From aa9ed01d2df05bb5b79c0fd9c35a46fba20948eb Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 3 Jan 2025 10:38:53 +0530
Subject: [PATCH 1/3] Repackaged - Trend Micro Deep Security

---
 ...on_TrendMicroDeepSecurityTemplateSpec.json |   7 +-
 .../Package/3.0.1.zip                         | Bin 0 -> 9272 bytes
 .../Package/createUiDefinition.json           |  33 +-
 .../Package/mainTemplate.json                 | 413 +-----------------
 .../Trend Micro Deep Security/ReleaseNotes.md |   1 +
 5 files changed, 10 insertions(+), 444 deletions(-)
 create mode 100644 Solutions/Trend Micro Deep Security/Package/3.0.1.zip

diff --git a/Solutions/Trend Micro Deep Security/Data/Solution_TrendMicroDeepSecurityTemplateSpec.json b/Solutions/Trend Micro Deep Security/Data/Solution_TrendMicroDeepSecurityTemplateSpec.json
index 5fab94a8f3d..9fed9bbffbb 100644
--- a/Solutions/Trend Micro Deep Security/Data/Solution_TrendMicroDeepSecurityTemplateSpec.json	
+++ b/Solutions/Trend Micro Deep Security/Data/Solution_TrendMicroDeepSecurityTemplateSpec.json	
@@ -2,10 +2,7 @@
   "Name": "Trend Micro Deep Security",
   "Author": "Trend Micro",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Trend_Micro_Logo.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Trend Micro Deep Security](https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html) solution for Microsoft Sentinel enables you to ingest Deep Security logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.\r\n \n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
-  "Data Connectors": [
-    "Data Connectors/TrendMicroDeepSecurity.json"
-  ],
+  "Description": "The [Trend Micro Deep Security](https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html) solution for Microsoft Sentinel enables you to ingest Deep Security logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.\r\n \n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Workbooks": [
   "Workbooks/TrendMicroDeepSecurityAttackActivity.json",
   "Workbooks/TrendMicroDeepSecurityOverview.json"  
@@ -17,7 +14,7 @@
     "azuresentinel.azure-sentinel-solution-commoneventformat"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Trend Micro Deep Security",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false
diff --git a/Solutions/Trend Micro Deep Security/Package/3.0.1.zip b/Solutions/Trend Micro Deep Security/Package/3.0.1.zip
new file mode 100644
index 0000000000000000000000000000000000000000..281cc83b08441d717456f569f0da7a153c75043d
GIT binary patch
literal 9272
zcmZ{Kbxa)2x9{S`-QC^Y7I!c1Qrw}iKw)urDAM9uio08JcPUcbi!HwR`+k4-<t6v#
z-I+;FCYd?O`RgO+XsW=$;{gDG4*-ZZtx+V*my|su0HBHx0QlzsK6%<$dfDhY$lBOC
zxH@<_xVdsTes*&mGH`NR?;w5yTD*tMa@4~at2d&PhTfr>rGkc1b7}4zBnG9VRGNk&
zaQIUjPC+pD#`g>ND)(KBL#Z|oO{aClQqC!yTh9lDz}H*Gcm#=7Et-!MCUsOE9Ib?3
zmD+KBi0!ea#7;)Me6o}!I%!&K{MraH^aV~Q7^u{LHzDcEh3+h+8;q-pls7_JG}U|5
z26~NhU)hNK43TH7=+VYH(o^R2I8BA_x{S$KcAL2f;-lMWtJbF5cgo$VV22ou`mIVD
zOHIxR>gdizA5*f4;#6v?i1<ZOU2Uw_2MyvQ65=OK=^r0>Ou3zkj&6oUBi;Jby_D*i
zs<@JmM`iX&-IN}KUJ&DWa2;Xoq{hY)%p63&6Q>MacAsB5&^MhfiCK^mcf!*IK4-tc
zQQ%VR$2jHnX4~DI-QIGp#l$UW-y0#jBJf%<qkYb5m#r(+Q+Bg%u|ln1l;`?xIFeq3
zzt(DmZ#|DdYxe#$BC(qLU}N`nV=E?AFs1=BY;AXbZI3~OR@UVxJJ!(VlyiEfs~OsZ
zLo@Q56dPZ@<Gcjt&?dq`jBbjkTtEe$P4SUnxbAsG)s2UtnthGsN@2e&cSSj34gR!T
zWtVy)!h`HlQJqRcX~OYNp6#-e``n+CuDSrL^Wl)o4UJaYz-3gue99JAghnN1{8`2N
z5>-^{hop)VWBZ&3wy>yD3o7lNM~N4<hE*NudaUWUHXU>ysSxQZW&*wEoS1mdv^wWX
z)Om^ul+%t_?oxdM(Ul8cBJTO}$wZahAIV<b!xa97YUAXjCT6`vUv|(tjT7dVhy91B
z^nez;*N(+(fg?0gNYS`?Ngi$(nvaXrG;61X&g{b3o9Yg%xY+QiU~C*R%)IDH6lN7M
zzX3<u^rHCkP)4g^cA3mznh74LD8CBM1u1^z`04X1fBNrfU3scd`=I)BGAfXZIH!}i
z42V`wY^{Y)A*#;I4o@`O*2IO}2t&p=f>R(S9;c<yI%<Im9i5AzHaAZ_4*z+n5nEJ3
z^xgYI>8xPik6`2&4m|8~m*2|?oFwx|k+vip9M>kK?r5u+!1>k{TA(Z(HNgh190C0(
zB7sMEsEn~EM_ioA*iXI;^=Qm#2+PoT0rk>__Bp-+RHu?lOP2w4;YVkt9G5&clz3j}
zEW9irXFNS*ZlDgW&&hRGi(L+;B|ooc;n1V-uGn0dG3%MsYNpG+XEs7Kd9|Bi2jRD8
z)Y)a#OzDYHzQmuV?*<A37K<dLEe1_T@=iq-xM*IMG*@fK&G8d4-djH`&i$a`YZ(vS
z-7bibl9WFgU(TrXYk5>?2h|1K3#a_(0xp?LHH2*II$39dz=7(4euW+0K}9!Wzj6A*
zWc0Og%+9E?mWebD?W!XVRd0&VBM*WfBu9y=BM@)$tyPswd5H@XSCoYq$c;&ImlI$g
zjR{TnViQ3c<i(-QO*r6YL{tTxTDYhAW17p883zLMpk$_u__}CbxooZ1#wRV_&At={
z{<StbnfBC;x+~kK8t&5S^!39c)atAzj53DYL!9by;_8mFCOuvyJ@}qX&Qco9A%gYX
zk)Kh8PN)sY;9sH-HP<jV>K1yMK?ELAf+Ut~PE6jt*H|-XX`^}^#9lc<M3L4z?p^``
zA3AE@NNw9i)97LtGzq)9^1OL*XJ_fnX!dEv5zlwSsfd%*jg}y#2)9Ui6CMc4`NiD%
z2{VC$Kz|Ty1g2c8)`=#bpgGYmPf(=3{E<FDfZTD2P#XJj$9WWA52tz;$F2A3$})!>
zyE_wsn{F7s>qSQw&qv~O)<SiBo%wehf(7`WgZEZ{Q56Q=+NDRq0PQ@?@o=)V18$)c
zf?s1?Cb*B$x?VE(FP$X1D<KPl+x8XWvVlTYcWZqwq@fm6xr*ZXIf(NG<3(RJZsw0}
zwyh{~;)zlowP`^-nDRHjoIHIWPT;F3@2}H5jY+T{{AJfab!IFwRN$N!UQhtG9+L!;
z!m7Kn6<=L+X4K^7&<UwfrRn!N;*c`m?j!t88h1wjeDExYx@c$3ZO--_d5YMr|E6?A
z?k+2{PmDgcX|Rz`AubqCUZCbyMb17z{PR6J=4M5-=*Cm%fq|f&me||$Tt;)f%^?^S
zHQ1F#=R)cg1zA<62R)rBuj_AD{j{@_BH9^JKM)ON)hi}P0)$J(%?3w$=?c?Klb5SN
zA?k8cLxgC$khhk!!Tq$C7zG4#zGaeM+K{c-m%U&hUo_r(wL#&l32B4DAk6iPLL>cI
z^q5KyBeRU*52eKZe2p`2<(&}pi-7xsyg{33{f)PfVQPiic4v|7*X!#U`|I&7?H?9R
z!(Wn?>K#jF3Jq?ngbmX3ZclLsDW6qS)0`_&z^pDI!?#*c<CzrLE--&*XHBjpiydT~
z*o%_I2?uiWll6f$2B`6@;*W}XK2ocabn~wC1^NtrPlQyjy1xZYL}tE1wYe!VSu4$V
zxOTR@HJ7w0sw$g`<WGgqmhg>6pc$3ug1=BW0Urd8f79Nxe70(S*d40P3Z-K5cj+S9
znmD<GrE)Thblbmq$TcW1xam(Pe9Tqf$_wm_vISEnZR?@Wk#k;ZUbcBZpk8Fo8wf%%
z3n|#h1K|FU!i4S=>E}ays|k8nl{N<=DAtz*yxdJ^>#G8Zyc9tna_lh_D>?Bt%b-!c
zL2#P?jTd+{SK;fE0suc=008WNc!7(hgR72>i@Wnb?BG9);LP;Yb6qIotylLM!{F{r
z`C>l3<+F>;u#1mKg;2}{h*5$jlN84?#>H$A-a#SPdkHuJTmz0#0N{~R3ly2hRjn3y
z9aQMtU4@PY`h?T&9=G1n3x~Ikz0}G6_(qc4P#MhHb?3Fsd)LL;4N|+#4h2O3Pt?U3
zI~4rogCI={Tc@{3;$PXE-NuG<aqTSkg1z1g@}6air-)U>1%v%BV>H-jYyuEBfY0V$
zThuTD9>3_IlN`V3$q+x!*vZU*ce9QY`0vEIb8x+gc*igD{Xj$jLp<54x%4Ai8v+p;
z>yYVDzT0YxRSUWc_$`EcZU|yM-gJxLPzV-p2RvceK`56kAB5e9;lQHE_=4NRu8-^j
zBXxqIy}yvWYXmfU1inSSlMYf2yz6$KTRTzaAY`e|A*M0%`fD7g_+!|ZQ<9qAmQ<}D
z&>sG6P&Oor;M>P=a2YQAZwpkCf~_Q4hTO(>!Zll@AD}>nT>TZnG78n_?zmZ`P_|4&
z`0RKVltcK}z|+UyULj>Av_miC8`IS%WQKU(2U}f(57IA%1E5zhv5b5re|&a_a!u;R
z#vJdbNIYFWgW-?hBC8LXzk6_AB}4RNOZP^b3x6(1rE%3-m<`^3?eDkAR$Z;M6}`&R
z)82HuI5SB*&HLyVVLP;`r*wdsO6e)3Nr5r4iALVGVurY!)^CK9AH7|$sSBvzLCjEb
zZs|&c-?1uX!JX-(@FF^y%BbVwo9lag3?lE5FAI;TkHPr0Ey!lAGEkjmx~c5MRhyob
zR^b?cuN&091HIE&ihqqwzC?T`$Xk&`=usiYa*OC0njaA&)6gma69$8^l9J)%89E8M
zVlik}4mdd<PgQWE&F7<`r7{kAA>ZD)Gdh=4FZg_{@DlXdaqMT4v(;P&3s=(Q52=>Z
zE64fLV=3Ta^2}5uUZ~Ks>G9{Hr2?&6vOK)J6*!u0Z-Vdl-PfFH<x;vN$<!KD_ou(K
zP-(YF!{Kk}sK)O6XkT!>#}O|1ST8mOT0NUSFIjMos=2dM3~y}3>*H)rt!!|Tx6ag3
zpsg0mJmeE_nVwg#+UZ2N5+?g3s>g#UV|xcH=Z&KvJP~vGeTR=gjK?6jR%slkg16=2
zdD3eNbOV~-=S;5K{$6JxTkI~9&jMD%V&d)CE~>9U3!Ch)b|u9x8e~dL^${HGtsgy)
zg>tnJQ_7b@xqAAbT*`X`ObM99hC`+aZp)?#o<37q$Y&Zc@2=NKB^F_e>H*BI)ge(-
zg`08sjSS)Xw4E4kR<2D7-1}p8@XziRMj=2K9VHs-*<Ncx1E?V<XL8%;{s`xaO2Rm^
zHu@3T3g<EGIHvZP#^x2q#*jKGGEM(Iq2#E!0J8mInvIQ7`IL87Wa9vN7%&he_vX>w
zX2t}%nSg*KycRb}zo9&(c-8-LUZmLVEOr6d250GBi<ZD+&F+36CUCwy?ooH8bsCzx
zpIoXQu1y9-0v|CD?EIEU)hNKm6&)is${xIo4S<mb$;m1ahA(2zd|)?lJp3?TcqNUD
zxCPe-t1>lBo33pbl%9jHWG&yS$ED#&Cun7(#bSJ<O6J_|IW_+>_nQ-cDE>!#YRYtL
z>g^#7uY~DZyULboZXnMCUkF1Gux!f_jx&F<1YvJMFCtC=Q}57~gp)hOY2u(j@o0td
zhpi;X1yb%Cu7Svu=IaSxPwv(42LkkZmsdHg$j=98FY)PlZSC7~+gA&x*>jI4oDDeJ
z3h4m0?p1i3va@k(LzCT8frf@Z2XdS!4Zgt+TJAHYVrWOsQv@n$QcWO4lsYv-6Z0Fz
zm7iCBf1+XC{`d;mmWuU{-dc!~39ju$B3vo$EGrO=2B4Z@Y<uFNK`?3>?ROf3poJ^&
za;0e=dl<*ug~Bm_IvnrhJ`P5<d|Sf`p5C_wU`hs2NL&3`444Li?W=}w$Aj0bAcgpa
zYMzPs-!nDPGkJVMCB|ydOG(mHS&~mamU;nBrorv!3F@+y+?e*1egDbG+q4&AqwRHf
zYKTm~Vq<9h><}8ley^n!@b9JgNn?Iz^e{0p?8;d=5o>H9o1~wd0!s!>J?YepS&)%C
z7*eu5d{JCP?C+1@a}P=g71f}?pCT3$h^6DY&nKAEMoXu)zs;8~G7rYDckyqHqDB`(
zay7HeP8AIdLsT(l+vsm_8P7y-U=8x)Sgygmq=(994kzq8U()+Gr*BpA2IfL(d>^RJ
zH-=!APP|Zd_Z+eYU6q1M#4=8qO!PX<lSbZr&)$4=(h?qA<SDUIi>`eCV9iaMjm`0S
zk*$aURLabb5v$1~qghr3li%0E3-w9W*jk5n5A=6=Xd5>BEP4h?izR91qXUe510nM?
zEsuI6+wlqj0FiZow&yR_?SMQYvJv|wWCi7rv?Pf-mxKHEhlw)g`mHPWuxl7Wf@TH~
z-hm!gyC%F_S8S}A;kL`<a6q&Sl;DZkC@ZZtR!AeV>sFj`*)k_8o&Cu!yR!d5f=tmo
z1e`S~wv}b&ANr~YBN`@caw@a5@grGU<bsq;^{D@t!208IdMWpF`jMy*)*AZmLre(q
z_*D1$T$;+@_I2XwD1&~Vaz@nT=`|UecpO5D6ul)68DgG$H<~$tZy_)Bn~J*RWH>F6
zKff=Uk9c}Xn1rGFagHG`Az!|gpiqOYo+PbZqHFIhcdJ~$Oxxa*7HquQ8K*wW7@R=a
z{=#2d>)(O*0bgfu4Mq##cxtH{7k>Tv#Itvndcuuyvhm6)Jx}7B21|QEAcK&)`zRv|
zmrq`RDjACn_tU0#&2t{3jKUX{@0iyrW<joQ$(&MnIwZ?c{mEqj@qw@>JFsq2vh5&H
z0Drz>@L|0vQ%bX>{0|tD<958bPZL18W!qDsLH1>u22bfs+%v98Z%Hidz_|*EBk6=T
zWm=o&%TTWM#sWUlG))CAgt$Qy@Iefdv5NyMKhqxxb)~(i3~zt6oz{t<NwB_KX{Ha)
zIw=<Us;`6fx<ynm+T{G|ltFk9W6`Ski?p`C^7jGXALlw=qj4<|dWnw;Eo1o-3xo|L
zb1V@N<M`cBRkIyyw>r<fnj%7t7!~{lm$YwtK$yy)wYn;Hp-;x;MHMESKWmp%T4C|V
z#xWr$e+MLhD)Y5to(82Lh6r$?v)f^J)1W%PYSv2T*_X`C$voPKRY<<x5ul}R77cie
zT^otxgK|%l$4+gLQ)B-vpbKjNP-5bH`bhtY)|^PV3dEeg93R*3G^+AAgRQWzvxX3J
z<e`+hRqr~AjB%Kr5e4__^NKJ-s35K>d<e_1ss0_DDSVj9O{lS!T+L6sOdaN%&&{Sr
z;^>A+UpMt4ZJd^*iceq%Z#{~lsX7ToNKgpUfP|^v^}`#=KSJd&_`GdIOT>tO{+6S)
z)*a_FscW)ipZ}5olMZc+OGbxx-{&AgFn;!ysV<4q4)$Er%}ce+E){-VEbi`IPgV%W
z`YN+)_6E|^Wz>$jlOB?7p{8gR^Yz!E;(*us#gdg^VrlYbU*4GSRUj#_>s#ZM^~vpr
z-6*5-Z?V{5^<u&2xs&NY7Ui^GYI0guT(2V6WT};K3XNeS#lKVKd>*CuBvw^ctK`6y
zlltBWTnB2kzge;55}A+B_x%eAJ61hR%>?gUdRRD*()*J|7>&|+^Zab{JWfyLT^n#m
z+iUfm;j?{c>F&H_Oc*Ud7V7G!sE0N6A!CN$k$8F+K&>eagTv>Y9UG?Ckkv4IFVgRI
z(hr4mx%#m)8+;$FVBb6BA8H?Iw{V=hi%eN51LeareTi8?w_nNOCUTKczVoJ&8srMD
z^dKOtAD13{HFjQi;e(x+hDHnKIZ4?9ZXR_d_UqkuKMOz_rX+{~PVHFvuJ$*yr${^@
zVQVyKZQl6b-~4jD_p;BcCUBfK6l+OO5L$brX-#j#d-8!IZrU<r<yd#R*{9tUm++%`
zxba6cIw$R?q8~q?M-^!oRsb%wlrVuOzcwePJFOBr-pwAiDCOV55eq?IS9AfUe)~A9
zs*A1(&ljqx+6Daa*<a>lmwh(ue3s;I9+0h%Owwsr?PDH(USbUTn(2PhPcUUZtGM=(
z40+b~2X4RpGP`z;N$o4m6KXHp7WAwg{2Rom(cR<(t=w_ThUjAfoZu{)8|&C+@pHp=
zB%(I0h+m)Nc~xTS>v{Iz&3R{@Uy*Qy0=F;I9uwl&mFq>>gAb6r5;N{AXJ+}aw(O`9
zEo(-1dX>`Fful;G7&jFLg+Wuj(T|jiJ7S=WmFeoA4sw&ZmsoVCbj`!VcV8E;nG8g=
z!O0&)MMV7dik<1x(h&+tteuj<byV3Hp(LLwEu7^7z`@PSD}B}}<?4=3UDa1D(n5=)
z#t44DM_rw6)!L17&z851!!9!#HXX&eHi}P{o-Eg$<4#h@tKrU#<c5)9Z;}qaMfXPz
zE1=KeY0rz?+uB`~Qm?suwi?-Fe_l$Y8wFlcyj$B!;52SwEufIATXa8a48G_Cgwt0V
zrJ}gL-+fs*%}pm4D}Mr?ZJy}$UhFUVPk=X#t%7TIUyK1KwHfJ|Qa+|690q#^TbG#Y
zf4$lxo9-44{w+?eC&>be_4k93{%CHIqjgov)ecQDkZd_}bUZ!$&&cZU3OeV;f;zCT
z9z?kI5E>#OR>`XjeyPEJ1kyI3beB%Qt4SNl$+BK}<>DxZdVgK;5Bew}TuI6FGvx9O
z*4%-mg9Wgx4!p!PYB+**9AuN5e4-8};iBZR2((;(f7`avtqKUn)Z$KJ4l=17o+c5c
zgau_N^ux)|c{faxD4o(ZA<mO1wq_>iIgyvXA6_x26}#Lgwm`TX<qJJtiT)1wqVacM
zcq3J9e!RHJz>&FiY~6yT3u^A_Ao_XQ@9b*&Nv&6cuJZFP$*<*^82!ihwQ`6LCU~T{
zc;87EWED>Oqh>1zPbaM!yIy_}DIq$d9s-%=PA39}k2?(G|5dnjQmx{y=fYY>9CS=y
zxD^}#OC5M+BP^bWHOL;sckHE(Tx?+}U&a3!QT}wu3UjKw*A}_`jM~RtQVn``!|7ZO
zuF;Vm>p4rA-ELj@lxPF-|7Ow=^=NJDAT=hEUgdEXxMN_*Vn_hzWS8=QjzHPpC$a~B
z*ViFGK!V;2u>kj_g;EJIZY#Sl6McVSKv*~6s24?U=!OgLsvl)%d=nJO#YMWQ|1YIW
zVeo}Qy+eEEq&r1xPShYcO1(WNR|}6I7jw?1Y+-Zoo<ST*JGqBZ@qVAM(r2js4a0qM
zDX{fR_{y2e63ov#^WNz&Z|iF}w_X@Ln;inMpJ>vAHcb>BILzM*V9bLv&+^EbsbStW
zfi(_p72Ap+8d}lZ@IelUzlO{i|4Y>0Wc>lU-@rp)vo%CBgG=0EBJjZREz;RLYJOem
zf~qBOs2Yv}t)hhh2Thli-)C*gTCLNQFz&#)rFd1Xy&>0@boC#^Lz$p#;`w1mEB~W!
zOu%Pb;nNeMJsJZto3vC<4uWOy_r;a(i0@D~rCx@K!a#)#Alp#D|3yGEF|-xB#N+>m
zfm0BD=XS*+(XJ0-P4MqhIi$O1P+-z-)ZWj4K1y|Y=baT>HXqn%H7ROwl~=P-(2KXT
z%Q<DKv(x)8S<#y_3sTEuE;zCn)s3SU!u922Y{OuI!Q9Z3C_9yCwX)}bMA7V{FLfl0
zZwF-gMrByuRnQX>ujybj)y9+>g*CkK_IXgS$Fg2cjsb3uW>SP6VtyK#vu$D403p-K
zlTqi#R{a)FQ>PQ?W4hGp^%GzT%X1t;e}4fhi7l!Tcu|@Yz@&gT-_~LRG=1_Q2L6?e
zPcBN10?32Um}zqQHVv&A5X@2Z8!gPRJ^vA}`I2WZf7tFl9h3bh#d|dg6OwhA7u@?i
zSDF=1`4LM#;RsNXqnr4aQzEn<@RQODnv$qn`WI}#cR&%H)g|uiFE0h?8mQs7lG`$S
zb9I--bV55cxl=AYiv=(?De$9FrQrQzA}kjbHULwbOhNM@u)>LZ?eh+R^;@(@*^?{<
z>>`I-TM3bkRSmfqoPu&D<@hXfg*+Kg?``{rP~TglhGPzM`xi!k=4|A0xAez~8o-YQ
zC-?dPV5?v4ND~o$(KE5?*T$`JYX!md4YqIkC^CO@?6szS1u927Cj<mHM%6&D!Vh<`
z2?dr$$>1HEDsO?-Pq^`km2;v+fxG^;LZ<Zp4R2F=l^$Ycj{Y(771jNui(=v*!~I(q
zwiX!vC>2%P!=g&Za9$TkeJ*3&RFSt!?x=4jWzut4$rDm_AWVzfOp*C`7%!RI^Lat@
z4|G(*w@*iLTAE$LZ?(#idlZU_fhp=zqB)jJQ9>DQ@X0F{R?YA@PPVZqO!_`p6LN)*
z7<C+OOtI0AEuhY7V-#z!kMS|@<d?7{hc+lG&2DdzW2)AR{46vQgK7O=S8B(&x$Qru
zl#Z_k=JNP`M&hoQnA<Bg`UQ_NDwo!!$=r6IT%=xumumj4-ePpQ<Asub;UhaR=&TwC
zK66)k`Q{Tzmdr%~rrrXYspv6t5A`8&AFv8}3F{BvlND@fl#yqmUHnthT8>!Q@t36K
zX`Kn8dSNPLLWG3T_h#N&>CAj8OlQ;u{`Tu@2bs(s8;R^^3i~g>tWRHJHs~G8^94v7
zHH^xM`JU-?uT!|Cwv&HPZeC0827|v$4s4rg&*KbrtDMFLG}ucTpLNnlyExi%16z)!
zja=>5gN?GNMO_Z|%pRYI<>M1Phvkv?HWG*~Gk7=Ej71DD^(oNh6@Ka2DZb)0pK^n$
zD=YQ34X?^7AIslnhtm=hLCFV28FOx=VfO`FZW60@?}(6@;Gj;38zx$6fRk3Ssr2O#
z)@U8286q>;{a0%FW>lboSxAyr%uLO=!i_lXK>&#LYBlcBT0+@q+OifW>h)WgQB#F<
zP%qA_0{80~t?2<7h3+myXpV|mk2d4WGlfreB$ENm-)PFAZn?~zG>h@KI)K%6)$t8J
zmtw@M;V&_ZUs#;zpS=>1)~zk~4TTQh1cc96$e=$GF;o|DIxjhSPD^M`p0Mj}ze&*c
zx&M*e#W(qa;TEVvrwT5S9*xyQ$^QK8I2?GgM?BHnmLXvbQ{Ar;QjFsyYch?gVYcSm
z!r-z0SeZ2@H>x{@Ab)}Hb}&95i65jm0_I<$2kYgpq9lo<W5$_Lh9R6)bFIwq3W*T+
ziHGLmCK<&j)L83)y>HR*qgHY96^wvqLh_;PtON&mE{j`Z48dB&0IlfPU{6(xt)&W`
zSSdwBx}Fhr6!L($Op-M?@_|0?JS=0Mky$e~vYyKBpTrb!afenr?lS)M?$DZhs~w2=
z`B4AP^IBZQ0Hp)x^$x<hv0sglmPQ`>`D_W6^|31w7WU&p8I+kRZ<ui|RUVVle}KYd
zr~d@eUb(bg+F^q-@o8W;$M6q12NPoaWM74zhm;Fzk9pxA0NM3MNt{^aJX}BpZ<`W1
zyJ<L6O+~Yob`Xwv=he?zyrE`0Q+!1F^Kksquu#|wqxAA<9VJ1}1%XdP9JU(?i%DxB
z!3H$JrB-jjaw|cHYRI%e#`RoxAoj;C_1KnhfcaOw6!x`e@QRT|r#;6DLr{qH?<Zb5
znqGT3K9sVXa%lu^FnZ$$klLH7GH>VAXwULP^<X5FjoG<&RZr8WR`c{dHKTv{;AJ=C
zYfC_{(qNTw%~px3dFBx-cg@62ytHXv?Zgeqleb?F$IS18#||;`;bM*%xA8KL89UD9
zgU4F^yjsl+PNos33CMRIo%9BOsdm%y*TMAsb8<=j^qJpG*=~VFFBzw2Lo<nbMQxih
z*>P^wfj!mzMjqV(3nKB#(&m($<!-gc0_MFKc@>j?PdDlBF7P5kpFn=5{@&vL#@=T{
z#XX2zHWXjYA~c3H3f<y0BCaZ+u5ZF8x)-hT4#xTttT)TUG&w5-5qO6`-9cGO4fNe8
zWZCGi4p+O3C`e2`_q)}E$#xQVMLx%ak-YR$z;+s7j;R(G<MDW-%O%0RE+4f%g|&JH
z>T0S>BkNgDJT_IMFE=Oz`u;leF8yOFgNYyT8a_v+h}oQ94YbfmjC%)JOVuGID(@ft
zEUkA)s(i|q&u2yL{a(MF$)|sr=Fb1kwdwTR-f-M8%5G-h-yK3`!x=y6V@X><Y7*)z
z{tJ=d-W1J`<X_IewARQujJ~1uqrPFpw8q0(1xB!EX2%%L7b#W%wsQrWzP7pv65z@%
zDuVp|vlDEhH<Irel5sk*PS~am0#*EP4hCB%rx)*~8|^~-MEH30eK1^MQ1Ch^e>0fL
zVqrTdw+<eB8w1`=+`{Z2qtAP-M5PvM5FQ~nVdEP5rZKI{2c0Rs+=aip9j*DTM}|Pm
z3f@B?ix?kwnxry|f>T7khJox`VPRyLGXTsew?CZ<Bzm^4)Z!YJ7G)v<6spN$n_&+{
zzSeFv%fH<Yb_sGs+pizt1&mFuw(wr>(9W5+L9iz^DZ~k;=8fj`c9q%q-sST=G#ZkO
zv&mu66>0a$WUf-@;}u1(C8gi(;(hiTLq@yT&@t5bWwRI+Vs+<gw|?iviYzw^!<%Wt
z<4RINfxG&MS7|QS?1cVFX@y~<(H}(W4EppgpFet`MG{S};+Hb5BznP_3_9K>Q`FB{
zw2-u%i8r8sJH#v>(9HA4hx@>mRaiv41l$iF|Mfw*Zl^E=kOnu|nD&~yzKsZmj~ccZ
zO1$pQii0(dK*o^rC{VAmTiu?Hut)S9%Q$^4lZ^!n>5(6sKPN9Qn=@}H6^J&34>>-I
zn%$IewBE*2rIonS3DzmGlplQZC>Q#9Lx+g*U0r+T(8pW|OZ$gHku?`A0jYGJk_pt5
z_ZAzRs{CxXmW4o7tu#S`4d<p-%bUxc>2tg8b^FPIZCQj&sQA|PUZ>FHs;ptNp$4DA
z*r-P(U9f-Hk-xxUqy&t!_+#$vSZ{nAR7`0AZ4X8meS%d9=n8mAuuaj%vtG|XLfBL2
zDMVr(>SE^Hx&8d1Yyjfi!St&5{SoT8ang$WR?6i=TziwH-_b#4P9g&4hjc+l@`Jv`
zybrx^OH7B|1>fwildRxspO)d^3!-@{O6qOv>TugzZJF?_<$oX!9a}KEgDg^;1%Cbu
zTm-LzUIo+9z*=_|PiUt+hLL_5Y66&d_Wj?W547hh&DeL7BrM+&{>+)K5b;Y{tQ>ye
z-ue3Fj-QEYxorBy+dA(QdggUdZ(=gn9Xt|5_C*)(`3XNT2u4!{1{M$Szt89V(~1MY
w0I2>A|E&LITIYWz`Jc_af4}}$5~2_PpVpqH3IgK4PhkJq;s3-u+JA5V2Sxeovj6}9

literal 0
HcmV?d00001

diff --git a/Solutions/Trend Micro Deep Security/Package/createUiDefinition.json b/Solutions/Trend Micro Deep Security/Package/createUiDefinition.json
index 93a9f899b81..dcebb161fff 100644
--- a/Solutions/Trend Micro Deep Security/Package/createUiDefinition.json	
+++ b/Solutions/Trend Micro Deep Security/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Trend_Micro_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Trend%20Micro%20Deep%20Security/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Trend Micro Deep Security](https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html) solution for Microsoft Sentinel enables you to ingest Deep Security logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.\r\n \n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024,** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Trend_Micro_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Trend%20Micro%20Deep%20Security/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Trend Micro Deep Security](https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html) solution for Microsoft Sentinel enables you to ingest Deep Security logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.\r\n \n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 1, **Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,37 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Trend Micro Deep Security. You can get Trend Micro Deep Security CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
diff --git a/Solutions/Trend Micro Deep Security/Package/mainTemplate.json b/Solutions/Trend Micro Deep Security/Package/mainTemplate.json
index 199c986e450..b047705a7c5 100644
--- a/Solutions/Trend Micro Deep Security/Package/mainTemplate.json	
+++ b/Solutions/Trend Micro Deep Security/Package/mainTemplate.json	
@@ -47,18 +47,9 @@
   },
   "variables": {
     "_solutionName": "Trend Micro Deep Security",
-    "_solutionVersion": "3.0.0",
+    "_solutionVersion": "3.0.1",
     "solutionId": "trendmicro.trend_micro_deep_security_mss",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "TrendMicro",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "TrendMicro",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "TrendMicroDeepSecurityAttackActivityWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
@@ -82,393 +73,6 @@
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Trend Micro Deep Security data connector with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Trend Micro Deep Security via Legacy",
-                  "publisher": "Trend Micro",
-                  "descriptionMarkdown": "The Trend Micro Deep Security connector allows you to easily connect your Deep Security logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's networks/systems and improves your security operation capabilities.",
-                  "additionalRequirementBanner": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"TrendMicroDeepSecurity\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/TrendMicroDeepSecurityFunction)",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "TrendMicroDeepSecurity",
-                      "baseQuery": "\nTrendMicroDeepSecurity\n"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Intrusion Prevention Events",
-                      "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Intrusion Prevention\"\n            | sort by TimeGenerated"
-                    },
-                    {
-                      "description": "Integrity Monitoring Events",
-                      "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Integrity Monitoring\"\n            | sort by TimeGenerated"
-                    },
-                    {
-                      "description": "Firewall Events",
-                      "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Firewall Events\"\n            | sort by TimeGenerated"
-                    },
-                    {
-                      "description": "Log Inspection Events",
-                      "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Log Inspection\"\n            | sort by TimeGenerated"
-                    },
-                    {
-                      "description": "Anti-Malware Events",
-                      "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Anti-Malware\"\n            | sort by TimeGenerated"
-                    },
-                    {
-                      "description": "Web Reputation Events",
-                      "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Web Reputation\"\n            | sort by TimeGenerated"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "\nTrendMicroDeepSecurity\n\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (TrendMicroDeepSecurity)",
-                      "lastDataReceivedQuery": "\nTrendMicroDeepSecurity\n\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "innerSteps": [
-                        {
-                          "title": "1.1 Select or create a Linux machine",
-                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                        },
-                        {
-                          "title": "1.2 Install the CEF collector on the Linux machine",
-                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                          "instructions": [
-                            {
-                              "parameters": {
-                                "fillWith": [
-                                  "WorkspaceId",
-                                  "PrimaryKey"
-                                ],
-                                "label": "Run the following command to install and apply the CEF collector:",
-                                "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                              },
-                              "type": "CopyableLabel"
-                            }
-                          ]
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "1. Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure to send the logs to port 514 TCP on the machine's IP address.\n2. Forward Trend Micro Deep Security events to the Syslog agent.\n3. Define a new Syslog Configuration that uses the CEF format by referencing [this knowledge article](https://aka.ms/Sentinel-trendmicro-kblink)  for additional information.\n4. Configure the Deep Security Manager to use this new configuration to forward events to the Syslog agent using [these instructions](https://aka.ms/Sentinel-trendMicro-connectorInstructions).\n5. Make sure to save the [TrendMicroDeepSecurity](https://aka.ms/TrendMicroDeepSecurityFunction) function so that it queries the Trend Micro Deep Security data properly.",
-                      "title": "2. Forward Trend Micro Deep Security logs to Syslog agent"
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "4. Secure your machine "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "abf0937a-e5be-4587-a805-fd5dbcffd6cd",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Trend Micro"
-                    },
-                    "support": {
-                      "name": "Trend Micro",
-                      "link": "https://success.trendmicro.com/technical-support",
-                      "tier": "developer"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Trend Micro Deep Security",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Trend Micro"
-                },
-                "support": {
-                  "name": "Trend Micro",
-                  "tier": "Partner",
-                  "link": "https://success.trendmicro.com/dcx/s/?language=en_US"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Trend Micro Deep Security via Legacy",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Trend Micro Deep Security",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Trend Micro"
-        },
-        "support": {
-          "name": "Trend Micro",
-          "tier": "Partner",
-          "link": "https://success.trendmicro.com/dcx/s/?language=en_US"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Trend Micro Deep Security via Legacy",
-          "publisher": "Trend Micro",
-          "descriptionMarkdown": "The Trend Micro Deep Security connector allows you to easily connect your Deep Security logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's networks/systems and improves your security operation capabilities.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "TrendMicroDeepSecurity",
-              "baseQuery": "\nTrendMicroDeepSecurity\n"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (TrendMicroDeepSecurity)",
-              "lastDataReceivedQuery": "\nTrendMicroDeepSecurity\n\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "\nTrendMicroDeepSecurity\n\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Intrusion Prevention Events",
-              "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Intrusion Prevention\"\n            | sort by TimeGenerated"
-            },
-            {
-              "description": "Integrity Monitoring Events",
-              "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Integrity Monitoring\"\n            | sort by TimeGenerated"
-            },
-            {
-              "description": "Firewall Events",
-              "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Firewall Events\"\n            | sort by TimeGenerated"
-            },
-            {
-              "description": "Log Inspection Events",
-              "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Log Inspection\"\n            | sort by TimeGenerated"
-            },
-            {
-              "description": "Anti-Malware Events",
-              "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Anti-Malware\"\n            | sort by TimeGenerated"
-            },
-            {
-              "description": "Web Reputation Events",
-              "query": "\nTrendMicroDeepSecurity\n\n            | where DeepSecurityModuleName == \"Web Reputation\"\n            | sort by TimeGenerated"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "1. Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure to send the logs to port 514 TCP on the machine's IP address.\n2. Forward Trend Micro Deep Security events to the Syslog agent.\n3. Define a new Syslog Configuration that uses the CEF format by referencing [this knowledge article](https://aka.ms/Sentinel-trendmicro-kblink)  for additional information.\n4. Configure the Deep Security Manager to use this new configuration to forward events to the Syslog agent using [these instructions](https://aka.ms/Sentinel-trendMicro-connectorInstructions).\n5. Make sure to save the [TrendMicroDeepSecurity](https://aka.ms/TrendMicroDeepSecurityFunction) function so that it queries the Trend Micro Deep Security data properly.",
-              "title": "2. Forward Trend Micro Deep Security logs to Syslog agent"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "These queries and workbooks are dependent on Kusto functions based on Kusto to work as expected. Follow the steps to use the Kusto functions alias \"TrendMicroDeepSecurity\" \nin queries and workbooks. [Follow steps to get this Kusto function.](https://aka.ms/TrendMicroDeepSecurityFunction)"
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -478,7 +82,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TrendMicroDeepSecurityAttackActivity Workbook with template version 3.0.0",
+        "description": "TrendMicroDeepSecurityAttackActivity Workbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -568,7 +172,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TrendMicroDeepSecurityOverview Workbook with template version 3.0.0",
+        "description": "TrendMicroDeepSecurityOverview Workbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -658,7 +262,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "TrendMicroDeepSecurity Data Parser with template version 3.0.0",
+        "description": "TrendMicroDeepSecurity Data Parser with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -782,12 +386,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Trend Micro Deep Security",
         "publisherDisplayName": "Trend Micro",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Trend%20Micro%20Deep%20Security/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html\">Trend Micro Deep Security</a> solution for Microsoft Sentinel enables you to ingest Deep Security logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.</p>\n\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024,</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Trend%20Micro%20Deep%20Security/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.trendmicro.com/en_us/business/products/hybrid-cloud/deep-security.html\">Trend Micro Deep Security</a> solution for Microsoft Sentinel enables you to ingest Deep Security logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024.</strong> and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -809,11 +413,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",
diff --git a/Solutions/Trend Micro Deep Security/ReleaseNotes.md b/Solutions/Trend Micro Deep Security/ReleaseNotes.md
index 4cc5b799798..ff09f0b1e8d 100644
--- a/Solutions/Trend Micro Deep Security/ReleaseNotes.md	
+++ b/Solutions/Trend Micro Deep Security/ReleaseNotes.md	
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.1       | 03-01-2025                     | Removed Deprecated **Data connector**                              |
 | 3.0.0       | 27-06-2024                     | Deprecating data connectors     |
 | 2.0.1       | 11-11-2022                     | Updated OfferId     |
 | 2.0.0       | 20-07-2022                     | Initial Package     |
\ No newline at end of file

From e898783651fb211d0c583c67034d7613fbfcd02d Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 3 Jan 2025 11:31:44 +0530
Subject: [PATCH 2/3] Repackage - AristaAwakeSecurity

---
 .../HighMatchCountsByDevice.yaml              |   5 +-
 .../HighSeverityMatchesByDevice.yaml          |   5 +-
 ...tchesWithMultipleDestinationsByDevice.yaml |   5 +-
 .../Data/Solution_AristaAwakeSecurity.json    |   7 +-
 .../AristaAwakeSecurity/Package/3.0.1.zip     | Bin 0 -> 9992 bytes
 .../Package/createUiDefinition.json           |  28 +-
 .../Package/mainTemplate.json                 | 515 +++---------------
 Solutions/AristaAwakeSecurity/ReleaseNotes.md |   1 +
 8 files changed, 70 insertions(+), 496 deletions(-)
 create mode 100644 Solutions/AristaAwakeSecurity/Package/3.0.1.zip

diff --git a/Solutions/AristaAwakeSecurity/Analytic Rules/HighMatchCountsByDevice.yaml b/Solutions/AristaAwakeSecurity/Analytic Rules/HighMatchCountsByDevice.yaml
index 19ff9a1af6e..bb692638138 100644
--- a/Solutions/AristaAwakeSecurity/Analytic Rules/HighMatchCountsByDevice.yaml	
+++ b/Solutions/AristaAwakeSecurity/Analytic Rules/HighMatchCountsByDevice.yaml	
@@ -4,9 +4,6 @@ description: This query searches for devices with unexpectedly large number of a
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: AristaAwakeSecurity
-    dataTypes:
-      - CommonSecurityLog (AwakeSecurity)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -65,5 +62,5 @@ incidentConfiguration:
     groupByAlertDetails: []
     groupByCustomDetails:
       - Device
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/AristaAwakeSecurity/Analytic Rules/HighSeverityMatchesByDevice.yaml b/Solutions/AristaAwakeSecurity/Analytic Rules/HighSeverityMatchesByDevice.yaml
index b5455cca631..810bc2222bf 100644
--- a/Solutions/AristaAwakeSecurity/Analytic Rules/HighSeverityMatchesByDevice.yaml	
+++ b/Solutions/AristaAwakeSecurity/Analytic Rules/HighSeverityMatchesByDevice.yaml	
@@ -4,9 +4,6 @@ description: This query searches for devices with high severity event(s).
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: AristaAwakeSecurity
-    dataTypes:
-      - CommonSecurityLog (AwakeSecurity)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -63,5 +60,5 @@ incidentConfiguration:
     groupByAlertDetails: []
     groupByCustomDetails:
       - Device
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/AristaAwakeSecurity/Analytic Rules/ModelMatchesWithMultipleDestinationsByDevice.yaml b/Solutions/AristaAwakeSecurity/Analytic Rules/ModelMatchesWithMultipleDestinationsByDevice.yaml
index 862fa15593d..ca4870ec60e 100644
--- a/Solutions/AristaAwakeSecurity/Analytic Rules/ModelMatchesWithMultipleDestinationsByDevice.yaml	
+++ b/Solutions/AristaAwakeSecurity/Analytic Rules/ModelMatchesWithMultipleDestinationsByDevice.yaml	
@@ -4,9 +4,6 @@ description: This query searches for devices with multiple possibly malicious de
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: AristaAwakeSecurity
-    dataTypes:
-      - CommonSecurityLog (AwakeSecurity)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -63,5 +60,5 @@ incidentConfiguration:
     groupByAlertDetails: []
     groupByCustomDetails:
       - Device
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/AristaAwakeSecurity/Data/Solution_AristaAwakeSecurity.json b/Solutions/AristaAwakeSecurity/Data/Solution_AristaAwakeSecurity.json
index 7a9a4846791..452f16d2e36 100644
--- a/Solutions/AristaAwakeSecurity/Data/Solution_AristaAwakeSecurity.json
+++ b/Solutions/AristaAwakeSecurity/Data/Solution_AristaAwakeSecurity.json
@@ -2,10 +2,7 @@
   "Name": "AristaAwakeSecurity",
   "Author": "Arista Networks - support-security@arista.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AristaAwakeSecurity.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "The [Awake Security Arista Networks solution](https://awakesecurity.com/) for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024, and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
-  "Data Connectors": [
-    "Data Connectors/Connector_AristaAwakeSecurity_CEF.json"
-  ],
+  "Description": "The [Awake Security Arista Networks solution](https://awakesecurity.com/) for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Analytic Rules": [
     "Analytic Rules/HighMatchCountsByDevice.yaml",
     "Analytic Rules/HighSeverityMatchesByDevice.yaml",
@@ -19,7 +16,7 @@
    ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\Sentinel-Repos\\19.05.22\\Azure-Sentinel\\Solutions\\AristaAwakeSecurity",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
   "TemplateSpec": true,
   "Is1Pconnector": false
 }
\ No newline at end of file
diff --git a/Solutions/AristaAwakeSecurity/Package/3.0.1.zip b/Solutions/AristaAwakeSecurity/Package/3.0.1.zip
new file mode 100644
index 0000000000000000000000000000000000000000..796ec0aea11b3899466af455bd8ee36b729f0375
GIT binary patch
literal 9992
zcmZ{~RZtuZ&@74scXxLW?(XjH5M*(82+rab+yVsm;I50iyDveOV8QKv|2<W=Zq+$w
z=Amn<rsrXvx~f}48TJb<6ciL9)T$AU(E@S(I0xc?BRLcl!GB=wVPolKqYIF+u?4sQ
zya28)><*r;E<1)7YR7W;AN`Ac(i4WUF3Xp;*`{<-!m&aU?AWxWVUZM}aw|UG-S}Hz
zos907X=<?Ht^F(Qv)c16-!!JJk9<7l@0z4Ju<#o5?#Dexg8z4JNm}f`WM4Uc^Km0I
z8#Wy>h=5sAfy*y%YbGe-8j78Ewt*kq-@oSqnli1pg_pyPZ<ZeAt(dd{WlHZ$B5k*S
zMn1DN&+K+bCgS{vN2SthwTbL)mKR?<$GSnqv}P#I13;kg(Bx%;V<936wMI`F9V<Mu
z>7;IRC>?<PxWOdGz~puvsMy=QF9%<)ngG(smYAB(O#5U?$Kw|AbJr~`eI7MeBmu{7
zBcjD-Vp2Qh(}DKRi12Ng4~YiC)0%NwwQTv;77fJqu1VbK!%dU}FY@lsC%4Au<uGrb
z#eef-(j7DZzQ4%QKhy2%evSBjXyKdHn*hfj4rs#7H3T`)u4{psHpjg{_*PXd7F<z3
z1<LU@`I%=Y%3<YtKJK=zAQ`aD%@geAvElr&Tx+G1$3xq%&Mij3$@%8Ajh{`;TA@c*
z3<udQmcM5GX@7bTxmrSX_b9H=+bm}H)WP>lYUJiHf%F_m<V`V?4e49Jh*Dhnjj7SP
z%&G>fG3;kFC+T_`KvN;GVVNiktCcunx8}>}@<6N3FANp15sVY+p1od-aE*jDH8|ej
zD>Aio*FbGb6!3K5nOc(yi0zW<7R}bGl;6<C6F}sN@`1#8I^`A(WwcR=tU*N^!8-r7
z2WLq-gVs;PY-y9<V$AstTGkJaae@5%@M>D~^I3kIR%H!oCbSeLM-rnR%Tc;Ing5If
z%~AH7u@sxsD4I02bgIokwcJd2WVeyl=x6euG2G9@0wX9(+{$^c(^zBUnPDZ>q5>cu
zhKq3=Y{-$0T=;MQ$s^<Vk^zk;C=h*`<Om;b&H(D7Mu`-Rv#)Pq!}^^aPFsKb=i`oP
z(fc>VpV|u2iJn@Lwi?CzLzLm%1_NPqF(OhiQU3T-KQ*%YFkNd;8m;J5V!N6kT$*Y;
z*U85Ip_HptMay_UhE#qnZBLsN)Z=^`#Sv3IR+7GSM>>Rq@hx6Xq@pbrXJtyXZMZe)
z0RNE*@R!ocUJB*VaX~n&$;wp=p$nP*n0YZdf4ROM^Y(~gCJap1i{g7OF)c9$k>pwY
z^dJLf8P(Ys@Wf2<!8x`UQfRW~qf7&KE^J$m+m>I&j&B~TimjY&>uJA<VA^KtF4~b^
z&I(yj?5|oL<ljMY9_qj+dBn!K_V68e-+8P>v+BwIy5E<A1yi*L1x5t4qH0oCB7`tV
z$6dxvd_fx28{z`w{g$Dcxqws^pW6GbaZVa5(`Z7~^aUlKXGr(2FwX_Nc%BE0xoTt-
zQ~A`*ZY5NY-4<JIdwmG;Y|==?)zWoa9!<QJ@RikN^v=lm##Ie(7F~QRR9q&l(cOMm
zs(La>!z-+rP$pV>8^Ui#v(ib>2!`8;^w=K=*0mZSMYPA&v6EdtNQ}duba3c2=>#Yx
zTcy@J@tlVW5Wjvq@cYf*_t2&B8IJA{6HcqeBksRPUgS%Iqn(|YFEcLhm#{g3B*~Qz
zY59E+jC0CTH~|p+?3IYx$@?43xf9q18x_-IT*Gq=nh6wYJPrFu)!V=tjYapKCZMLj
zJ+L3Qs+D0zk6(D0evWbXNj|M(M5N;U<v!*;mi<=0*nx*#2mG3hiWE^!t?d{f<{e8j
zROFAEC5%8XLV^b^$h>IXvZNYX(9}<Vi^Os^3IS!Ucv;Bl6@-?uKkh%@MCv+5-0;H>
zDj1~-h-Jeh5N2q$+&xqeyiE#s-1^WbjBo4Xw0VM6>qROiuK(_!8<@L-m_TjI)Q~kG
zpOvbj15QSmkEt$3Lg$8X{FnvP6};AWk_}HSEw7!Z4cPiLOI=W}wC}uRzt@7B`rb7c
zD%Q?blFlakB-sT4CkCjq1wAy7M<!o09n!jT`FA10(t-2f-{xj7zz_YrVZq%cps2Fe
zezrGB7NQ`Rp}$r7tICr2AUiaS7u$W*MR!&Y(W1n|1`z|CGbv<U*H<TJJRL$wO4z&+
z6r0_DHO*^jFq)8;=TM<F(&U*gU&>Z68PwpoY5Ll_CAWtr^6#wlDJ;yF3!ZP2YELD6
ztCoyxmfP$C9mcw7gV?=2+BnZTBuk`F$~kt7$)u{nC3nO2`<kgAO#a+1#YFQV<=X2{
z_+KKbT{x!6=Y2AzMO4{=ap?5<G{HSrJ9ZdP{T9abdpV7u*h!`Q5Cslj7@wu$)bc<1
zg@FMmYnN-QX1yQRUo_^*hRgiKI^OM+Z+<p1WFA_gQ5eTL&WJ^6ZTB`;>sS*r&@JzL
z!ND`d?5(MXcbR6JodY>5#iTz2?^`ABKKuIceYLbnur_Upk4LMIYvMh{k<6y9LCR$Z
z1pwzWM_<9GuHfR=q_+^5H;NW=--gw4h%o9GAO(pGL<6kA`*6=DjO|Di)Dd7xaw}f5
z#xCuCJDhKgDFyPTLH0RC1ufG$kKF3?Ol%`YrYlbKaxu@O!=-7n5g{}>hEMP4xiApC
zi_{N^Gs8TH2Yks#B9%RRZ|O;R_tR|r1jtLuxMd@wORj;k%RZ;jzkhI&g`B(WaEu!~
zV$`CFf`Rqlw8erLo^+DMKU+i#bto-DikmsXeyp%n9xwb-5mQUnKm7rtU5CYDel^>+
z{*PRxox3@0?1H^hWy_;UAIAmoC$S4Se|hN-v+~EvUxrLobPo9wkLyq{ePcB@<~s+j
zg)((HO3@WPS7dl#7pwEQW0*enA2BrkKaGKEOk+eCGx2qc3<}C*2nq`8KaJsR32@P|
zadvb1Pig$W>H;F_=(#1Aw%2g}F^ubJsHq$IC7fdc53H7XB!jo1XQ=cxsKX>}p<smu
zg9>G&*YkF@CW;|~KwBw)C~#cfgKOJW(OpqdBz=4L{gZ$y@iP`el(#g>y_gNUp$_oz
zV=N?{u2QdXntgi;{b)kn2qT*Y8+h60TozmUpfv}dHbxO_AM~*BnfvkBB77#neCEl;
zb66mRpj!9;{^|isu?C>Xei9cHv*Yx(PrwZtMYsmC9~ojEE~n2YS}B<|Kk*@o%ZyMi
zcr+mntpl@rQFosHeliw?k03<`O$espP(@D-7>_o7jiqz{h8-!hFWOl~v0f&#EU};Q
z6Cf##>;*kRRNXUB-ee&u79Ml66Mn#@N!s<HqZ#Vd`5|~$af2$ib!Hu-db$|@y=*sa
zxEI3^msL9Noe+LX*7H-M&Z7XNi=8@xw^7`k!ozEZz-cHq4M@G=q8GD9_f#NFflH*8
z8t%jzqmV$>R0$EziYLr!wm1`n4<(+<xxqmr6NYNsLr3%<1765;mZDqH-6W*$J<+pP
z&Y;SkxE}kQY;qsUjaU}HVrAw>4(6+ii&G&<NH6qayXrYKOfp_fv@?#^f$qt1aqyk~
z_S$IIQ$S<os!*44Ik-w(N!$=Rz@1~<Rsf^M$eV9=%ve@(PYQ|mw)XmWrvsC~y!pD0
z#%!5;Rrf%Q$lC}va+Qf#_1^CFR+@EXe6HKc)?rFydd|*B?c<l};mbsW9+O%d8`3Wn
zoA4!ld-#*Xv+CfJbe&}ITAZeig6y~0`00gD#D~Zv(M-{2iyM>VW{u&eZQABNhK}68
zw}ageZy{B{h9gx&^ek-#y<M$6f|I>)PBDGHpaA_iR}g>?gV9R0lD!m9!!Teem32YK
zVREZ%Y&YQ(EpBht+1tk?Ee@vx)XrrbkY2z@Hj*=3fj)B+x_Q}lAP~HDngrPTIef5A
z=ml@vAIx(~dLK=sVkm<xZKXAre_~cLg`iYv7jmp-=kDcq*z{FS0Nhs6i@#CR93n>x
zhmBi31=s9uy=ADJ-ik4?u(#!UNmgI%(a?&t`Lnob&FJOtl`{RTK{GwUtDu-yo(C5E
z?4n*^DPgQ+UM`VM=Y)fDjUBaSV4W!O-y43Jc^@YGbOGi;L3^vT6#TF<a&@ag(R#P=
z!SG_{n#NYesJa*C=?WoH+cvf>uG)iaVp9hrcu@!6gjoxbmL$f4uTxbzmKO)iCU);H
z%uesJ%qGe4Y&z>N7rGtz>W>-+v-Eg>m-Q{hR&wUin`1ILeHgjBoIR})ULy)QEiX%b
zvb+miVsxwB{$S~JjK19KcHHS#xv{ag{l_HuIppoPSvkav%>s{PTPkqGLqLWLleY-D
zr;_+x;2?BvB=-f(`^c4-&U%|A@Vw=&+50=NqD(}&+g6VAc<ErAd#=hq57<U~=09|h
z2Z!SSA>A7}LHjCErT?|M^odg{b?c@VV^CNzTB1?$)Cw<AC!?I;QI^f%_?BEnZnrl_
zM>mZty{uD)pSd%An#z@{KuODf|4;9JXFgG%Q4N1=fJ{vM*QZmV#?@k6{X?GLg%$_4
zi?mZMLM0kDtWpmPHtji8T>3L)u&PPT?cW>u#^*M#RPah~%xb`LMkM1fLQaE03;{<K
zX@_%r&FTY8ztanQ%6I$fvUYQ|5!wP0y|t<pFEP9(OOWv-;3k%Z>a}Mr)<PTCXHJ&W
zz$Wz{IINFxqYn@sgBSOIZ-3z+Su-v_NJ_|+#3z?ou3bGYMw?r@9yOgrC(6cxc*h5V
zTfP0I#+R}r)1x3-f?mR4ZJ*<=P=52@CSU|l*~FpjlgR3|KW{~wIL0(Tr?e+;mc{+>
z%EBGdv~~vDTM)#dpZ8z37tMx3gc?Ijb3FHO3MeZVKfg&GkebYF14E%Pt`tV>5r4_{
zM1rr6Fp;9nUm!T^McIP8WH<H#HY4V<W304;ks882;zQ*rg5(tuT&f+FB!dszbYKQn
zEUebN5lTN|B=IDfeEHkABp^-|Xe?-3{>MpV0M?S~fyjYX#b6NmlS9*;h0yIMO?<Ld
zl=&bo%-Go2HysFc0&(O^Qa-~@S$?*)<+8-D1rIR<yjR%5F`k5mZ9(C}?hu^4xACBs
ztZC@i$A~K+=SvmO1G8H;!QecC4^C5uKXn<3G(#4FiA;Zw=$r~>O96YSKsE}8)8MwU
zWfKP%&PwU~>NvxI7H+qg{;%!YZBJQs2gc;Eu@el61CwiUcbIpti2+QQ#Qb6bxAzVt
zD?Rnc$B8F3?0?#rpvo_2__){USBhIas_gfuwth}jsJ`mxn#ouzO~N@m&DxfM)A*42
z9E<>wEOv)w`_#jcD+P={1qkgg3pAv`AW~n!F(jJ5+;V6@A-O(1md?puRHC<jSI?d9
z4u?-2(R&y@<own<YDM(+h<x1l7BCD%E%M|P#HGTjz`N=7fsvPtZNK6*DRpoo+W;9$
z2^)&m=dLD*`qG&@$lN?2{jWSTC3{qPS6KL2!4yMr;ZVA`i^|h%K3fVA62XZql}Lca
zk+?HV@FES(B(<x}CkV}7YnVJY8vcp*^mEeYsW#0Ya9Uw@LEbQl(clfScBJhKlqEnB
z*fVYxb<g?Z1T(4+2NM(q=>dxXD36mpGY|zSN9H9&=Lhf@psT{?fnUspn)a3BPLxKG
zfoAamWl^6?bntCHD3%2R=!J_6X)7C1W?J6f*u79!v=J%nhNQ}d0NKT#OMvn6ZLW9L
zBTDj~FtkV=>$5W-)pk3yyudC3R(Ma%UeZTK)-LEG|A>#YhOC>S7gdFUd6eCKGiZZd
zZ5OCxwFHuj9`hQgbSkwO*o<13kn<C+3nH!lR{X_ItOHr8pK7fwS`{7oTBoiSWth0F
z0S%yI+S#Cqcee=nymiX^o_+iuvOMM!q(}g{*EzY5@y|EI`BtL?b5BX$RCR6ldOc=H
zq(nR1f|NHfK*CLvVMhk0TfrU|t}UK3OXW<WRz;?f@SoH->WPV~4+mW;^Fa?{a5<~~
zNY}W!*kSO|lmO29jN|Z&?#gV@$&4z!Om+7}y{qRdEV|F3+LC}&|CF}>KgSvRjcif$
ztS*6wx!dslVZyXeC&HzLZ%Q6Q42RD<820PiXoX#i{IyNlCN!ZF`mBYq8kcGQCNq4g
zUPg`DD_)8;jdV6t5i)b)_u)W6JCCDZPOW;T4U&AxM|?wBK~e{jSb+uK`h1?*I)gN=
ziu0rHaD$xj3w2=mbO#+*=I@+QY7GK-;_@sIwoQn<JnO*IfZ^QdIOk}H^IgCUTCx>e
zO`W!7?d5efLe@eXsXZfuB2hK_?29g88osW_>(7Gco75T$>^eq!U89L#r!*{Cc$p@E
zGTSX?N{__UYT`3*)1{*A@MX_b1`eiVos{z4A71I(O4W*KJ)b&R^byCRm-L$sCJoG?
zqg>4WKP@4{#_z0i_u~7kx*OoN;$`Zd!Wx_b`q$id?sP?4I0S~QwdwC>rS1-Dva%i9
zR-LPoHH6YAaS?cKBpJLYG#DRr93cetB{^L=$pACl*&=?!tg&jRYPdVL&cK_r2lhMG
zPW8|`ET`%ry^iDOcE@c)5@O%gdiOtKdPiz>{9F{fyjNbxjL>x#FuM&+{&u>X_tdYX
zXX4fV{L&b|UJxVoFLM_@U|+lx<7LSE`%N2?=2#x9#vgz6J08(Fi^OdF%@2rlaybD!
z2Ct#9ghRS4Cmh$%w!DXZb{b9jSrH!8FQRqZ0)Y-epw18?IS)DP31>*5sKcJ})iKV)
zxo@A+!qL$~@9#WwPkvwLhC|1-hqQT+e0STL^p+Wj8SdNZcaN>9#j0z3XAU$343|J>
z{eDXI#fNG`@ihDY2#XNYt&5HN%d)Vo%38y020-8nFGuqBL$y9*kNibVT+zRywXOEP
zHqbMokFMowcYB`@iII7M>BUrV!m56*Z1XAEH`j(tGYGp#=ERCm@7FpxrGZ&*=&QAL
zlnWi=*Z=hl0=_JUXx4B>k1_HP`x#GXegnA;Ek&>Xzu6tj@eJver8&;?_D7>Jtz+Xj
zUSmFNjjzFJiP2QO-8WC|F<^q^#@6-S)(IbHE?&nq`mNT9mIl*2R^h-k`lYbT&2QDJ
z(R;n!|ER_kUkqDeMM~Zc);Hm^Pb=|+?VtHf@TE87Yf`T8>zb$kfG9KT&^gz9mmL0X
z)l=yOT@qVicRks!VFubu*BVrZ^1Q3N0KHoVJ>R3VqazUbN7`7dQWyZh6;^7+mhNZ+
zz(YONgVP%3(txwhD(iGQ&&YXh)|eyES(~IsUcNT2_}`XE`xVeR{tgSZX6WJZ99Y$`
z!y2q_-52J)m-bYDSLPXW^=n@7_QcTvz?6|Te5sXu%;9L7(ZA+r>Q-lYrjxVDrA_+K
zH%2S@Q>xA$o~pK<UsvdF3Nz{8DxjQRP`=LMH4TK--%QedH+@y;W=zlt?ot%ot-{*-
zL#C=Ib%s%DUnbos3Ke+R`5ibUK>aMDH5$0=$2UarXbC)N47NxjuG1Wj(#9K{56lJ<
zL%YUY8&rRN)0McsyV{MSzCg9Wkzs1W&bx36wfwAHvN>6Atg8ojz1ofuQVhy1xzCAN
z**2&qJ0<;GWgZtP3S+BkUoPVMSTD6cp_@|_qBK0Gu2?YM;0Z<O5rcL-bR9*cCo@d+
zi~8sLLf@x{9Z_u?mvdMVpmG1KKFb(#j~EBLlcdY(v3#YM(1Nh43DVeu=%E?*78@vW
zuR2nAgV%Yl6>f;TDs2@u+-4<zyvclz<E2&_2d{%|A77<we3!`x%a_hbb_N^m5(<#G
zH<vjLze~m7i*}9KnoHq+zSTD_J*A9Sc;wZ^Ij=$vSUZBLLiiEMuhj^CC#;gHqnq!)
z+aD)4q9LuOC&(!o%LyQUUJJ4J0d6EE4FH&pdZik&o6M}>8->jBC)_^G&<`V^&iQYn
zp22p$xGRwxuY&-y5xZO4qYTU(r0*>4R1}HCX9SH10Jnq82$Wf~F4Zce(8?!71ntsA
zm-bbI4A1dO596XVGz3+RL___-wuH-&3Ok{nfb`O^g-f)6(Rm13f>?w!XXEKe(-!Hf
zZQ-LMbrFk@+E=rK$5@d6ZTjGy%tqsA;z0?ei{NZ1I0m~5%PdYpQ<$d;M31S6n$MZC
z9Wm_A10cc4Q?vJ7FFx}5bg#q%1JLR=!gzmhc?vX6Cs`ZNm&!ekLwkybi63ZStPenh
z)IL*>nUPC{v^;5KjT$@y#&}_M>UY>r^IO&a{9rj|tC6|!1MmwXPP=y&Q|NX~rfHQz
zAEZQE4otkA<hhQ=M$}j}9^*N@`yEN_l#0aglVdQ6G1NQL&1Rjt^?DZgjcWQLuWB;w
z&qPhR{Id77s-)E-6nJt)Yt@u;VLOD^9Vw6+$G;fAsNJHyMicBFP$i%+e94CSA+FnZ
zVht|6UCGe|gL5>`UZ#O4tbq~md~PN^LQA=Rl9+sXRlf?M;aF(yd?N{5^<HDhnpX;?
z$;<2KTDS<bkXd2_+4w%Tw&$2<n=aIN)(po91-?x)sHT&WrtF5GOt^Z=|3)fF#*~K{
zs)pl~0k$zo2$6pIJUbMBDwsSgL}W#ZyXp#JMWjlUuSXtUAHf;4{34aom4>8j7Crbz
z-O4@}XL&#)Boz8_DyNKE|IA~#VPacqba$|Rk1Qz%86_8<sc!3l8Nk4mPl51JW9|Xi
z1OOCt7`xY`GQ~Os_9g!~<w+vL$GwJ<soGEM>tOt~W7NgOX4O?LeX}qkQ5#^OCzy&b
zRYWl~>0z|KL}J=Oo%x~Y7XHbt@v7EC8sc%%R|Z~zcj0?=qdt->f8@zG^uYw>!ENfI
zs7MQ-`oF!Qj8BcHk8=w@Hg~>kn@u#%pr6E3!X)42NBfr@VjX6{V4Gz->e_C;%B+~N
z2(z;5Rh^}wD{?Yu2!D>^7k@*alveed1wkkIMVSp)r~B2F6w&*67`dFa21$xq$YCBL
zh_Of3Sj>OqZ^db1Z_1~@^$f~$+{Dc)_z45p<ks&HBa3pQy*OD&)d7SZB*WJE6n(<a
z#~zmS%Xfanvn=r)BrJ#~3A8Y{4r%2qf3zO|Epk8^!|fl}oHt)96?-EJ!F@R-1rKn?
z5VtqA3eH#JO+fNrS7*ui<)0pMLwx$_a7*x0y#BmO3^=nv5piCBrI`yZgnQ#S%DZ9x
zF4;%qimn=g`M#7Lw`?6qa;>-tB^gAGIOt=l+;{*1s9mj&^=@{Ysz1CizJHv-+G75p
zRyPOS+(|m8dF;Im_??9{SF&Px#q|2LbDxq#Ow4n3l`nBeJI(WrPD9XNc1oKBAxH~g
zt&Q_lm){!n`tNlA(#8NTQ)~&TyL~Z8nB2#v`~uGcpWmeG^Rj*s!w*W9PpXeMxEv>$
zCO0q!Rf$Bz{;uR9vqpsgm5I6+F#3myx{yc0lw?v@`Ts>;zdb9f^fZLSot<HCrXRn8
zFTgE3LjWxMYVJ+d5yh7g5a)>q&W~J2X1LaI$i>8n$Ue(dcY(D)ApesjIy8sa#lZrj
zP++RJ)@vQhO(*P$y*Obwc@iyp*Bezvp#cHP%-5xIEJteIB3aRZs4FUULL0}yXE@_r
zjNFzqJS6$6PEUS%t14MS3j)y`cTy15u4H_s^|NCEQmgG$8q(w7Ahdc5ilbfd9YH34
z@{P0!v#Z%rM(Vjm6JL|Y?S7?4C!9Dn)YwofB9GKm@gNT9yR($Z0iMD>=6?6X&!`+z
zdQa#AuRl}IWy1G6NF(GSZ$kxLr-e`C;|Ez(A0x8+4A!ek$C{4PDL+>5<XahOqr(#W
z<3SaLOHU%#6|u<QY#jtg1sTo~gTyYi<S5DWhBQM!5}y!eKh6qd*v%{L1eKO<)Y;4h
z!gWQOY-SlT1D+%Wx<Df<+OBvN?1|FicEXOjmYaDYl+P6dRU7U*&R{JC*1YO`*&yiV
zI=zkEzwH9MTIDiv1I{ga9~^J|Ha6~`*#afM00@nSsWZ9HftPi?=5H7wZt>!XTV2Rj
z=VkTAc2oSh9?vwML)~Wcem*L{qGbK6ekPN6pdq_BW1Lx0u`7JtD<u1H{Sg%R`^#wO
ziNvSX?b44;!OZO8R&YnGFE%wkg~eIyD8DsdDa8)u+bS3LfMD`iop{1`$NT5+w%S2l
zKE}A8Lw<h^25u3Iik6ikvrg4m+G{`sT`@Q_H1=i0IU1?n1-7dzmZ#5fon1U}1yZD$
z{GqW$6Kjxjfp#@zV}aox2R~>OX9)lP_`3M=3$Dh&j*me<=ukUHJ`6~rsK_5flD&5u
zkRQGK7GM}2xcU5D_W8AYa;SbBmO^K}PHwkBs?XF=$XKx6yfRDo9|IF>ji?CAO6(on
zsH($Cy<SbeH`7^Mm43!6yB?2OatG<;-qLdX7bH9CpA!YoEuqRw+bKm{RG+8_*gbB?
zclt0uLPlvYx)t)5gE55N?A5^^zI1RVCu5TXLQEC=?(Qum39a-;@7&BZ=X@X~<zWI-
zyj0@|@@MjlXsZs^rk#H361EtTgwYZgM&kZl4`6~#^Wd>#VP)F{ry`7l`?<?DQUniI
zlHVz)nE{P7xfh5KYrSM1up1%<os#~5VhB<&aSfCekDYKGv^Ck3Wb6}^iJ>H5D{+b6
zOi+QFbob3-K<_~O>pvn+Kbya812kE6Gs#e;{LWRpe{e~o8^k5kI%&1;3a%OlEyE2d
zuN1<-+D`qB<1Ly#@ASaNxa@m7pWBR+m-G-2U&@$i+MN#swq`omL6HwbolYTxN%`d~
z->@lXkRT3)-fgU0q~s;73TO!;2K;Y<LAmFSkrMPmj!Q#np<_XHbkut|hTeFO?%Y!o
za|cgLQ{9L<HhH|lj;oN<wGq7b_R=R+L=MY!MP`ny2?BO!o1y!1!qWg4$J#i)TPG2@
zmC=KxFA5IM-pCGK(RFI(z)wvF(dQB+NqVOEF72P9Y!33g^%W4(!tJKuOFW`P`7U`=
z`W@ROOHWHVGasY8Z$8zYn?nJeLn^$3yd>KM<cV0r-1nEX)F}kJ!DNGayn{+r%Ew}q
zudDdAN=Bx;iwvx?;6FC?3O-Nc!%CXE;|RUX$KM~dbkrOdg_aFWbeBy$YS%wd?SZ>z
zVc?pe{FfGFQ$#6pn@-+8Jc*)(0d&r_+HJP?4o<`@h4@7>P8z!AEV+MS40OX(k7iJ=
zCEfp=Q=U1*V!mod&lMzFHT{K18LKT9rR35LrJYo`wXOH(Mu|!e7wK=LU*IVPGU1i9
z#dPt7*~<kJns_Ao%-`qO)jrz`o2!RV7Qj|9`kaq8gFoASgL|E~B;JAt`e0N4DCI7Q
zqTW-mR+2c`cjEzGTX12Wxs$$5aLH@{=JD3;HsrS$&US8+WnzDn)ee&5(|o1Q5!oe6
zmfzKU1IVi9ZbWQMJcksOott=lLkGx5|4`90Y*O+-x79w^zIgcJTZ`>n)G!Gpch)4v
zCh9K9?}SAZTHM4^ryQ@0DU?-9F-q$uR9g5q74SIvN#Hj5&xz1+(u<>@<uf;1OFV?@
zmw8;bAOmcYkB~B_jbRfT`(i@R(YEz&lZZ=2t)%Bi+vm0jE?;G}a`;f_H7fsO22KKA
z<+v+_PSYR!)7Jjlzm-LvU+TX?0ww`lMe3NYwv(qFNtsGiXsT={BW0mi|0+x73f)zY
zoF^&Eb(T|zY&@eI6`zBW@~R)vaxqo1mY!)2Izsp}iXNqTc^dH(>?^j%7!y!TO~t4k
zTb0GB9YsmvYr)zB<p)&ZMqh7G0f$*Op-hCo_9wL?mk=pM;5EPRgsn$KKkzBwC7yA#
z2BKQXzi?6@c=Gs-XspnyuM&u(TEA;-Tl?SaJnXxQOSOo8k=Z(98e0zD;6B=>ARW`d
zkg7L?-+~hk@+n@4UL)hw&Nae7%&@iSb-*8^EZZR%V?sst@lu_Vy+1dGPiUOyOET}j
z65gWFGh}v^>HN2HQNWc~b6!-PUp~DN!kMmX2x&tJT0YufUC@W9(s$t2;;xl^(_IMQ
zhA0gL7&dw#B-#?~4(`nW;kaHwE9k(_yR|(?n$RTEfNlN`)LAG0h=_a(_dQwfio2m!
zhE%rOVx<W^xi?)Sv)rmCInf`?clLi|a_zQA<^pfMrSJ3kdto}{qfZnfvo=;RGBn}8
zL`!s(hK!8n@wBtnVWi^^&ysW^HkIkPoy09)>pkx3)vTxJ4?_b5?nq&cTS6&~r-Zj)
zM`%Vxd|J3l9m=7aHzdP%sC}{dyZF9lpZbM{leafqgLGi;oog)9L*-$1_;O3ic=dlu
z*sdzzML5#d;xi@`qS_Mt(63?Hm*937{msF?&KV_fb}#txi{9d!C0cpBv9ST-p)3&&
zsW5)~FP9}&X`Fd7O1=c;NTx4x^|}bFPSw=M$_|<kg_rxC_)&%GG7dPHahjGAY3MV4
zqIQ;;>|Si+zCK4FOhE~?eh`s*VhySp&JWMP^m<oBEb>;wIxGhfbpDyCXUnNVwZgC0
zrF+Kk)(>VSA7;`^9b3t)5@fNO?z31?CXKuZx}Nr=8Do41dC$efht|3tm`En=e{l`{
zA$SRW+n{?nBBR=MS%e(SzG5;fq&fc|6~^1D2=TKhX))K+3r^k0?TQuAtCC7At$H}c
z>ikn8bxcvwqVBeYu(oE!s0jv#HHRAhPI=L*MV9J^DJ_4$Y1alH*VWYQ=<QLLxpE<M
z@S@^ehQsO+N7U4>d=XH-V@n5j6=$aHjZVInjx9tE;e-{!4t$_Ae2zKIt!%K_I{)ct
zX!!)jxVqg~auC3-0T1x(8BrFsK}EU(sj7s9vV=vVZZKcIw^<luTKM@40Ju`n2(#ci
z<p1qa+$YCBkcGXJycYWP=1GwQ*(ln!*}vS<B1(wf*x19mhZWT$82K;GA{ET$iHFWh
zn@iU)Vc@^~Bhg#=BaRioxZF`LVsN@dxp~fQa_WZuxHoc{J0wbNd`~p{T>u(#d!_P(
zJSF&h%Y9T>-qGj;*#ulYbHrypGo?}ZM~KblUJe9QhU2fhj%L`CO{dsqnwHsfPF{9@
zxKF0Y_t&=0@yp*SmzZ|M*uTq3#Gsbm!)j*AdTz(Rc60_5z@t@+X0+HfqHa+zM>)M;
z@?Sr~X(&U(;6nZ1^Jf3q!BEgpl>Y<&)&C`Z_WwWfe=?N+hx)&ceEToT_P^Q78p?3+
R|FZ(~Uq}9jF7*F1{XeGWX&nFn

literal 0
HcmV?d00001

diff --git a/Solutions/AristaAwakeSecurity/Package/createUiDefinition.json b/Solutions/AristaAwakeSecurity/Package/createUiDefinition.json
index 8a0e6b99fb5..d8f5c1b6718 100644
--- a/Solutions/AristaAwakeSecurity/Package/createUiDefinition.json
+++ b/Solutions/AristaAwakeSecurity/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AristaAwakeSecurity.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AristaAwakeSecurity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Awake Security Arista Networks solution](https://awakesecurity.com/) for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024, and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AristaAwakeSecurity.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AristaAwakeSecurity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Awake Security Arista Networks solution](https://awakesecurity.com/) for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Workbooks:** 1, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the Awake Security CEF connector which allows users to send detection model matches from the Awake Security Platform to Microsoft Sentinel. The connector also enables the creation of network security-focused custom alerts, incidents, workbooks, and notebooks that align with your existing security operations workflows. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
@@ -88,7 +64,7 @@
             "name": "workbooks-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The workbook installed with the Awake Security Arista Networks help’s you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
+              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
             }
           },
           {
diff --git a/Solutions/AristaAwakeSecurity/Package/mainTemplate.json b/Solutions/AristaAwakeSecurity/Package/mainTemplate.json
index bb47c630b9b..8471695f2e7 100644
--- a/Solutions/AristaAwakeSecurity/Package/mainTemplate.json
+++ b/Solutions/AristaAwakeSecurity/Package/mainTemplate.json
@@ -41,38 +41,29 @@
     "email": "support-security@arista.com",
     "_email": "[variables('email')]",
     "_solutionName": "AristaAwakeSecurity",
-    "_solutionVersion": "3.0.0",
+    "_solutionVersion": "3.0.1",
     "solutionId": "arista-networks.awake-security",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "AristaAwakeSecurity",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "AristaAwakeSecurity",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.1",
+      "analyticRuleVersion1": "1.0.2",
       "_analyticRulecontentId1": "90b7ac11-dd6c-4ba1-a99b-737061873859",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '90b7ac11-dd6c-4ba1-a99b-737061873859')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('90b7ac11-dd6c-4ba1-a99b-737061873859')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','90b7ac11-dd6c-4ba1-a99b-737061873859','-', '1.0.1')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','90b7ac11-dd6c-4ba1-a99b-737061873859','-', '1.0.2')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.1",
+      "analyticRuleVersion2": "1.0.2",
       "_analyticRulecontentId2": "d5e012c2-29ba-4a02-a813-37b928aafe2d",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'd5e012c2-29ba-4a02-a813-37b928aafe2d')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('d5e012c2-29ba-4a02-a813-37b928aafe2d')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d5e012c2-29ba-4a02-a813-37b928aafe2d','-', '1.0.1')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','d5e012c2-29ba-4a02-a813-37b928aafe2d','-', '1.0.2')))]"
     },
     "analyticRuleObject3": {
-      "analyticRuleVersion3": "1.0.1",
+      "analyticRuleVersion3": "1.0.2",
       "_analyticRulecontentId3": "dfa3ec92-bdae-410f-b675-fe1814e4d43e",
       "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'dfa3ec92-bdae-410f-b675-fe1814e4d43e')]",
       "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('dfa3ec92-bdae-410f-b675-fe1814e4d43e')))]",
-      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','dfa3ec92-bdae-410f-b675-fe1814e4d43e','-', '1.0.1')))]"
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','dfa3ec92-bdae-410f-b675-fe1814e4d43e','-', '1.0.2')))]"
     },
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "arista-networks",
@@ -84,365 +75,6 @@
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "AristaAwakeSecurity data connector with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Awake Security via Legacy Agent",
-                  "publisher": "Arista Networks",
-                  "descriptionMarkdown": "The Awake Security CEF connector allows users to send detection model matches from the Awake Security Platform to Microsoft Sentinel. Remediate threats quickly with the power of network detection and response and speed up investigations with deep visibility especially into unmanaged entities including users, devices and applications on your network. The connector also enables the creation of network security-focused custom alerts, incidents, workbooks and notebooks that align with your existing security operations workflows. ",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "AwakeSecurity",
-                      "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Arista Networks\"\n| where DeviceProduct == \"Awake Security\""
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 5 Adversarial Model Matches by Severity",
-                      "query": "union CommonSecurityLog\n| where DeviceVendor == \"Arista Networks\" and DeviceProduct == \"Awake Security\"\n| summarize  TotalActivities=sum(EventCount) by Activity,LogSeverity\n| top 5 by LogSeverity desc"
-                    },
-                    {
-                      "description": "Top 5 Devices by Device Risk Score",
-                      "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Arista Networks\" and DeviceProduct == \"Awake Security\"\r\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)), DeviceCustomNumber1, long(null))\r\n| summarize MaxDeviceRiskScore=max(DeviceCustomNumber1),TimesAlerted=count() by SourceHostName=coalesce(SourceHostName,\"Unknown\")\r\n| top 5 by MaxDeviceRiskScore desc"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (AwakeSecurity)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n| where DeviceVendor == \"Arista Networks\"\n| where DeviceProduct == \"Awake Security\"\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n| where DeviceVendor == \"Arista Networks\"\n| where DeviceProduct == \"Awake Security\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "innerSteps": [
-                        {
-                          "title": "1.1 Select or create a Linux machine",
-                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                        },
-                        {
-                          "title": "1.2 Install the CEF collector on the Linux machine",
-                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                          "instructions": [
-                            {
-                              "parameters": {
-                                "fillWith": [
-                                  "WorkspaceId",
-                                  "PrimaryKey"
-                                ],
-                                "label": "Run the following command to install and apply the CEF collector:",
-                                "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                              },
-                              "type": "CopyableLabel"
-                            }
-                          ]
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "Perform the following steps to forward Awake Adversarial Model match results to a CEF collector listening on TCP port **514** at IP **192.168.0.1**:\n- Navigate to the Detection Management Skills page in the Awake UI.\n- Click + Add New Skill.\n- Set the Expression field to,\n>integrations.cef.tcp { destination: \"192.168.0.1\", port: 514, secure: false, severity: Warning }\n- Set the Title field to a descriptive name like,\n>Forward Awake Adversarial Model match result to Microsoft Sentinel.\n- Set the Reference Identifier to something easily discoverable like,\n>integrations.cef.sentinel-forwarder\n- Click Save.\n\nNote: Within a few minutes of saving the definition and other fields the system will begin sending new model match results to the CEF events collector as they are detected.\n\nFor more information, refer to the **Adding a Security Information and Event Management Push Integration** page from the Help Documentation in the Awake UI.",
-                      "title": "2. Forward Awake Adversarial Model match results to a CEF collector."
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "4. Secure your machine "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "69203ebb-3834-43bf-9cdd-2936c4e6ae79",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "solution",
-                      "name": "Awake Security"
-                    },
-                    "author": {
-                      "name": "Awake Security"
-                    },
-                    "support": {
-                      "tier": "developer",
-                      "name": "Arista - Awake Security",
-                      "email": "support-security@arista.com",
-                      "link": "https://awakesecurity.com/"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "AristaAwakeSecurity",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Arista Networks",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Arista - Awake Security",
-                  "email": "support-security@arista.com",
-                  "tier": "Partner",
-                  "link": "https://awakesecurity.com/"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Awake Security via Legacy Agent",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "AristaAwakeSecurity",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Arista Networks",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Arista - Awake Security",
-          "email": "support-security@arista.com",
-          "tier": "Partner",
-          "link": "https://awakesecurity.com/"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Awake Security via Legacy Agent",
-          "publisher": "Arista Networks",
-          "descriptionMarkdown": "The Awake Security CEF connector allows users to send detection model matches from the Awake Security Platform to Microsoft Sentinel. Remediate threats quickly with the power of network detection and response and speed up investigations with deep visibility especially into unmanaged entities including users, devices and applications on your network. The connector also enables the creation of network security-focused custom alerts, incidents, workbooks and notebooks that align with your existing security operations workflows. ",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "AwakeSecurity",
-              "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Arista Networks\"\n| where DeviceProduct == \"Awake Security\""
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (AwakeSecurity)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n| where DeviceVendor == \"Arista Networks\"\n| where DeviceProduct == \"Awake Security\"\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n| where DeviceVendor == \"Arista Networks\"\n| where DeviceProduct == \"Awake Security\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 5 Adversarial Model Matches by Severity",
-              "query": "union CommonSecurityLog\n| where DeviceVendor == \"Arista Networks\" and DeviceProduct == \"Awake Security\"\n| summarize  TotalActivities=sum(EventCount) by Activity,LogSeverity\n| top 5 by LogSeverity desc"
-            },
-            {
-              "description": "Top 5 Devices by Device Risk Score",
-              "query": "CommonSecurityLog\r\n| where DeviceVendor == \"Arista Networks\" and DeviceProduct == \"Awake Security\"\r\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)), DeviceCustomNumber1, long(null))\r\n| summarize MaxDeviceRiskScore=max(DeviceCustomNumber1),TimesAlerted=count() by SourceHostName=coalesce(SourceHostName,\"Unknown\")\r\n| top 5 by MaxDeviceRiskScore desc"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "Perform the following steps to forward Awake Adversarial Model match results to a CEF collector listening on TCP port **514** at IP **192.168.0.1**:\n- Navigate to the Detection Management Skills page in the Awake UI.\n- Click + Add New Skill.\n- Set the Expression field to,\n>integrations.cef.tcp { destination: \"192.168.0.1\", port: 514, secure: false, severity: Warning }\n- Set the Title field to a descriptive name like,\n>Forward Awake Adversarial Model match result to Microsoft Sentinel.\n- Set the Reference Identifier to something easily discoverable like,\n>integrations.cef.sentinel-forwarder\n- Click Save.\n\nNote: Within a few minutes of saving the definition and other fields the system will begin sending new model match results to the CEF events collector as they are detected.\n\nFor more information, refer to the **Adding a Security Information and Event Management Push Integration** page from the Help Documentation in the Awake UI.",
-              "title": "2. Forward Awake Adversarial Model match results to a CEF collector."
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]"
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -452,7 +84,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "HighMatchCountsByDevice_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "description": "HighMatchCountsByDevice_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -479,12 +111,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "AristaAwakeSecurity",
-                    "dataTypes": [
-                      "CommonSecurityLog (AwakeSecurity)"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -496,8 +122,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SourceHostName"
+                        "columnName": "SourceHostName",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -505,8 +131,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "SourceIPs"
+                        "columnName": "SourceIPs",
+                        "identifier": "Address"
                       }
                     ],
                     "entityType": "IP"
@@ -516,32 +142,32 @@
                   "aggregationKind": "AlertPerResult"
                 },
                 "customDetails": {
-                  "Matches_Max_Severity": "MaxSeverity",
-                  "Device": "SourceHostName",
+                  "Matches_ASP_URLs": "ASPMatchURLs",
                   "Matches_Dest_IPs": "DestinationIPs",
-                  "Matched_Models": "Models",
                   "Matches_Count": "ModelMatchCount",
-                  "Matches_ASP_URLs": "ASPMatchURLs"
+                  "Device": "SourceHostName",
+                  "Matches_Max_Severity": "MaxSeverity",
+                  "Matched_Models": "Models"
                 },
                 "alertDetailsOverride": {
-                  "alertSeverityColumnName": "SeverityName",
                   "alertDescriptionFormat": "The following Awake model(s):\n\n{{Models}}\n\nmatched {{ModelMatchCount}} activities, an unexpectedly large number. The destination IPs associated with these matches were:\n\n{{DestinationIPs}}",
-                  "alertDisplayNameFormat": "Awake Security - High Model Match Counts On Device {{SourceHostName}}"
+                  "alertDisplayNameFormat": "Awake Security - High Model Match Counts On Device {{SourceHostName}}",
+                  "alertSeverityColumnName": "SeverityName"
                 },
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": true,
+                    "enabled": true,
                     "lookbackDuration": "3d",
+                    "groupByEntities": [
+                      "Host"
+                    ],
                     "matchingMethod": "Selected",
-                    "enabled": true,
                     "groupByCustomDetails": [
                       "Device"
                     ],
-                    "groupByEntities": [
-                      "Host"
-                    ]
-                  }
+                    "reopenClosedIncident": true
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -596,7 +222,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "HighSeverityMatchesByDevice_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "description": "HighSeverityMatchesByDevice_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -623,12 +249,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "AristaAwakeSecurity",
-                    "dataTypes": [
-                      "CommonSecurityLog (AwakeSecurity)"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -640,8 +260,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SourceHostName"
+                        "columnName": "SourceHostName",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -649,8 +269,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "SourceIPs"
+                        "columnName": "SourceIPs",
+                        "identifier": "Address"
                       }
                     ],
                     "entityType": "IP"
@@ -660,32 +280,32 @@
                   "aggregationKind": "AlertPerResult"
                 },
                 "customDetails": {
-                  "Matches_Max_Severity": "MaxSeverity",
-                  "Device": "SourceHostName",
+                  "Matches_ASP_URLs": "ASPMatchURLs",
                   "Matches_Dest_IPs": "DestinationIPs",
-                  "Matched_Models": "Models",
                   "Matches_Count": "ModelMatchCount",
-                  "Matches_ASP_URLs": "ASPMatchURLs"
+                  "Device": "SourceHostName",
+                  "Matches_Max_Severity": "MaxSeverity",
+                  "Matched_Models": "Models"
                 },
                 "alertDetailsOverride": {
-                  "alertSeverityColumnName": "MaxSeverity",
                   "alertDescriptionFormat": "Device {{SourceHostName}} matched the following high-severity Awake model(s):\n\n{{Models}}\n\nThe destination IPs associated with these matches were:\n\n{{DestinationIPs}}\n",
-                  "alertDisplayNameFormat": "Awake Security - High Severity Matches On Device {{SourceHostName}}"
+                  "alertDisplayNameFormat": "Awake Security - High Severity Matches On Device {{SourceHostName}}",
+                  "alertSeverityColumnName": "MaxSeverity"
                 },
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": true,
+                    "enabled": true,
                     "lookbackDuration": "3d",
+                    "groupByEntities": [
+                      "Host"
+                    ],
                     "matchingMethod": "Selected",
-                    "enabled": true,
                     "groupByCustomDetails": [
                       "Device"
                     ],
-                    "groupByEntities": [
-                      "Host"
-                    ]
-                  }
+                    "reopenClosedIncident": true
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -740,7 +360,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ModelMatchesWithMultipleDestinationsByDevice_AnalyticalRules Analytics Rule with template version 3.0.0",
+        "description": "ModelMatchesWithMultipleDestinationsByDevice_AnalyticalRules Analytics Rule with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -767,12 +387,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "AristaAwakeSecurity",
-                    "dataTypes": [
-                      "CommonSecurityLog (AwakeSecurity)"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -784,8 +398,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "HostName",
-                        "columnName": "SourceHostName"
+                        "columnName": "SourceHostName",
+                        "identifier": "HostName"
                       }
                     ],
                     "entityType": "Host"
@@ -793,8 +407,8 @@
                   {
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "SourceIPs"
+                        "columnName": "SourceIPs",
+                        "identifier": "Address"
                       }
                     ],
                     "entityType": "IP"
@@ -804,31 +418,31 @@
                   "aggregationKind": "AlertPerResult"
                 },
                 "customDetails": {
-                  "Matches_Max_Severity": "MaxSeverity",
-                  "Device": "SourceHostName",
+                  "Matches_ASP_URLs": "ASPMatchURLs",
                   "Matches_Dest_IPs": "DestinationIPs",
-                  "Matched_Models": "Models",
                   "Matches_Count": "ModelMatchCount",
-                  "Matches_ASP_URLs": "ASPMatchURLs"
+                  "Device": "SourceHostName",
+                  "Matches_Max_Severity": "MaxSeverity",
+                  "Matched_Models": "Models"
                 },
                 "alertDetailsOverride": {
                   "alertDescriptionFormat": "Device {{SourceHostName}} communicated with multiple possibly malicious destinations.  The destination IPs were:\n\n{{DestinationIPs}}\n\nThe associated with Awake model(s) were:\n\n{{Models}}\n",
                   "alertDisplayNameFormat": "Awake Security - Model Matches With Multiple Destinations On Device {{SourceHostName}}"
                 },
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": true,
+                    "enabled": true,
                     "lookbackDuration": "3d",
+                    "groupByEntities": [
+                      "Host"
+                    ],
                     "matchingMethod": "Selected",
-                    "enabled": true,
                     "groupByCustomDetails": [
                       "Device"
                     ],
-                    "groupByEntities": [
-                      "Host"
-                    ]
-                  }
+                    "reopenClosedIncident": true
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -883,7 +497,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AristaAwakeSecurityWorkbook Workbook with template version 3.0.0",
+        "description": "AristaAwakeSecurityWorkbook Workbook with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -971,12 +585,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "AristaAwakeSecurity",
         "publisherDisplayName": "Arista - Awake Security",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AristaAwakeSecurity/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://awakesecurity.com/\">Awake Security Arista Networks solution</a> for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024, and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AristaAwakeSecurity/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://awakesecurity.com/\">Awake Security Arista Networks solution</a> for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 3</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -1000,11 +614,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "AnalyticsRule",
               "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
diff --git a/Solutions/AristaAwakeSecurity/ReleaseNotes.md b/Solutions/AristaAwakeSecurity/ReleaseNotes.md
index 0e86091779a..21180f026e0 100644
--- a/Solutions/AristaAwakeSecurity/ReleaseNotes.md
+++ b/Solutions/AristaAwakeSecurity/ReleaseNotes.md
@@ -1,3 +1,4 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                             |
 |-------------|--------------------------------|------------------------------------------------|
+| 3.0.1       | 03-01-2025                     | Removed Deprecated **Data connector**          |
 | 3.0.0       | 09-07-2024                     | Deprecating data connectors.                   | 

From b0e0ed2049856559a6ecb7f89b99d4430740fb69 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 3 Jan 2025 15:15:23 +0530
Subject: [PATCH 3/3] Repackage - Nasuni

---
 .../RansomwareAttackDetected.yaml             |   5 +-
 .../RansomwareClientBlocked.yaml              |   5 +-
 Solutions/Nasuni/Data/Solution_Nasuni.json    |   7 +-
 .../Hunting Queries/FileDeleteEvents.yaml     |   5 +-
 Solutions/Nasuni/Package/3.0.3.zip            | Bin 0 -> 6756 bytes
 .../Nasuni/Package/createUiDefinition.json    |  28 +-
 Solutions/Nasuni/Package/mainTemplate.json    | 431 ++----------------
 Solutions/Nasuni/ReleaseNotes.md              |   1 +
 8 files changed, 44 insertions(+), 438 deletions(-)
 create mode 100644 Solutions/Nasuni/Package/3.0.3.zip

diff --git a/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml b/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml
index c999b916d40..54bc8395551 100644
--- a/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml	
+++ b/Solutions/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml	
@@ -4,9 +4,6 @@ description: 'Identifies ransomware attacks detected by the Ransomware Protectio
 kind: Scheduled
 severity: High
 requiredDataConnectors:
-  - connectorId: NasuniEdgeAppliance
-    datatypes: 
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -50,4 +47,4 @@ entityMappings:
     columnName: pattern
 suppressionDuration: 5h
 suppressionEnabled: false
-version: 1.0.2
\ No newline at end of file
+version: 1.0.3
\ No newline at end of file
diff --git a/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml b/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml
index f8f1b03f330..5829b44d92e 100644
--- a/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml	
+++ b/Solutions/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml	
@@ -4,9 +4,6 @@ description: 'Identifies malicious clients blocked by the Ransomware Protection
 kind: Scheduled
 severity: High
 requiredDataConnectors:
-  - connectorId: NasuniEdgeAppliance
-    datatypes: 
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -47,4 +44,4 @@ entityMappings:
     columnName: SrcIpAddr
 suppressionDuration: 5h
 suppressionEnabled: false
-version: 1.0.2
\ No newline at end of file
+version: 1.0.3
\ No newline at end of file
diff --git a/Solutions/Nasuni/Data/Solution_Nasuni.json b/Solutions/Nasuni/Data/Solution_Nasuni.json
index 60a20dceba6..db0105f1161 100644
--- a/Solutions/Nasuni/Data/Solution_Nasuni.json
+++ b/Solutions/Nasuni/Data/Solution_Nasuni.json
@@ -2,7 +2,7 @@
     "Name": "Nasuni",
     "Author": "Nasuni - support@nasuni.com",
     "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Nasuni/Data%20Connectors/Logo/Nasuni.svg\" width=\"75px\" height=\"75px\">",
-    "Description": "The [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+    "Description": "The [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
     "Analytic Rules": [
       "/Nasuni/Analytic Rules/RansomwareClientBlocked.yaml",
       "/Nasuni/Analytic Rules/RansomwareAttackDetected.yaml"
@@ -10,14 +10,11 @@
     "Hunting Queries": [
       "/Nasuni/Hunting Queries/FileDeleteEvents.yaml"
     ],
-    "Data Connectors": [
-      "/Nasuni/Data Connectors/Nasuni Data Connector.json"
-    ],
     "dependentDomainSolutionIds": [
       "azuresentinel.azure-sentinel-solution-syslog"
     ],
     "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions",
-    "Version": "3.0.2",
+    "Version": "3.0.3",
     "Metadata": "SolutionMetadata.json",
     "TemplateSpec": true,
     "Is1PConnector": false
diff --git a/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml b/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml
index 589887be5c5..b5a9ddadbf3 100644
--- a/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml	
+++ b/Solutions/Nasuni/Hunting Queries/FileDeleteEvents.yaml	
@@ -3,9 +3,6 @@ name: Nasuni File Delete Activity
 description: |
   'This query looks for file delete audit events generated by a Nasuni Edge Appliance.'
 requiredDataConnectors:
-  - connectorId: NasuniEdgeAppliance
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -71,4 +68,4 @@ entityMappings:
         columnName: filename
       - identifier: Directory
         columnName: directorypath
-version: 1.0.1
\ No newline at end of file
+version: 1.0.2
\ No newline at end of file
diff --git a/Solutions/Nasuni/Package/3.0.3.zip b/Solutions/Nasuni/Package/3.0.3.zip
new file mode 100644
index 0000000000000000000000000000000000000000..efa28b713b5654a173505d98c182cd6e1faaff89
GIT binary patch
literal 6756
zcmZ{JWl$VYmn;%AxWnM?9wZPv1a}EKI1Dm`!QBG{26qN`4ek&i*x&^B3{D_u@Bo|d
zy<fXqd+w>~y0^~hpSQZYwNz1Gksu)<VIqBWWHKHa>>^XeL_$iWMnWS0_i7EXwe+yn
z2PxRvfxsXSkSmzi(cKli@$nc8=pcOt7M#hbnS2y1N%{?*9dPg}TwO6ky#YJ=i%N4d
z71*)k9%muA;Ymd$=r=|W4uQ!*QSNlg8b6pFw7&C8?jkw@Bn^9?e!Eg!1-XVPF|SM5
zn%lV8X|SbO4Qcv}WiS#}Uf<`KzLwTf?yzV5@Z1nAIMw`7xgie*>aV>!+BW63;jGoG
z3{D#{c!u4*@N+)pib5J0^FBAsFdwU+8&kH_KhIx)-PmIc<pBJQ+wt`fiJfe=fiO%G
zR}fZgs0uk`h1)_oJL3{}iGhq<Qp8H{Y@#D66hv$-K*BmB*i^dvZOjH9hnF|$=phVz
zR0S0W<N*p9W{Kn?piL!r621LJYVReHKWafB#oMsVY&ib<ZY2!nKK}9v;!*ZP@09^a
zs6$Ux|MbDG1?KC_BM*@MlmC+1Gi=YiE7*8_yVT^7PD}e-P$TwE(uU8fA8KLD9bso6
z0KjV1a;sSsG;8em$j+0g2HkU0<7#$Qsnwvoc)0!gVzq>~GsW7~MTX`|WP6H1N`!{}
zsNQBA-E)&6Nuw%_6;*=7gbQXueox#RI(2f&pnsgIY<<~k^Ne&WOsuO?CHyA7lb*Iw
z&0!o7Z^PBkfLq;6(clcIwE-~aH;2ic)Xj9xTJ)Gdg4_)2gO@|l@M^rk2A2I|W)YTv
zv=m_lgKl3`85)e?D=lMI1A39=*H{i6iOAlH4M=U6bc75h%2QwwRs+?1vybdlgW{5{
zKkX5dY6k+n$_ik86m(=}*JYg&Ii|kl_f(@ZaH9{5wlGj0Ra%Ys$^PQyPh^WGg3!HJ
z$%1`^iY#&VSq53@gP$iF0qZ*HglbcPpWMZaQ4z~Fj4U9WtzDhSQ(WBlnx5|`MU2FI
zvVVXH0XCXgVa2FP7jW$=V%(9IIBN*(5)c0Bdm>lCK+$=qVt?3RsHt&?!^6eRJputb
z#%}3DV|x9$%suSx`cJL(ihYI^JY0PoWfyzL<3nl_D9}u)UdEmVPH*LO=`VvG3ad9P
znHB~%O4BAR!)M`!Qbm8+<Soo(smySd(XwP&2hCm)nnKa2+aaS&nIALl-Hwz_BYa%m
zL@}sZjsf`7H(17EhRp_R+2x}T=QV$+sfY6Za09c}(as}85m<C=5M?}(Ke07>S)+Au
z1`g@mIE$%UaT=q>ZwGSYR!^CD>t@N^`+t7Ar>)TlG?PAS#Hz$FJhH9r>y+n~<1b+`
z>-En7T7HGX4}OQuaFQ;+LQOlC>7H?ntbmjr)~WZeMxKtu$t9MUE~I(tsDf2Dyc0*r
zD+{SCSe;7g)P_+lS&di%2eeIVQU79rX~^75Y4aFAw~h5_^Rfr~x(qz-?=;{V)nEs&
zg}vU(j$-$J!u^F~6D=uAdh1V_9ImIPi22%vZ};sunK6t0-!>g{-1i^4M&h+MRj9-h
z-Y=k?X!mr^oHdU%@jRK~1wR{8K`c*<bK5BOU(#Rn;&P;ly`Wy-lNi0=;AJ22K%<-=
zi(_EH+22`?Z8zm_v+RhnMjT1KH91JPR2m1|V|*E`f2A)6%+V`y#1vm9sw-jRtsfJi
z?#oyxlC+e62l(=&>L+-#dGzGa4l<gpI?N!u@&ADjAPyaT&O8gB(ezhOA<0VGZTo?@
ze_M~U4)2|JndPL`t!MBwFq0971*EuV0GX|GwfJ%H73Jm0?A;;XPVo*Zd-t)IQ<~St
z_QN~Aa~u{l{R3*WYib_VsJHv>gv9q?*HNn)1x~zJ#fRYyeC&JL*>`-H3<4$TW29r5
zr)H&Y<1EIsmQph;I4ZFUP7M;D6z+r)-1bgUX2o!@qo_#`0%C{gef={)!u#kn5BZyu
z<0>FOYBg`ac7}iZJtA7)N#e;BGc2^3(Jf$xfI@)1=kVw6n!bSj+^OzxLMB0P$3Z;1
zO^1DPb+0oi+K}tOX-#-rDH*~m-hpYcq(nsf$l+H1M&=gQBjh^||J25$?hR)0<5m4~
z>RE`|uMe*u+uqCqRBQ3&ik^@tj?AcdOy^cN=cY<5PFvG{F#*va`3pznYbUL9RzLk}
zK>NO2G`+&<<p2GgY(7|i$anc|QDc#qt3J2Y2f?cLU*2hDqQUxA9q76Jkp#oS_w`38
zc-^kNfQG)k#Uf8t@%7Sic%;LuhA`*Ms{?<tK)SX3jnzA_aN&}Oa6W}PoArp|T0+iE
z-Sq10p0Qu8J<cCU*;3EVgF!4M)|Hwh?|yCr6w^fr4-$?z%E@R8BI-^?G?8Pc*htp#
z1n!}482%QG?R}fD5t$J3a`%+<EtHVN?+Nuy$kJrJH<>EcyY=^;x*ZaYe18t@muOr-
zJwmT&j-n*uC2k_FNSwz%br*yZ&k0#E$%<f?j0wm|IL-bg+1DZ7#Wo4Y@bfY0i+U(C
zBwElos065kJgOA04;UC-vMnpNLG%yWiqZ*BrJDnRk5}JK5xZCI1I?L_)8mCNDUSp2
zjGwPf&Zuh*<N1aG*$IA6M?pfI`$xbpZhqd^XOrtRMPSmPFPHL8ZiY>KU+FU*8g%--
z$*fGJYbj=>l@oNEcg>&2up8Srn-ciO-&wo>o!mkD_Utu0NTT_T?djqOlNi?D)QGTF
zmoH3QAklp8QZJ8}{8D{#3k?jiIn-qLC$tqBGB0o1=IS>44Ex*CsqKq)8snVH`(>?R
z9&_VzEc-tp^L~ajsjl^W4n=b~Ty66#_|mGJyw8;%gwocy&*Hl#QTy7jarQTON<_TQ
zff_vy&lq$9_woGD%Vj;b^+V$rplGr`QzO8g3-FeyZmFT>fx<&6djzv+g`w8Z#4U3h
zKj;Nj>%Zv_d-G`)03i}mx-}BgKR|M^1cCKzT|PPgQz8FPdHk0A4OtUQera>uLN4v%
zGHNPg9tXN{!s|q*)Vhh;dY6SvJR3AoQxXT?yoX@U(5f%$-*VqNJTk9A@rhDpVj!?_
z+r?}>D4Iwo;3@JHeK6tM3k^eU@WFG0I_Q`Kq#mJkKWDB9^(YrEvlg*!IQ#*;it~K3
zsmj0DEcoX6^V+-n*?`XilsZ9h3R9np#$J2^Xl@5Pxu~E75xw@gVH)?z98|KeUK@G&
zbHza{T!12e7mdoV;4Yvn_$pA<mo{pUNm6r;nK<~%9#UgbnJS7d^AzDTcMJsCCVHkO
zQ9GG1vNZDC`-_8$5Ozc;TdZ^HogO>wH37~SqcH*@awCcaT<u+nxUG60Zq{>;YHGaY
z=>4R-B*hNcErYcrTqr*<gT=RV_K1ozL!=Ik(!q3ndO+`L-Y*9;*`3Tex!N=_vmpdc
zftk4!Mx3qwj-k#HVVan~>A<+T!VE9&3$NVF&$`XF3(fCq&hL!)o0i1CA2y5BKqO$f
zTfWBJwa;;#WxxD4W?e%rSWZp@B|TD929nC6i}k#pNJ4D<`Ap(^Bv*Tyam?;Amwb11
z`vEB(<CW;@*~-Uk1-aBpB5=*%;b&rewYWn40{G7doF;y10lF7Q*K~uXS&`|r+^M}^
zEr#jcHn!J`iw^MMH-D6H;#AgxQ{v#3YQ<TYfq0!ZluT@e`7Dx@SP=Ah;$d#NYY6M5
zhb2e)-1-c6i6LQAAbOZAg>w8cjmJl%Kz1$X<~@rpccU=MmTt67)dOGvI5OD<lX(p-
z0$B|2JZpPUQ}Cy1RaLd3WF2`=w2^vq2Y3E*jSkPut?%Hb*%R)Gb#;;DW5>SNxI(Xs
zYPCE-3uA0YChX=Z{9UIihI#!Ges^wv(9d@(Qex+MuZo`t{ReKm+HSekL>Qrk(UK$m
zid|a1w{iErWM5X?Cca-NoNrnV3Wi>(-R=KY{{fcUB7#%DMqe-*3(z}A|DD(hAf^3r
z>fGwD+V1RHm;HNo!pSu(EO;vGG9UW6`cQ8Xp)&?bf7RjYVNJ$(_-3s>&ep+Xd>>4g
z<>=Z9T1*cn7+TBPR^O?}<t-=6i|uCTo?I-!Y%T4tM4O5%drwSTBZ!c7Cr&T$e@=ON
zdOjSx%0D^vk$7_1pY6%*JI2Rr{d#yarBN?Y^#;*jp7V+LVN%`aJW{QFg>#V~(VroT
zP;@c|4Wv--+}%mLr%#${F9%7{MPjrzJNG$~Y_1`LZ*H^5|J*8WPEGZv-@bxPuK{SN
zPi`@s>)Tv&>Y<0R5q<FK*qb>EER74YPMBzc|1y5Usf#pgsUc?i0MU|et*>d3d9jB5
zmtFkDE7@9K0Un-(3tn4JXn}TNlH6T)h8<iTlTz>u<VIRJ8qWuEVBrgYwlG=HGS6<v
zN!&0lXwV2du^CMAYL?h2eXOG)t@+z^-4BvC&sta|W^l1{>)RSCE!n-pxOrVel5y1=
zH+P!YW9nDXNtJUd^XlU^(Xeo3Fm4OyR{>;U0xs2W+=l4JsKW{l2hD!)w84jWP+!5G
zQc8cyNSX6#`U)p99Q9Adgev(aSt3DfZH1YsrH4?RcPn+^LK$2g#BxR580P(7Qa@RT
z1|8t^omyNE?7In1>sb{(*ZZM$p{S_r>5*TC<s%|W#8ogA$w`{8tp49T=sm@s`;P90
zQjhu5lWuVSP$Gr)A-e+;cnRiLf|2<TFh-CUHJC!!bg3ePGIwEjKUl;%bTnk^>>4Gs
z9&kcy<trGeswPfYBT(Lq?@-(zp~&lrI*e9ZOpID)D>6U>7tMCbDY3;Xz;=!bvC)@m
zMP_s2Swj_CB*)Q;unw7^;U1H*z~N$>0K%8tkVLJ$T}fEu*~hq0oE(0>6i{|}yJ!r`
zJ4;x&#5Rt;o#AJA1Ozhs7Nb7^5Joe0#{HRSV}utEM^m0KUVoZFU8YqibrLtCo}<fw
z!GO{Q6_S2Ga%4$hvn!6cPuo1;8Wh2zz<*?+oWut<i|`ufN;~r)ANEOaFGw0*_0+}>
zC0Mz!OW@riM!6fVqMqJXydIrE9a>T(mZX8xX$po8f1Cx##(Ggj&Hrtq41XEv6%L)d
z+DP%6(M^w3t|y5XioPcZB{+ODNH40DCr9#=f;#@P=KNsps&=XRC$P5FerCvLLa^nf
zs_d6HC91N`0Wp;X)*;6Mae<&Rqr#TAAY;X-?b`ME=g)+V+k;VzxI$#q+Oj}aH=N#7
zoA}H+sd)AXy7k<7wX_h<Yr28nLwXK2i!L0|NMjWu6$GdwAK3Z%j0}S>*Q!Ly4#jic
zWJDKpW<YiY3cV*zTUuh2+*<W*Tq2<xb`y{&1Y!4fwhCHcM2G38T<C@)Nf&5;S}s~M
zjA(fqIVN7X5>mp#B<3Rry@6E?B&gEg&B}={Wer|b61(X>g`bVcc|FN0*{fmlaFr_=
zdq_@YV!v!1=K{;P2yE#)rkFAc*E>cZ#L3}*qOm@~{UFj~79bnf$n!EAcER$>?r`>u
zP`h8`<sq?p+iT1@I-#l8QwceR%5)VP>=t}Tz2|)lgVYRM-hP~YZFTzjc@I*<a-+<S
zKQKdB>7)&ALb@c{pd3=#*jG4GEY~rL@}ZFpd{A=6pX}5bp_@Dn4XrtfGf+VQ7JBR@
zTgXjBjB*i_+b`09t~1&49hXY-F;}9Gr~j%aSQ8>QOkW!ZRK&9HZ!mAOoIKJ2d)`5c
z8wsMhy(fU5Mms`%Pt+Zwh8Kd|_~+=4GALhulzd~CGVt`Hx{j&p5p_;fNR7o+D)_Fl
zWa|mSu*IF3f0wGs$JAUrr9W;mb%Lxwe_Ulyob4PB!e}aC_sH3HHa|#ebgqux#PYrB
z^K4bDR@q<e(@9P16xAWdf-)FP|J)BzE4B~9N*f-xokKE$J#<mJ4klfdxP7F4BeJWI
zZyQ9#C3nDHPSQ$Zkh0KR#NVsPKDR;{Wt9wsE5=LJMs#Q2;x+W_WX%~by)_t;d8|%b
zTs_7xOmS&G%gBrltppMAc$x8;HK}hRU|;Z^_G^XT_{ZPO3$5ViNC=&F(bEaiQoy#p
zVq@GoI#8S}r2p-q;L{YT{u`B#e1NJT8SZjgHe|TePFLfwj!z4?MSK@I#kZYBB7Lp&
z0_<^@b`9JQc>xx>OIJXDUX5oc1&8N8MygPKz2RuP)9LZwgAMwWyWjjGx_xQ&1&+og
zXKwJSwESq+w2ZU8=%LyLg2sDQgK&J=Y1eLEpC`CHj<g11U3#|t_Oz(hEr)5ltbX(K
z&RRH_dwatsJb?6fxpidvz<KQ(&|!FuGC~8(6zXknrInc7uOs&|ui@gT*1Ragz_YOQ
zi%UYiCy?_;b{Wq78G``6T;-fl|Buccmh#F@+!jRtKmggiR(S&3>wgWLgbxH9Vc9Mn
zNE=bKpMan#Xc%+(0gd(MG%8Z#aJlbNA&QSajrDy~JMe*jjhf3X48_2AYpgHXfFu-0
zzMUEe!fJw>>v^XzFn!V2mOPt(-Vx%|d^*C{rcEFlh!QjI)A&gk8}iNYqu?dtSm$ur
zZUGphH{kk9#<FGdDfp2iWPDz%$FiTYm{JMu3Hzzk*!DpGodw>q+6raBDP{j$hjr`O
zh0;IPotZl)VD&PbH8$yj`_@S@mUXNIUdT59I0@}6L$!B?RTy-+?7u193;^cMx2)I_
z#;}n%PXzT(wLQP_wcnB7k`Vjz9P9VZJSYHiumbd6yzlf}sx&WaJ9<Hr43!-DKzUs_
zdfz_#w4abG5l#Qp;f~Uk#S2jUE_1DC@wOtRiNSAS80ALeTFFB2m4&v(Kp}3@Avgfd
zjXdA;<o;oR`x&PIo3cz8Q}A^%T^{vA5Xu+7>bK7!!JQXuiDz`a2j9B3Oh@rw_KRAS
z9V-rCwhnuwcs>-|1W^L78I}0+jP#=Tzobgj4~@shHnqg`qJLCyz=igKuZ<Kr=1<%F
z=Iz)fZ20^>Tj(D$T^*7Pt31{Smh@WsFihu%2hu)&@(7Uni};<h)3(Lc^kYPwTwpcu
zdO{gWd2?+Du;vlKHPJ7o<z}hDh~uAd_lNsUe2ni0Q0;rjyTK$#s`EfHp2uF9td`tl
z^y)Q>^&Azsa@46%HuwGJUbL~JF)HEh%niI2#_ED|`UT_WIJ;#!D#Ul3C`u3l1@^fT
zdmYy|h?x{=rj!+yXs=VIe=9@G1Ba5~8laL4$JjVW8W)U|BUSJXqGrxsL_XG6Ok`lx
zjfB+&w_AwFN~lB9%LW~P<Y~%j?B2-KlaKC6sA>@~YdsQ7hHJ4uK?Hf@QNP+<f0*XY
zK9%}eRhrpUkTzcNj-*p`?{eLN#Z6LX)g@qGK>E+}k9i(-uE6|BPvM*;zO<4?W54#M
z{p<{U4=H)wX5&QRc9$o#^d37CPoCZJwW`(!!-xrVZejM%!mA^7zfdF+%ohG(PiNIF
zKE{>VLZ`#0>9Lg!{p%&asIlDx|8Md`=92^ddW%Ha*E)H!{z3kNxf@&Soi#IG&1r4&
z0*B2Tj)3WLHFKQ3uHluvkG{IsqmE0E72cN5))KkZR39&^*>|<F>1toKBo{1Mae8Oj
zAH~{hnX+Eo4Xr8EmrwgW0K}mbdvP|-gMtCN%;sS<EZV8-R>K}c1>D+S$4j&$nC{k>
znF^GFrh_4W>0YkB?e^%sM+=cGwn3@L2e#kfb{J0lrg)bmu$Uu<KGv8=$az+&f3qnB
z=iv?YF7JPT97)RnIW$V>t*H0lHKEjf8y+d<Q@GSD5lO8vCt`YaEY<;)pDM&eCb|S@
z1Cvl>g+jv&RZ!8;BVh=Sl#<v>81I(`llmA#Cvx$wo}L9h7X@WxVilz100z?<3L4ku
zk_t%;JLUL4dr8w@YudAI4AV%e><LW8u+!u}ZHMnKxRm82{+a@2Q156aKe1zcXWYk(
zN#TxiU{c;?%+k3}33D(=tr|2HOyb+}cu5p*<|DSYPqeMC;3(wqV|pbl6FyEPq*c`2
zZT}h%xB;?Z5J2?fgzQ{9H_L6f^H|K#KsU!m+GoC}$OlxNI&CL6Q!`T|UGQcnXK7n?
z;}&D8t8$SU_BRw`amS@vrs8lCa2!AgBXxTvg7xoqbyce=bzSdqeb7+1^LJiK5#Lld
z>jkdu7r#K_vj@nR49ve^Ym=3fn!EeQ=AkgY3TvDWnX0}QpBS<6cS@02-#AK7+QGQr
zxgw^AR>_l{mq~hgl##e92yE*TydCmBVJw!#V<{CB7MJ(RvD7E{)#BIwsU77`m(06-
z$SW)<e8_yt|FXOMe3Ld;$CWC6_NLFWEXFk9B(`vkdu)AFb~6=WphWFVrka0zVIpI~
z(%ae2crSE<tm^uSML|&UYqF^r%<%2q*0H=knl0hiutD#CzoR`Rd4_G!cx(Nt`~{<E
z76wccLO$J_qj|m1de03D6SePUNsrs~T8Izhafem}xmT_ko|oMQ<2*#ZzMvITDa!Y{
zpS&wV>!ppxO5EI14-WlG{5ebQ;^}>pWS}ysmN$nJoWvWgrwC$hOi~BrF#ILxZQBjA
z+EHnjt1P=T({KcpKEg@Ck<v|+_wnZXuN#H<zY`=h8PXn!bpLIgip(jK-do57Z1EdC
z?dV?{ZGfI|V!?jnO4i`+!-XZs`SSasjN2Wl5BM_HK_OCGflDWN`a~s-n`6)Aya6Px
zZ*JA1FWZkr1))@`#r!+ldTGWVeldRG6}?3OS?;Vdx+!h65mS#{F*<vhfw7yWBA?z9
zc<%0tRXXPO-$X7w9~(G5b7wqhjbK%~0+hEMV|bLbewbDO`2JZKe;?VjRFP3gkpAy1
z=bxQ|gp5T0ANW`QN3!!jN&crH^PkoKPZIJkCi-9YjFu`I`hP}H{+)<_I7a!O+kXMk
CSN$;n

literal 0
HcmV?d00001

diff --git a/Solutions/Nasuni/Package/createUiDefinition.json b/Solutions/Nasuni/Package/createUiDefinition.json
index 7e1decc016d..c676d735dad 100644
--- a/Solutions/Nasuni/Package/createUiDefinition.json
+++ b/Solutions/Nasuni/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Nasuni/Data%20Connectors/Logo/Nasuni.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/Nasuni/Data%20Connectors/Logo/Nasuni.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Nasuni](https://www.nasuni.com) solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping. \n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Analytic Rules:** 2, **Hunting Queries:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Nasuni. You can get Nasuni Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "analytics",
         "label": "Analytics",
@@ -162,7 +138,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "This query looks for file delete audit events generated by a Nasuni Edge Appliance. This hunting query depends on NasuniEdgeAppliance SyslogAma data connector (Syslog Syslog Parser or Table)"
+                  "text": "This query looks for file delete audit events generated by a Nasuni Edge Appliance. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/Nasuni/Package/mainTemplate.json b/Solutions/Nasuni/Package/mainTemplate.json
index 4b97d08155a..cfb9927b67b 100644
--- a/Solutions/Nasuni/Package/mainTemplate.json
+++ b/Solutions/Nasuni/Package/mainTemplate.json
@@ -33,37 +33,28 @@
     "email": "support@nasuni.com",
     "_email": "[variables('email')]",
     "_solutionName": "Nasuni",
-    "_solutionVersion": "3.0.2",
+    "_solutionVersion": "3.0.3",
     "solutionId": "nasunicorporation.nasuni-sentinel",
     "_solutionId": "[variables('solutionId')]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.2",
+      "analyticRuleVersion1": "1.0.3",
       "_analyticRulecontentId1": "0c96a5a2-d60d-427d-8399-8df7fe8e6536",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '0c96a5a2-d60d-427d-8399-8df7fe8e6536')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('0c96a5a2-d60d-427d-8399-8df7fe8e6536')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','0c96a5a2-d60d-427d-8399-8df7fe8e6536','-', '1.0.2')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','0c96a5a2-d60d-427d-8399-8df7fe8e6536','-', '1.0.3')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.2",
+      "analyticRuleVersion2": "1.0.3",
       "_analyticRulecontentId2": "6c8770fb-c854-403e-a64d-0293ba344d5f",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6c8770fb-c854-403e-a64d-0293ba344d5f')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6c8770fb-c854-403e-a64d-0293ba344d5f')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6c8770fb-c854-403e-a64d-0293ba344d5f','-', '1.0.2')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6c8770fb-c854-403e-a64d-0293ba344d5f','-', '1.0.3')))]"
     },
     "huntingQueryObject1": {
-      "huntingQueryVersion1": "1.0.1",
+      "huntingQueryVersion1": "1.0.2",
       "_huntingQuerycontentId1": "64a3477e-d06f-4491-86a5-6f99702e267f",
       "huntingQueryTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('64a3477e-d06f-4491-86a5-6f99702e267f')))]"
     },
-    "uiConfigId1": "NasuniEdgeAppliance",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "NasuniEdgeAppliance",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -76,7 +67,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "RansomwareClientBlocked_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "RansomwareClientBlocked_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -104,16 +95,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ],
-                    "connectorId": "NasuniEdgeAppliance"
-                  },
-                  {
-                    "datatypes": [
-                      "Syslog"
-                    ],
-                    "connectorId": "SyslogAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -124,13 +109,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "columnName": "SrcIpAddr",
                         "identifier": "Address"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -140,17 +125,17 @@
                   "VolumeName": "volume_name"
                 },
                 "alertDetailsOverride": {
-                  "alertnameFormat": "Nasuni: Ransomware Client Blocked",
-                  "alertDescriptionFormat": "Nasuni has blocked a client involved in a ransomware attack from accessing a Nasuni Edge Appliance at {{TimeGenerated}}"
+                  "alertDescriptionFormat": "Nasuni has blocked a client involved in a ransomware attack from accessing a Nasuni Edge Appliance at {{TimeGenerated}}",
+                  "alertnameFormat": "Nasuni: Ransomware Client Blocked"
                 },
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
                     "enabled": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "PT5H"
-                  }
+                    "lookbackDuration": "PT5H",
+                    "reopenClosedIncident": false
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -204,7 +189,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "RansomwareAttackDetected_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "RansomwareAttackDetected_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -232,16 +217,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ],
-                    "connectorId": "NasuniEdgeAppliance"
-                  },
-                  {
-                    "datatypes": [
-                      "Syslog"
-                    ],
-                    "connectorId": "SyslogAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -252,13 +231,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Malware",
                     "fieldMappings": [
                       {
                         "columnName": "pattern",
                         "identifier": "Name"
                       }
-                    ]
+                    ],
+                    "entityType": "Malware"
                   }
                 ],
                 "eventGroupingSettings": {
@@ -268,23 +247,23 @@
                   "VolumeName": "volume_name"
                 },
                 "alertDetailsOverride": {
+                  "alertDescriptionFormat": "Ransomware attack detected by Nasuni at {{TimeGenerated}}.",
                   "alertDynamicProperties": [
                     {
-                      "alertProperty": "RemediationSteps",
-                      "value": "SyslogMessage"
+                      "value": "SyslogMessage",
+                      "alertProperty": "RemediationSteps"
                     }
                   ],
-                  "alertnameFormat": "Nasuni: Ransomware Attack Detected",
-                  "alertDescriptionFormat": "Ransomware attack detected by Nasuni at {{TimeGenerated}}."
+                  "alertnameFormat": "Nasuni: Ransomware Attack Detected"
                 },
                 "incidentConfiguration": {
-                  "createIncident": true,
                   "groupingConfiguration": {
-                    "reopenClosedIncident": false,
                     "enabled": false,
                     "matchingMethod": "AllEntities",
-                    "lookbackDuration": "PT5H"
-                  }
+                    "lookbackDuration": "PT5H",
+                    "reopenClosedIncident": false
+                  },
+                  "createIncident": true
                 }
               }
             },
@@ -338,7 +317,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "FileDeleteEvents_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "FileDeleteEvents_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -408,342 +387,9 @@
         "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
         "contentKind": "HuntingQuery",
         "displayName": "Nasuni File Delete Activity",
-        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.1')))]",
-        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.1')))]",
-        "version": "1.0.1"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Nasuni data connector with template version 3.0.2",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Nasuni Edge Appliance",
-                  "publisher": "Nasuni",
-                  "descriptionMarkdown": "The [Nasuni](https://www.nasuni.com/) connector allows you to easily connect your Nasuni Edge Appliance Notifications and file system audit logs with Microsoft Sentinel. This gives you more insight into activity within your Nasuni infrastructure and improves your security operation capabilities.",
-                  "additionalRequirementBanner": "None",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total events received",
-                      "legend": "Nasuni",
-                      "baseQuery": "Nasuni"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Last 1000 generated events",
-                      "query": "Syslog\n            | top 1000 by TimeGenerated"
-                    },
-                    {
-                      "description": "All events by facility except for cron",
-                      "query": "Syslog\n            | summarize count() by Facility | where Facility != \"cron\""
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "Syslog\n   | where TimeGenerated > ago(3d)\n       |take 1\n       | project IsConnected = true"
-                      ]
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "Syslog",
-                      "lastDataReceivedQuery": "Syslog\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "write permission is required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "delete": true
-                        }
-                      }
-                    ]
-                  },
-                  "customers": [
-                    {
-                      "name": "Nasuni Edge Appliances",
-                      "description": "must be configured to export events via Syslog"
-                    }
-                  ],
-                  "instructionSteps": [
-                    {
-                      "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Linux Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Linux Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ],
-                      "title": "1. Install and onboard the agent for Linux"
-                    },
-                    {
-                      "description": "Follow the configuration steps below to configure your Linux machine to send Nasuni event information to Microsoft Sentinel. Refer to the [Azure Monitor Agent documenation](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview) for additional details on these steps.\nConfigure the facilities you want to collect and their severities.\n1. Select the link below to open your workspace agents configuration, and select the Syslog tab.\n2. Select Add facility and choose from the drop-down list of facilities. Repeat for all the facilities you want to add.\n3. Mark the check boxes for the desired severities for each facility.\n4. Click Apply.\n",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "linkType": "OpenSyslogSettings"
-                          },
-                          "type": "InstallAgent"
-                        }
-                      ],
-                      "title": "2. Configure the logs to be collected"
-                    },
-                    {
-                      "description": "Follow the instructions in the [Nasuni Management Console Guide](https://view.highspot.com/viewer/629a633ae5b4caaf17018daa?iid=5e6fbfcbc7143309f69fcfcf) to configure Nasuni Edge Appliances to forward syslog events. Use the IP address or hostname of the Linux device running the Azure Monitor Agent in the Servers configuration field for the syslog settings.",
-                      "title": "3. Configure Nasuni Edge Appliance settings"
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Nasuni",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Nasuni",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Nasuni",
-                  "tier": "Partner",
-                  "link": "https://github.com/nasuni-labs/Azure-Sentinel"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Nasuni Edge Appliance",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Nasuni",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Nasuni",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Nasuni",
-          "tier": "Partner",
-          "link": "https://github.com/nasuni-labs/Azure-Sentinel"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Nasuni Edge Appliance",
-          "publisher": "Nasuni",
-          "descriptionMarkdown": "The [Nasuni](https://www.nasuni.com/) connector allows you to easily connect your Nasuni Edge Appliance Notifications and file system audit logs with Microsoft Sentinel. This gives you more insight into activity within your Nasuni infrastructure and improves your security operation capabilities.",
-          "graphQueries": [
-            {
-              "metricName": "Total events received",
-              "legend": "Nasuni",
-              "baseQuery": "Nasuni"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Syslog",
-              "lastDataReceivedQuery": "Syslog\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "Syslog\n   | where TimeGenerated > ago(3d)\n       |take 1\n       | project IsConnected = true"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Last 1000 generated events",
-              "query": "Syslog\n            | top 1000 by TimeGenerated"
-            },
-            {
-              "description": "All events by facility except for cron",
-              "query": "Syslog\n            | summarize count() by Facility | where Facility != \"cron\""
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "write permission is required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "delete": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Linux Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Linux Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ],
-              "title": "1. Install and onboard the agent for Linux"
-            },
-            {
-              "description": "Follow the configuration steps below to configure your Linux machine to send Nasuni event information to Microsoft Sentinel. Refer to the [Azure Monitor Agent documenation](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview) for additional details on these steps.\nConfigure the facilities you want to collect and their severities.\n1. Select the link below to open your workspace agents configuration, and select the Syslog tab.\n2. Select Add facility and choose from the drop-down list of facilities. Repeat for all the facilities you want to add.\n3. Mark the check boxes for the desired severities for each facility.\n4. Click Apply.\n",
-              "instructions": [
-                {
-                  "parameters": {
-                    "linkType": "OpenSyslogSettings"
-                  },
-                  "type": "InstallAgent"
-                }
-              ],
-              "title": "2. Configure the logs to be collected"
-            },
-            {
-              "description": "Follow the instructions in the [Nasuni Management Console Guide](https://view.highspot.com/viewer/629a633ae5b4caaf17018daa?iid=5e6fbfcbc7143309f69fcfcf) to configure Nasuni Edge Appliances to forward syslog events. Use the IP address or hostname of the Linux device running the Azure Monitor Agent in the Servers configuration field for the syslog settings.",
-              "title": "3. Configure Nasuni Edge Appliance settings"
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "None"
-        }
+        "contentProductId": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.2')))]",
+        "id": "[concat(take(variables('_solutionId'),50),'-','hq','-', uniqueString(concat(variables('_solutionId'),'-','HuntingQuery','-',variables('huntingQueryObject1')._huntingQuerycontentId1,'-', '1.0.2')))]",
+        "version": "1.0.2"
       }
     },
     {
@@ -751,12 +397,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.2",
+        "version": "3.0.3",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Nasuni",
         "publisherDisplayName": "Nasuni",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.nasuni.com\">Nasuni</a> solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Analytic Rules:</strong> 2, <strong>Hunting Queries:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Nasuni/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.nasuni.com\">Nasuni</a> solution for Microsoft Sentinel allows you to analyze Nasuni audit events and Notifications collected via Syslog. It includes analytics rules to automatically generate Incidents when a ransomware attack is detected and perform appropriate entity mapping.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024.</strong> Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Analytic Rules:</strong> 2, <strong>Hunting Queries:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -794,11 +440,6 @@
               "contentId": "[variables('huntingQueryObject1')._huntingQuerycontentId1]",
               "version": "[variables('huntingQueryObject1').huntingQueryVersion1]"
             },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "Solution",
               "contentId": "azuresentinel.azure-sentinel-solution-syslog"
diff --git a/Solutions/Nasuni/ReleaseNotes.md b/Solutions/Nasuni/ReleaseNotes.md
index c009cd81672..a5f610794e8 100644
--- a/Solutions/Nasuni/ReleaseNotes.md
+++ b/Solutions/Nasuni/ReleaseNotes.md
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
+| 3.0.3       |     03-01-2025                 | Removed Deprecated **Data connector**       |
 | 3.0.2       |     18-07-2024                 | Deprecating data connectors                |
 | 3.0.1       |     02-08-2023                 | Solution Id and Tier Updated                |
 | 3.0.0       |     14-07-2023                 | Initial Solution Release                     | 
\ No newline at end of file