From 284916d96d7742809a52bf8c35ba2f6381f05d96 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Mon, 16 Dec 2024 16:50:53 +0530
Subject: [PATCH 1/4] Repackage - SquidProxy

---
 .../Data/Solution_SquidProxytemplateSpec.json |   7 +-
 Solutions/SquidProxy/Package/3.0.1.zip        | Bin 0 -> 4474 bytes
 .../Package/createUiDefinition.json           |  36 +-
 .../SquidProxy/Package/mainTemplate.json      | 447 +-----------------
 Solutions/SquidProxy/ReleaseNotes.md          |   1 +
 5 files changed, 9 insertions(+), 482 deletions(-)
 create mode 100644 Solutions/SquidProxy/Package/3.0.1.zip

diff --git a/Solutions/SquidProxy/Data/Solution_SquidProxytemplateSpec.json b/Solutions/SquidProxy/Data/Solution_SquidProxytemplateSpec.json
index b1dfe82a64f..c1b0391ef4b 100644
--- a/Solutions/SquidProxy/Data/Solution_SquidProxytemplateSpec.json
+++ b/Solutions/SquidProxy/Data/Solution_SquidProxytemplateSpec.json
@@ -2,10 +2,7 @@
   "Name": "SquidProxy",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Squid Proxy](http://www.squid-cache.org/) solution for Microsoft Sentinel enables you to ingest Squid Proxy logs into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
-  "Data Connectors": [
-    "Data Connectors/Connector_CustomLog_SquidProxy.json"
-  ],
+  "Description": "The [Squid Proxy](http://www.squid-cache.org/) solution for Microsoft Sentinel enables you to ingest Squid Proxy logs into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Parsers": [
     "Parsers/SquidProxy.yaml"
   ],
@@ -13,7 +10,7 @@
     "azuresentinel.azure-sentinel-solution-customlogsviaama"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\SquidProxy",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
   "Metadata": "SolutionMetadata.json",
  "TemplateSpec": true,
   "Is1PConnector": false
diff --git a/Solutions/SquidProxy/Package/3.0.1.zip b/Solutions/SquidProxy/Package/3.0.1.zip
new file mode 100644
index 0000000000000000000000000000000000000000..c26c721538c999db3d95c1b0950ef6781dc6d80e
GIT binary patch
literal 4474
zcmZ{oWmFUnv&I*Y?p|2Bq`OpDK)OMRr9oO)L|CK|1XdcPYiTJ7>6C6s>7~1u?muvS
z@0WY;d(S)bVb08%GarBFnMX$*;~5120Kft8eu^`yJFs!g#smQPhyVcUzf)^BTPv8Y
zzN3Pzoui8*%<+Q@|9kfjE(inYhXrwxN3i8n&<WNJW_=<IB>v0^o0YE_ebAWA@xGG?
z%Q%mnKe0GoFR_;A=Sp>Uy+!p-F|~RP2!@I5c*$_Q)wF}USv#l%g8ZHG^=$lLT}mbH
zq0+eB#$+~9JK+NgDD=lRQI;^+Oy>Lvrz8;rA0DgA_u{U%tc~QA7E+WZY3k2C7&23a
z1|^J6zE0mt<TqU>ok<yV#Z|h~&_FL|Fx5Y_*yrlDQTBC_a1m#U^<zp%krSzn-^jAy
zup&O#R+G!J9hux_WdOVQ3=M``5(pcF_m{4^Aaer)U1C|Ela0E{!Wk-G!3Zk9C^XkD
zCK>>}U?C({8zLo7{QS&`O*+gSujAIzv}()80zQnP`(~6Wm&I49udVhoM!fPXe9cjE
z(3V|x?g7qtC`3r6jm+_|H&PCVl?x6#ZolcQH|8=Ml(GU<O)Ckene->I;37=Q)zo%F
zzLkG|yvs22V#EIG?7{qgVROh_8|imoDuc)od0lH{F5c(tbz6~m%9DSL>h7zM0NI=-
zezBzJ)#oO0?mH%xFj?Ac9!jgNKlI&^V9FzeZj?vQ_#7E~58+wSVV`nZd{Ho-Q4+TA
z1;3jI>!2xy2F?vBkNWL;0K@W1OFQEINI#0o=4g^>d5(8d9pH=@+oTTMD&hV{d8o#$
zDMILu4@JI{<G&!fuDlNmB#qyrTl3__`_?~hbyJ9*l{~XoCho!W!X!(829g#zz|5N(
zBTMY(W%~yY=cco6G=M!R@11C4Sn9{$<BqQN<sX+q-~4c0IRxv)U2IL)%pVq{M3Jr%
zDycYQQx7cWHfk?4VtnEtV_3QtmTNG|#xM@&bFV<rBU7vt&?32$bceXt$pK#s2@+CC
z(npeQyV_o5)hH{+wh`Oa1pca5NOW)PmOOLGwHMNm?d8P0;9Y<5*v+iizh12)T)I&R
zS|6oZ)=RMYrlfC3bIL`vn!7(iy(r=x=g}S0tg;#T2Od!Hsg=mPk2+0*U_Hx6(!R!U
z(Xs=we`g(EHaY-2kGWAwK>-}EX!~0ne`(BTJFlqC))HHwj0I*UY8kplhHJM9Wkh{9
zD835jsFUN8JR0;}Hkx0GK|a&8D)9Ig9C<hRca6HQ92D`pU9vQY%0VHH?$-DWxFD+X
z>o{w)rbsgX+rYY@@aP!{Vy@s=;j?s;D63cdJm$w>@D=mhW{xQaQ;4I~cFfatV0}^4
z#C2^_K$4JdqnI%EsSyiZLJXA9r*seYv+gLKC_)bQ5a+O=#v}9-sd*bdzVHPs(ad|b
zuKe|2e;%RWv{@U5;JSw+vqxfQPF$!xr*;Ll=tfk%S^I0Y7Wk6_^iXXl+%46xTB2kQ
z6DqQrUYc@vL#=^fd^PY^t|ckLoWj|?T|Np<<hkp!8B%e*YAy;CBu1~9b0x(Z?GWcM
zJj{M=<DYbM9i7Jc?KwY!KsHkYW61TTOu9L-2Jn>VeuSPywRBHW#OLww{eVVmr0KqN
zm&~rvp2TyyK`$`MqkBhuT%a{Ba$E5Vm~i3n@nUj)*DETJSl{zehw{f5?<$u#_NU)(
z^COEOR~XP<iPzumti&ns;`MkoRn$`2z){!8Rc5N56X2wEPo=z~$86KSZeBmmy$qLC
z)vKQ;M{9kgr=SWQH;axa>V)*Tgl1`u4J(YOqE5b&F{6A5+t}>!zJmTZgrq-KWZ?_>
zts?iCA)>Pnc%k7imh(?PugX(Jd1*gGW>YJbpC3$k#ptpMe|8$}JDBj3KKn)oevpLk
zq1Av~)G-3D>=YQQmQ?n6#1vXwim;cnFs+hP)arzt>+|T=TdkM#Bt9$uC>Nd4Y$I`L
z#la~M2=yZZ3OX-<7;0wxsrlC=ilh4*Myvv%pKGEFj{0qKst?fryjU%VzK<1oTwQ6`
z`9DmL_m<9D!UF*CL;(QOzf6Z(IlAcCLS3EzlKsDFegs-@TWGxeCGvnBg`^n-=~CNI
zB5cUUd=MHNM$b<nC{%F4OF>+9$Xm7)KzZ@}@P)~p<3oHF1__&20%t$eQ~2~HE-phR
zXq2)e;GYdfoV|aH8rAFb5cUN%iNa)KaCvEA$V4FjTm+_@?9;a%=T-QRiwqz`OrJJl
zqG8lQ>H@O)6%^89^JAbWo-lya>ZC}^g4DHJwyPl<!s`WOLY!KLJbhm=)OZuCwz<km
z)Ip-TDI7(5LFl=m6Cx2WslcX7(RX&AL?aIuB~!Eu<;BSq!+lUd7h-t}AJ7CQ3|8V^
zk8YfF7Y4h79nVOkxqbo`jR<aX)k)>R&w|~^g?jjHhJ!<yqsUHHqcHKCLMk`>=By<|
zPq(zEw5M7fhZRzL`0t(QICPIKEsKYtrj*cv#t_gs=T^zNcp@9=@Ik_XLVTc5thWN3
zE$=l6Z6zJo2RSe1!TXxTFcBko`0)$D>D!<em5zr^%o@HjOq=#fUQBHH4DZ<81_$mv
zfGZJU&BH>@ZO;$bJySyP*Q-)j&;~OkO}S2Ltm8FxkiFU3cXB+mA;o#lMJv@T*9Nl`
z&LlWj&D74h!z^q_hj78<cQZ;P*u2rX`Z@DCesCk;Ra&I>Qh<xtuZr7cY01>%<X=o@
zRD<c|<w*lFARjh>Qqn_qD83t=&S%yp9!ox>VHK1Gxhn&MAY+Q5V44D@E^kp&zEIID
zxW*r=3;mk1-{j$fJ2=A*;$tQ@hxuS@X=l5Pem_*?eq7!GsoD}!NdAar1<;cIr!X&7
zWot@kM5r<b&Epwa#6GU0l=#Lib%w7Xap$_{Y<u9ZD14rP?=rc1)(fK0;34PlzT?M4
zEe|gIEsAW)pY|Q~`rz8X%q2|bI$Oem_%I@;WC)*G@O}r{QS|8OxNhR+3qAWZag@NJ
zq{2#_j!S<3oYeg~j(^9!Ymsf+EkS7h=s5jIp=$EzIogw$6;j)WDrL0k9l>HXd}+$2
z&j?&9o4MPX#NF_v{;k`|u+kqt?4RcAT`&{k_~q&>Tj^x0ASrDnPV%ybla~D;hY1ej
zS_<V2nAmgyINFkjx8y#3A2TUgsb*@c27r5}Q8zq2zJ%QGXh%ufkP2x`+YT#34rEzf
zysy@FPpT>;E$8Ry?Va!`f=%be@U`ZofueIIP>_N7zJ}8Xzq*+sV<4;xUAq<E?Wp*a
z>mKkY7l*pZeYsydLz>*oJ(8Nny#U3h=N?ux$XRwM){x0e6eKiw1hGhQb;D*BV17k<
z#BMXPB`na5x^Rnsoj79@eb&LN`EC3uM`;8{-)VXY%a$eFmWU$)61r8i-v1h%&;Q4%
z==ob6b*JtIcdhW>J~FRheXQfgguBZz<|+bWIL8Mco6<ptA{dq_u%Nm25-la3ZS-NQ
zNmE;joFLMAoDIz?u|c&WQIV;UR#kNUmkjrr5mbpxhfcyT7N-a2d2a~20aLrwu<}KX
z+gS;lna&kM-Ccfx+lXIX#lg}+44>0>+0`tbSNYP?`<iFA$vb>ufw7cm^x$4R+dCl!
z;q>pFJGr*t7ydZ}VU479{?jlgq0Q99Ep~bE!n&&O=4FVu0&yYNC0P__O2H6}W0KW`
zL;Xs){rwjP&0EI2R2o@uT~Bg)m^D|zttefGBX@xB<~02YqUyD|EdJWpxCHAk9?Se+
z$M%SMXTgJuwG}NH3@J&@4V5B!v@tfRt3K^^dBflpjI#ktzBiy4<@^aWP8;4-r?pqP
zt8Xo_A+zlrovF=d5qDs>^Xp~UrW9fXey&`THa<4C9ZR(OT_QvCqMIUX)q)On5#A7V
zx#9BRC5rKiag4dLK&dbUvh?CmULg|pdvT6sNRa%GgDMwLZ?j{CjG}Ca7JmsQ`n5V=
z247glEA2T=XtmwwTC3_{=E_B5pqGGz@%Q(tckBlDw{)R6=y+IKUn}<d8~~QX?+aFE
zT6#5Tu6gHZ2}X}7CQ2|hML7Iq%I<mh@;Eeiv(qghDm0(aD?7^v?GcXjvPc@F%=wuP
zZei-dzA(~$D&ELxk-ML(^2ba(rL?pL`Q-E<+JQ?p-h6OvH-4|5{0#gNBSY3K)-cVP
zQ>x~8(tzS@NWi4u*Tz`3h_>*_TEw_~tCY{zpC+Zj_j1?8J4X;Yc<M>4BVJfsi`u_*
zPTRg>=~_qDh7wxZl?;_p-vyU`(_3n4^lw4j4s+9{mM(GrSy1*BOh75s?O>HA0_}E7
zVc7O24b5r^9Umi1kc6&aVi$ZwOra3xIB+Jso#z5sX^>ezjRh{d>tSq|iw<(!jW0F9
zJ#U^bT(3YxFoL#^MBn&o(PD6vGV>mh8NUJ(Q}Gd`GlGH@Tj2TUfD9E~zhlh;*hX1v
zXstSBx~U<wDCyIZEZZYH&c`v56<6*P8ju5_zel9`qkBC8s$FiTF<NgStKl-<f8n$q
zdNX@<?{xoA_wd+-Jf?zr%D0#;*!}%Q#GxMYub`B6=U>Mt7LXg#$o2cLk1OtsOMb33
z_A86qJ)52rj52!P7Z!<SWEmI7pHL3=p7p)=*G-|z#ch>K(_{6=*7!ZNcQgKX)4%Sf
z%pUe0{r8HV?09+TotBTMZq|Mn{l55NpSe)x8Ea5y2Bl-41yj2Y?%0yH8b7}t)H10~
zKsq(O5x<mr=|gl0$TXzuL<nCU-U|A&?tt@MXUJ+mk^p#%ftTDN$HjvyVJ}9Lohyy1
zg=BCI9$n{g9~zn_OcWn*+x~PbAUWAd$peVnN#sSlj5M+f$CvC?tw_41-(ddvxFB>!
zXgfSdLKI>J{i<~RF7*KF)k)FM2?v(78trh>Gr!-xjboskYu58DGSJB}t)UIr<)hP(
z|EaYH8tsLWRABHw%gjT=y;Qp3dBfzO>xx$)`b8}`5&|~~yU<5el$O%jIHO0hj|Ns<
z`bg`{X3$X|6vzPuR%N$U9KUetb1DhzZ<JT1w?$xbhkesbW#W;g{y=LCSshw@-682$
zrq$rx(_#ltZ8iuS1g_$k|G~i3B4eH=l#=!A=Xw#~uF;{3KETvLo8#G8wyKE6It7?5
z6y)n}-)@UNNP3SyN>kGD46nzfw%*-9G|VkHb7>g4V%9bk^^nGHHGILYr%fTq^!QRv
zD~bujt&eJI36j?-rjaXPK*fI~SB$Z>>y+wLD>n|*2^F7{Pog1;O~CY)LXqPHte`*b
z?E*#}CK{IkP^o@-h7$u;24qDCgXPCCb&Q+f6xksCb#@)o?<tHQ;V-Q<W<mX?Qex#u
znbh}miD&5enF<8c^wGmYaF`;3(qdI#U9g)HS&c2meVrt)Csyf1Xce0Nk!W%g9%}Mg
zcAKDyH3ImHXzk8<S|N%0A0=e&@Ztjg(#s2@p26;cdcJPxU~VHl#IQXPt>rSq^*S97
zz>PYe{t`A<H$^siDT{6OGgDG=iY|6ihoF!i@8O6WpJ?3$&Hls*HONkKgHpXfGfyGl
z2|9czHj{3#wP@4{Z^$^SV|hU5{_{>XKOx%0J!d}X9kxc|q`2YFPY43=uIlCvO4g9F
z%B*-hxH}JWgfeL1CVWQ~!iF=^?jB2C3Sz+buJ~axNB8cwub15ZpOn0ej8D0(QOyqZ
z#S8sQb|y`u{H-Jc+%u+4yREilEm*BTR@fA0h^23q2T-pN5sk^!7)D%bQ%_vyr0}(C
z869;rbPB+Kb~yeD;{O%@!SDF@BmXX`|L4NgU-RVu32Ys8Oss#cp#RN~zjc-5U)_HJ
Dfg5z(

literal 0
HcmV?d00001

diff --git a/Solutions/SquidProxy/Package/createUiDefinition.json b/Solutions/SquidProxy/Package/createUiDefinition.json
index c6883c1e3e0..9db355cb0bb 100644
--- a/Solutions/SquidProxy/Package/createUiDefinition.json
+++ b/Solutions/SquidProxy/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SquidProxy/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Squid Proxy](http://www.squid-cache.org/) solution for Microsoft Sentinel enables you to ingest Squid Proxy logs into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SquidProxy/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Squid Proxy](http://www.squid-cache.org/) solution for Microsoft Sentinel enables you to ingest Squid Proxy logs into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -50,39 +50,7 @@
         "visible": true
       }
     ],
-    "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for SquidProxy. You can get SquidProxy custom log data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      }
-    ],
+    "steps": null,
     "outputs": {
       "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
       "location": "[location()]",
diff --git a/Solutions/SquidProxy/Package/mainTemplate.json b/Solutions/SquidProxy/Package/mainTemplate.json
index 2153325be48..c49584e474d 100644
--- a/Solutions/SquidProxy/Package/mainTemplate.json
+++ b/Solutions/SquidProxy/Package/mainTemplate.json
@@ -33,18 +33,9 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "SquidProxy",
-    "_solutionVersion": "3.0.0",
+    "_solutionVersion": "3.0.1",
     "solutionId": "azuresentinel.azure-sentinel-solution-squidproxy",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "SquidProxy",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "SquidProxy",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "parserObject1": {
       "_parserName1": "[concat(parameters('workspace'),'/','SquidProxy')]",
       "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'SquidProxy')]",
@@ -55,431 +46,6 @@
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "SquidProxy data connector with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Squid Proxy",
-                  "publisher": "Squid",
-                  "descriptionMarkdown": "The [Squid Proxy](http://www.squid-cache.org/) connector allows you to easily connect your Squid Proxy logs with Microsoft Sentinel. This gives you more insight into your organization's network proxy traffic and improves your security operation capabilities.",
-                  "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "SquidProxy_CL",
-                      "baseQuery": "SquidProxy"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 10 Proxy Results",
-                      "query": "SquidProxy \n | where isnotempty(ResultCode) \n | summarize count() by ResultCode \n | top 10 by count_"
-                    },
-                    {
-                      "description": "Top 10 Peer Host",
-                      "query": "SquidProxy \n | where isnotempty(PeerHost) \n | summarize count() by PeerHost \n| top 10 by count_"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "SquidProxy_CL",
-                      "lastDataReceivedQuery": "SquidProxy \n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "SquidProxy \n      | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "read": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias Squid Proxy and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SquidProxy/Parsers/SquidProxy.txt), on the second line of the query, enter the hostname(s) of your SquidProxy device(s) and any other unique identifiers for the logstream. The function usually takes 10-15 minutes to activate after solution installation/update."
-                    },
-                    {
-                      "description": "Install the agent on the Squid Proxy server where the logs are generated.\n\n> Logs from Squid Proxy deployed on Linux or Windows servers are collected by **Linux** or **Windows** agents.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the Linux agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Linux Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Linux Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ],
-                      "title": "1. Install and onboard the agent for Linux or Windows"
-                    },
-                    {
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the Windows agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Windows Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Windows Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Configure the custom log directory to be collected",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "linkType": "OpenCustomLogsSettings"
-                          },
-                          "type": "InstallAgent"
-                        }
-                      ],
-                      "title": "2. Configure the logs to be collected"
-                    },
-                    {
-                      "description": "1. Select the link above to open your workspace advanced settings \n2. From the left pane, select **Data**, select **Custom Logs** and click **Add+**\n3. Click **Browse** to upload a sample of a Squid Proxy log file(e.g. access.log or cache.log). Then, click **Next >**\n4. Select **New line** as the record delimiter and click **Next >**\n5. Select **Windows** or **Linux** and enter the path to Squid Proxy logs. Default paths are: \n - **Windows** directory: `C:\\Squid\\var\\log\\squid\\*.log`\n - **Linux** Directory:  `/var/log/squid/*.log` \n6. After entering the path, click the '+' symbol to apply, then click **Next >** \n7. Add **SquidProxy_CL** as the custom log Name and click **Done**"
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "SquidProxy",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com/"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Squid Proxy",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "SquidProxy",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com/"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Squid Proxy",
-          "publisher": "Squid",
-          "descriptionMarkdown": "The [Squid Proxy](http://www.squid-cache.org/) connector allows you to easily connect your Squid Proxy logs with Microsoft Sentinel. This gives you more insight into your organization's network proxy traffic and improves your security operation capabilities.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "SquidProxy_CL",
-              "baseQuery": "SquidProxy"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "SquidProxy_CL",
-              "lastDataReceivedQuery": "SquidProxy \n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "SquidProxy \n      | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 10 Proxy Results",
-              "query": "SquidProxy \n | where isnotempty(ResultCode) \n | summarize count() by ResultCode \n | top 10 by count_"
-            },
-            {
-              "description": "Top 10 Peer Host",
-              "query": "SquidProxy \n | where isnotempty(PeerHost) \n | summarize count() by PeerHost \n| top 10 by count_"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "read": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias Squid Proxy and load the function code or click [here](https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SquidProxy/Parsers/SquidProxy.txt), on the second line of the query, enter the hostname(s) of your SquidProxy device(s) and any other unique identifiers for the logstream. The function usually takes 10-15 minutes to activate after solution installation/update."
-            },
-            {
-              "description": "Install the agent on the Squid Proxy server where the logs are generated.\n\n> Logs from Squid Proxy deployed on Linux or Windows servers are collected by **Linux** or **Windows** agents.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the Linux agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Linux Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Linux Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ],
-              "title": "1. Install and onboard the agent for Linux or Windows"
-            },
-            {
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the Windows agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Windows Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Windows Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "Configure the custom log directory to be collected",
-              "instructions": [
-                {
-                  "parameters": {
-                    "linkType": "OpenCustomLogsSettings"
-                  },
-                  "type": "InstallAgent"
-                }
-              ],
-              "title": "2. Configure the logs to be collected"
-            },
-            {
-              "description": "1. Select the link above to open your workspace advanced settings \n2. From the left pane, select **Data**, select **Custom Logs** and click **Add+**\n3. Click **Browse** to upload a sample of a Squid Proxy log file(e.g. access.log or cache.log). Then, click **Next >**\n4. Select **New line** as the record delimiter and click **Next >**\n5. Select **Windows** or **Linux** and enter the path to Squid Proxy logs. Default paths are: \n - **Windows** directory: `C:\\Squid\\var\\log\\squid\\*.log`\n - **Linux** Directory:  `/var/log/squid/*.log` \n6. After entering the path, click the '+' symbol to apply, then click **Next >** \n7. Add **SquidProxy_CL** as the custom log Name and click **Done**"
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution."
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -489,7 +55,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "SquidProxy Data Parser with template version 3.0.0",
+        "description": "SquidProxy Data Parser with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -617,12 +183,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "SquidProxy",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SquidProxy/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"http://www.squid-cache.org/\">Squid Proxy</a> solution for Microsoft Sentinel enables you to ingest Squid Proxy logs into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SquidProxy/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"http://www.squid-cache.org/\">Squid Proxy</a> solution for Microsoft Sentinel enables you to ingest Squid Proxy logs into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024.</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -646,11 +212,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "Parser",
               "contentId": "[variables('parserObject1').parserContentId1]",
diff --git a/Solutions/SquidProxy/ReleaseNotes.md b/Solutions/SquidProxy/ReleaseNotes.md
index 349b8214aa4..9e531b4b307 100644
--- a/Solutions/SquidProxy/ReleaseNotes.md
+++ b/Solutions/SquidProxy/ReleaseNotes.md
@@ -1,3 +1,4 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                          |
 |-------------|--------------------------------|-------------------------------------------------------------|
+| 3.0.1       | 16-12-2024                     | Removed Deprecated Data connector                           |
 | 3.0.0       | 12-08-2024                     | Deprecating data connector                                  |

From 37df254874aa0ce1dee9b76ee1ced69cd8aa0be3 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Mon, 16 Dec 2024 17:55:01 +0530
Subject: [PATCH 2/4] Repackage - Pulse Connect Secure

---
 .../PulseConnectSecureVPN-BruteForce.yaml     |   5 +-
 ...nectSecureVPN-DistinctFailedUserLogin.yaml |   5 +-
 .../Data/Solution_Pulse Connect Secure.json   |   7 +-
 .../Pulse Connect Secure/Package/3.0.3.zip    | Bin 0 -> 8828 bytes
 .../Package/createUiDefinition.json           |  33 +-
 .../Package/mainTemplate.json                 | 419 ++----------------
 .../Pulse Connect Secure/ReleaseNotes.md      |  13 +-
 Solutions/SquidProxy/Package/3.0.1.zip        | Bin 4474 -> 4492 bytes
 .../Package/createUiDefinition.json           |   2 +-
 .../WorkbookMetadata/WorkbooksMetadata.json   |   2 +-
 Workbooks/WorkbooksMetadata.json              |   1 -
 11 files changed, 39 insertions(+), 448 deletions(-)
 create mode 100644 Solutions/Pulse Connect Secure/Package/3.0.3.zip

diff --git a/Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-BruteForce.yaml b/Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-BruteForce.yaml
index fbb4a44fc17..1d44039f7f8 100644
--- a/Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-BruteForce.yaml	
+++ b/Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-BruteForce.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Low
 status: Available
 requiredDataConnectors:
-  - connectorId: PulseConnectSecure
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml b/Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml
index d67e1f00c50..9148ea8de04 100644
--- a/Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml	
+++ b/Solutions/Pulse Connect Secure/Analytic Rules/PulseConnectSecureVPN-DistinctFailedUserLogin.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: PulseConnectSecure
-    dataTypes:
-      - Syslog
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -31,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: FullName
         columnName: HostCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Pulse Connect Secure/Data/Solution_Pulse Connect Secure.json b/Solutions/Pulse Connect Secure/Data/Solution_Pulse Connect Secure.json
index bfa36b1358b..79dbbe7329a 100644
--- a/Solutions/Pulse Connect Secure/Data/Solution_Pulse Connect Secure.json	
+++ b/Solutions/Pulse Connect Secure/Data/Solution_Pulse Connect Secure.json	
@@ -2,10 +2,7 @@
   "Name": "Pulse Connect Secure",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Pulse Connect Secure](https://www.ivanti.com/products/connect-secure-vpn?psredirect) solution for Microsoft Sentinel enables you to ingest Pulse Connect Secure logs into Microsoft Sentinel.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
-  "Data Connectors": [
-    "Data Connectors/Connector_Syslog_PulseConnectSecure.json"
-  ],
+  "Description": "The [Pulse Connect Secure](https://www.ivanti.com/products/connect-secure-vpn?psredirect) solution for Microsoft Sentinel enables you to ingest Pulse Connect Secure logs into Microsoft Sentinel.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Parsers": [
     "Parsers/PulseConnectSecure.yaml"
   ],
@@ -20,7 +17,7 @@
     "azuresentinel.azure-sentinel-solution-syslog"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Pulse Connect Secure",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true
 }
\ No newline at end of file
diff --git a/Solutions/Pulse Connect Secure/Package/3.0.3.zip b/Solutions/Pulse Connect Secure/Package/3.0.3.zip
new file mode 100644
index 0000000000000000000000000000000000000000..368e4e976e2adb97d0d9b8aa3c39eb622869f0d7
GIT binary patch
literal 8828
zcmZ{KRa6~-j_tu+i@Q^#xI^*c?(XjH4hMI4_rk%7yBvxYcXxM(BCq%Tyf-szl8>xp
zW#u<J*;`2#3K|Ol0Kfx&$0lk=xNgw6!UF*K!~g*9zpAN=xv`tMy0y5ug|&mVo3*0@
zlZ~sR!-n>m17SP%hhgEBu$8VBW@*x1%kh8}*Yxm;8w9`YkizXC8>CHmvX*Oj6P09i
zGVF2F{mi5EBY$ouhevKrC=()dc({N7cfip=3R>VBlxerniW9ZTCci~@nrqefe7V~+
zvO@&JXe}zH?JIW55T)PX{5&Gqgpd+vn<1U(Kl@b}>rt9Q`H?`m(iA>~Nw$OiGoI&+
zg;DPAq>ScW>C!NAZA&(e)l(o+dA?_;m`E4Sa0muQYZ&$#9k&1us(9hEu&frcdt>6b
z4}|P&PtsL;RDIj_ShR98`;kU?+*|-FCKm^rJ8(a6#A~z$fpm)g3a<wteYUpI+X5IY
zE=fYM<t2ODyNAR$CSHk<3qws?;ZtSb^VG7Abne4@)({uFjtKej(RxoTs42>%33~l-
zNS{dFxdwXddhwVY$v81&Vjvl3&P~)p>spoFOVG%2;Ud{Xr$o8y(diWV|5TTNC1&4!
z7!UjyH}Fwx;aXXcO}e8|e(W$@%~|v544#Bn*6~(mX-c_6?)kWz*-_1-qHue5Cl}?@
zm%0%R;UP$riFNDHL#QOV`&MJ5$sM&xC8v|a>Au4qRF=0a>QUACFwc7vR5rkaikJMb
zPiC!MwG>(Q_ao+M11C{KDN^5?U&|O~+`jT*#f~dj&(&)0J%xbSyr?OKrGivfQOKZT
zG-aLuLppRp<ia)5T%9V&*8%4XLIH#EiiTw=B^Ksl1Cx5@tSl0w(#0KJP0)Lq@LRk%
zeKI^1@>W<-Of5`Cb~u^-Yu%=S>}0v6>MHe%5)qpiSwbo~-z-(3E~DZ+5w{9m$HG8A
zg~>V_G>e+nKCT)=W{OjRn1BI(-{;&x)6R99F~wV@X=(XLivoHtu|HCv^_P0phW(uu
zV+hD)pAC#WyKJXs_YrtxZM4mm8nZSNLP%;o*x(UGj2AneTnpL93`t54H?R98fXK^O
za?>Ok3c{o;Ox6z{$lO6}PzaDH;2=@b!9+Qo9{-SF4&i1J-$2hb0IKcsXC@0i!aC3<
z3~+6mOa_{z-BF<0n^5pe2AP-+m<q-p%nDxwOAa`BO`@ozmkB^#L=1ATu1_@gRB6i4
z)@R@Yq{b!P?oU%o+3GL~&L-Ro?U`k|1<UxL9vxez%EoX#NkO{;vpZx{pFcWUR=Tq4
z2(yTCj0)MmM7x$Ov5hf+)l)(^&!!be2tQ=bwbh?#()P>e*HB#^Oik##*G6IUo9WPi
zWu=L-1y1vVN5sBxtvE=5yq@S#t!($HNNRvJTTFu`QqmkIRX)kh{7xl#?;+x?jlzL%
zlxE2Ek)Np;#@%LYqCxd#PI7!LEPPDt5JvhEst3{O9`b3G%d!kfw__CkF{cMWL2f?T
zr+Z1v=^V=|DwD58Bz;*mqm^&kZ(s43?1f?CEQAutqDLK;z4-i9vu5YV>{S(23}s=?
zjBIwT>61cpXR7^WY~ATbqw^JKkg6)PjPL9(SY;H}$-no}l)_!DX8_SMJt3RER*++=
z#&EOg?RT>51~lK-rkyY(F>X|ExtIi^CjvufcD6gf1Ca&Fa{9PZ8rj)Zn|GEO_GZP@
zt_;i=w-5;d>^$UB5+$J$9P8Xc`PXXkF&5XXY?nLF*K0RBB~V}2-8)M<9h_aKko=-|
zLtb4?+<ZbNi+|KU>wTrTk`Sw|Z=6Ns!khv2k`5CZJK-WyNX1s(-B7E}bf1ZHlFbN*
zy~{~yVd1+Ww(vWN-)A%EwfFXAR=g7>z6%Jv!d(D(@StreNE<>N`bYvbJy2V&?&)~4
zP0+Z7@ETldzXU>|-<N%9I0{|tiw+1b4n=EPKWf^%sqthHt;T2&;xvJ4+O%4{%XYg8
z5CELvG$PrRe2IB<6`wP8m$AXb7Vczff?M6ZPZ=#?PiqbS)f;!r`|a!M63_rzlRBw7
z20rlA@cTRpCV@j0VK<iikH70t3fa=_=I?qpQhG8+#7;5cefZd;-Hjc(-yhdmJdV8{
z$5v~Ny%0{Xl${+O<E;vGAJOxgDDlnpE*>+ywJFSBy;uuV^byit1AGwxU(yuCye;Jo
z+&8r>Tg<0o4A8@f<+*d1f?n1(jVQy-IeM}j@pGOIR$eAc7Sj!^MSePPscc;4ZT!BO
zK037J-yA<)wi4~Rg!a_-?U)!j6o#}f*s%8Y%+}8+D#*}_D{2{<Vg=2{`g1ppf9!>}
z-_5*#k6Ox3=-7Zt6YC)H^qp^o(Tix@K=g#&#5LJg<*|a<xsy;k5J@A{>oPGc=q()n
z%^i1zfmgyd_EqW_h-G66-F<W2J*gHFZp@VCrYqqYdlZ*&OP?CeG{{yk<SNRXCc$Mu
z0C&adLxt7l5B4N$Y@N2M)%9I^IuotlZ0jUaLz{u4gUcHTFy%d7ymlQIDO<TJBKmb?
zRc14>-5kD7TJp2Rd!fR`_gMGhP5#P~$6n!);qZAi=ktk|gdKwb)Q;`F7C$(_M=a#+
zia)fYi~n74Df6?++5BY9?{qbnMaWP7>&E9cXVF)LAH_sXuE+{I=%D2%8mPs9>G>B$
z;$W<XCnf5V#-l(DHowAMjOcWvDk2)@#2S3qrRN}U=6zWj!{H`&X1Pfy|L;LUdRoM?
zKFKCi)^|r}i(WitDWO2dw;#2naSYXh2{uqR(3?5E?M!|+4)Hx)4hroei{43KS1J~s
ztD!0BY1_9%-+gR#iELVGG_>N9E!IdxVF2{VA8f`q#u)a4ymU2%7?}!XQe*3}@y_43
zXz(SVN0TFrXl0x1X41!pO4D_`=LZnZtk%-!z|;3rg6^^2`#7P2PQtnF+pxgWj9muz
zlm1Nt*k?F@Yq2xdEh6(r&{#r1Oeskxx_rbhm*{=}XrbpP2BrUkQ`R%m!AST3Kuj3`
zfbkEf*c)3rsF~Y4+5JN+{}-WL==-{^@g#o+{(R)$cI%|}RhS=dG^gD=_u4ZX=Jal3
zoH_(CI)+n_M-fKPqo;nC8P<H#zAV|GZFdlOhNhO$7<QJ(stThBk|>$k00dYC6@0wW
ziqZ!fFJ>xCjD1nTkJw55Zp|^2^Ez}tfsv=gT$4j;2~n&2Azt1f(YeCMmQ7r;Vzcaa
z`szC2DNU=oglzq8IPvt+t+I!$)q^X#DrD71v^D6X^FZ@KJ4egGVb3m(D!7B>Wj;C3
zKx(wO6p#HpK^i_pX2+HHD)PJ`-YpgmjbZQyTH8pg`lz!Bou0DDEE4%WD0fOvV$^l(
zt`a+$q`6QYo6(;ZFDpA3VFFNqprN<LmZbKEXb^r!2lmmz<JpvI2(owX(wrv*no8M&
z>+JbBEFGTF=JIY_G$G7C80(Lpf`xJ}&llCdElKO}woB<uAm&!>SKSVyjm9c>O29TH
zdZn(;(-bL|)0hq+(@5Y209fl2-`-?2Ozww2CYn*c+Pviv2xSJ_zbKs_@sVGBbr!%;
znUkodB2vA*t0na_Qk^RfH@UNP;rFOvb;fJ3-d-0@8|*8%KCe@dQVWvB{alZNBe${=
z&o|?Jv4ClBYy$}s77gT`!Vo*d+(aoE4x~<2_81QV@=7YPD}|Q@!HiuVA`#nFIx)=_
z71gspJ3E)g*Ya&{L(;Krb*pH4RUa_W@D9?i$4HaDOt~EunX(?s5-4Hn>Yz=G+*HPF
zj9c;KFxiduJqi6nrs_7pwW)Qf`jN(gx?rRx2et!oBH%ii!p8GDS<gZRb-L<prUE~X
z{8O*!iyKuBn12?cD07urj;u94{%-%W>5AreWRNOm&eOyi_t%={ucDW|*gJ=shH13A
zPO*fBQc+=solI`B9a^PON&i}ZZ;%E<8N}5O%$BA!j_%Ta@fM|xT6Mw&oitf7M6nSH
zWo^0p2^^}l+WZy%1*zaO#|kVv94*cb_5|J%=Me&B`I>$?C#~-`uq>$!HgQ<2;^{7w
znaU*wjxx2_I)r!Q()>FDCM`O;8mpPG63tw9xrP>MnalCvx_i0o@Rw49EoyX=_CHZg
zU6_8mvbx9`<0jW(c>&#EW`YVv8frp3$IO~waGwIJ=UDk4T|`sv7F;9pYWGE6A3PE-
zmZ0~pnsaHrm-a_i8{#E8ZgO*Cq<-;AE8^(raBMQxe<S|wlJ7<G{5TPfmjQ|N2aSU|
zs+7C>f?L^bThIYc{X;km+E+9rS;E-aK<y-(tX}T87$;6GZPxM?oLX`Lo+#t9%#xd0
zmES*C))|deF;P+T%?l0f)@ZdQ$__1>X@L7?I?cg9{L#OY&uiuR6rQILqLMsq;yPA!
z6D1ppK2C?!pASl}61osfVHAjL$nvJu0byGQR-dK%RyE+))DF-5LiNT_8*7$U(>g$;
zCCGF>^Tu{yR^9RN#>UZ(u(0j*mx?oPbv1J9kR&#0pJUU>8}#s8Zh+k=85G5K*fIo;
z&l?&5*U(A_4s;qq5L-zNfU?cjRfv*l=DKYXP+6TGP}l-Vq&6<zDPnRStYi_HL$}mA
z9iqM<@tiw`#@V}l>+LO``W{OZI?#wlGAxTbrfrHxQ#Y*=d1m1(VZ<g);~1xj4O_B~
zpql3y4Et$mH4S>`SlS{Bg%Y{_&-&?#{6CvM4Q|hW8D1HFq2{1Zd3!8sYcpnE1?e!=
zyOzb5KR}?jPS|mlVIk=4@UiNn`57^~C7)?*`0xk~(p1z((wLAaI^;PKiCJ(L>q^^n
zk5&z2FRJRNg04OLzLZ4Yw(YurRaAe5>A*vj7xs3#nIK|~lv*<?yh}%w{eqy<{DaT*
z@VLmOBcGT}b2bKBpo3=%53==c$V9s57!zjxgQ4<CV~E$hVqA!NhvkwyYhh1k6dC_!
zlpmf#nJ5b~cBhVDPYCs+1(`Nt+l1{1s~ycIlF3lJg%Ry(LEs$J@0{=besRW|_)5;7
zNh$8Wd~)Nb7>PIPSqJKOJn#C<55Jn2Cg?<k+P*D4k`wQdJ>EKHdXb0pD&7kyb#?Kp
z0Wy)%x&i13FrYmO9>1Gmpf~CQf~~Iu&YP~kSJOdRT<{9;E>5cVVsaN7RweCUdGxx(
zx%s#rzLxY<w0U24!Y94<qX{SPImJtQxN%-!0*>?lrko(BT5B^A&tzr^RGH~atjo^1
z=sER$trFC<ZC$Io@0JLa+M|egIQ)^3nJ*7J|KJFL5<#-VW5OKP+D8&?ZxSw*hDO%n
zQu6zmpQZM?`=o<^OZ~Hb?rN=o&-1+}80~`pWy+y<%1ebXIX^OjwyJb9@R;=Vo#DYR
z?&@r-Zw~e2t~G#^q;7~%ZZGYYXhCPbs8*-5Me}U_(H5@R;iBF{&6ZPSNu0E&JT|ys
z6C5t@fc$zkAG?}v#b`8=fqLJ^YIICyPB4%_tfVIh47uEyBUe5}jM8NO*?j(Yk#oXG
zxIlm-hr1rGzpCu+TwjtmY_Ug(f5~huq3NB9k346OY|>do-m`dgHm<3wt>1jKie}C@
zS2{Y{+J#u(6+$MIeL~ljWE6e=91{znP_rkC3=6r>L%e$Cy`;RmBy=25!LSeH=K7A*
zqJ`cZIO-mM-sO99dcbrp8H;DPnu{{JUeND=M(wz1AfpZ@;#AX0@GEpfR3w_jRUiAq
zMs_*~N<wQ7(S<Xza`K`8Dt&qM)Voe>`vIvd0yAuk`bL<|f?C7L7ArwHn_i$24j}<S
z6>3^Ew4lRK;=^g6TaCM$9N*ow?!8?)CI@BdO<on`T$NMhxqkJ;Ft+%b22+-%00u+(
zQNrsz{B2#w>+d;R8n=F7;g*^k;I^F^P^S2SSOGH*Oj5dNI}VFm+$FbeV{P8KV8v{N
ziSoPYX?0Q)RGeI)U#)RLL^`q8cd?4+xZ}E!WapRuvy;qji(;?r|0}CvoUFAVIS|xT
z$L2koqPT%|M-tOzC0jdR`bER5<A;HQLQcO>^?>_s$TFuf4)mQcZSxpYrUcYm_+J@1
zMy`Id{%97NUV3%0E~=PU=eR27#696<-1@q-ZTf+uvD!M5NIk{N&^>1vB$^FwLaixj
z713}XZ(23C8`NLvfxvAnGuew=tZxT*HYwcKZX6T47UDiCeW@OSI_EldeX;A%%u^`v
zTtS#7J8fZ2K>qVAQ6rfX_@WR$mWY=`NJ??y2RGvEMdmy3XaU0Syi@`_PD!@_y+ST}
zMTqz$xOb3y*+RCKF4h;Mv2P1AX80$_K17Y9;#5=~3EYQVSXrb<-NQDC!sbx*S8o1#
zx(>sZB3tGZQA+lG&FuBxIYwUy2pY<#nBiqR;P&-{g3^RHE}<@K(X4SHdv(a{)or!0
zd33Q^)*#Jw3+<3n?SmV?DYd|iwFs}22Q^{>v>{l^VTRboyVw9)5Z7s1ton`tr!DX!
zIuLz2flQColm_4iGzJPi^AOaYuT-|GvNI<8Hc*l35Gu{k4*zK)PLk=z^MSU(zf~h~
zmQmLTVyO*btPT76O)ObMBJonN!u79TkrvSS%9^_srFYfrIW3y+v)ZKYw&5D>i(?vh
z)7xm`4_!@jG<iEVahY~Mu5jgfrY2mtyG${EK;}oHUXn)uS~f63NLl!r+3s(Q^ADR-
zp~<bpej=`Sa-Jv3J|HJN#r6zO+e1PTAe|H%ivu=rYeEl=XjNEzg$(VX$1@58UM5kz
zgG0iB=x`*qOCuI}ySaaVsol9v`=I`rlWUo6TNC8D8yfo~$G9)kv}01z#&n(v^JQMM
zB(V3kG$F#7F4-C|h7hds9u0-_hwKEAt(a?I52Gvn5UQ6AI^Yc)XK`Vv#6^L{&QQh6
z#q2cC$HVt40&1@iihL&T@_L%*oP-2FFMi`hM>4cuWNsf?W+5c*h?k}DXy9G~?-B+=
zg(j?0{7O2PEN8wyy%Fhkd;%g5h>N!z?!L<=%rToEwR6FFyLI_1epUX>l{V_$D$-|A
z+`_p7=UYMnrn<bs%yP;>(^UfEW-BTZ<|Asfj2j;eU0%0`$k>jEa+XG`{*Z{TP_hKq
zN#P0|{elg5LbR45Vp~0z{A$2iy=v;>g~t!~Kb^M6obdK{js;U%$BJeVriS!Su_Cm3
z#=E@9_l!KDS#thp38zmCT?A!gaP#GG`ZjJ8>Gp1`e?ZRj7cIz5{$57zh3&qBmju<w
z`TJPqLK-rrYcK@-S?xu0d#AX)Z|1NTf2`GcQF1yap&9wNueM>PpvVi}JOdK1o<aph
z^|phAM~%Ztz|mDo;El-EU*wrB7m?CM(Q<*~8=S51)`p7t!kWV9G~CoIih`o=^!~Ed
za5-6w%us=t2#ThUUGj~zIWhc82^Dn;0k7H46vu1o8BY2pJL}k3-aISi485||V&_s(
zB04HiWg6$-od3|lFwE^aSC)oaA_=!A->BhnJSgVFlGoK66g@iHS!ll@!jUMeQ`YKW
zMK=G8j7Hap@GeYCvF6#5PM+GA0S^R3%k9L&jcN2&9d7>Iwd2a_J3peNZaJ9ha)N_;
z_Hc$Qlv*6=yYWym?Wy2d6k{=t^NZ#<9{n2h5=JpXJsgyK{%0D&JfVQTWE&$ylt4*V
zMY6{U9R4znYzZTfGi?(2)@1a7W8s#tgk%H9I;Yz_SDiPl148@^_rf;BE~0yb`P`k8
zOM2dVv%l)~$zV3vQ#Eh|uDYbj6O4q<a~0JJNTeBmmpZ_xJ_9&&fohLGuj%-Sk&HCn
z5#K#2cIajL@i}R+yqQHtJ^g2Lm4&Nl-33*}pS$G(1gW<4w~BHZ1;JiN%R8AB7nb3k
z=Bl+gZx8DQlR{1Q8*_Dn&yk6sm&}}`^RO^{e-i#7ie|3_u>+KMI%`f=sHwjJSr_`z
zZ_K<)H;KXXq(u)m?x>1{F!6aU0vJ*SS`Wc-6EvH)0w_aBvcbkDU+d<5Zus+=MNg_u
zAieuJl^O%Dox^rjSu{;IiW}Kk`4dWW@_$Dyt?#O=>?tT@cwh2)bpW=Gkf?Q1v|L_`
zPC!?vEe1QXPl#{Z;w#49#1&*VUh`0Q{%W634MA|E%Znt*LNPEzbtVwD->SH{90KHJ
zYnj(1xQZ)h`fD0S+md&*wQl|7YSE^l5Y$s}URvNhtg>P+_hovxz8U-8!tK8+-cV#b
z5ZlQ<w=z!V`vnJfgW1EL>pPVewjQG&R3}lyoBHE}f+Z`HR3kt|i5twi54$}Ayx-A?
zyz&c#<%H4vdBh~AI+yVe-Q^Bx@I-@>22Ua7m0fsT+b8E|-O6Hg^6btVc%=izi}K7{
z60H=?nfvWiTZwvsrC*3}b%zly!<1bRjX3iI3Q|%yk_@cE*&pHK%nuu;p?{kXs#$V|
z^7^IrWGkX7FoI}e<^0z0`A+a9?5s1NhFWmX(nk6!$lDypz*K5jF^1C!+b2i}m5f!h
zWz%&_xqnk(qeqeF?;}*eC6Z;)BLs4k=2tl_P#ZLyn2R4i>Rr{vgXFWJ8g;mIsrSJ8
zq$#IYjBA2Y1sOgH*$1Cs+IS)mza*b=GOEqWcg+}F+6qgdheiiAxldBo<jzYwyiHdu
zc;<EuXCcg#C<nB~V_M7<a!G-@XkLO~{%jPlNM$UaIi4(0=$~CddcYk#`nM=fSdfsF
zFbgKU!Z7s@Rz3kp1Rm(-`7QWF_&zy(Q(cM=W!DYs9p&R8=daXhenw-DeLe7o8sBw^
z`f}UGHP=7%+++g1%@p|(PdXK&?-TwlTfd*zs$D|hK!hInR?2uq7N*N?zD*5F?ve^B
zk(Xzr_ynIZ=|WuN3W4byADk}1%Rl}3H0~Ioe(v8IrL~{?le^e#?(IVIwWXy~6m_;(
zdv{;xb`&19aFda(XIu50c-N<0*@<lVA_?DA@d9B(@NOw~4XO2$E<io|nDK5@K1rvw
zUN^yyeB0nwVzasiCKm$+uu?gZ?vC?YGA>SyGxoq^d}!TvJk-TEUxYfPN=*|Vik=yl
z+rwW$%q$9cQ^ZZj$$0~|9*wYHC;74Uf2B;{sh+?!b6*}4c0m#zTz<~gW4)|T4Q8NE
zA&3V!MiOtFtsjW5@v{j|5#x_bW}bubIv_0Gy)553@%dm~J@YglT2*V*J%GVC&LnL!
zeqRbZbPc`eJ|4*?Ej!@w59fxrp!zfoUh!HBL1Ynqy2r5T&svxtAJwR5j7tL%-5k7*
z9n?&B%-+?KTaO`*cBvh4_yWSdH(;-sSfbataKv-Cb}L>}biWh2ZL({h$WakxNclc*
zGU|^+Ib$S}%^W8D!mMrLf<yp>WKh;_#}Z7&gk}f%j>x?#%a?}M;4G)7d~zE2Ijn|g
z@VKZm22zZ6eZd3B7xws6z$8YOc{2ggE^maO*{mv}JHelYBY1ZfDR+?d_zZ8L4Devb
z{qKT7!EAxIsEy3?z&^>8(174Z6ZKBGq>8bIG<h9pQm=loWpWp>(;rHTL?N5n^`PR4
z!03ct_GJSiQfSy9qT&4JHwf~(sW#IFuXrE27f<f4)f>WMeLOHSE!>SSqJg!ijKSM$
zNO!D=d{E7%<(fUiWBaToRxGQBRYP{TbFp{5S|D=c?N|v8uN*B{f3$4|t&@Z0`Ee1P
zcC`(FdA5$kvj(D})<)1I8H0{but0Zm_H><J0bQ>jQE<sFCqdMr;p_dIeMV#I+fXj4
znI@fio!CM&hB5Qc#Emgm^e88ULhy7!TBDosnt`80S>nC<&jp+GvIv2&yQM?7X!5k5
z9x-44Xf{^D50D@+XTvyNtd3XfC=t_Q@&<tZFdLr%eK!ZNsjrM;H`P#e_Bata%8h_k
z`ldMF;>V>g&)=S~2+oI#k+elDtQ|Y>ovpFlI^~s}#$`@*#lXJU<Fuo)4g?17qUBH~
zO+OPCWimahXlf#XTb>`enWz<fCfJ337Y{L1oiNiWv&#mUUENgA{mcjkTeW7vGop2k
zJKzJAkzal(Cc<v`sXl?(gick4NcXD-klih<(`S}p1`Bjf82I7BP;l}e%RF`()C-d8
zpYS}4E#2E<4S{w<8Yb0Dzp*IIu%VtJ5n?io#G|-#kjcd1*(AB+jV913jR<LGK#W{L
zLp{6hy-}y}Odg34MK@6|e+C<CEv)r$rklx9k6Lgjniw{GXI2Z&htr~pue@V2_CWY5
zUb(cP_0`p+utxs!<hL4xMU7ysxxf~@Gs<DDnaduhAkH&_7N?z(V5BBj-pt=`n@+}m
z^PP&y5uU=4G;<F9N!sf7IdqdZ27uDmb~^*#^qye`faV)x7CQr+n!>h55kD^eJ%2QR
zqiUA5LwvsS8$}$6QZI#}a)0WB!sc&T7K#T681SMMG;woJD&;JpmW=CNzRTlI1m69W
zNGI`@nv@HGr+ph4Y@M^*YGk?Yo?-7Ie;I8>d5OvGoQFPy<b$3|R5lhPtxE@MH9`Qt
zvcC=UGp6Zl`kUyyV3M)>FFpl5f4)zBCL?WnRw3`}ru41)dewZ-8cFbt>P1=Tk-$@`
zRv@o7FhXJK?`_FZ3BRT)U2ZGP4Yb4hsR$7DqS-?KI9&^WVFd3}N5Ih>5@na~Ouhj!
zDQznUfz`z4p+{RjsHSi9`<8FG7(xxOA=$71+6=U4bTTTiZ=Bp6X8t~mZo={qTFMb`
zXLolkKR3-a*qj?%FjyB~X2?j7Wcbhg-?dZ`0BUa~z-!@z<cRl_^6jwwaL)x2#pJE?
zu#dAI-Ybfvb0DEGCUZa_&#d$M?x<SBOXIhmXc$<@UffG1S5o4dt~q6tJ6>ABpdj&U
z3&KhY?Yo!Yjr`+yo4DM~qBFT4TQYyR1lwB+LOo0BmSqASmUf#rI4-j0_~IaDBr>0B
z6~*Le%du5E8gh2(n)FBP!YBhDTdjBTk02b;dYWH=ULMjqioS%9Uk<<HIcZvnj*7S0
zZnSFR*wiNSCM3-2)I+sKJt|0YUKQU6Z|aI{1dyW`x4{J4Hhm;DtN~V=Y$C@rYLg}6
z7us$HnHk%f($YWBH=q!cmeiD<`eaG{Y?P)l8(<@@DfetLzszOwP>OE|E7Mw`aRE_1
z+m#Q@nFQYkFei~#D=|x4Ctl5{#d^?X53PSMV0lALw(Jt{_ybX>at&R#r$plxU6KCA
zrBdR1<FB>4?Nf5&`8NGft^8rCc@vBY7UwdJx}z$K5rq}R<Nd;N+b0uA&Ej}wVkVrc
zhe=ODwf_tl-Wkl7yqtIHg$#FyFs&@?6ne)Fh^JFfE8d!tA%UXL=fM58ii@=pV0>)*
zI-uk;pzdej+K({thPu_5(Byb;dj0f%=xBf*L#XZt`}ae#dx^KYh5l0(P&b8J(mG0(
z1ZQ_2O*lrVw*gu`-Yt1Oc`TQ3#waurZ*8s&?lbBbc~{v2k@7(xO@UXh)u0tdm}xHu
z4}E+DRK_oBa*|>c+mB;alRJ4&O|bL+Hu@uPOrN)H18s;(;nrak)%qGJ@m`Drqhvvq
z-Wc13QK%hTun=?vK+2S(v=|RfBLf)14hpKhslbrWPf{gW2uLiz|E}@)N1yzE_P;1T
l{`-*sPQd)X36=lkBmaYrQIds${Z9+zKM(sCcgg>g{U5(M)nEVs

literal 0
HcmV?d00001

diff --git a/Solutions/Pulse Connect Secure/Package/createUiDefinition.json b/Solutions/Pulse Connect Secure/Package/createUiDefinition.json
index 34526c47452..bc370b86783 100644
--- a/Solutions/Pulse Connect Secure/Package/createUiDefinition.json	
+++ b/Solutions/Pulse Connect Secure/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Pulse%20Connect%20Secure/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Pulse Connect Secure](https://www.ivanti.com/products/connect-secure-vpn?psredirect) solution for Microsoft Sentinel enables you to ingest Pulse Connect Secure logs into Microsoft Sentinel.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Pulse%20Connect%20Secure/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Pulse Connect Secure](https://www.ivanti.com/products/connect-secure-vpn?psredirect) solution for Microsoft Sentinel enables you to ingest Pulse Connect Secure logs into Microsoft Sentinel.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,37 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Pulse Connect Secure. You can get Pulse Connect Secure Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
diff --git a/Solutions/Pulse Connect Secure/Package/mainTemplate.json b/Solutions/Pulse Connect Secure/Package/mainTemplate.json
index 200da90c783..1ee118fcf30 100644
--- a/Solutions/Pulse Connect Secure/Package/mainTemplate.json	
+++ b/Solutions/Pulse Connect Secure/Package/mainTemplate.json	
@@ -41,18 +41,9 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "Pulse Connect Secure",
-    "_solutionVersion": "3.0.2",
+    "_solutionVersion": "3.0.3",
     "solutionId": "azuresentinel.azure-sentinel-solution-pulseconnectsecure",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "PulseConnectSecure",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "PulseConnectSecure",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "parserObject1": {
       "_parserName1": "[concat(parameters('workspace'),'/','PulseConnectSecure')]",
       "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'PulseConnectSecure')]",
@@ -68,369 +59,22 @@
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.2",
+      "analyticRuleVersion1": "1.0.3",
       "_analyticRulecontentId1": "34663177-8abf-4db1-b0a4-5683ab273f44",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '34663177-8abf-4db1-b0a4-5683ab273f44')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('34663177-8abf-4db1-b0a4-5683ab273f44')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','34663177-8abf-4db1-b0a4-5683ab273f44','-', '1.0.2')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','34663177-8abf-4db1-b0a4-5683ab273f44','-', '1.0.3')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.2",
+      "analyticRuleVersion2": "1.0.3",
       "_analyticRulecontentId2": "1fa1528e-f746-4794-8a41-14827f4cb798",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '1fa1528e-f746-4794-8a41-14827f4cb798')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('1fa1528e-f746-4794-8a41-14827f4cb798')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1fa1528e-f746-4794-8a41-14827f4cb798','-', '1.0.2')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1fa1528e-f746-4794-8a41-14827f4cb798','-', '1.0.3')))]"
     },
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Pulse Connect Secure data connector with template version 3.0.2",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Pulse Connect Secure",
-                  "publisher": "Pulse Secure",
-                  "descriptionMarkdown": "The [Pulse Connect Secure](https://www.pulsesecure.net/products/pulse-connect-secure/) connector allows you to easily connect your Pulse Connect Secure logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigations. Integrating Pulse Connect Secure with Microsoft Sentinel provides more insight into your organization's network and improves your security operation capabilities.",
-                  "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "PulseConnectSecure",
-                      "baseQuery": "PulseConnectSecure"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 10 Failed Logins by User",
-                      "query": "PulseConnectSecure \n | where vpn_message startswith 'Login failed'\n | summarize count() by vpn_user \n | top 10 by count_ "
-                    },
-                    {
-                      "description": "Top 10 Failed Logins by IP Address",
-                      "query": "PulseConnectSecure \n | where vpn_message startswith 'Login failed'\n | summarize count() by client_ip \n | top 10 by count_  "
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "Syslog (PulseConnectSecure)",
-                      "lastDataReceivedQuery": "PulseConnectSecure\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "PulseConnectSecure\n            | where TimeGenerated > ago(3d)\n    |take 1\n        | project IsConnected = true"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "write permission is required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "delete": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "name": "Pulse Connect Secure",
-                        "description": "must be configured to export logs via Syslog"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias Pulse Connect Secure and load the function code or click [here](https://aka.ms/sentinel-PulseConnectSecure-parser), on the second line of the query, enter the hostname(s) of your Pulse Connect Secure device(s) and any other unique identifiers for the logstream. The function usually takes 10-15 minutes to activate after solution installation/update."
-                    },
-                    {
-                      "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Linux Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Linux Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ],
-                      "title": "1. Install and onboard the agent for Linux"
-                    },
-                    {
-                      "description": "Configure the facilities you want to collect and their severities.\n 1. Under workspace advanced settings **Configuration**, select **Data** and then **Syslog**.\n 2. Select **Apply below configuration to my machines** and select the facilities and severities.\n 3.  Click **Save**.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "linkType": "OpenSyslogSettings"
-                          },
-                          "type": "InstallAgent"
-                        }
-                      ],
-                      "title": "2. Configure the logs to be collected"
-                    },
-                    {
-                      "description": "[Follow the instructions](https://help.ivanti.com/ps/help/en_US/PPS/9.1R13/ag/configuring_an_external_syslog_server.htm) to enable syslog streaming of Pulse Connect Secure logs. Use the IP address or hostname for the Linux device with the Linux agent installed as the Destination IP address.",
-                      "title": "3. Configure and connect the Pulse Connect Secure"
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Pulse Connect Secure",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Pulse Connect Secure",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Pulse Connect Secure",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Pulse Connect Secure",
-          "publisher": "Pulse Secure",
-          "descriptionMarkdown": "The [Pulse Connect Secure](https://www.pulsesecure.net/products/pulse-connect-secure/) connector allows you to easily connect your Pulse Connect Secure logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigations. Integrating Pulse Connect Secure with Microsoft Sentinel provides more insight into your organization's network and improves your security operation capabilities.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "PulseConnectSecure",
-              "baseQuery": "PulseConnectSecure"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Syslog (PulseConnectSecure)",
-              "lastDataReceivedQuery": "PulseConnectSecure\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "PulseConnectSecure\n            | where TimeGenerated > ago(3d)\n    |take 1\n        | project IsConnected = true"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 10 Failed Logins by User",
-              "query": "PulseConnectSecure \n | where vpn_message startswith 'Login failed'\n | summarize count() by vpn_user \n | top 10 by count_ "
-            },
-            {
-              "description": "Top 10 Failed Logins by IP Address",
-              "query": "PulseConnectSecure \n | where vpn_message startswith 'Login failed'\n | summarize count() by client_ip \n | top 10 by count_  "
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "write permission is required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "delete": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "name": "Pulse Connect Secure",
-                "description": "must be configured to export logs via Syslog"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias Pulse Connect Secure and load the function code or click [here](https://aka.ms/sentinel-PulseConnectSecure-parser), on the second line of the query, enter the hostname(s) of your Pulse Connect Secure device(s) and any other unique identifiers for the logstream. The function usually takes 10-15 minutes to activate after solution installation/update."
-            },
-            {
-              "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Linux Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Linux Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ],
-              "title": "1. Install and onboard the agent for Linux"
-            },
-            {
-              "description": "Configure the facilities you want to collect and their severities.\n 1. Under workspace advanced settings **Configuration**, select **Data** and then **Syslog**.\n 2. Select **Apply below configuration to my machines** and select the facilities and severities.\n 3.  Click **Save**.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "linkType": "OpenSyslogSettings"
-                  },
-                  "type": "InstallAgent"
-                }
-              ],
-              "title": "2. Configure the logs to be collected"
-            },
-            {
-              "description": "[Follow the instructions](https://help.ivanti.com/ps/help/en_US/PPS/9.1R13/ag/configuring_an_external_syslog_server.htm) to enable syslog streaming of Pulse Connect Secure logs. Use the IP address or hostname for the Linux device with the Linux agent installed as the Destination IP address.",
-              "title": "3. Configure and connect the Pulse Connect Secure"
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution."
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -440,7 +84,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PulseConnectSecure Data Parser with template version 3.0.2",
+        "description": "PulseConnectSecure Data Parser with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -572,7 +216,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PulseConnectSecure Workbook with template version 3.0.2",
+        "description": "PulseConnectSecure Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -631,6 +275,10 @@
                     {
                       "contentId": "PulseConnectSecure",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "SyslogAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
@@ -660,7 +308,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PulseConnectSecureVPN-BruteForce_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "PulseConnectSecureVPN-BruteForce_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -688,16 +336,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "PulseConnectSecure",
-                    "dataTypes": [
-                      "Syslog"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -711,8 +353,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "AccountCustomEntity",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "AccountCustomEntity"
                       }
                     ]
                   },
@@ -720,8 +362,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
                       }
                     ]
                   }
@@ -779,7 +421,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PulseConnectSecureVPN-DistinctFailedUserLogin_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "PulseConnectSecureVPN-DistinctFailedUserLogin_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -807,16 +449,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "PulseConnectSecure",
-                    "dataTypes": [
-                      "Syslog"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -830,8 +466,8 @@
                     "entityType": "Host",
                     "fieldMappings": [
                       {
-                        "columnName": "HostCustomEntity",
-                        "identifier": "FullName"
+                        "identifier": "FullName",
+                        "columnName": "HostCustomEntity"
                       }
                     ]
                   }
@@ -885,12 +521,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.2",
+        "version": "3.0.3",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Pulse Connect Secure",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Pulse%20Connect%20Secure/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.ivanti.com/products/connect-secure-vpn?psredirect\">Pulse Connect Secure</a> solution for Microsoft Sentinel enables you to ingest Pulse Connect Secure logs into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Pulse%20Connect%20Secure/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.ivanti.com/products/connect-secure-vpn?psredirect\">Pulse Connect Secure</a> solution for Microsoft Sentinel enables you to ingest Pulse Connect Secure logs into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024.</strong> Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -914,11 +550,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "Parser",
               "contentId": "[variables('parserObject1').parserContentId1]",
diff --git a/Solutions/Pulse Connect Secure/ReleaseNotes.md b/Solutions/Pulse Connect Secure/ReleaseNotes.md
index a257bc9d317..2e499ed15d5 100644
--- a/Solutions/Pulse Connect Secure/ReleaseNotes.md	
+++ b/Solutions/Pulse Connect Secure/ReleaseNotes.md	
@@ -1,6 +1,7 @@
-| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                         |
-|-------------|--------------------------------|--------------------------------------------|
-| 3.0.2       | 01-08-2024                     |Update **Parser** as part of Syslog migration                         |
-|             |                                |Deprecating data connectors                                           |
-| 3.0.1       | 13-12-2023                     | Updated  broken link in **Data Connector** | 
-| 3.0.0       | 20-07-2023                     | Corrected the links in the solution.       | 
+| **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                  |
+|-------------|--------------------------------|-----------------------------------------------------|
+| 3.0.3       | 16-12-2024                     | Removed Deprecated **Data Connector**               |
+| 3.0.2       | 01-08-2024                     | Update **Parser** as part of Syslog migration       |
+|             |                                | Deprecating data connectors                         |
+| 3.0.1       | 13-12-2023                     | Updated  broken link in **Data Connector**          |
+| 3.0.0       | 20-07-2023                     | Corrected the links in the solution.                |
diff --git a/Solutions/SquidProxy/Package/3.0.1.zip b/Solutions/SquidProxy/Package/3.0.1.zip
index c26c721538c999db3d95c1b0950ef6781dc6d80e..cc6e309f995ff5deec2a136a73fbf85e16478834 100644
GIT binary patch
delta 4422
zcmZvgRaDdggT;r=p}RW=X=zYGq@+W-L_k{U_|qN3&_j0&NC?t3grt-xHFSzYC{hyp
z?aS`N?tQxF-uHX%`Q36PbJFT*VPR8&Kp=dOTr%{vZ_Ab(90vq~q|>qhl_rlKt53-u
zfPwX`5^$5-n8CdJ5?MWSa;q~D*SquzG^?M;EQOGFscKe5eT7wo!X%5kZj0Q{xXLB|
zF0eCJlKi^=)p@sE*xjul=+uJpt^C_{f`GiXN|}T*C+?}&g9b%^kg>m1Dg)^dJt*-x
z{QxFKcn;hXr?K2{I&Tl~v{u|>)W;VzA}=zXPizmo?$#fXvfgYGGvR{0L(0-No4jy$
z>+tHsV=><m`hm-wevV&{dXncP)9xHi!|Fmn>tO7r+GR1oZMU94s?FQcVK;wPvhiA+
z(_UO+bR;_8ENTApm{O8FPWjFkL=p4!PZ8>;i0@fj4CF$hs%ss9HoX6jmL(NV4mm95
z`HQy###PJz8diy>pIQa#B@H{_pY4$D357XXR^*}ki|Z4OMf30LAWC`Dn{B&OUb7)X
zl4dwhcbfDK>ddM5>u+ATkd%pJYiJ0zdS=%1l~S_V0FO7cmeM@x`At2WDV~vHKf-c6
zGmeJ{%%=l$_TC%=Q>r<qg6Tcqe_lRuy_apbE7Io2FX8(rmO8lqi)1HuPp9-JX0+%c
zSs|)~Ovll@^@;gTJ>w34rlmzJvOFY#!mcEVE8M5JIi$D-T80d_J>tNl4Wh(-q5s3z
z**TO&91^Z~BmqCEQL&jNVvuzTr*#wRjF2-X7b)|KT9tbQ*o<Ahn5C}Ly5pgo+EsYS
z4Fci7^b+u<l+~uooB9bxQ;R`c?>>;xn?VPJB~o+(OQ}Hgb&TrWq1kCajlukz)}Ax$
zT#R}N>{W@L6J;0eTtPotfy9f&#ZSw>9HGhkHH>cT3G~ct{&Cxi=xvg%<Z4JCqhsWv
zlO>6nW)mNf+w;k+FI<SQvqqf!tzJeEludQS2}Y*!X}L^ut9u8;!mMzsI7}Gi@RIi+
zJ{C1rT9!9x9jTct?#N<qvIz{AZ?e^D@^ACF$qsrpIHBLno7bNi<aGMX@~Oz^32W-o
z+O1#73UF9Y2~u{Zu1w0>%j6$$EYe*{xCuN+E-V2y#MJkq4Um~JdTF-LCRqw4dA(iU
zBFqz158<K0q0?axUN(UViPhF3&Usblq`~_o`P)3QdReJ5KSKp!RTjc=G$I8!jZHA-
zh5a5@Mg25+)zCw>3}GS_@Hf@Ad8sN#Q7Qf9Qgz~kwBDK~h|-Sxu6@I|>4RkbR1Uvv
z#$Nz(l##*uR8bMkpHWBtjm1iO&I}3Z?teaH$YpjZk!c+t&9x>&pmzoJAwnWwIB2xR
zq`IOLE2{0OP}TYd>n3y&_jQb!q|xhEhwmHee1yYZWE?Ix49xR6lUP`RnSGU3Sqpbi
zd?%Hn1>-n0yn87!MMCR;Yl+KS{JB|`1c9K}aYTi}nh^~nuH0X$GhwEYEoYX+D0~f4
zLbDAtU3t+E#6)2~+W2&=*I5Rnj!F0GK8u%gW2u8;PJuJKHhA6H<~K)Mo)X7gact(6
zgf!eb*r9G?C*V_@DvUp9HejaMDkUpnh9h4_byz*{dT3jfEgd`Kxnzh7#ywI~6!2tq
zOlwYOnNACXvoh<7Y^t=c#(g-XITr32Fl1tqHZO8DRvdY))ROHs&7H?;qQdXZZ7All
z4$nCW3m?Rqy)uHb*(-aJOM$sj-2%JMD6rIW0e*t0Pgn=N%iV^i((-|mT-Kf40|i-O
zoG<(NNdd7Z;o}l(us~1)ii$-ED2>qYWZ$vyjb-uej+0UXmsrTv^z$=ZBY&^m@Vney
zHze|~nt~4mPaXGkFxkZY1;WQCh)jx-cF#_#3A+0FstxBq&&n^KlB<mR3As3bBSd!{
zvs_<55<Zo|S}cafO-vk${3r5BZyVd!@ZIYlS&v3(BOaCbNTIlHpHT$Qzr4n?Ifb60
zQg+%W?S>nqChGs4sq=ITu;pVpTj|Rcos&NN!~5U;7V?9>h6O4VT@Zpmgc2YSIVeM)
zoDx7Yta>m?UG_eEjL5ZmW>7vi;_~_BCY^7gE#)_j<grynGxNBj(#qNc6PSZqKEq-A
z#lof5C6viWTFPa&Vu>Suhf92StMlAa=I-pTDZUKwc0EybDKN5t`hY)Jj0KUdAMMb?
zMV@ej|HxbJxXZ1t_+=C?<H*7PcY|DBYA67U9e*)Un861Y<t?`{qj;RA*Tl4@c%S<(
zL63&3xkQ{<XSg^-k%Q@9E)j`hJO&+--iF&KypK>G-n0wnq-}=iP)_uxUF6!nWKVbG
z7{sJRIBDd1v&9B{CF^>{2fv5oJkaZ`donfeze?8?9T~v%dMirC!?K^a8iJ2|!vk<*
z%I!$R=fInwZ1K7pJ-dRrg)~EooujYE0Hhty4=X(+EIDYmSYmws!M36n;$|u7zT1(j
z9wl)w9$4s=DY{KMXFRH}9j_ZQOqppvN>-IVc>~6ukq+{QQ+mHea1n*lW_Kx(UEx&q
z<qWj=b4G{p@Ws>fF43Bi+mK&)0EM%R+4gB2@M(YNUcw$~Lb~4sV2_AhNgWP?u%P5A
zO!YsZ)hs6$G>iIv3!cX5!H8o_H!}RoV9#*_xLRc997mOq+9_D&i5UaA3H#KGvFf~-
zEoi`YtrVobYGdI~@1Sk7#U*Uag6m!T=T{t$^+%<2bXk`G95UyfJOm~M<Z**F_@2iA
z(*uE#xzYB)^jojZDMx(Z7TQ=L)D)|4*&x`Zy8(z|YlaS@sLG9usNTUc(1P3_hNT=u
zs{l{%Xrd4)dy6(W8aLo5NrryJ>`8T^%f~QZ$(l**($+jE(m~vMYH2MhP(*pd@*eY2
zObC5l38yg7abIW!Pb>kNo+7_ef`_cxyVWY5UCtM0Z%=CVZ-_I>1!YhOpef^o9cUn?
z1u0;hr%rTCfiFa22EGQVd>h4g-BT7Vb$Enuud~ckhkT9CnG5$M&gk9xxagsYS{F%*
zvJo%4tMK$bD$*Do5Mo@K)^T$Etq<N--D|Mylx%%9GMJLGdqV=)-cRjxj_ks`LR4<E
z|5~o>i-$;%iw%Z-YT{*uQn**CPI|XK$<gxtX^8(BSyr`dDXi=gC^2cZj{OpPpge9#
ziYja%xjTLu4ndA~cD3G!ykqrZFe?fbkqM{~AX)PBVT88fFdXP3{ib1*m$>CLa&7KI
z6Ix%@%9lIUTH66yWm)#-nf2iqzujw`K+<^v@^zZ8fvigISK3=}i=LPHoR=OYa0j8)
zC&|bOYobYdXUydDfz-d9W0lc{()dBR%LM$w&yT|!6UBa+xbq6Axg>zMf%^6;ZT$Ni
z$vSqUMq_`*%v7!<!jC?7fu=<e?%4^;sOqC)(!C$4v7W#|0bve>`t%IR+7Wi^cTiV*
zdCt5R7V=+E!Sh+CV%+e8oyvg+ozUi{?eGX0w-rP(g@lN5HUTQrNH6nMpp&zCVBtv1
z2YC{#DOtV9rp7TUuN>a$Ki5)RQk1<T?~a`2`}>~1SHDx#rS$Y=QQhr~mo4Mf+nEt-
zQ@c4%4iW|y95$+N<f3`_l;1M_NiKY*3nhJQits8>>Ibz4YdOM0)k<U*av#-H?y+H$
z28O*w<jT~ev;?i}t|Gd%2ezs)T)tH)+N5rIkY&W(1dgl30RS160FBHOTKJUGP3A$e
z6EK>!M?F~;`f>Wef`|OAWOkS`dCHa;jA%f~AK3phw?>bA{5lIF!8K;O@!{Jfi2L$z
zaqf>?-1HA;ajt*kx^v_xMjx(Rl^j6RM@g)R<Hz>%w%Q(QpJuZyLbZ0+4TyTP&K&HF
zMBNnB9`GjNVFet`9Ekt*!q7eIr}K*)+ZcGjv3|6dm8Vm*d}ckKqD@GS>e>xWocw@T
z1C}^`598OiaZwWs_-xq}?NaB*oY=R7w>U_rrLf8i!je^&oAzzzs&?5rPVk7g6*exW
zrQ?mAe9h|9<Jn5$2adKS*PX${MB+>)Zg$Sc<%z*8o?zU!eu-WT&pmZ)6`kSx0n1RH
zZ@MZXR7yN=mI!(<+M|0V3tcD&tU|r?0p_}aHDkU-@s)M{sv2&ccWeA#G#U{<U``1d
z4c#lyS326d+<5x_ak=M;6@?{6Q|*rKhf1oH(tQ4+vE$jug(?3UqHtu{=iVgQ+QK}V
z+40!%n@7oV8mXd_4Zke)MZZRRln$AewuMi~7J~V(Ei*+%pt9RZ!J?|OH@>L@`0j2;
zl)GLha9sIN;=$$XpS?77j`rJ6F>V!E4AA@F@+whQETi~^?*VQd6`|l6jjylV&pHU^
zmr|=?lBny^W;tdx2ct4k4+_Bau+64H+8qH7F}qAq@@QrRFU)f<rcu!7Abdwq9Y)%p
z>sMVWF5&XHQ;sTTGTa3c&%+#n)>-E;H!ux~fh6U?fh64^=v0Mk#1D<{k|RLXStS4J
z*!WKtWeAD#n)vWL;;cqYR`2ld^QQiXdrJFbo9pPHf1(Bs!Rw1!m+oJ>KX2KroC>3_
zaxVXgzw4K4MG2w(9P+LBdAnN|h0v|Wxp^(W7TzSfqt98~&+k<pZ93Bck4LWsf}JoM
z?fHIX;I38xbs2Wurv^(Y>wHAbeLZnYx;lNY)vN#BrW;X=UjLFE-*(aP?*bA0x3>Fs
z;r^ci<@bkVGn1S8PN9l6K(f#O<vU;R$&2F+>Gs#BEDf&hE7H>+k>L&ap(ePEKgLyB
z7qWj<Tt=$TSCK4~tJL5DCAP9bg<ijRy$bqEKS6EzF8MlnjMmyHXoo*$h-iP;lP?kU
zDb(}bB2MHM<=Ah-!h~Nqvta#xe0ad4%Ci5W2|6Szr!EPTmCEjj78C1+?fXL%F%f{3
z&_=GI@+dhMk@6SwD>utS_q*(usWEhJR5$Mr_*kF&9C{_EX}T2xlih~oRD7lt5v(Cm
z>g3qR1%3MksNr#061pfcmX~8v71lU7To6LM=5O(O<^#}u8jet_YJICL&LN&Avn^se
zi^d<EfxY8@RSP9F4=DtYoV5g8#_aT>bu{gx47UOllWeh1HF(T0y0)uIV{l@|VT01z
z-*Z;w6T6+@xjiNTA53(B-CKi{OM09xN9qiOau1(7M>t@oQmEi+R4~Yk2nM7NV7hW$
zR<%xT+ThvoT?+o7k&w+zz$P62nDv>+gev|+RHT&y+Vg8MqXS^C@iL(+`sXJK+=zY+
zD5cOCej$we@@cj+J=Xn1QdXr_Fxk&%GCvvi&6n7miEEUB(o>==7m~D3+(FXJ9Qa`y
zsl*6QXNnl_Ud)xUbTavPi<Gi=$pb95@1b!H*Md(XFcD)jB^?vON{Q4h<KtHr$$@3=
zh*hOrffT{Oh+&V>(ch`D-pQh=O^i5N-is7dBAOM?HnB=S#CPo*Hw@P6i3{1TtTlZ&
zCLJpvJb`inv5l}~soa{2$c+_+?&$fB_Tm7YL!DuM<V(ZNjiBw70H!6Qej^OTh|L+f
zmO>VkB+5B~?k}WGuZN|UjW}E7y(;=#nsmf=g~0HA4v%!x>fRcL&EFeB{E#cYP|`+0
z4grimVc!~xP(DvA>xR39ZVb}HaH(B7EA+=l-(8mgN6(tEco^aZ-^w-GqHo2n6J$R!
zEi2?B#EMWhTmFDFBxw=t(Z;(_G8PHNX1_IEZn0VI)3d_MJQp`cDH^up{E13ZKe=Fi
zBlQEV?8}&?Wd033gSs{A9Dj1BYH8%w;j`7lWBCER{V^<`>b9Bez_2joSKk7Ef*?Qh
zn5K*9=;Go~V}InvBZi(91|}8g|A8GOAQ0_;5XgTE1H_hrM=rqnf6w&)^#3t48G7Vg
KxWCE%JNqw+QbZg8

literal 4474
zcmZ{oWmFUnv&I*Y?p|2Bq`OpDK)OMRr9oO)L|CK|1XdcPYiTJ7>6C6s>7~1u?muvS
z@0WY;d(S)bVb08%GarBFnMX$*;~5120Kft8eu^`yJFs!g#smQPhyVcUzf)^BTPv8Y
zzN3Pzoui8*%<+Q@|9kfjE(inYhXrwxN3i8n&<WNJW_=<IB>v0^o0YE_ebAWA@xGG?
z%Q%mnKe0GoFR_;A=Sp>Uy+!p-F|~RP2!@I5c*$_Q)wF}USv#l%g8ZHG^=$lLT}mbH
zq0+eB#$+~9JK+NgDD=lRQI;^+Oy>Lvrz8;rA0DgA_u{U%tc~QA7E+WZY3k2C7&23a
z1|^J6zE0mt<TqU>ok<yV#Z|h~&_FL|Fx5Y_*yrlDQTBC_a1m#U^<zp%krSzn-^jAy
zup&O#R+G!J9hux_WdOVQ3=M``5(pcF_m{4^Aaer)U1C|Ela0E{!Wk-G!3Zk9C^XkD
zCK>>}U?C({8zLo7{QS&`O*+gSujAIzv}()80zQnP`(~6Wm&I49udVhoM!fPXe9cjE
z(3V|x?g7qtC`3r6jm+_|H&PCVl?x6#ZolcQH|8=Ml(GU<O)Ckene->I;37=Q)zo%F
zzLkG|yvs22V#EIG?7{qgVROh_8|imoDuc)od0lH{F5c(tbz6~m%9DSL>h7zM0NI=-
zezBzJ)#oO0?mH%xFj?Ac9!jgNKlI&^V9FzeZj?vQ_#7E~58+wSVV`nZd{Ho-Q4+TA
z1;3jI>!2xy2F?vBkNWL;0K@W1OFQEINI#0o=4g^>d5(8d9pH=@+oTTMD&hV{d8o#$
zDMILu4@JI{<G&!fuDlNmB#qyrTl3__`_?~hbyJ9*l{~XoCho!W!X!(829g#zz|5N(
zBTMY(W%~yY=cco6G=M!R@11C4Sn9{$<BqQN<sX+q-~4c0IRxv)U2IL)%pVq{M3Jr%
zDycYQQx7cWHfk?4VtnEtV_3QtmTNG|#xM@&bFV<rBU7vt&?32$bceXt$pK#s2@+CC
z(npeQyV_o5)hH{+wh`Oa1pca5NOW)PmOOLGwHMNm?d8P0;9Y<5*v+iizh12)T)I&R
zS|6oZ)=RMYrlfC3bIL`vn!7(iy(r=x=g}S0tg;#T2Od!Hsg=mPk2+0*U_Hx6(!R!U
z(Xs=we`g(EHaY-2kGWAwK>-}EX!~0ne`(BTJFlqC))HHwj0I*UY8kplhHJM9Wkh{9
zD835jsFUN8JR0;}Hkx0GK|a&8D)9Ig9C<hRca6HQ92D`pU9vQY%0VHH?$-DWxFD+X
z>o{w)rbsgX+rYY@@aP!{Vy@s=;j?s;D63cdJm$w>@D=mhW{xQaQ;4I~cFfatV0}^4
z#C2^_K$4JdqnI%EsSyiZLJXA9r*seYv+gLKC_)bQ5a+O=#v}9-sd*bdzVHPs(ad|b
zuKe|2e;%RWv{@U5;JSw+vqxfQPF$!xr*;Ll=tfk%S^I0Y7Wk6_^iXXl+%46xTB2kQ
z6DqQrUYc@vL#=^fd^PY^t|ckLoWj|?T|Np<<hkp!8B%e*YAy;CBu1~9b0x(Z?GWcM
zJj{M=<DYbM9i7Jc?KwY!KsHkYW61TTOu9L-2Jn>VeuSPywRBHW#OLww{eVVmr0KqN
zm&~rvp2TyyK`$`MqkBhuT%a{Ba$E5Vm~i3n@nUj)*DETJSl{zehw{f5?<$u#_NU)(
z^COEOR~XP<iPzumti&ns;`MkoRn$`2z){!8Rc5N56X2wEPo=z~$86KSZeBmmy$qLC
z)vKQ;M{9kgr=SWQH;axa>V)*Tgl1`u4J(YOqE5b&F{6A5+t}>!zJmTZgrq-KWZ?_>
zts?iCA)>Pnc%k7imh(?PugX(Jd1*gGW>YJbpC3$k#ptpMe|8$}JDBj3KKn)oevpLk
zq1Av~)G-3D>=YQQmQ?n6#1vXwim;cnFs+hP)arzt>+|T=TdkM#Bt9$uC>Nd4Y$I`L
z#la~M2=yZZ3OX-<7;0wxsrlC=ilh4*Myvv%pKGEFj{0qKst?fryjU%VzK<1oTwQ6`
z`9DmL_m<9D!UF*CL;(QOzf6Z(IlAcCLS3EzlKsDFegs-@TWGxeCGvnBg`^n-=~CNI
zB5cUUd=MHNM$b<nC{%F4OF>+9$Xm7)KzZ@}@P)~p<3oHF1__&20%t$eQ~2~HE-phR
zXq2)e;GYdfoV|aH8rAFb5cUN%iNa)KaCvEA$V4FjTm+_@?9;a%=T-QRiwqz`OrJJl
zqG8lQ>H@O)6%^89^JAbWo-lya>ZC}^g4DHJwyPl<!s`WOLY!KLJbhm=)OZuCwz<km
z)Ip-TDI7(5LFl=m6Cx2WslcX7(RX&AL?aIuB~!Eu<;BSq!+lUd7h-t}AJ7CQ3|8V^
zk8YfF7Y4h79nVOkxqbo`jR<aX)k)>R&w|~^g?jjHhJ!<yqsUHHqcHKCLMk`>=By<|
zPq(zEw5M7fhZRzL`0t(QICPIKEsKYtrj*cv#t_gs=T^zNcp@9=@Ik_XLVTc5thWN3
zE$=l6Z6zJo2RSe1!TXxTFcBko`0)$D>D!<em5zr^%o@HjOq=#fUQBHH4DZ<81_$mv
zfGZJU&BH>@ZO;$bJySyP*Q-)j&;~OkO}S2Ltm8FxkiFU3cXB+mA;o#lMJv@T*9Nl`
z&LlWj&D74h!z^q_hj78<cQZ;P*u2rX`Z@DCesCk;Ra&I>Qh<xtuZr7cY01>%<X=o@
zRD<c|<w*lFARjh>Qqn_qD83t=&S%yp9!ox>VHK1Gxhn&MAY+Q5V44D@E^kp&zEIID
zxW*r=3;mk1-{j$fJ2=A*;$tQ@hxuS@X=l5Pem_*?eq7!GsoD}!NdAar1<;cIr!X&7
zWot@kM5r<b&Epwa#6GU0l=#Lib%w7Xap$_{Y<u9ZD14rP?=rc1)(fK0;34PlzT?M4
zEe|gIEsAW)pY|Q~`rz8X%q2|bI$Oem_%I@;WC)*G@O}r{QS|8OxNhR+3qAWZag@NJ
zq{2#_j!S<3oYeg~j(^9!Ymsf+EkS7h=s5jIp=$EzIogw$6;j)WDrL0k9l>HXd}+$2
z&j?&9o4MPX#NF_v{;k`|u+kqt?4RcAT`&{k_~q&>Tj^x0ASrDnPV%ybla~D;hY1ej
zS_<V2nAmgyINFkjx8y#3A2TUgsb*@c27r5}Q8zq2zJ%QGXh%ufkP2x`+YT#34rEzf
zysy@FPpT>;E$8Ry?Va!`f=%be@U`ZofueIIP>_N7zJ}8Xzq*+sV<4;xUAq<E?Wp*a
z>mKkY7l*pZeYsydLz>*oJ(8Nny#U3h=N?ux$XRwM){x0e6eKiw1hGhQb;D*BV17k<
z#BMXPB`na5x^Rnsoj79@eb&LN`EC3uM`;8{-)VXY%a$eFmWU$)61r8i-v1h%&;Q4%
z==ob6b*JtIcdhW>J~FRheXQfgguBZz<|+bWIL8Mco6<ptA{dq_u%Nm25-la3ZS-NQ
zNmE;joFLMAoDIz?u|c&WQIV;UR#kNUmkjrr5mbpxhfcyT7N-a2d2a~20aLrwu<}KX
z+gS;lna&kM-Ccfx+lXIX#lg}+44>0>+0`tbSNYP?`<iFA$vb>ufw7cm^x$4R+dCl!
z;q>pFJGr*t7ydZ}VU479{?jlgq0Q99Ep~bE!n&&O=4FVu0&yYNC0P__O2H6}W0KW`
zL;Xs){rwjP&0EI2R2o@uT~Bg)m^D|zttefGBX@xB<~02YqUyD|EdJWpxCHAk9?Se+
z$M%SMXTgJuwG}NH3@J&@4V5B!v@tfRt3K^^dBflpjI#ktzBiy4<@^aWP8;4-r?pqP
zt8Xo_A+zlrovF=d5qDs>^Xp~UrW9fXey&`THa<4C9ZR(OT_QvCqMIUX)q)On5#A7V
zx#9BRC5rKiag4dLK&dbUvh?CmULg|pdvT6sNRa%GgDMwLZ?j{CjG}Ca7JmsQ`n5V=
z247glEA2T=XtmwwTC3_{=E_B5pqGGz@%Q(tckBlDw{)R6=y+IKUn}<d8~~QX?+aFE
zT6#5Tu6gHZ2}X}7CQ2|hML7Iq%I<mh@;Eeiv(qghDm0(aD?7^v?GcXjvPc@F%=wuP
zZei-dzA(~$D&ELxk-ML(^2ba(rL?pL`Q-E<+JQ?p-h6OvH-4|5{0#gNBSY3K)-cVP
zQ>x~8(tzS@NWi4u*Tz`3h_>*_TEw_~tCY{zpC+Zj_j1?8J4X;Yc<M>4BVJfsi`u_*
zPTRg>=~_qDh7wxZl?;_p-vyU`(_3n4^lw4j4s+9{mM(GrSy1*BOh75s?O>HA0_}E7
zVc7O24b5r^9Umi1kc6&aVi$ZwOra3xIB+Jso#z5sX^>ezjRh{d>tSq|iw<(!jW0F9
zJ#U^bT(3YxFoL#^MBn&o(PD6vGV>mh8NUJ(Q}Gd`GlGH@Tj2TUfD9E~zhlh;*hX1v
zXstSBx~U<wDCyIZEZZYH&c`v56<6*P8ju5_zel9`qkBC8s$FiTF<NgStKl-<f8n$q
zdNX@<?{xoA_wd+-Jf?zr%D0#;*!}%Q#GxMYub`B6=U>Mt7LXg#$o2cLk1OtsOMb33
z_A86qJ)52rj52!P7Z!<SWEmI7pHL3=p7p)=*G-|z#ch>K(_{6=*7!ZNcQgKX)4%Sf
z%pUe0{r8HV?09+TotBTMZq|Mn{l55NpSe)x8Ea5y2Bl-41yj2Y?%0yH8b7}t)H10~
zKsq(O5x<mr=|gl0$TXzuL<nCU-U|A&?tt@MXUJ+mk^p#%ftTDN$HjvyVJ}9Lohyy1
zg=BCI9$n{g9~zn_OcWn*+x~PbAUWAd$peVnN#sSlj5M+f$CvC?tw_41-(ddvxFB>!
zXgfSdLKI>J{i<~RF7*KF)k)FM2?v(78trh>Gr!-xjboskYu58DGSJB}t)UIr<)hP(
z|EaYH8tsLWRABHw%gjT=y;Qp3dBfzO>xx$)`b8}`5&|~~yU<5el$O%jIHO0hj|Ns<
z`bg`{X3$X|6vzPuR%N$U9KUetb1DhzZ<JT1w?$xbhkesbW#W;g{y=LCSshw@-682$
zrq$rx(_#ltZ8iuS1g_$k|G~i3B4eH=l#=!A=Xw#~uF;{3KETvLo8#G8wyKE6It7?5
z6y)n}-)@UNNP3SyN>kGD46nzfw%*-9G|VkHb7>g4V%9bk^^nGHHGILYr%fTq^!QRv
zD~bujt&eJI36j?-rjaXPK*fI~SB$Z>>y+wLD>n|*2^F7{Pog1;O~CY)LXqPHte`*b
z?E*#}CK{IkP^o@-h7$u;24qDCgXPCCb&Q+f6xksCb#@)o?<tHQ;V-Q<W<mX?Qex#u
znbh}miD&5enF<8c^wGmYaF`;3(qdI#U9g)HS&c2meVrt)Csyf1Xce0Nk!W%g9%}Mg
zcAKDyH3ImHXzk8<S|N%0A0=e&@Ztjg(#s2@p26;cdcJPxU~VHl#IQXPt>rSq^*S97
zz>PYe{t`A<H$^siDT{6OGgDG=iY|6ihoF!i@8O6WpJ?3$&Hls*HONkKgHpXfGfyGl
z2|9czHj{3#wP@4{Z^$^SV|hU5{_{>XKOx%0J!d}X9kxc|q`2YFPY43=uIlCvO4g9F
z%B*-hxH}JWgfeL1CVWQ~!iF=^?jB2C3Sz+buJ~axNB8cwub15ZpOn0ej8D0(QOyqZ
z#S8sQb|y`u{H-Jc+%u+4yREilEm*BTR@fA0h^23q2T-pN5sk^!7)D%bQ%_vyr0}(C
z869;rbPB+Kb~yeD;{O%@!SDF@BmXX`|L4NgU-RVu32Ys8Oss#cp#RN~zjc-5U)_HJ
Dfg5z(

diff --git a/Solutions/SquidProxy/Package/createUiDefinition.json b/Solutions/SquidProxy/Package/createUiDefinition.json
index 9db355cb0bb..9b1a845c7ef 100644
--- a/Solutions/SquidProxy/Package/createUiDefinition.json
+++ b/Solutions/SquidProxy/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SquidProxy/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Squid Proxy](http://www.squid-cache.org/) solution for Microsoft Sentinel enables you to ingest Squid Proxy logs into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/SquidProxy/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Squid Proxy](http://www.squid-cache.org/) solution for Microsoft Sentinel enables you to ingest Squid Proxy logs into Microsoft Sentinel.\n\n This solution is dependent on the Custom logs via AMA connector to collect the logs. The Custom logs solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Custom logs via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
index 1bd127b4b15..dd62f041d89 100644
--- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
+++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
@@ -1319,7 +1319,7 @@
             "Syslog"
         ],
         "dataConnectorsDependencies": [
-            "PulseConnectSecure"
+            "SyslogAma"
         ],
         "previewImagesFileNames": [
             "PulseConnectSecureWhite.png",
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
index 6bfd9205142..38fce2435ea 100644
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@@ -1666,7 +1666,6 @@
 			"Syslog"
 		],
 		"dataConnectorsDependencies": [
-			"PulseConnectSecure",
 			"SyslogAma"
 		],
 		"previewImagesFileNames": [

From 604f68b71e85f9e5cced6191ee36b91ad1372acc Mon Sep 17 00:00:00 2001
From: v-shukore <v-shukore@microsoft.com>
Date: Tue, 17 Dec 2024 15:47:21 +0530
Subject: [PATCH 3/4] Update ReleaseNotes.md

---
 Solutions/SquidProxy/ReleaseNotes.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Solutions/SquidProxy/ReleaseNotes.md b/Solutions/SquidProxy/ReleaseNotes.md
index 9e531b4b307..8830b62adf0 100644
--- a/Solutions/SquidProxy/ReleaseNotes.md
+++ b/Solutions/SquidProxy/ReleaseNotes.md
@@ -1,4 +1,4 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                          |
 |-------------|--------------------------------|-------------------------------------------------------------|
-| 3.0.1       | 16-12-2024                     | Removed Deprecated Data connector                           |
-| 3.0.0       | 12-08-2024                     | Deprecating data connector                                  |
+| 3.0.1       | 16-12-2024                     | Removed Deprecated **Data Connector**                       |
+| 3.0.0       | 12-08-2024                     | Deprecating **Data Connector**                              |

From c49da07bbd52c819eb3fcb5fdf2f8c435c1a73c7 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Tue, 17 Dec 2024 16:01:05 +0530
Subject: [PATCH 4/4] updated createUIDefinition

---
 Solutions/SquidProxy/Package/3.0.1.zip        | Bin 4492 -> 4492 bytes
 .../Package/createUiDefinition.json           |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/Solutions/SquidProxy/Package/3.0.1.zip b/Solutions/SquidProxy/Package/3.0.1.zip
index cc6e309f995ff5deec2a136a73fbf85e16478834..2e6ec7f2d9c4eda2deb5bc0ee94702ea2b2b6956 100644
GIT binary patch
delta 1508
zcmV<A1snQ|Ba9;(P)h>@6aWAK2mlCxky);QK>C^m001lw000-09T6IlH4uN;QqpbM
z5Ud@Hv}g+?YmubwA9gU%5-o9|M3tnhxLJTb%N}h{vODUBrPwLD4QK<4Jl=Qr@w+?T
zef<@H_pOOio-ywPywuvloP=S$5@alA3D0<L1NN!ZJcv}*?3wT=I1Zl73e7iySK+DV
z%<^}ypYyfIg%v6f&P!><`z(L>-KhK<Z|bm8mdBE7!a5g`Rz|IDFn7Lt9vb5f*9IMt
z@c^vZE|_K+w`hbGceI3yk;>O1*)8CbFdxJxrej=OGims=+gULqBGWg<#h9B&i^4X@
zKZ`5@qob$GjvdXaAQ3h#SEb<^5iK!9+_+5Yzq3nR6gih6l7&HrXDWYDrr!Il-3!bn
zS$a^3*ro{Z;}69xex_U`sqMa>E%RkQnf$6OKbcJ6t>nyb(0t7`SOqrauvSv4O5_Qw
z_*!WWA~%*vNh`E(lq@Ns6ChuI|M?eOI3@?1u(;s0Z-O${ew%Nd>*EPp&3T*UW#i0*
zmmf<Jzt!q?8#aEO+aQ07#}oum6jv$7U^BMGxM6XVt11U!OxZ_gHz-6Cng*?n);R0h
zcnk&CmZ9({U!p`9Xd{_IvCmkxPgForVL-5Ok%J4p4g;g8swyzFK8qL@K%jIIj(60d
zFX#jfEi=G#wvybyR+R*dDBR%o&Ob<%7+lBA{o^ho<Oq}Lfbf5J%nP2!Xao377kFA4
ztFqeFMlhJ4&jD4L^T;ZfaD?)}4`)nP0TDkq*7>i5lyn&lFFXcj04oi_)-|uYP-+wA
zirs~ZB7Jl9Vlp}DC8Ig&23tsM1_#L9p}0@mxC1!j35&M9Ot9LF%K=LX<~fsFi{%U0
zqL7O!6;TQm=?Q-cLR4%fF)=im%*zD6JD$RmqbJ`7SV8X$>Es;Iup2p4G&9&sP>E5B
z%tOR-{Ev7P9K>ZIMO24PC-|+^thr2Dixgh!B2x|;Whi^<Md|50$huxfMa1)2X+qag
zJ6VS;W3x;o8p9q3b;ZAB8vBc(qCcjU#ThvR2gFvYv<H7QvsX6`rbQXUAF%JGtJ%*V
z?kX=<(b${zTBa#i{hrzDrnrd?RH-A5df$k+?$(RG1@vdZ8?0o<v^npFPuL;%Q6D?V
z<m=o}12ti#^o=Q4#7$VV=pn=TV=qc9%g=ZlxL7H5^EqRbqlld48oRLZ`i9rLkNZAl
zQq_XmqYHm08jG1_4>xFdiWtkDhSDn$lZ0C*Q`9{q+=8&M)>u+ap`%*cBI&3YM0Y<(
z%G(GduwS)<@{!Qn3w^0oS?tBnXcE1+6<8WM&0(v{zN7YM^P_dV8^xV8`ZGDl;-tJW
z$Fuo|E|q>%c3be_v!auAFxT0<5ZGF*R&sbsDS3Y-C=1W^*|m`Lpn%nO#~Ae-X0hrq
zC#-r$?nT1^I1<2c>aRQ=_{PQ+i}o3@NZj*A`;zC0P5l9h{y3lv$J3+nwKt^tBaSzF
zNF=GE2aWgg#nn)m_$;!iLqvR(hu<$w1QPLd)T@RsEuddmA!f~k>?t<VquJ3<v!mk?
z27G_$cDs-c-D35H7kG+;14qkqt%~P3>j&17t+*uf!)hobuB1xF^;`4O-48H$1p0vr
zVnmGTE#ju3q<dGn>`9`h2=gx`VQ_Zfyf=Gy>I#R)@0r9acNdtk!mkDC*X7}lh6OMh
z2OBb<LSr|Er_X3$(p$**R-K_o-R$AbkEegot{v3h7!7=3dFK2SG=BU>MWefA&H2(h
zS$d->keNF*h0)TRE<G2?;obWYy1ss(Q_{B3Jl^jSea3bzsc+N>?YiwA`1CAX^SHb3
z)^M^F<&fu{@@BpM>n+wo8|(i^y75Ke{}0NiNCP(8_JrfCg|BwV5AMeC+vYIf)*B*Z
z)_(W{lU)^%%>lHws2$Jv2mk#8P)h>@6aWAK2mo?_k+a+dA`1uzfRS0QfI#|_1`$02
Ka(|JNMiEAobL2t*

delta 1508
zcmV<A1snQ|Ba9;(P)h>@6aWAK2mm{bkXd!I;X9fI001lw000-09T6IlH4uNuQqpbM
z5Ud@Hv}g+?YmubwA9gU%5-o9|M3tnhq+NkM%N}h{vODUBrPwLD4QK<4Jl=Qr@w+>I
z{Q4^Z?^_dRJZIhsc$u}OIf<fXCCpjDQl9g|hU`P7c^Ip_-80cqcpN^Omzr+{ucK4V
zndNU@KII!x2rE<(o>$U}w|Rf~yHUkAUf{4YRwR;Z!a5hRRz_`XxNyD)9$Moq*9IMt
z@d&KlE}3RIw`hbGA882}V^wTKx?8{{Vcv-kOeeUwVbbuR-&r#wVly<x#e|z!i_*5p
zKZ`sCqvOY`o*m8VFcmhd)|KHJ5iK!9+_+4dzw=966a|+Nl7&G=XDWYHrrG<g+Y8M$
zU3pN8#AXQa;}7L6er8;xneD%ytcq1JoBgURKbg(owdBlj(0s!+SOqrYuu)Q~S`;a)
z`9^6DqA-?8Nh`E(l&mPB6ChuI|M?eOI3`D%u)N@nZ-O${ewS~P>%$3J&3TvQW$VmD
zm+vc)yw>XWE^7Tcw_$&tOeqMUD6TS&!RG7^<A&u;q3QyJG1U;A-JlRnWLmT?TH~x6
z<0+I}TZY1;e2Efapo=7ca-Xq$pQw<c!hm4uA_o_G69z_6*L7%UeI7F`fKcf)n(nAW
zU(gF0I%a?uY%RHgJ5>=dqHu%TJO3b6YH%Gl_m8`XkRwc{2f}~f2`_n(pbg+RUEpbD
ztjZf#Tfty)z5rBZ!DFjj!ZFGNKb$dHg+%=5Snt0UQqpC#yzm5=0jx9x+cdoHLTOBx
zD|QzuiuBdhv)Sxqkc{T28*Cwo866;ZhvGi%;tt`Ar!2l3WP;UZTn<=Duqc?kvsk`>
zEeg4)GZAM{lb(N&AVkGxk`P0)*`i9}yW;>J9X<L!#0q+2NGIorhTX`aqM5;7f=Y}t
zWFBHx;D5xU;2^0=DdHw<I>B$PX6<FtTCDI=m$`D#C__0=FG^1rVcz#TDk5IYD-*en
z+RHj(Ih*Gq)fo0PY%2aW)7W1O75y=-EYHXpI3TuGl|6r;nZ3GkFdfPi{(yZiea(LU
za9??eil<&MXql#34}0dIo8l%qP?e53>U}GcrduzE7BHLzudtFG)8@P%K2eW6M1ANW
zlP?QH4b()n(l@4LF*i}!p+^kokG-g{EI;FI<YKMV&F73!jv{uJ8|=cy8ya5kK0Xa8
zld2Ka9$kMp(OAMPyT3uhQzTgSG?ZS5ge2TK2~hWtatp%3Mq^2}g^p_NilnDv6y2v$
zQr=b=f&Ho*ln;d7UFdVIs&X%WMw95-t-#VKXbxLl4IOnq+aI0d-6-y*F`UT-7ANJ6
zIi4-v^{EV_vUepPKP!4!hYOuAN`bA#Y9+^~l#+i}g0k>jpWO&a4+>b{?HHq;!z@-k
z=7d%6$h~Me07n8CPW_c9Bj4D#645;)mZ^K*XkYRowV6L6(VvEt;WRj!UVCGz-{W|*
zheVPodeC^!pIwcWiO(XNIYh)qdHBQPL?Dp_lR-6nX#xGhN-=LAWRJ0t9?g$_njalc
zFyMbfx7&ww=oafQyuec&95`B@YE?ePSwFItY|SN^A67#taV1kSY2KQb?tXy51JL(W
zkRW10ZxJ^QCEdF!<UkSwMVNmn34^l(=e^mxQ&%`VdCMeTxx2uem3|{gzbOxYGA@A0
zG~AMT0Il5=9zUUhNpB(JTXlvWb-RZ*KMjANTRW(~DH`~~^4$3;Y5e%DiY6ad4d*NG
zWaUi)ATxI=fXT`WR-TLG@b0Gxy1u@rQ_{B3JlXFNL&kP3X=v06?Yiq8`1CA^v!ar+
zTf@m#R%4!b%9{`RueaO?ZLI$v>Bbj<|34@XkOpkF-3iB82Vd`y@7;~#x65I~tv4dd
zto!gsCc7#in*(TFQ9GXT5B~cHP)h>@6aWAK2mmd1kh9zcA`1vRjF4G%vf(?E1`$02
KEq0KTMiEAeN5f$N

diff --git a/Solutions/SquidProxy/Package/createUiDefinition.json b/Solutions/SquidProxy/Package/createUiDefinition.json
index 9b1a845c7ef..b988ab7bd27 100644
--- a/Solutions/SquidProxy/Package/createUiDefinition.json
+++ b/Solutions/SquidProxy/Package/createUiDefinition.json
@@ -50,7 +50,7 @@
         "visible": true
       }
     ],
-    "steps": null,
+    "steps": [{}],
     "outputs": {
       "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
       "location": "[location()]",