Hr43!-DKzUs_
zdfz_#w4abG5l#Qp;f~Uk#S2jUE_1DC@wOtRiNSAS80ALeTFFB2m4&v(Kp}3@Avgfd
zjXdA;<o;oR`x&PIo3cz8Q}A^%T^{vA5Xu+7>bK7!!JQXuiDz`a2j9B3Oh@rw_KRAS
z9V-rCwhnuwcs>-|1W^L78I}0+jP#=Tzobgj4~@shHnqg`qJLCyz=igKuZ<Kr=1<%F
z=Iz)fZ20^>Tj(D$T^*7Pt31{Smh@WsFihu%2hu)&@(7Uni};<h)3(Lc^kYPwTwpcu
zdO{gWd2?+Du;vlKHPJ7o<z}hDh~uAd_lNsUe2ni0Q0;rjyTK$#s`EfHp2uF9td`tl
z^y)Q>^&Azsa@46%HuwGJUbL~JF)HEh%niI2#_ED|`UT_WIJ;#!D#Ul3C`u3l1@^fT
zdmYy|h?x{=rj!+yXs=VIe=9@G1Ba5~8laL4$JjVW8W)U|BUSJXqGrxsL_XG6Ok`lx
zjfB+&w_AwFN~lB9%LW~P<Y~%j?B2-KlaKC6sA>@~YdsQ7hHJ4uK?Hf@QNP+<f0*XY
zK9%}eRhrpUkTzcNj-*p`?{eLN#Z6LX)g@qGK>E+}k9i(-uE6|BPvM*;zO<4?W54#M
z{p<{U4=H)wX5&QRc9$o#^d37CPoCZJwW`(!!-xrVZejM%!mA^7zfdF+%ohG(PiNIF
zKE{>VLZ`#0>9Lg!{p%&asIlDx|8Md`=92^ddW%Ha*E)H!{z3kNxf@&Soi#IG&1r4&
z0*B2Tj)3WLHFKQ3uHluvkG{IsqmE0E72cN5))KkZR39&^*>|<F>1toKBo{1Mae8Oj
zAH~{hnX+Eo4Xr8EmrwgW0K}mbdvP|-gMtCN%;sS<EZV8-R>K}c1>D+S$4j&$nC{k>
znF^GFrh_4W>0YkB?e^%sM+=cGwn3@L2e#kfb{J0lrg)bmu$Uu<KGv8=$az+&f3qnB
z=iv?YF7JPT97)RnIW$V>t*H0lHKEjf8y+d<Q@GSD5lO8vCt`YaEY<;)pDM&eCb|S@
z1Cvl>g+jv&RZ!8;BVh=Sl#<v>81I(`llmA#Cvx$wo}L9h7X@WxVilz100z?<3L4ku
zk_t%;JLUL4dr8w@YudAI4AV%e><LW8u+!u}ZHMnKxRm82{+a@2Q156aKe1zcXWYk(
zN#TxiU{c;?%+k3}33D(=tr|2HOyb+}cu5p*<|DSYPqeMC;3(wqV|pbl6FyEPq*c`2
zZT}h%xB;?Z5J2?fgzQ{9H_L6f^H|K#KsU!m+GoC}$OlxNI&CL6Q!`T|UGQcnXK7n?
z;}&D8t8$SU_BRw`amS@vrs8lCa2!AgBXxTvg7xoqbyce=bzSdqeb7+1^LJiK5#Lld
z>jkdu7r#K_vj@nR49ve^Ym=3fn!EeQ=AkgY3TvDWnX0}QpBS<6cS@02-#AK7+QGQr
zxgw^AR>_l{mq~hgl##e92yE*TydCmBVJw!#V<{CB7MJ(RvD7E{)#BIwsU77`m(06-
z$SW)<e8_yt|FXOMe3Ld;$CWC6_NLFWEXFk9B(`vkdu)AFb~6=WphWFVrka0zVIpI~
z(%ae2crSE<tm^uSML|&UYqF^r%<%2q*0H=knl0hiutD#CzoR`Rd4_G!cx(Nt`~{<E
z76wccLO$J_qj|m1de03D6SePUNsrs~T8Izhafem}xmT_ko|oMQ<2*#ZzMvITDa!Y{
zpS&wV>!ppxO5EI14-WlG{5ebQ;^}>pWS}ysmN$nJoWvWgrwC$hOi~BrF#ILxZQBjA
z+EHnjt1P=T({KcpKEg@Ck<v|+_wnZXuN#H<zY`=h8PXn!bpLIgip(jK-do57Z1EdC
z?dV?{ZGfI|V!?jnO4i`+!-XZs`SSasjN2Wl5BM_HK_OCGflDWN`a~s-n`6)Aya6Px
zZ*JA1FWZkr1))@`#r!+ldTGWVeldRG6}?3OS?;Vdx+!h65mS#{F*<vhfw7yWBA?z9
zc<%0tRXXPO-$X7w9~(G5b7wqhjbK%~0+hEMV|bLbewbDO`2JZKe;?VjRFP3gkpAy1
z=bxQ|gp5T0ANW`QN3!!jN&crH^PkoKPZIJkCi-9YjFu`I`hP}H{+)<_I7a!O+kXMk
CSN$;n

literal 0
HcmV?d00001

diff --git a/Solutions/Nasuni/Package/createUiDefinition.json b/Solutions/Nasuni/Package/createUiDefinition.json
index 7e1decc016d..c676d735dad 100644
--- a/Solutions/Nasuni/Package/createUiDefinition.json
+++ b/Solutions/Nasuni/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Nasuni/Data%20Connectors/Logo/Nasuni.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Nasuni/Data%20Connectors/Logo/Nasuni.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Nasuni. You can get Nasuni Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "analytics",
         "label": "Analytics",
@@ -162,7 +138,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "This query looks for file delete audit events generated by a Nasuni Edge Appliance. This hunting query depends on NasuniEdgeAppliance SyslogAma data connector (Syslog Syslog Parser or Table)"
+                  "text": "This query looks for file delete audit events generated by a Nasuni Edge Appliance. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/Nasuni/Package/mainTemplate.json b/Solutions/Nasuni/Package/mainTemplate.json
index 4b97d08155a..cfb9927b67b 100644
--- a/Solutions/Nasuni/Package/mainTemplate.json
+++ b/Solutions/Nasuni/Package/mainTemplate.json
@@ -33,37 +33,28 @@
     "email": "support@nasuni.com",
     "_email": "[variables('email')]",
     "_solutionName": "Nasuni",
-    "_solutionVersion": "3.0.2",
+    "_solutionVersion": "3.0.3",
     "solutionId": "nasunicorporation.nasuni-sentinel",
     "_solutionId": "[variables('solutionId')]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.2",
+      "analyticRuleVersion1": "1.0.3",
       "_analyticRulecontentId1": "0c96a5a2-d60d-427d-8399-8df7fe8e6536",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '0c96a5a2-d60d-427d-8399-8df7fe8e6536')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('0c96a5a2-d60d-427d-8399-8df7fe8e6536')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','0c96a5a2-d60d-427d-8399-8df7fe8e6536','-', '1.0.2')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','0c96a5a2-d60d-427d-8399-8df7fe8e6536','-', '1.0.3')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.2",
+      "analyticRuleVersion2": "1.0.3",
       "_analyticRulecontentId2": "6c8770fb-c854-403e-a64d-0293ba344d5f",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6c8770fb-c854-403e-a64d-0293ba344d5f')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6c8770fb-c854-403e-a64d-0293ba344d5f')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6c8770fb-c854-403e-a64d-0293ba344d5f','-', '1.0.2')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6c8770fb-c854-403e-a64d-0293ba344d5f','-', '1.0.3')))]"
     },
     "huntingQueryObject1": {
-      "huntingQueryVersion1": "1.0.1",
+      "huntingQueryVersion1": "1.0.2",
       "_huntingQuerycontentId1": "64a3477e-d06f-4491-86a5-6f99702e267f",
       "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('64a3477e-d06f-4491-86a5-6f99702e267f')))]"
     },
-    "uiConfigId1": "NasuniEdgeAppliance",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "NasuniEdgeAppliance",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -76,7 +67,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "RansomwareClientBlocked_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "RansomwareClientBlocked_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -104,16 +95,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ],
-                    "connectorId": "NasuniEdgeAppliance"
-                  },
-                  {
-                    "datatypes": [
-                      "Syslog"
-                    ],
-                    "connectorId": "SyslogAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -124,13 +109,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "SrcIpAddr",
                         "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -140,17 +125,17 @@
                   "VolumeName": "volume_name"
                 },
                 "alertDetailsOverride": {
-                  "alertnameFormat": "Nasuni: Ransomware Client Blocked",
-                  "alertDescriptionFormat": "Nasuni has blocked a client involved in a ransomware attack from accessing a Nasuni Edge Appliance at {{TimeGenerated}}"
+                  "alertDescriptionFormat": "Nasuni has blocked a client involved in a ransomware attack from accessing a Nasuni Edge Appliance at {{TimeGenerated}}",
+                  "alertnameFormat": "Nasuni: Ransomware Client Blocked"
                 },
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
                     "enabled": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "PT5H"
-                  }
+                    "lookbackDuration": "PT5H",
+                    "reopenClosedIncident": false
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -204,7 +189,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "RansomwareAttackDetected_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "RansomwareAttackDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -232,16 +217,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ],
-                    "connectorId": "NasuniEdgeAppliance"
-                  },
-                  {
-                    "datatypes": [
-                      "Syslog"
-                    ],
-                    "connectorId": "SyslogAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -252,13 +231,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Malware",
                     "fieldMappings": [
                       {
                         "columnName": "pattern",
                         "identifier": "Name"
                       }
-                    ]
+                    ],
+                    "entityType": "Malware"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -268,23 +247,23 @@
                   "VolumeName": "volume_name"
                 },
                 "alertDetailsOverride": {
+                  "alertDescriptionFormat": "Ransomware attack detected by Nasuni at {{TimeGenerated}}.",
                   "alertDynamicProperties": [
                     {
-                      "alertProperty": "RemediationSteps",
-                      "value": "SyslogMessage"
+                      "value": "SyslogMessage",
+                      "alertProperty": "RemediationSteps"
                     }
                   ],
-                  "alertnameFormat": "Nasuni: Ransomware Attack Detected",
-                  "alertDescriptionFormat": "Ransomware attack detected by Nasuni at {{TimeGenerated}}."
+                  "alertnameFormat": "Nasuni: Ransomware Attack Detected"
                 },
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
                     "enabled": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "PT5H"
-                  }
+                    "lookbackDuration": "PT5H",
+                    "reopenClosedIncident": false
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -338,7 +317,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "FileDeleteEvents_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "FileDeleteEvents_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -408,342 +387,9 @@
         "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
         "contentKind": "HuntingQuery",
         "displayName": "Nasuni File Delete Activity",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.1')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.1')))]",
-        "version": "1.0.1"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Nasuni data connector with template version 3.0.2",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Nasuni Edge Appliance",
-                  "publisher": "Nasuni",
-                  "descriptionMarkdown": "The [Nasuni](https://www.nasuni.com/) connector allows you to easily connect your Nasuni Edge Appliance Notifications and file system audit logs with Microsoft Sentinel. This gives you more insight into activity within your Nasuni infrastructure and improves your security operation capabilities.",
-                  "additionalRequirementBanner": "None",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total events received",
-                      "legend": "Nasuni",
-                      "baseQuery": "Nasuni"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Last 1000 generated events",
-                      "query": "Syslog\n            | top 1000 by TimeGenerated"
-                    },
-                    {
-                      "description": "All events by facility except for cron",
-                      "query": "Syslog\n            | summarize count() by Facility | where Facility != \"cron\""
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "Syslog\n   | where TimeGenerated > ago(3d)\n       |take 1\n       | project IsConnected = true"
-                      ]
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "Syslog",
-                      "lastDataReceivedQuery": "Syslog\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "write permission is required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "delete": true
-                        }
-                      }
-                    ]
-                  },
-                  "customers": [
-                    {
-                      "name": "Nasuni Edge Appliances",
-                      "description": "must be configured to export events via Syslog"
-                    }
-                  ],
-                  "instructionSteps": [
-                    {
-                      "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Linux Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Linux Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ],
-                      "title": "1. Install and onboard the agent for Linux"
-                    },
-                    {
-                      "description": "Follow the configuration steps below to configure your Linux machine to send Nasuni event information to Microsoft Sentinel. Refer to the [Azure Monitor Agent documenation](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview) for additional details on these steps.\nConfigure the facilities you want to collect and their severities.\n1. Select the link below to open your workspace agents configuration, and select the Syslog tab.\n2. Select Add facility and choose from the drop-down list of facilities. Repeat for all the facilities you want to add.\n3. Mark the check boxes for the desired severities for each facility.\n4. Click Apply.\n",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "linkType": "OpenSyslogSettings"
-                          },
-                          "type": "InstallAgent"
-                        }
-                      ],
-                      "title": "2. Configure the logs to be collected"
-                    },
-                    {
-                      "description": "Follow the instructions in the [Nasuni Management Console Guide](https://view.highspot.com/viewer/629a633ae5b4caaf17018daa?iid=5e6fbfcbc7143309f69fcfcf) to configure Nasuni Edge Appliances to forward syslog events. Use the IP address or hostname of the Linux device running the Azure Monitor Agent in the Servers configuration field for the syslog settings.",
-                      "title": "3. Configure Nasuni Edge Appliance settings"
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Nasuni",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Nasuni",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Nasuni",
-                  "tier": "Partner",
-                  "link": "https://github.com/nasuni-labs/Azure-Sentinel"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Nasuni Edge Appliance",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Nasuni",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Nasuni",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Nasuni",
-          "tier": "Partner",
-          "link": "https://github.com/nasuni-labs/Azure-Sentinel"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Nasuni Edge Appliance",
-          "publisher": "Nasuni",
-          "descriptionMarkdown": "The [Nasuni](https://www.nasuni.com/) connector allows you to easily connect your Nasuni Edge Appliance Notifications and file system audit logs with Microsoft Sentinel. This gives you more insight into activity within your Nasuni infrastructure and improves your security operation capabilities.",
-          "graphQueries": [
-            {
-              "metricName": "Total events received",
-              "legend": "Nasuni",
-              "baseQuery": "Nasuni"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Syslog",
-              "lastDataReceivedQuery": "Syslog\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "Syslog\n   | where TimeGenerated > ago(3d)\n       |take 1\n       | project IsConnected = true"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Last 1000 generated events",
-              "query": "Syslog\n            | top 1000 by TimeGenerated"
-            },
-            {
-              "description": "All events by facility except for cron",
-              "query": "Syslog\n            | summarize count() by Facility | where Facility != \"cron\""
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "write permission is required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "delete": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Linux Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Linux Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ],
-              "title": "1. Install and onboard the agent for Linux"
-            },
-            {
-              "description": "Follow the configuration steps below to configure your Linux machine to send Nasuni event information to Microsoft Sentinel. Refer to the [Azure Monitor Agent documenation](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview) for additional details on these steps.\nConfigure the facilities you want to collect and their severities.\n1. Select the link below to open your workspace agents configuration, and select the Syslog tab.\n2. Select Add facility and choose from the drop-down list of facilities. Repeat for all the facilities you want to add.\n3. Mark the check boxes for the desired severities for each facility.\n4. Click Apply.\n",
-              "instructions": [
-                {
-                  "parameters": {
-                    "linkType": "OpenSyslogSettings"
-                  },
-                  "type": "InstallAgent"
-                }
-              ],
-              "title": "2. Configure the logs to be collected"
-            },
-            {
-              "description": "Follow the instructions in the [Nasuni Management Console Guide](https://view.highspot.com/viewer/629a633ae5b4caaf17018daa?iid=5e6fbfcbc7143309f69fcfcf) to configure Nasuni Edge Appliances to forward syslog events. Use the IP address or hostname of the Linux device running the Azure Monitor Agent in the Servers configuration field for the syslog settings.",
-              "title": "3. Configure Nasuni Edge Appliance settings"
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "None"
-        }
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.2')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.2')))]",
+        "version": "1.0.2"
       }
     },
     {
@@ -751,12 +397,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.2",
+        "version": "3.0.3",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Nasuni",
         "publisherDisplayName": "Nasuni",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.nasuni.com\">Nasuni</a> solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Analytic Rules:</strong> 2, <strong>Hunting Queries:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.nasuni.com\">Nasuni</a> solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024.</strong> Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Analytic Rules:</strong> 2, <strong>Hunting Queries:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -794,11 +440,6 @@
               "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
               "version": "[variables('huntingQueryObject1').huntingQueryVersion1]"
             },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "Solution",
               "contentId": "azuresentinel.azure-sentinel-solution-syslog"
diff --git a/Solutions/Nasuni/ReleaseNotes.md b/Solutions/Nasuni/ReleaseNotes.md
index c009cd81672..a5f610794e8 100644
--- a/Solutions/Nasuni/ReleaseNotes.md
+++ b/Solutions/Nasuni/ReleaseNotes.md
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
+| 3.0.3       |     03-01-2025                 | Removed Deprecated **Data connector**       |
 | 3.0.2       |     18-07-2024                 | Deprecating data connectors                |
 | 3.0.1       |     02-08-2023                 | Solution Id and Tier Updated                |
 | 3.0.0       |     14-07-2023                 | Initial Solution Release                     | 
\ No newline at end of file