From e54393f92a65b2ab832c08a2d2169d27d2f4745c Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 29 Nov 2024 12:18:36 +0530
Subject: [PATCH 1/8] Repackage - CyberArk EPV

---
 .../Data/Solution_CyberArkEPVEvents.json      |   8 +-
 .../Package/3.0.3.zip                         | Bin 0 -> 7200 bytes
 .../Package/createUiDefinition.json           |  26 +-
 .../Package/mainTemplate.json                 | 722 +-----------------
 .../ReleaseNotes.md                           |   3 +-
 5 files changed, 13 insertions(+), 746 deletions(-)
 create mode 100644 Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/3.0.3.zip

diff --git a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Data/Solution_CyberArkEPVEvents.json b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Data/Solution_CyberArkEPVEvents.json
index ea1e371598f..69cf06c120c 100644
--- a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Data/Solution_CyberArkEPVEvents.json	
+++ b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Data/Solution_CyberArkEPVEvents.json	
@@ -2,11 +2,7 @@
   "Name": "CyberArk Privilege Access Manager (PAM) Events",
   "Author": "Cyberark",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CyberArk_Logo.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "[CyberArk Enterprise Password Vault](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:~:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024.**",
-  "Data Connectors": [
-    "Data Connectors/CyberArk Data Connector.json",
-	"Data Connectors/template_CyberArkAMA.json"
-  ],
+  "Description": "[CyberArk Enterprise Password Vault](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:~:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.",
   "Workbooks": [
     "Workbooks/CyberArkEPV.json"
   ],
@@ -14,7 +10,7 @@
     "azuresentinel.azure-sentinel-solution-commoneventformat"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\CyberArk Enterprise Password Vault (EPV) Events",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false
diff --git a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/3.0.3.zip b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/3.0.3.zip
new file mode 100644
index 0000000000000000000000000000000000000000..675fa597399dfd3ae92c79adfd66e49be18e9ac2
GIT binary patch
literal 7200
zcmZ{JWl$VYlP&Hp159ukoCGIWaDqdy!CeLzT!Xty(BSUwVQ?q7YjC$9!6C5u-m7}`
zs&==#tGfEu?f%n$PM@QyfQUo{2M31+x2)%@^I_;tsvQju4u=#Dj^y8~nX`q7tA!>+
z%EA(24{?P!*mKypIM`Q%PnGvZh+nCgFI2BlW@2Gb>PYusuJ#k2aSj3`o`iI&0Idc0
z=Jud-=ZaAt5yApt1xj|6#EayMb4z!3eruGo3iZ;-zdpmce$VfQIyTcC8NU3^{@`E%
zwO0<x)4x*BxdIo_Hj2K1t+&Hjs_zsXkEkAp=k%i)nHPKYG3^I8CshW&SkB6)Jf=yT
z?my4JwX3aYZw#zA@8~3>DR~%-s<IZQF6MsRpui!%N}5KAiTL56)12)xp>86M6s6J>
zGN@{yK-P*0PCN*H8F334WKfCu&Lf0rZ*C160LO%&H;+Tz{^VK!xeNRG?_=F~jGpV8
zDoxc$^PLJAFuy^wK>HWR*Z>PqBHU0=LT_kP3i?52=rs4=2fEIu1Lm&#WnCF}<X59N
zPXD1(`4LZx%zKB6#^<xGt=iG3q+mq%Y&3hMIa6ky#;BDPV}%rY8}`QU>;qpQz2=r|
zDg?UuzJ-ZFHy=#~PP^Y;alH?*R@TftE~I{D)^On#>aKrTSh{W0jnMs>8KqNsv~jgf
zhE?Rk9@{g<%Wqlj8ZvxOjvv(RJ-nG^(7h@2N;o4LSdGr2mPPLejFq#O3EHedx>0yU
zsc2{)R;=a*#WKSX{>X;Zper&MSLZp+GhBV&m(Yt-Wgz@UTx`;ONtlWon}q{CP15ja
zE~wH>T9D@|HD%Q)lGqJ*4LFsxnz5}eplzB{Cq~gG`w>MYm5AE7vhV6gp-)X0gDnLZ
zA7jEiSo%P)*K-lC&EM-qH%`Q*tcPFHjHb>Q)ZK9G(aO?s5Ycpk$7pchmE-?Q$j{pi
zF>ItK!fuH0I!Q}~ivWo9X?E&LoAFJserKiYkv5)^a@*exKZp8P$e|alq(@~h0Smle
zILGOI+@a^<4wYjpyOAd;hWgB7SA4hvn96@BHW%+cgV!Qt0sg1d5J}{ROARb{sj^hN
znpq+hj;>|BVs-l!Yri}9aROpO_Fuw#`|3TMQjF2kD7C#5F;-_Em6j)lw&)dT7@~@j
zr1MOnq`2$Zsh^@^uD+}H{7_^SnQ_z~qc=gD9f1;zMWyuyX-RiDzl&v>0-0$28Sil!
z4Q2QOw}6_ai=P4%qe02E!at#il+xXat*Lhn;#QA}?F)4={~pW2gQ+ba78E<W4gsiq
z=g1u{?qSllOT98TQ{&7hzN+Mc_mDIgF0r)tQjF9z*da=R)VM;zWt12jDnY)lq9^L5
z9nH*PFU(~WZPZW55I2$bm2c``k?sy0<xQ2Tdc6LzWEI=w&f|&4fBRWP*OxD<cX5{=
zq~<Um;0EIWsCB=T?};_l*sOnnK%&@k=)UzIn~Oye9JR9YWFpQRo(M`eIbJ61*|~o#
ztX2%sWD7Zh_jHmXnkin>7oM-mq5>4`^4pWb%8EbK`Em*|^wk2V7tYCe^Z4YN0?N1J
zMsAJ_THFS*mP}J=Bds7KJ=G6k)#YXV99tt$G8I(RMq116PZ@Q){kxyY$u++Cs6IL6
z&ll3D#p%O$;ptly3q42>yUPM`zXk_$y9JXr`Zv&|m8AH-I?fs3g_t?a!V{E$UB5}8
zni&&fC49&)8)M5)Xy-sar7fz|*Wh$p5o^e6Yx6#}MfD0YRs7M1RJITgI%KL9H{7Ij
z%;S2l5nFk|YNf<H44uNGE3`ObN`qq@IwcTodjH-aiJ?NVF|aM*kLLjU<_7g=W;%L8
z@n$M>DJM<tbm}VA7PV3~J)4xp^1vYQQvDE-$g$y9c`udO&o@ax(JtDr=hGKzZGQq^
zvfx&Ah#!}mVMkmQRF&ZwPME5h(?_%mSeI!xVR0mlxUnn-<!2xg-@5gX=1+6SY-t)u
z&GJvB$@2CLknOgU=4A9<yO!l9Kp`kpaKC}<_#)=HrUBkXM(nXPioSr-!Q7YL*3p-w
z{jOFva>TS9cpD=Cd@kDdbQbWtd@6AlFwst^BI@<Icy3(tGdBg-v3k(`mi3H*{fvw@
z=UKTh?@t3wdkCk^*(iDi3%Uu2yjXtqY{Cun@M^_}q>(Hc9rZNmJ(TM1m-aM@oP@lW
zlGtl6q*1AB_#&sFY|KCTsRyZ6zmpgl-#!M-p<OgFVN)~JRic0p|G+9N1inuElm{^v
zHh@3lozt^F8OS^(YatdldP91CPiX9a_6h$nMAOym?qCfTpYctTWUH)F#M4jM<aTxP
z;a#vXef4Jwsv8A58BL;df7pAd-$nK>?`J|8^WXC!=bPS1-cxc7-uD(%Ra7lI$)<V;
z;kdR^OQuk{69Ub^J5_C5Me|1$Kzw#_2i50(sQHw%^o$3IpnyKIqK4JOuZi7|OD3S<
z@jJtsnDbmAO`TSz`z9lLVS?6KLBtMPnw^-8y}W9BkN7~c5}sYG)zwOfC+10a-mWlC
zTv><RWN@7H*-@NeZHsssWSplj3&Xk<!Ii;h!a9|jMLSIXMp3I-Stoj?5FyYWxcqTq
zJT>BRNfcKR?FS+@pk$*Q+3Ae@+Pb(H7p-ea`@Hyh)uHec)N_QpY3FU_@^>7?yY&Qz
zZ(Dq}vf9?iZlWn|D|FDJ!tMU;{)0b~#+b(XSPSYA>{kNCYLJuZalYrY*S^{hhcjt<
z*D^l>-5m2cKR<^es@pyWT8h2scFjz2*y8T3r+dWR9EJx7-KBqETH*T`!CAgo2RvE(
zIeJUA+km?Qns!W7>Qu_y|FxFIPb=lKtdt4*eTp!V$gux`x%~NuxhXz>WoX}?J*eu1
zqpz<IOsyS0SubBGi~`vr%Gk*{I+f9%v_9*g5a!%nX~xrG1!S*X<<sxS_c(>(@56!P
zqD#@n-7V?19jR3DZrnSkIHQZ;zb|89X~*BKg$DW=wxqQHC}FkPotD1s-6ry5(V~{t
zYV%Fp3Z5Pc<*^ihC63@iWxEkX6{lx81?Cy`-)d`(TKOHevBHUMD835xo<g*`W4_X}
z7tm!;v@XCctPpiyUihp2KfGgL<g4QymtbZ^00)Pq1_y`#5AQ%tAody-P)ECesOSG6
zopWJ`!@G|Sn<UF`J*8fO=3=ec>52r0BC+RZq>*NH*Oqk=Shx#Haw5O&Z8Ggxl}(NP
z$6lNMGUyE!UZk2Ien%`EXql&vc594cJLxxillZ*rAKGXP4;2Q*h9)aq{aBh)fx%-R
zXCbpC8$5}|ftR)eA%vYK{+GU`-Al)~Upe%iUQnL18;y_Ef5N)aDE;QFE78d*<*mK@
zX}7QN4#`}fAEug66~Cm(4{RZd2FUWHVp5tc1!poxTe}uNvslAV($_hS{{<r`(oS@k
z578Bb#T2kQ1H6`UrVe6a$ivaam5IdhA=$CY?jtkJLBWm=ydVXjS`P}|#MX{WxP0sn
zFC^Uki9{L{2^m9y))5*`!-vFBm$raK@uy`AZs7AZ_N^K3Z|DG0JYD!-_MNMS=DFrZ
zeRGo(QZr+8#_Lp+(jit3IkxX>pgC}20%uyAlygIo7-wuyT(Wi#HO<ed_Y?HlS3$#F
zYk~RMRNzBdU>i=j$tMr=$4LD5M2Tu7`2=modxymFH3Nx)Rc13U=~aN7M(P}D4n)5G
z<i-fpisvzWITRkYjn=1$YGO08J@*%OuItIOub3xjge@7hEBfU)jJp1jb*ttUbe~Hl
zktD0d79^h78ZMWuaJp<;)T<%9P;VEjLsRbakBLjFTD4HUZ!byN@gV_a4d2pylx1jc
z9f}Uo5*VUMKVD@;V2UQ0V})&pj>}$QfOhwFzm#MdVGE)?`Ozw#ySbXiIv0vVWgl4;
z-k%f?HcKfEA?nYK6sqT1Q1ldQ#%N~@3{g-hwxcobqI>k>{sxKIg`1JAk?%gi?j{)Y
z42`&uZ@BP?18#q`qT^RvuFn3F(^sJ74IUAD-V3}PNvA|z^`L4GX50RxqYP-z^o#Tm
za@U)Xs)h~cUmjpGe{E^EZjnP-xh@)wiAq|Qw(Ky+i84>%J+0ydxi9{L@Ov{;njH*$
zV{{<!$v9Uk6sm-juEa@R<Z{kotdCOr=|p+~?xQHB)iirY2y5%Svg=v~j;Zr6UC}Xu
zolE^B%y*CzPI*JLOzcuG8Y9~4lc?=ULC3^nPPCPd=i$EQ294|bN|`6vGvws9I6%_o
z{sq-aTVM~U<Wz^{hmB?@6N!+?w^46A<`-{52x2<dx8km%iUn1xh_Q!8b7sV^8#WnZ
zluzc>8}uhMU&kVhyz4fib4=2B2dnx^6yEP{h5g;G!66hHi!kuEOF6b#jFIPN((xJs
ze&%4Y?WmqVP=*1lQ2R`$B($@_m}Texw4PC@hFF&Z7Ax+|PTQJ>V5>!KLzp_mMU%vA
zv;{KrWoYTkJG8}EMTik{@7q1e5?!JTZg*s@93q-I8m{+fu?uUP;pFVSzSJR{glh3T
zLPpY57!o5#nWa-OiuwH2NON&-9R9?%k>*WnnW)^|(!ABrc8#(cQ*!d!Wov41;H1~z
z^F|}}q>!*|G6Hx^?WMyLy>JEp%2LCkY8E(kXZ2ObT+n6`M{IoPe9+XyCuu@f@OsoX
z4_U?SJ!9~N3j6*z*m3ijDu8YYhknfFQTCu$?^jrTT!zvayQ&Tpn{w_a5JmDi(T1UH
z4@gKnsQ7;P;3+Se<_Qmz98ayGp}#zcDmQS(LddYa7b{V$A;na0a@3dpPSJxvrvV$Z
zV$l#0_^ON(=(0y`0%z$u+7oDx$95xaT*KHSZ!aH%Nez@{oP`pR`Rk>sXYYO%{H|m7
zqW7hW2eC|pC4ib*uBhuir!8EU21o_M-n9V54ik=>k_8=$6A40^7_o7)z6F%DPUB;v
zZ{Tdz*ZVvmP0jF@&20J<f<g3`NPCup`*X~W9)R$;yTvj*OqPfX<QxrJf~e>oz3C*|
zarZW3Xu&Mav_C_1`mhg)RFi(6GtMywF6J6m*-m+h`%hawGkHS+-2(Vv+JL(XwMK!U
zVSF{$j->UU^dWClyqU@-1!)*oKI!4*8AVF4^X$u?m?Z;2@pzNF%Ez}qPE35)%#g!l
zj$`l<)0aQus?A6a{^$;tO1hC1%WMx(q5m`Mh+{GlKJbT}{(GMnPGN&egUfgn6gX+k
zhj_=8wlx6c6#MeHgTR6kSJsOf!dpx$)GU3Ch7f?ZbklE_nd#tyou$qo{XXkTe>3D0
z-e*%8>yKp*{n_JHD3i7&To?!e>H;IVY=Cs}s88vWfXTK){d#iJBg`ia#1p#h5_Ylx
z$4PET1GR9fC{s@6YA{?W>T7ss;U$SDw!CP#&J1htxioby$0I6CTU7@Th=gPtHBZKR
z0lV(eYtNyZsjUHM*kBUcoMO-@ll>m?lwUP0TX%~hTCHqG3z#Uo%QzCA00vqfYy|LM
zlk*n#xFhdl{}#f-*w_M2A1eb}x74Pg%#5bkFtcFVUsPrY-o>KUtw+HP%4dV0{+c=J
zMdBjP$nXRCa1kh16D}BXRY2boGdI4@U_788sQ38#=PH6wvT?S8sXmuC{?xE@kk+lY
zV)2(Eqvg+kqLjvu*D(5CT{7iz@`zWutyfnpfJP1Qni{bdjVEPu8`oUpH>Z*r%(pvF
zIL1!@YI6Dub9oaS0ncSGhXWA$kR?m7<^r{5o0KJhpEzRA{~4Gd$<l@Xee}WmSk5R~
z)}%VkaT?>MS`@ioC%||iFQE{cdlae?E1<0ip0;)Esly5<FVS<>Q19bunn)PB9%>De
zWy5XSUF`EP>zvKqlD~!eU#L+TwQAiQ>RLTruAsyn%oKeCoeC>4b~p>Fsm?a*KTxn#
z81py-+;m5}5=sC7uAAA6$*QMYmlF?1chlsOSiG{ro(1a-);OV{WpV4jned5uZum<k
z!w!ZMi>j=6bDT*8{WP(;;L8PEVFbyrDXyrM^9xnNMv;Zdb9itn95nd%=E?!jjw-9S
zGJg3x&wNIDM;+F4S*)o*r4PlF_jDu#!_5;sbW6yA@X>#AI4g(9iaY6I+;VtpS9|n|
z;7i2(xkeM~#iv+>tBg>zkWcyZc6mcydo?^-H*04~V+fn%HEZc)^V|0*pBmwwR$XP0
z?QUV>lS7Q2VMNa0H?jvzgti}}2&WWV8xE2m7iXVkzu-sE>h@nywcLlryU*IYd2PJy
z2~$RRV9oXm>pr&&;rRcVLmLqOb8rvDeh7ZhcRAqGdZ%>{UnCH^#`k?|9aRiI$vY5E
z%b4!Lem#ET_uv=f!}m@+UFg}*F^j_FgU(KmaxbL0=HbMP<LsWTKMnS+R8nEgVTrcd
zFnT6+8Ks4MXbN|Q-Y;4ZUA%$1(SGv0gn~R((+u?A5$D@}KPUpGsP-2)<h8@SUu_S*
z+c3uU>k6g1F<(2vJ25K|QE*Vt;)x?Bw5nJ6AgWwMV?%UAy4<BN5kx2Uu}lgZo@@T=
z=UGJjd3w}woO>RzdQl6D7obgZ7<#wM1hCv-$43ztUf6!C#!2CO;;Lsyk^VUkguP+`
zAXj)T7!C~P#h*J!zOp?+PGpP8?EO3?IQ+gCU?j`<ik0#&{QUF3P%4_(8k@OFJ=~Ct
zxJeOkQ;&e_V9>>JE>z5S?Co{>S+}R&6@pxE#yK{vpX@F~U%EP<p;Ue!gn@li#<C9W
zAR9@urKIN*q>P`7BcUo$@v<%CGE6DX0=Mao;IVB#@{qKRn9e^TMC=17Pkjie4yzan
zFDnoQdyM^A7v8FXa(#wB7<#q&x{<!IO@hAB2*@^2v^NDT_&UZu5R;8(@Vi47x4rf)
zR=1|x(_@C19N8SbWu^UZFYwLi@m*J>FUWJS;<Cl@K#o$&ZZ}VFr?sw&vU#Ra^1ob*
zmkWJuDqvVEm~jz`WVWdgj;cV(6%zpR5J-RcWn~>Ii6tHV5tTULAY*=TUokx<e&3|a
zV{o3c_WA@kUTekoSQv$oVgEi4)pEZj>TFrl7kLhKI6JrqNm<PVV@ZQbuZ{11k2a@5
zqPfVtlwX&_cS^rNfUk_<aIk>?_OXdX6&`0wqm?1W(7>R|850FhD|JM_R8uou{!E{w
zmpi39^rTM0$<crYXKV667^cQ+81`--nEw*IhL8tkS#PPKSBe^FVd8yfN(RwnfN&u-
z)9S&VA^Tf$SDcIMJ0EQo0v=ojJG44Vo_?g&zMnL1X&YfN!nuE=VzYMKdmbEpX7rrw
zgZ@tEF$#*_H*ga1m*CpEdt<A9CMb4O(by+}y>}{$iqbg>@Vw8bstQ|ICpPTroL)~{
z;k)6j@Fm|O(&{4q8`HY1y~LM;x4%QkOATJFbjTH!i~4HB{cvv3$jw3`r*c$AK1T@7
zEdiqK<i&CyyRA*ISf%K}x74d@d6x_b+XxfzGgJ@Ory##Be6U-n;Eh+pxl>-~v;1*a
zwJ?+^-kW-@-8&*srlBEMOjM7aqcf&UowdVIfY1a(rqO2iQ@g&<)XbxIIc>=3BR}DR
ztpchd(!j2bBEM{Od)+GD<y+xxi@m7NVIqW8%9OnNH0v_lm%7e;jQ$`<L=mi|A~8+W
zm+_lXrG;U90_@E0CYU;trXyR6V>^wqn+T>|V@gR`(`In>*~cy;a?(~QL(xqU;jym@
zviH%PiK~Tja%FTe&_))%G%UviMMcn&UGw6bHcmw-EbK;OxN(TG$oQ<pr(fyl_8wM7
zv%Fsv5M3)hD3E!4ot0iV(r)shp(Tro<=y3b8ayMVORkSv#pLIC))cvDG+wEHzgVSx
zU)$0;{U>d?0*}p|ZTr}_Z&|3S(OqL(_v)~tz}>P&y_jiZKWx?aVs74O2sT-%_3FL=
zqu#**>Q3j;FaDVGwNR1~z7?rAo-sil>C?@gF!oChjQ^X%kt;&XwX^*~22lUxx5}M6
zl3pv{T6ks=Nj9v3)OuKAH$?YW2`M443|q*$brI7zbqYiS_cqo2s$|HTzb}|jn#=}w
z<7XlGsqdZjlgBU!LxhaeQr%<BZ>F)z`@>mjAke2SAK0PU3w-hY;DZFe7QB7GtnJi*
zO2bc3K04AKC<GDaR*Cp}(<Ga_&or}^0#8q&t|gApS+Fj4W4CG_Nvus{6q<v_`8!rv
zJvZVtf*WsM@+8!9Nu5JjoGlRAz!puz<kFp)r!zFVA2$*X9^!SyX`2(mzQX8@A2+&_
zDNLH|)wy8UAW0Dc+{I*`QDni78OuEUeRcgMq+D_i$CsUaK{0k4x8vnO6Z|H07$<K%
zPHhp1+a=`rX8iEtiUo(8nB<n6;e<22O<>gTK>6w6_YtSP;kg6D_A8v<xW*;UwC$X$
z?B^c35%TR;WhfOE?v`(ngXa<MQ<eDrseAk70g?c=znEjDIs(Jwo`T9{j->R^n8d!L
z_*WOjoP0X-E<v_=fO1Zyh~aFIhNmp!g&|tO`~H&xnF@1f`xf%6S7a}ehfs6yc3)4k
zNqJoc;e}#&$fT3HMoBX#vy>Y)lE#W=EZQt+@sfJy$|oO4pmEud6l2ZgW8-{RzUm$-
zcPowWnb?k4;?bbV5)TNbW5NeQ6%oWX&pYv~dTAJ_+1FRm51|Cd_d>w!mn93h#Qdg3
zco!EJxj}?9*SH}|kXp!BcuPQ3L5N~#!?lFhL+Cs6Tw^DzLZ{HS-nreR#*OVv<%WEO
zlCWp~?5nF8ImX6e=INn^3Uu{ha8rS9ieSMW;tk->vI_*w4#}OGylBdPDPle_tME<k
zrRnLFG+SDZyv*I2#g&(A>nPT}oi=ZvRzzNgv2Z*N;5ZprjC5Z+kBzSC#4cM*4M-*!
zPqsjkL;n5txl=P)l6%*Ht82Q(uJlkgJ%zowFyh#O)ma)Rh-(CEM^2;mn+B@wXJd&3
zYF2&H0ChMu=*upF)xo<#mj)qg!U(fF0{YR<pv-wPMO52gFde&jD71Yi0Mud5gVEe`
zoIKpnXUo+50PgnN7Xw9;T5AzMm@_MrjJd(z!g|U@*=n8%BG?Ods>1~Z!QLmxTV%A1
z{izW(FhRjyNq59DQB_V(jNdmUS8@$kLXZH%_Bv{1;HHRvS8zOLn7H%x<4S6qqHl>t
z>r$)b=i7~yFp<WoMs4?dkp}%ly-vm!`}b`89hMii{W(idoi$UP!zq%U>p6=V1{K%e
zrVrRxROE`VL%fSJo|+#&+y3#hr+mxOo-=Zuk&Am*UExOF+){qwIC~|BUwbwTi%m->
zLH8=*Zj}5hLVn<SW>WfTe62z$Jesz0_E&V4)ii3Trp=b~3m_q?w#S;h60EneS2mhx
zvRQKDQ$yE2VU$_`TH@g|hUg4^@$VltdP8`7!&Fs(M<9ax-*vcu)D#>%9QA+FKl@))
px&MF2|3q&6r}h61x%?;b{Wq#hRRJ00KVK03dC0#U_U=E`e*rSUs0;uA

literal 0
HcmV?d00001

diff --git a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/createUiDefinition.json b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/createUiDefinition.json
index b72b8ac13e9..e91e7e6a66e 100644
--- a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/createUiDefinition.json	
+++ b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CyberArk_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyberArk%20Enterprise%20Password%20Vault%20%28EPV%29%20Events/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[CyberArk Enterprise Password Vault](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:~:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024.**\n\n**Data Connectors:** 2, **Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/CyberArk_Logo.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyberArk%20Enterprise%20Password%20Vault%20%28EPV%29%20Events/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[CyberArk Enterprise Password Vault](https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:~:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm) for more guidance on SIEM integrations.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.\n\n**Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the data connector for ingesting CyberArk Privilege Access Manager (PAM) Events in the CEF format into Microsoft Sentinel. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
diff --git a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/mainTemplate.json b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/mainTemplate.json
index 772220306ce..6f73534cc91 100644
--- a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/mainTemplate.json	
+++ b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/Package/mainTemplate.json	
@@ -39,27 +39,9 @@
   },
   "variables": {
     "_solutionName": "CyberArk Privilege Access Manager (PAM) Events",
-    "_solutionVersion": "3.0.2",
+    "_solutionVersion": "3.0.3",
     "solutionId": "cyberark.cyberark_epv_events_mss",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "CyberArk",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "CyberArk",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "uiConfigId2": "CyberArkAma",
-    "_uiConfigId2": "[variables('uiConfigId2')]",
-    "dataConnectorContentId2": "CyberArkAma",
-    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
-    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-    "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
-    "dataConnectorVersion2": "1.0.0",
-    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "workbookVersion1": "1.1.0",
     "workbookContentId1": "CyberArkWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
@@ -70,688 +52,6 @@
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "CyberArk Privilege Access Manager (PAM) Events data connector with template version 3.0.2",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via Legacy Agent",
-                  "publisher": "Cyber-Ark",
-                  "descriptionMarkdown": "CyberArk Privilege Access Manager generates an xml Syslog message for every action taken against the Vault.  The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm) for more guidance on SIEM integrations.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "CyberArk",
-                      "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\""
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "CyberArk Alerts",
-                      "query": "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\"\n| where LogSeverity == \"7\" or LogSeverity == \"10\"\n| sort by TimeGenerated desc"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (CyberArk)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\"\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "innerSteps": [
-                        {
-                          "title": "1.1 Select or create a Linux machine",
-                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                        },
-                        {
-                          "title": "1.2 Install the CEF collector on the Linux machine",
-                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python installed on your machine.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                          "instructions": [
-                            {
-                              "parameters": {
-                                "fillWith": [
-                                  "WorkspaceId",
-                                  "PrimaryKey"
-                                ],
-                                "label": "Run the following command to install and apply the CEF collector:",
-                                "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                              },
-                              "type": "CopyableLabel"
-                            }
-                          ]
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "On the PAM configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address.",
-                      "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python installed on your machine using the following command: python -version\n\n>\n\n> 2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machines security according to your organizations security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "4. Secure your machine "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "1c45e738-21dd-4fcd-9449-e2c9478e9552",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Cyberark"
-                    },
-                    "support": {
-                      "name": "Cyberark",
-                      "link": "https://www.cyberark.com/customer-support/",
-                      "tier": "developer"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "CyberArk Privilege Access Manager (PAM) Events",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Cyberark"
-                },
-                "support": {
-                  "name": "Cyberark",
-                  "tier": "Partner",
-                  "link": "https://www.cyberark.com/services-support/technical-support/"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] CyberArk Enterprise Password Vault (EPV) Events via Legacy Agent",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "CyberArk Privilege Access Manager (PAM) Events",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Cyberark"
-        },
-        "support": {
-          "name": "Cyberark",
-          "tier": "Partner",
-          "link": "https://www.cyberark.com/services-support/technical-support/"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via Legacy Agent",
-          "publisher": "Cyber-Ark",
-          "descriptionMarkdown": "CyberArk Privilege Access Manager generates an xml Syslog message for every action taken against the Vault.  The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm) for more guidance on SIEM integrations.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "CyberArk",
-              "baseQuery": "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\""
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (CyberArk)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\"\n| summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\"\n| summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "CyberArk Alerts",
-              "query": "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\"\n| where LogSeverity == \"7\" or LogSeverity == \"10\"\n| sort by TimeGenerated desc"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python installed on your machine.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "On the PAM configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address.",
-              "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python installed on your machine using the following command: python -version\n\n>\n\n> 2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machines security according to your organizations security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]"
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "CyberArk Privilege Access Manager (PAM) Events data connector with template version 3.0.2",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId2')]",
-                  "title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA",
-                  "publisher": "Cyber-Ark",
-                  "descriptionMarkdown": "CyberArk Privilege Access Manager generates an xml Syslog message for every action taken against the Vault.  The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm) for more guidance on SIEM integrations.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "CyberArk",
-                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Cyber-Ark'\n |where DeviceProduct =~ 'Vault'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "CyberArk Alerts",
-                      "query": "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\"\n| where LogSeverity == \"7\" or LogSeverity == \"10\"\n| sort by TimeGenerated desc"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (CyberArk)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Cyber-Ark'\n |where DeviceProduct =~ 'Vault'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n |where DeviceVendor =~ 'Cyber-Ark'\n |where DeviceProduct =~ 'Vault'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                      },
-                      {
-                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "1. Kindly follow the steps to configure the data connector",
-                            "instructionSteps": [
-                              {
-                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                               
-                              },
-                              {
-                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
-                                "description": "On the PAM configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address."
-                                
-                              },
-                              {
-                                "title": "Step C. Validate connection",
-                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "label": "Run the following command to validate your connectivity:",
-                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                                    },
-                                    "type": "CopyableLabel"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Make sure to configure the machines security according to your organizations security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "2. Secure your machine "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "1c45e738-21dd-4fcd-9449-e2c9478e9552",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Cyberark"
-                    },
-                    "support": {
-                      "name": "Cyberark",
-                      "link": "https://www.cyberark.com/customer-support/",
-                      "tier": "developer"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-                "contentId": "[variables('_dataConnectorContentId2')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "CyberArk Privilege Access Manager (PAM) Events",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Cyberark"
-                },
-                "support": {
-                  "name": "Cyberark",
-                  "tier": "Partner",
-                  "link": "https://www.cyberark.com/services-support/technical-support/"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA",
-        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
-        "id": "[variables('_dataConnectorcontentProductId2')]",
-        "version": "[variables('dataConnectorVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId2')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion2')]",
-        "source": {
-          "kind": "Solution",
-          "name": "CyberArk Privilege Access Manager (PAM) Events",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Cyberark"
-        },
-        "support": {
-          "name": "Cyberark",
-          "tier": "Partner",
-          "link": "https://www.cyberark.com/services-support/technical-support/"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] CyberArk Privilege Access Manager (PAM) Events via AMA",
-          "publisher": "Cyber-Ark",
-          "descriptionMarkdown": "CyberArk Privilege Access Manager generates an xml Syslog message for every action taken against the Vault.  The PAM will send the xml messages through the Microsoft Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog staging server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Microsoft Log Analytics. Refer to the [CyberArk documentation](https://docs.cyberark.com/privilege-cloud-standard/Latest/en/Content/Privilege%20Cloud/privCloud-connect-siem.htm) for more guidance on SIEM integrations.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "CyberArk",
-              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Cyber-Ark'\n |where DeviceProduct =~ 'Vault'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (CyberArk)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Cyber-Ark'\n |where DeviceProduct =~ 'Vault'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n |where DeviceVendor =~ 'Cyber-Ark'\n |where DeviceProduct =~ 'Vault'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "CyberArk Alerts",
-              "query": "CommonSecurityLog\n| where DeviceVendor == \"Cyber-Ark\"\n| where DeviceProduct == \"Vault\"\n| where LogSeverity == \"7\" or LogSeverity == \"10\"\n| sort by TimeGenerated desc"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-              },
-              {
-                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "1. Kindly follow the steps to configure the data connector",
-                    "instructionSteps": [
-                      {
-                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                        
-                      },
-                      {
-                        "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
-                        "description": "On the PAM configure the dbparm.ini to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machines IP address."
-                        
-                      },
-                      {
-                        "title": "Step C. Validate connection",
-                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "label": "Run the following command to validate your connectivity:",
-                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                            },
-                            "type": "CopyableLabel"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "Make sure to configure the machines security according to your organizations security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "2. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId2')]"
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -761,7 +61,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CyberArkEPV Workbook with template version 3.0.2",
+        "description": "CyberArkEPV Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -822,6 +122,10 @@
                     {
                       "contentId": "CyberArkAma",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "CefAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
@@ -847,12 +151,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.2",
+        "version": "3.0.3",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "CyberArk Privilege Access Manager (PAM) Events",
         "publisherDisplayName": "Cyberark",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyberArk%20Enterprise%20Password%20Vault%20%28EPV%29%20Events/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:%7E:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20\">CyberArk Enterprise Password Vault</a> Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the <a href=\"https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm\">CyberArk documentation</a> for more guidance on SIEM integrations.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by <strong>Aug 31, 2024.</strong></p>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CyberArk%20Enterprise%20Password%20Vault%20%28EPV%29%20Events/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CP%20for%20zOS/Installing-the-Enterprise-Password-Vault.htm?TocPath=Installation%7Cz%2FOS%20Credential%20Provider%7C_____2#:%7E:text=%20Enterprise%20Password%20Vault%20%201%20Install%20the,applications%20and%20create%2C%20request%2C%20access%20and...%20More%20\">CyberArk Enterprise Password Vault</a> Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel. The EPV generates an xml Syslog message for every action taken against the Vault. The EPV will send the xml messages through the Sentinel.xsl translator to be converted into CEF standard format and sent to a syslog server of your choice (syslog-ng, rsyslog). The Log Analytics agent installed on your syslog staging server will import the messages into Azure Log Analytics. Refer to the <a href=\"https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/DV-Integrating-with-SIEM-Applications.htm\">CyberArk documentation</a> for more guidance on SIEM integrations.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on <strong>Aug 31, 2024</strong>.</p>\n<p><strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -874,16 +178,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId2')]",
-              "version": "[variables('dataConnectorVersion2')]"
-            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",
diff --git a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/ReleaseNotes.md b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/ReleaseNotes.md
index 757979adf70..5b674f48c19 100644
--- a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/ReleaseNotes.md	
+++ b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/ReleaseNotes.md	
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                                         |
 |-------------|--------------------------------|--------------------------------------------------------------------------------------------|
-| 3.0.2       | 11-07-2024                      |   Deprecating data connectors                                                             |           
+| 3.0.3       | 29-11-2024                     |   Removed Deprecated Data Connectors                                                       |
+| 3.0.2       | 11-07-2024                     |   Deprecating data connectors                                                              |           
 | 3.0.1       | 06-03-2024                     |	Internal terminology changes  															|
 | 3.0.0       | 21-09-2023                     |	Addition of new CyberArk Enterprise Password Vault (EPV) Events AMA **Data Connector**  |
\ No newline at end of file

From c7f0354de33811f4931434573d8723ac4ac86b96 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 29 Nov 2024 12:45:51 +0530
Subject: [PATCH 2/8] Repackaged - Citrix WAF

---
 .../Data/Solution_CitrixWebAppFirewall.json   |   8 +-
 .../Citrix Web App Firewall/Package/3.0.2.zip | Bin 0 -> 4934 bytes
 .../Package/createUiDefinition.json           |  26 +-
 .../Package/mainTemplate.json                 | 768 +-----------------
 .../Citrix Web App Firewall/ReleaseNotes.md   |   1 +
 5 files changed, 12 insertions(+), 791 deletions(-)
 create mode 100644 Solutions/Citrix Web App Firewall/Package/3.0.2.zip

diff --git a/Solutions/Citrix Web App Firewall/Data/Solution_CitrixWebAppFirewall.json b/Solutions/Citrix Web App Firewall/Data/Solution_CitrixWebAppFirewall.json
index d812caa37b6..80f6c0b646c 100644
--- a/Solutions/Citrix Web App Firewall/Data/Solution_CitrixWebAppFirewall.json	
+++ b/Solutions/Citrix Web App Firewall/Data/Solution_CitrixWebAppFirewall.json	
@@ -2,19 +2,15 @@
 	"Name": "Citrix Web App Firewall",
 	"Author": "Citrix Systems",
 	"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/citrix-logo-circle-black.svg\" width=\"75px\" height=\"75px\">",
-	"Description": "[Citrix Web App Firewall (WAF)](https://www.citrix.com/products/citrix-web-app-firewall/) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel to enable you to take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE: **Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.",
+	"Description": "[Citrix Web App Firewall (WAF)](https://www.citrix.com/products/citrix-web-app-firewall/) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel to enable you to take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE: **Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024.**",
 	"Workbooks": [
 		"Solutions/Citrix Web App Firewall/Workbooks/CitrixWAF.json"
 	],
-	"Data Connectors": [
-		"Solutions/Citrix Web App Firewall/Data Connectors/Citrix_WAF.json",
-		"Solutions/Citrix Web App Firewall/Data Connectors/template_Citrix_WAFAMA.json"
-	],
 	"dependentDomainSolutionIds": [
     "azuresentinel.azure-sentinel-solution-commoneventformat"
    ],
 	"BasePath": "C:\\GitHub\\azure",
-	"Version": "3.0.1",
+	"Version": "3.0.2",
 	"Metadata": "SolutionMetadata.json",
 	"TemplateSpec": true,
 	"Is1PConnector": false
diff --git a/Solutions/Citrix Web App Firewall/Package/3.0.2.zip b/Solutions/Citrix Web App Firewall/Package/3.0.2.zip
new file mode 100644
index 0000000000000000000000000000000000000000..318e187c83ca88af98f6c3537243493e6cc944cf
GIT binary patch
literal 4934
zcmZ`-XEYp)wk4wX7HuMoK|~D((L(eYJp>co=!{+>I^XDHkcbjOM(>?yqnGF<(V}-E
zdT%%Py<hLHchC8;*EwsQz1I1)_uAS}yoYo+I5<Q&#qa<l%iCzm-vl@~`?NSX41c#)
z?$#Eb*828});9JCdrx~8gn)yG3!>C;7cnPBclXkKU(SwU0Ljlik0fuOZ6C<xMVBb0
zfnToNWaV0=$ABC_*5Z2)ejA<Hy-y6t5lH51`sAf#5xKVf&42TI^X-jDPqUy`Lr(a6
zmBF{nN!ysihG}A&%p-ix4{5>JetP_D_3t7wvP2YNDj4-K$f%!xNhHhF-VE`O(z95!
zy=y|Rax)}!u~r>>fYkh%n6IP${d*%-b|P$8L&&X}1pry0=OI^4Zs07D9&T76W}*sN
zDV^`Ic{=gU&`GR<^Q6|dQ$Kv@MLd{%H;HKqIH_Ujq@1I`Df}98rvoC*)4%YAVK5hx
zhD6naw%@q$qk4ewO1ES>EauZR9Z$DaFg|DRraSwo1f6o!6oxTI=cyj!gx#a#1A)=v
z?nx_0>Qqj}fP0fO<^j&A?(xZ8?g`H{3IZ%dK_v|LJvHrA7u}HBbB<Ian)CsQWXA-7
z>DUcjYT80EY1AG{W=eRt)Lv!q=xVbZJCoa4<JE@{C|q(@+J1|zYOe6Z7AjNgpSAL(
zZXZ@wUlywnPKkEzg9Z-XbJ3M%PdCu5gYeZR>;0Y=Pya~F3hLOmAZhvrU6-_ewcA`s
zg;n^lQz<}SKsJhMWcyPc`(Zf}LK>o^X7`3i9B#zWl@nuPUfak+W+4>TPV^?V?Pj;%
zC<rs@*Fr(^QYuH76C*8JyFVq$a>&Or#QX57R?_v0rI%#|iGecDm+qYG(a;)>4<6op
zNe|8Pd9^D=3TY52LH>R}Z6gJsq>kPP9f)?+{J<}x!TrcXyYAOvPW7L`Zu9~(Q+yvF
zI)kJ+5;P2ak1ik_OYq|#5O%hjEK$&bKG1m9Z<&mpf@`!pgwW@~xn#$|V;yCCcvNNG
za{WNoRj5Yw_o(Evli1RSwn;HjG7uio@k>F)2j<I>d=w#Z94e;OFwzUBH%*^_Jzxd!
z^Pk=mZ>rhch#p#>$zUaAEW_FfU`nncB`D9Bh0B8M4YypIY?_uwvmM`b%&KeSe3u@e
z3jRsJw-HKNBRv~hM$1V0o;V9J(!q?OUgAkdnscvQx4s?&Orb`Wc%Me#2yY2&l0;dF
z!OVnhP?f+Z$@s;9Z<;Nt$N-n=rv;K<z`PEapDR>k@UmBa*=rC*C4Q{EZiP+0FG|mQ
zdMBn49Ou}tQFtwIbYWEFtn*_P%r?nHsWwN)pA&C_Hrr6G^Ko^obT#!Qe7@64^mrZc
z(dfNK$K23LHn9<(LMyGni4?0_XFa8pBRzFue_e^0B7C*TQdrTj5}(~5AsND@@4y!K
z&fjGe*N9vR+7ywjvjDLRsnV$(lPNNw2q=PQdYx?6No6D_#J|QIabb3<ZweS)n7tk|
z51}$F$tt`%dyf0PoFT7yJ-+C?-zw;oOeugT62tR#gb|C0!mTtvNk;U`zeVmfwA-As
zbcrr0X1LG9p7<=8CNl~VKKNc(s!CVu%dyL$L(U{lDt`0yWuB)+av-T9_K6|sb!XUJ
z=@jyc@<hCvS2cMYCABayQS1%3v=fGMQy)>Y28z63S5@pZ<zSH&4GCOHW&F50Yc*LI
zHr7sw3F~B~TUeim<(ilp2W8>KAgDh-P0h%fsV}gS#Y`veqmX2@4E)vr`lK!B=98Wo
z*0HxbRPvVa2<j;n%Uz$;o;b9fV)$JjdQ>^PpK1QE5DJJkJ!BN{p-}hTV8GpG*j_%L
zB_7=+<b}$@IZeLE1nQpZ?6JI~Kov=cZC)$9+1rc7$`bioJazLQ6$D>e)15A8k`CrC
zj7{#6r*eAKBTK|jk*`PWtFBM734hkVb#t&{Io6phrPk;Y<1AFuBbas8mk~nQ?DMlq
zLElNC8+-dQj}yP{33$3TKos@q&r$PD4{yhnIx}0Bt##AST4+<nV%!J(qyfN2njYK=
z6@{);=fsS<#(5b@p;)pOv5dMpaq@DxTM@}&lg;SC=#5|7hRGQpb=H5JjpjP0_>&zn
z?j_UNBJ51qg84u4Ds*Q#>VSt0F@K8Lsc7klnyj?jxIDUUTI<Kq7AzCyWyMJl>fT`u
zRu<>IU7my4JQ>kXdtz6COW9fs-S<qs+*ZBvB5UGFOJa^HpLmzScktj!%8`1Q)b)Ye
zvBj+zOFBTLZ0V55fz%(h1OdBG42oSxob_<Gy}MXeZB^`=E}3i9#?zI#=d$%ZbZ)`D
z&TzaI9=V(Q=e^2t2Gf@6OIgNWwLT9O+v^5<^5afs;Rc<4*JV2wC9Ac=J<c9862<5B
zq~e)Rj1~~c^h5JW#>5sD>Ac#*dn>K3_doB$TO}0BI~0xQUE@k=unVdS4q0WyZ^UYt
zv!<#_U>E#}Lj{)h-m1l1f)PA{2lr;$|3@I>Bez<ONpWzF`EYQk{|cnDg*`&g+S%3V
zuT1`rG_EtxAXrq6WaRF$pD&m|2qNg#eJOX_-1&K_od%Gc)0AJ$#ck8zDjwF25jDSw
zrd?*V<^*SUJjz%Tbw4-r(T;x3EZQmBX?$yjy{BN`*WxooGrk`|*Dpz1jUW|jg(KZU
zH$hy)PnHCgGzsLHcYT~1u;Nz{*z+)~I5QFyGyWFWM{R|#<1<;Hjr~#I?f`kH=<>lI
znSLe>+R72T3huj!eX9<)$Ztza#fHJ0#s^Aiq@$Z3Hcvzv8>~NfsavR~RZhnfqhmy$
zNoXq@@1tz&QKBn^!b+=r3i+bkya1(4HrITyVONxe$5L^X*9U?WUfEL`zN5L=$Wq2p
z^$jFxyOf4$0(_X^z*|os0*;J{#P;g2AC|dyi~}kA;@`pGQcZZ(1708BKq=E6k-DeZ
zXEq;yz=S4L#OL9w5VNxrQ)}rUnG_`A1BPAXXk#&2<tJQs-9Y}Yql9|*W?lEhn-=H?
zv-!9WZrRd;5pGWlfURs>6VHZR43T&%EMhOSe}oc{Dl(C%X@06$=hLzxzH^A>3$?vy
zef{#!;JaEiME+tPaKE&Sw?cN>HUAtnm>ZX)n#yb0<1{!Uw00dyZ9(6G4EIMG8KP9#
z0#C1UfBZffyk7Y8=hSA#5m=s3GB;aCa~U>6$=O!mi8R;-#L)ug-I;|Xpoz36X$0@S
zk29$-EUAgICrFqo`zDmqTc_oTbC{t6r>U8H0bjmm<oWzTc$e;Zx*|Xfj~p5hQTkE%
z(9f@><5a<P{-Rv&W#OldmJn=|c9fSE+xXsFB0See(LNzL;@bEA#>+FkDV1Vie1B`B
zU)vvD{F=nVrzggm;++bd<)sbSFZlo;E!#tCmPCWe&1{!7M`nkX_$)kImz?a{jLPGm
z8Q1wF1&;sf0>#C|K72KSDO!BfG9;<%QoqQO>~D<D>f^!I-ke;eSKR)X+&_&8ztg3%
zu9Twhc`5m#{OC`xU1mazvWaj1kW}$(a-J3Ma(e8V@aR$>iT%8>U5kP?L$Bmx?9fC7
z5#K7z0<efq<0?x28Pv$FH?@2IW+L+@<O6}=2Lf=Mrf1ZZe04UFlWyZ|cecLO>X65C
z7O`CaU^Jg!1v(F8PdXE-R8|j@<TvJ2pE1TiGUiF0W4}0sHC1l3BaJczctD<FlRLs?
zc41W7-Atw7)weCT+(o~St3UJc80pJ->AE(`4-D`w1Up!N@>#F3!K&BkEB0-Gh-cDs
zCL@ipz%TN^cJFNqsXr2RrclS`;&?yDujuFUfM0S<Ly{;M<EvcX1_92n3EUou(hU&5
zJO9+oL0qg$HvM``6~MG;RiRc7#M7O^wPC)Kp0$X5Ucpk!^6(SxN7kVEw(_Y%pVLpZ
zT?@XO2VBROupm!A1F8ETOi6aT{vD~z&l)JbNT5qdF5#m}{9&~%9J?3ieT&ypfDF7z
z6W^IBa?A}iAJp^FEBOP#5A$DXiYEhgByCNThE3kj2?$o;uv?qM>hqKxw+l-QG9(|6
zkinP%V}c-QouhYV+?n2KQRhxTKLKDLS$0~Q?`@Qdk_bt88IJZe{tckLN(}BB>SeJ_
zb3MjUQ@2rzkV*x$?stmcU_agw(C$;z(O30nNOVcBVFD_R-OqCRjr40iVHIuJVn346
zm;~}J%KZ#WVFyOJCt{!$EmakP6!Si5DZzw8_(C_u2wqJ#o`-8PUGRd|c+@Cdc#Ily
z<AA&K(3x$77)#`;=uSEqEkQ7H3H0Wt38ahM&oB{fQL@_VOKuB>f5wfJCE)4Ir3s|W
zj7#6mjWT%j#-8cQUg`we0sT&5@t8*atCkyUu)-noOsk*(lwVY+Zo3sg%_$cE;dnO4
zaHUBh10ufH(p1r5B!oBz{U&zHj`iy07*?r7DuPppki5g-?$~f5(~kbZt>!-Pc9Ub4
z1YUl|D_y}|5+)Kkj!gfI{7N+++w5Oy+XQn4Z~ephL93FT5XL0SP1l@mJsZ7rdnA=0
zuqfgM*X{+EQ^m3<BwwMgh3dqUxsJy^t7CK?^aV7$R9_Oe{_C)EHcNEe5EHRYQrRYz
zntxfUt_)+@+cGn=;|g=uJ^G1XK4kNDtt&uhuaU$w#xm(9uhpZt?8lkvSDDBqLm#%z
zG1!O&%0OJL(~m`O*~#OoWOFYl5S(L{ILGl8#v19Ll&MQ^i8|?eRYE@P9vJ*g4^;;-
z34Soka5t<8$Ja{4Ns-nKTWC+;9--nbFQaFiR3nzoyCg6Skh85Us3)(ckZ?X$ahGrp
zmRP5L0ZYeFI)QIdZQ>@0^(lgoTUBwXU{?wKu7`r(C&^4?+Ldk9gc?}%YX2ND2(cM4
zdh4T1IIWB{>fJKP>(Y^hEOG3JXux^V6u6Ou2~k{9VGgrrh>PBIW*h=nGy-9zyiExF
zrv@R>&+6$BYRr6T#j*TR)xd%A&px_@Q^^dRF4=4$?p9J@aM^3-Hng2fGi0hBR!U%_
z$HOesJ?8qBxFdSRJ34#3x$&6k%NI{q0@+Tb%0IPN;A1ykhA)j~H4dP2B+Z!NN)&}5
z#kcNW&ZY~e0UZybUAY2xORJUr!C?vSHPx8EA1m4{q8X-+YCE&ip+n5MSBCB7-$~ky
zHG@sdqU;FrtO&+g$xNFnoGE|5l5z2ABXF@|D_Pl6_=fhfS^a7?f`5rthr61UsVP$K
z-;kePc}{nm(^hnI-;y_+t7Z`tyRo11+hT1rjjDXVjO{C^=+D0%ww|xq2^;YG(JsSR
zV<G>Rj@tB%I>+}c6<N0xNnyv@uDht-gkaf06lL~fjik#;MgbWqzz+9`7;x18>*qmL
zl;@r_6!X+%435f!CvWV0XJw@2U1@Q9!<O_|i-zrPG3cJKCCOF~PcDLyKlmh}dJzy~
zRCaYXlyQLG3{P1Yw@WAgSQE6ch-cC+Zb#Z0*NW8UAY~7SJ5ec6`j;4>jU@pqtIYYI
z+}Eg9-=as_fvxRfDdZZ9cHtJ{YK@SmR{x~n0S35pSi31yQ|N1ex@xcDKd^JiJ+XEM
z_d4%U@TEJKG3)E({Q~?_E4$<sK6OjJ6v5D$S9Z2$Ei!)j1IgT5tcq-M>?M~`gQIaC
zwZ9(9Qll5y>ZZvWwNL9!!DMU-YWi5`=fZ>t`3?2gMx9}*kC#|NT^qWHBjnhgiU5^O
zwge@HDYVfW-<$%&@4D!S`UaN`XhP52L#?Y-<Xk)oPKic`?JKA{gLuf=<%lkL^!<1=
zyI^@Y6Eyly-JicpkijSj#jrL10+a^_xJ4(^VGegIeRHd@=w~>aA%w)Bh`f$ppa#y`
zudYO|-yeV!Q=*_x1U%bzot{w@{-gV$H-2Q%xYZZQ`cmNZGwrDgguR%(AFuepftS9U
z;Zi+y)R6~Ifp__F79fj=yx=o5b?Ldl##VnpJe%0PP=$O>4XnjnMd_oQ2+V43c6DtX
z<tA0JXkbo39Q{xHl0D2dLSK#du68cU5md?@VZQ`)S=C^A{*#_~H&NcFXut9K0&v15
zj=A8Wr|Rkp%Xiv3P?P~4eJH82yGDT&^R65jIn;q8E~VoFcPK3KVuGlufw5m*x?%?{
zXkLt!8ItW>4UJ@OlYQc1ROH1FY9bO1e)=afNTECk%X)v;5>Wca=lm%B{RMLZDl?#1
zz&}9YK6s(IXQt8AU&CjfwFQw$b(?%-_S#o2q(nAdr8m77>UHPn2A%i2_AYVZ8=!=D
z0D)#h@J5Ft{ea&N4B3|EH>J-+v?jZoGhe+tJ->tb$iMCqk5^AOw7%YbmdV=N6w9XG
z{RCeE(Iq3oFE1;}Z47v&(O4w0VaqdB&z#_L$3pV$TjI|!P$Ipt$!*a6<D2`J+ECmF
zbU6P#t@`W7ad2_i{tbWYzhqbcN%EhL{@<tnOTte0|M+`tDE{Ak3<u}I-wywaB{ct@
F{sqnGH}wDj

literal 0
HcmV?d00001

diff --git a/Solutions/Citrix Web App Firewall/Package/createUiDefinition.json b/Solutions/Citrix Web App Firewall/Package/createUiDefinition.json
index eef3b5198da..9b82210be59 100644
--- a/Solutions/Citrix Web App Firewall/Package/createUiDefinition.json	
+++ b/Solutions/Citrix Web App Firewall/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/citrix-logo-circle-black.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Citrix%20Web%20App%20Firewall/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Citrix Web App Firewall (WAF)](https://www.citrix.com/products/citrix-web-app-firewall/) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel to enable you to take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE: **Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.\n\n**Data Connectors:** 2, **Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/citrix-logo-circle-black.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Citrix%20Web%20App%20Firewall/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Citrix Web App Firewall (WAF)](https://www.citrix.com/products/citrix-web-app-firewall/) Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel to enable you to take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE: **Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024.**\n\n**Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Citrix Web App Firewall. You can get Citrix Web App Firewall CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
diff --git a/Solutions/Citrix Web App Firewall/Package/mainTemplate.json b/Solutions/Citrix Web App Firewall/Package/mainTemplate.json
index 0271823248c..09d4d87c28a 100644
--- a/Solutions/Citrix Web App Firewall/Package/mainTemplate.json	
+++ b/Solutions/Citrix Web App Firewall/Package/mainTemplate.json	
@@ -39,7 +39,7 @@
   },
   "variables": {
     "_solutionName": "Citrix Web App Firewall",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "citrix.citrix_waf_mss",
     "_solutionId": "[variables('solutionId')]",
     "workbookVersion1": "1.0.0",
@@ -49,24 +49,6 @@
     "_workbookContentId1": "[variables('workbookContentId1')]",
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
-    "uiConfigId1": "CitrixWAF",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "CitrixWAF",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "uiConfigId2": "CitrixWAFAma",
-    "_uiConfigId2": "[variables('uiConfigId2')]",
-    "dataConnectorContentId2": "CitrixWAFAma",
-    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
-    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-    "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
-    "dataConnectorVersion2": "1.0.0",
-    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -79,7 +61,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CitrixWAF Workbook with template version 3.0.1",
+        "description": "CitrixWAF Workbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -140,6 +122,10 @@
                     {
                       "contentId": "CitrixWAFAma",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "CefAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
@@ -160,745 +146,17 @@
         "version": "[variables('workbookVersion1')]"
       }
     },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Citrix Web App Firewall data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Citrix WAF (Web App Firewall) via Legacy Agent",
-                  "publisher": "Citrix Systems Inc.",
-                  "descriptionMarkdown": " Citrix WAF (Web App Firewall) is an industry leading enterprise-grade WAF solution. Citrix WAF mitigates threats against your public-facing assets, including websites, apps, and APIs. From layer 3 to layer 7, Citrix WAF includes protections such as IP reputation, bot mitigation, defense against the OWASP Top 10 application threats, built-in signatures to protect against application stack vulnerabilities, and more. \n\nCitrix WAF supports Common Event Format (CEF) which is an industry standard format on top of Syslog messages . By connecting Citrix WAF CEF logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "CitrixWafLogs",
-                      "baseQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Citrix WAF Logs",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n"
-                    },
-                    {
-                      "description": "Citrix Waf logs for cross site scripting",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_XSS\"\n"
-                    },
-                    {
-                      "description": "Citrix Waf logs for SQL Injection",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_SQL\"\n"
-                    },
-                    {
-                      "description": "Citrix Waf logs for Bufferoverflow",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_STARTURL\"\n"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (CitrixWAFLogs)",
-                      "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "innerSteps": [
-                        {
-                          "title": "1.1 Select or create a Linux machine",
-                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                        },
-                        {
-                          "title": "1.2 Install the CEF collector on the Linux machine",
-                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                          "instructions": [
-                            {
-                              "parameters": {
-                                "fillWith": [
-                                  "WorkspaceId",
-                                  "PrimaryKey"
-                                ],
-                                "label": "Run the following command to install and apply the CEF collector:",
-                                "value": "sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                              },
-                              "type": "CopyableLabel"
-                            }
-                          ]
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "Configure Citrix WAF to send Syslog messages in CEF format to the proxy machine using the steps below. \n\n1. Follow [this guide](https://support.citrix.com/article/CTX234174) to configure WAF.\n\n2. Follow [this guide](https://support.citrix.com/article/CTX136146) to configure CEF logs.\n\n3. Follow [this guide](https://docs.citrix.com/en-us/citrix-adc/13/system/audit-logging/configuring-audit-logging.html) to forward the logs to proxy . Make sure you to send the logs to port 514 TCP on the Linux machine's IP address.\n\n",
-                      "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "4. Secure your machine "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "7504f78d-1928-4399-a1ae-ba826c47c42d",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Citrix Systems"
-                    },
-                    "support": {
-                      "name": "Citrix Systems",
-                      "link": "https://www.citrix.com/support/",
-                      "tier": "developer"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Citrix Web App Firewall",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Citrix Systems"
-                },
-                "support": {
-                  "tier": "Partner",
-                  "name": "Citrix Systems",
-                  "link": "https://www.citrix.com/support/"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Citrix WAF (Web App Firewall) via Legacy Agent",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Citrix Web App Firewall",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Citrix Systems"
-        },
-        "support": {
-          "tier": "Partner",
-          "name": "Citrix Systems",
-          "link": "https://www.citrix.com/support/"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Citrix WAF (Web App Firewall) via Legacy Agent",
-          "publisher": "Citrix Systems Inc.",
-          "descriptionMarkdown": " Citrix WAF (Web App Firewall) is an industry leading enterprise-grade WAF solution. Citrix WAF mitigates threats against your public-facing assets, including websites, apps, and APIs. From layer 3 to layer 7, Citrix WAF includes protections such as IP reputation, bot mitigation, defense against the OWASP Top 10 application threats, built-in signatures to protect against application stack vulnerabilities, and more. \n\nCitrix WAF supports Common Event Format (CEF) which is an industry standard format on top of Syslog messages . By connecting Citrix WAF CEF logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "CitrixWafLogs",
-              "baseQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (CitrixWAFLogs)",
-              "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Citrix WAF Logs",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n"
-            },
-            {
-              "description": "Citrix Waf logs for cross site scripting",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_XSS\"\n"
-            },
-            {
-              "description": "Citrix Waf logs for SQL Injection",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_SQL\"\n"
-            },
-            {
-              "description": "Citrix Waf logs for Bufferoverflow",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_STARTURL\"\n"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "Configure Citrix WAF to send Syslog messages in CEF format to the proxy machine using the steps below. \n\n1. Follow [this guide](https://support.citrix.com/article/CTX234174) to configure WAF.\n\n2. Follow [this guide](https://support.citrix.com/article/CTX136146) to configure CEF logs.\n\n3. Follow [this guide](https://docs.citrix.com/en-us/citrix-adc/13/system/audit-logging/configuring-audit-logging.html) to forward the logs to proxy . Make sure you to send the logs to port 514 TCP on the Linux machine's IP address.\n\n",
-              "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]"
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Citrix Web App Firewall data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId2')]",
-                  "title": "[Deprecated] Citrix WAF (Web App Firewall) via AMA",
-                  "publisher": "Citrix Systems Inc.",
-                  "descriptionMarkdown": " Citrix WAF (Web App Firewall) is an industry leading enterprise-grade WAF solution. Citrix WAF mitigates threats against your public-facing assets, including websites, apps, and APIs. From layer 3 to layer 7, Citrix WAF includes protections such as IP reputation, bot mitigation, defense against the OWASP Top 10 application threats, built-in signatures to protect against application stack vulnerabilities, and more. \n\nCitrix WAF supports Common Event Format (CEF) which is an industry standard format on top of Syslog messages . By connecting Citrix WAF CEF logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "CitrixWafLogs",
-                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Citrix'\n |where DeviceProduct =~ 'NetScaler'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Citrix WAF Logs",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n"
-                    },
-                    {
-                      "description": "Citrix Waf logs for cross site scripting",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_XSS\"\n"
-                    },
-                    {
-                      "description": "Citrix Waf logs for SQL Injection",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_SQL\"\n"
-                    },
-                    {
-                      "description": "Citrix Waf logs for Bufferoverflow",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_STARTURL\"\n"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (CitrixWAFLogs)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Citrix'\n |where DeviceProduct =~ 'NetScaler'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n |where DeviceVendor =~ 'Citrix'\n |where DeviceProduct =~ 'NetScaler'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                      },
-                      {
-                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "1. Kindly follow the steps to configure the data connector",
-                            "instructionSteps": [
-                              {
-                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                              },
-                              {
-                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
-                                "description": "Configure Citrix WAF to send Syslog messages in CEF format to the proxy machine using the steps below. \n\n1. Follow [this guide](https://support.citrix.com/article/CTX234174) to configure WAF.\n\n2. Follow [this guide](https://support.citrix.com/article/CTX136146) to configure CEF logs.\n\n3. Follow [this guide](https://docs.citrix.com/en-us/citrix-adc/13/system/audit-logging/configuring-audit-logging.html) to forward the logs to proxy . Make sure you to send the logs to port 514 TCP on the Linux machine's IP address.\n\n"
-                              },
-                              {
-                                "title": "Step C. Validate connection",
-                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "label": "Run the following command to validate your connectivity:",
-                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                                    },
-                                    "type": "CopyableLabel"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "2. Secure your machine "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "7504f78d-1928-4399-a1ae-ba826c47c42d",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Citrix Systems"
-                    },
-                    "support": {
-                      "name": "Citrix Systems",
-                      "link": "https://www.citrix.com/support/",
-                      "tier": "developer"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-                "contentId": "[variables('_dataConnectorContentId2')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Citrix Web App Firewall",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Citrix Systems"
-                },
-                "support": {
-                  "tier": "Partner",
-                  "name": "Citrix Systems",
-                  "link": "https://www.citrix.com/support/"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Citrix WAF (Web App Firewall) via AMA",
-        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
-        "id": "[variables('_dataConnectorcontentProductId2')]",
-        "version": "[variables('dataConnectorVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId2')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion2')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Citrix Web App Firewall",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Citrix Systems"
-        },
-        "support": {
-          "tier": "Partner",
-          "name": "Citrix Systems",
-          "link": "https://www.citrix.com/support/"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Citrix WAF (Web App Firewall) via AMA",
-          "publisher": "Citrix Systems Inc.",
-          "descriptionMarkdown": " Citrix WAF (Web App Firewall) is an industry leading enterprise-grade WAF solution. Citrix WAF mitigates threats against your public-facing assets, including websites, apps, and APIs. From layer 3 to layer 7, Citrix WAF includes protections such as IP reputation, bot mitigation, defense against the OWASP Top 10 application threats, built-in signatures to protect against application stack vulnerabilities, and more. \n\nCitrix WAF supports Common Event Format (CEF) which is an industry standard format on top of Syslog messages . By connecting Citrix WAF CEF logs to Microsoft Sentinel, you can take advantage of search & correlation, alerting, and threat intelligence enrichment for each log.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "CitrixWafLogs",
-              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Citrix'\n |where DeviceProduct =~ 'NetScaler'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (CitrixWAFLogs)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Citrix'\n |where DeviceProduct =~ 'NetScaler'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n |where DeviceVendor =~ 'Citrix'\n |where DeviceProduct =~ 'NetScaler'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Citrix WAF Logs",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n"
-            },
-            {
-              "description": "Citrix Waf logs for cross site scripting",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_XSS\"\n"
-            },
-            {
-              "description": "Citrix Waf logs for SQL Injection",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_SQL\"\n"
-            },
-            {
-              "description": "Citrix Waf logs for Bufferoverflow",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Citrix\"\n| where DeviceProduct == \"NetScaler\"\n| where Activity == \"APPFW_STARTURL\"\n"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-              },
-              {
-                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "1. Kindly follow the steps to configure the data connector",
-                    "instructionSteps": [
-                      {
-                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                      },
-                      {
-                        "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
-                        "description": "Configure Citrix WAF to send Syslog messages in CEF format to the proxy machine using the steps below. \n\n1. Follow [this guide](https://support.citrix.com/article/CTX234174) to configure WAF.\n\n2. Follow [this guide](https://support.citrix.com/article/CTX136146) to configure CEF logs.\n\n3. Follow [this guide](https://docs.citrix.com/en-us/citrix-adc/13/system/audit-logging/configuring-audit-logging.html) to forward the logs to proxy . Make sure you to send the logs to port 514 TCP on the Linux machine's IP address.\n\n"
-                      },
-                      {
-                        "title": "Step C. Validate connection",
-                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "label": "Run the following command to validate your connectivity:",
-                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                            },
-                            "type": "CopyableLabel"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "2. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId2')]"
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Citrix Web App Firewall",
         "publisherDisplayName": "Citrix Systems",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Citrix%20Web%20App%20Firewall/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://www.citrix.com/products/citrix-web-app-firewall/\">Citrix Web App Firewall (WAF)</a> Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel to enable you to take advantage of search &amp; correlation, alerting, and threat intelligence enrichment for each log.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p>**NOTE: **Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Citrix%20Web%20App%20Firewall/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://www.citrix.com/products/citrix-web-app-firewall/\">Citrix Web App Firewall (WAF)</a> Solution for Microsoft Sentinel enables ingestion of Common Event Format (CEF) logs into Microsoft Sentinel to enable you to take advantage of search &amp; correlation, alerting, and threat intelligence enrichment for each log.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p>**NOTE: **Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on <strong>Aug 31, 2024.</strong></p>\n<p><strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -925,16 +183,6 @@
               "contentId": "[variables('_workbookContentId1')]",
               "version": "[variables('workbookVersion1')]"
             },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId2')]",
-              "version": "[variables('dataConnectorVersion2')]"
-            },
             {
               "kind": "Solution",
               "contentId": "azuresentinel.azure-sentinel-solution-commoneventformat"
diff --git a/Solutions/Citrix Web App Firewall/ReleaseNotes.md b/Solutions/Citrix Web App Firewall/ReleaseNotes.md
index b129ba9b5ab..1614194e209 100644
--- a/Solutions/Citrix Web App Firewall/ReleaseNotes.md	
+++ b/Solutions/Citrix Web App Firewall/ReleaseNotes.md	
@@ -1,4 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.2       | 29-11-2024                     |    Removed Deprecated **Data Connectors**                          |
 | 3.0.1       | 10-07-2024                     |    Deprecating data connectors.                                    |
 | 3.0.0       | 08-09-2023                     |	Addition of new Citrix Web App Firewall AMA **Data Connector**  |

From b8ff0c8d3138609464e1fefb1176cb39d8fccffa Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 29 Nov 2024 13:22:09 +0530
Subject: [PATCH 3/8] Updated Analytical Rule

---
 .../Analytic Rules/VectraDetect-Account-Detections.yaml   | 8 +-------
 .../Analytic Rules/VectraDetect-Account-by-Severity.yaml  | 8 +-------
 .../VectraDetect-HighSeverityDetection-by-Tactics.yaml    | 8 +-------
 .../Analytic Rules/VectraDetect-Host-Detections.yaml      | 8 +-------
 .../Analytic Rules/VectraDetect-Host-by-Severity.yaml     | 8 +-------
 .../Analytic Rules/VectraDetect-NewCampaign.yaml          | 8 +-------
 .../VectraDetect-Suspected-Behavior-by-Tactics.yaml       | 8 +-------
 .../Vectra AI Detect/Data/Solution_Vectra AI Detect.json  | 8 ++------
 8 files changed, 9 insertions(+), 55 deletions(-)

diff --git a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-Detections.yaml b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-Detections.yaml
index 6a987f3a2d4..f87b75adf29 100644
--- a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-Detections.yaml	
+++ b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-Detections.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Informational
 status: Available
 requiredDataConnectors:
-  - connectorId: AIVectraDetect
-    dataTypes:
-      - CommonSecurityLog
-  - connectorId: AIVectraDetectAma
-    dataTypes:
-      - CommonSecurityLog
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -96,5 +90,5 @@ alertDetailsOverride:
 customDetails:
   AttackType: Activity
   AttackCategory: Category
-version: 1.0.4
+version: 1.0.5
 kind: Scheduled
diff --git a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-by-Severity.yaml b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-by-Severity.yaml
index ffc032369f6..d205973e7c3 100644
--- a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-by-Severity.yaml	
+++ b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Account-by-Severity.yaml	
@@ -7,12 +7,6 @@ description: |
 severity: Informational
 status: Available
 requiredDataConnectors:
-  - connectorId: AIVectraDetect
-    dataTypes:
-      - CommonSecurityLog
-  - connectorId: AIVectraDetectAma
-    dataTypes:
-      - CommonSecurityLog
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -98,5 +92,5 @@ incidentConfiguration:
     matchingMethod: AllEntities
 customDetails:
   ScoreDecrease: score_decreases
-version: 1.0.8
+version: 1.0.9
 kind: Scheduled
diff --git a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-HighSeverityDetection-by-Tactics.yaml b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-HighSeverityDetection-by-Tactics.yaml
index c429859045d..e3ce2891c9b 100644
--- a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-HighSeverityDetection-by-Tactics.yaml	
+++ b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-HighSeverityDetection-by-Tactics.yaml	
@@ -7,12 +7,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: AIVectraDetect
-    dataTypes:
-      - CommonSecurityLog
-  - connectorId: AIVectraDetectAma
-    dataTypes:
-      - CommonSecurityLog
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -116,5 +110,5 @@ incidentConfiguration:
 customDetails:
   AttackType: Activity
   AttackCategory: Category  
-version: 1.0.9
+version: 1.1.0
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-Detections.yaml b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-Detections.yaml
index df8dbc38638..4cfad1f6d8b 100644
--- a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-Detections.yaml	
+++ b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-Detections.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Informational
 status: Available
 requiredDataConnectors:
-  - connectorId: AIVectraDetect
-    dataTypes:
-      - CommonSecurityLog
-  - connectorId: AIVectraDetectAma
-    dataTypes:
-      - CommonSecurityLog
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -89,5 +83,5 @@ alertDetailsOverride:
 customDetails:
   AttackType: Activity
   AttackCategory: Category
-version: 1.0.4
+version: 1.0.5
 kind: Scheduled
diff --git a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-by-Severity.yaml b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-by-Severity.yaml
index 5de9794b448..d940010f273 100644
--- a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-by-Severity.yaml	
+++ b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Host-by-Severity.yaml	
@@ -7,12 +7,6 @@ description: |
 severity: Informational
 status: Available
 requiredDataConnectors:
-  - connectorId: AIVectraDetect
-    dataTypes:
-      - CommonSecurityLog
-  - connectorId: AIVectraDetectAma
-    dataTypes:
-      - CommonSecurityLog
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -89,5 +83,5 @@ incidentConfiguration:
     matchingMethod: AllEntities
 customDetails:
   ScoreDecrease: score_decreases
-version: 1.0.8
+version: 1.0.9
 kind: Scheduled
diff --git a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-NewCampaign.yaml b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-NewCampaign.yaml
index 9f56235bff0..de2032d7ddf 100644
--- a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-NewCampaign.yaml	
+++ b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-NewCampaign.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: AIVectraDetect
-    dataTypes:
-      - CommonSecurityLog
-  - connectorId: AIVectraDetectAma
-    dataTypes:
-      - CommonSecurityLog
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -64,5 +58,5 @@ customDetails:
   CampaignName: Activity 
   CampaignReason: reason 
   CampaignSourceHost: SourceHostName
-version: 1.2.0
+version: 1.2.3
 kind: Scheduled
diff --git a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Suspected-Behavior-by-Tactics.yaml b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Suspected-Behavior-by-Tactics.yaml
index ed8102c67c3..511e49a576f 100644
--- a/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Suspected-Behavior-by-Tactics.yaml	
+++ b/Solutions/Vectra AI Detect/Analytic Rules/VectraDetect-Suspected-Behavior-by-Tactics.yaml	
@@ -6,12 +6,6 @@ description: |
 severity: Informational
 status: Available
 requiredDataConnectors:
-  - connectorId: AIVectraDetect
-    dataTypes:
-      - CommonSecurityLog
-  - connectorId: AIVectraDetectAma
-    dataTypes:
-      - CommonSecurityLog
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -102,5 +96,5 @@ alertDetailsOverride:
 customDetails:
   AttackType: Activity
   AttackCategory: Category
-version: 1.1.0
+version: 1.1.1
 kind: Scheduled
diff --git a/Solutions/Vectra AI Detect/Data/Solution_Vectra AI Detect.json b/Solutions/Vectra AI Detect/Data/Solution_Vectra AI Detect.json
index 86168021ded..82caecc95a9 100644
--- a/Solutions/Vectra AI Detect/Data/Solution_Vectra AI Detect.json	
+++ b/Solutions/Vectra AI Detect/Data/Solution_Vectra AI Detect.json	
@@ -2,11 +2,7 @@
   "Name": "Vectra AI Detect",
   "Author": "Vectra AI",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AIVectraDetect.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Vectra AI Detect](https://www.vectra.ai/products/platform%22%20/t%20%22_blank) solution for Microsoft Sentinel enables you to ingest Vectra AI logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.\n\r This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.",
-  "Data Connectors": [
-    "Data Connectors/AIVectraDetect.json",
-    "Data Connectors/template_AIVectraDetectAma.json"
-  ],
+  "Description": "The [Vectra AI Detect](https://www.vectra.ai/products/platform%22%20/t%20%22_blank) solution for Microsoft Sentinel enables you to ingest Vectra AI logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.\n\r This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024.**",
   "Workbooks": [
     "Workbooks/AIVectraDetectWorkbook.json"
   ], 
@@ -23,7 +19,7 @@
     "azuresentinel.azure-sentinel-solution-commoneventformat"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Vectra AI Detect",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false

From bad881d493bc9c73cd4e44df0426b3dd0d6d4b23 Mon Sep 17 00:00:00 2001
From: v-shukore <v-shukore@microsoft.com>
Date: Fri, 29 Nov 2024 19:13:40 +0530
Subject: [PATCH 4/8] update releasenotes and workbookmetadata.json

---
 .../ReleaseNotes.md                                       | 8 ++++----
 Solutions/Vectra AI Detect/ReleaseNotes.md                | 3 ++-
 .../V2/WorkbookMetadata/WorkbooksMetadata.json            | 6 ++----
 Workbooks/WorkbooksMetadata.json                          | 4 ----
 4 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/ReleaseNotes.md b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/ReleaseNotes.md
index 5b674f48c19..9b48fb28e5d 100644
--- a/Solutions/CyberArk Enterprise Password Vault (EPV) Events/ReleaseNotes.md	
+++ b/Solutions/CyberArk Enterprise Password Vault (EPV) Events/ReleaseNotes.md	
@@ -1,6 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                                         |
 |-------------|--------------------------------|--------------------------------------------------------------------------------------------|
-| 3.0.3       | 29-11-2024                     |   Removed Deprecated Data Connectors                                                       |
-| 3.0.2       | 11-07-2024                     |   Deprecating data connectors                                                              |           
-| 3.0.1       | 06-03-2024                     |	Internal terminology changes  															|
-| 3.0.0       | 21-09-2023                     |	Addition of new CyberArk Enterprise Password Vault (EPV) Events AMA **Data Connector**  |
\ No newline at end of file
+| 3.0.3       | 29-11-2024                     | Removed Deprecated **Data Connectors**   	                                                |
+| 3.0.2       | 11-07-2024                     | Deprecating **data connectors**                                                            |           
+| 3.0.1       | 06-03-2024                     | Internal terminology changes  																|
+| 3.0.0       | 21-09-2023                     | Addition of new CyberArk Enterprise Password Vault (EPV) Events AMA **Data Connector**  	|
\ No newline at end of file
diff --git a/Solutions/Vectra AI Detect/ReleaseNotes.md b/Solutions/Vectra AI Detect/ReleaseNotes.md
index 427204b2206..0b1adb4fd2a 100644
--- a/Solutions/Vectra AI Detect/ReleaseNotes.md	
+++ b/Solutions/Vectra AI Detect/ReleaseNotes.md	
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                          |
 |-------------|--------------------------------|-------------------------------------------------------------|
-| 3.0.1       | 27-06-2024                     | Deprecating data connectors                                 |
+| 3.0.2       | 29-11-2024                     | Removed Deprecated **Data Connectors**                      |
+| 3.0.1       | 27-06-2024                     | Deprecating **Data Connectors**                             |
 | 3.0.0       | 16-02-2024                     | Addition of new  Vectra AI Detect AMA **Data Connector**    |
 
diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
index f47334bec0a..cab991f7f99 100644
--- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
+++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
@@ -1545,8 +1545,7 @@
             "CommonSecurityLog"
         ],
         "dataConnectorsDependencies": [
-            "CyberArk",
-			"CyberArkAma"
+            "CefAma"
         ],
         "previewImagesFileNames": [
             "CyberArkActivitiesWhite.PNG",
@@ -1584,8 +1583,7 @@
             "CommonSecurityLog"
         ],
         "dataConnectorsDependencies": [
-            "CitrixWAF",
-			"CitrixWAFAma"
+            "CefAma"
         ],
         "previewImagesFileNames": [
             "CitrixWAFBlack.png",
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
index 0cc38478933..1edeb208dfd 100644
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@@ -1944,8 +1944,6 @@
 			"CommonSecurityLog"
 		],
 		"dataConnectorsDependencies": [
-			"CyberArk",
-			"CyberArkAma",
 			"CefAma"
 		],
 		"previewImagesFileNames": [
@@ -1998,8 +1996,6 @@
 			"CommonSecurityLog"
 		],
 		"dataConnectorsDependencies": [
-			"CitrixWAF",
-			"CitrixWAFAma",
 			"CefAma"
 		],
 		"previewImagesFileNames": [

From d9f57281e4e7f297bfe1149542f4201cbd85c6a5 Mon Sep 17 00:00:00 2001
From: v-shukore <v-shukore@microsoft.com>
Date: Fri, 29 Nov 2024 19:40:52 +0530
Subject: [PATCH 5/8] Update ReleaseNotes.md

---
 Solutions/Vectra AI Detect/ReleaseNotes.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Solutions/Vectra AI Detect/ReleaseNotes.md b/Solutions/Vectra AI Detect/ReleaseNotes.md
index 0b1adb4fd2a..c7576ce7028 100644
--- a/Solutions/Vectra AI Detect/ReleaseNotes.md	
+++ b/Solutions/Vectra AI Detect/ReleaseNotes.md	
@@ -1,6 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                          |
 |-------------|--------------------------------|-------------------------------------------------------------|
-| 3.0.2       | 29-11-2024                     | Removed Deprecated **Data Connectors**                      |
 | 3.0.1       | 27-06-2024                     | Deprecating **Data Connectors**                             |
 | 3.0.0       | 16-02-2024                     | Addition of new  Vectra AI Detect AMA **Data Connector**    |
 

From 6e0b1123d72ec5b565eddb1659da29ac028d6ae7 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Mon, 2 Dec 2024 10:46:29 +0530
Subject: [PATCH 6/8] Update Package Vectra AI Detect

---
 Solutions/Vectra AI Detect/Package/3.0.2.zip  |  Bin 0 -> 18344 bytes
 .../Package/createUiDefinition.json           |   26 +-
 .../Package/mainTemplate.json                 | 1166 +++--------------
 3 files changed, 192 insertions(+), 1000 deletions(-)
 create mode 100644 Solutions/Vectra AI Detect/Package/3.0.2.zip

diff --git a/Solutions/Vectra AI Detect/Package/3.0.2.zip b/Solutions/Vectra AI Detect/Package/3.0.2.zip
new file mode 100644
index 0000000000000000000000000000000000000000..f618c206cc50065b4f83f92a1db1afc6bdea7bb3
GIT binary patch
literal 18344
zcmV)wK$O2wO9KQH000080LD~;S#(p;MOX>|02(R)02crN0Aq4xVRU6xX+&jaX>MtB
zX>V>WYIARH?ON+@8@Uz!U!d<ms9jhxq><w!o5E;zq1evGfV~^UZt}x60&0emxSknK
zNsbh68epGgAFWT)?~rr#$hoZTcw00G1c^L6H-6_r((nKLC&qezHQ_=eytl)83u`m8
zGambqAmJ&Wi$tV0;J@Tr1ffcbIWyi09t7K?OpB!ytMRTD+=_o3?1`C7rIjiTj`G;b
z*GcfRQR!cLLnmv&(<m02WF5&+E2CyMm^j`I4h8X2Xahz>+!9tyXI%3{SP+5YJq=+n
zROw94>j4Z&^G5!{b%engkBt~sGgEG4Xqv<rjD!ib%xod~?=qP)qr<0Xm3K5>1#@W^
z`7}2|L!u=Qk#C$O{&RGUL79qp3}->f@u8Y4GoBp07NOOA4~mC2Fw6N_kF8{67ZC8|
zarO>B7edY#w)*|uS$dXkZvLpO*xB4<FJr-tU|P(CW>zt~5NxL6Sgm9_XHzj#S}>U!
z%j1|vXx^weCxdnv@%s0#zp+=&ldVa1`bv1-B+8ukOMAVo*BfZH5T%vJ1v4}Dc7C(H
zH95eCw|87fZ~}rP8jw1S^f_4wsGaajSinv%QngB%G$wEA!7l(wGd6|XQg7p^J@J5L
zLR$_9lI7$aX;`V#kY!!pC0&;Vq!komr``rOIbdG@T9?&o6)fFsz~wm8D#}A^##ziQ
zxFz3gZ^P)Z#RtB=oyI)97}TBy39InWN=Gu0@@Xs#yHq)82UUcztX3jcbAwS#br%m=
zZp!W6RY?LV`%BER=TL`R*5BQKK5&AMMVM=8FWHeoq$*ultg#1hR;44pM<NqxL`?Ae
zI>yxk3WU=0M7#f-EhY3mn$T1VE0lA32(aRZBO;3e+I&Y|v0BMECLk1hA|l2OL%c(g
zncve|O;5sI%3(#Q{B*KUp;CKE3!oQ?EHbSH#IC95ZmFl&NxYNBl0B9FhOG#va11yi
zT}9-X&CN+ZXAd6?+4k1<qhNE>Yw<?ui>Xo<hE%~M$Wk6(S{breIkuUGpAhNkq2M}Y
z389crRc_a8Zzl>|LM}sL!2ZR$T&h_7_~I&#A{7pL!$vAJ`Lvk}8(9*QV4!jxikDg~
zW#qH)X_JCAbNo+;OXqTPR27wRCAlf}x`jMGNDU=MGhV^7CgY(n6nS3yn4_*(=h%;M
zYq4;f^ATcXY#BPr8M3SCH3`q_A0L`7i&e<ix(k(xN8IwO6I2vsgdn40^Fl@hx01;a
zXk&9>nY3)CRZ@lw;{}ia$I=xo?LM@O>Mf;_NGxRmyhinMLx0dJ&pP^ZsxbRSKw#GD
zyveBiT6`%P*Cn=sMzhwYDBxr_Y&@L2sZ42VWiK<)ZWk(82NRu4GKrwITE*>EO2sFV
ztmwI{Hj^<m3T%2=d(6O{$X_nVkrkYCUll%J&I!y2%2Xn1@kTO;WZ52^&RyH0`>{yp
zcF}J+u|EjN!ohHBaNcXX`kyFPb{$9-iW-&P5Bn!=WTM@%3nvls0grw&I3Y+z!;MBX
zd~N`J&oenH8m*^DUt6QCzm2vYY(U|4yIZNWZWmXdxq-fl1bbR#d#Kzk>X=VOOyuj)
zfchGWg^DBJLms>RVVqqf`U(mnNQ|hnaP=joeOGDRfJ6fk<_jTVP@_?rO=nMC;E3oo
zkFn)$0~4P0Js|r&Jo+2$0N5A=OCle#f^NW`epl94)3@pn9Ca~=ogWNYIkpym0}%A3
z6^Y}6I%-6}K+(qgGw<`W-p*NXW5|fits1h8v)=Hm=QLSA`(XpD&#&N=ur0NSx;dih
zu{tF+i3*^dm)Qd?W%kMBu{M>rfz+Kw^c)rx?d?Kg$5zRx%;LRWccMVObZEGyZuBx`
zY<u0FN}EZ!Wj*@ANSsLP9B_?>z!??EPFcNLJvwd}S@F(x%G$MIcmnEYs5lp$B`Wj9
zxl^%-9my!;>S{A)DmV4fk)!2Xh&Xdy?Hm9mDwl?QD@$Ir&RDB2%jOV`6$ra+P{1ZL
zVE(%E&5&UjU1Hq|mx?%cuJfq1r4vxlYn%3=`LkU{Kkazv)AiylJKo7yGtq>6-3eZ0
z?dZ_`_Zo+Nw0$^>Roc-p&-I7ZL2GPtIwtUVl=u_F2wSN~uA8~a{zH4<2JU?D`JTjy
z#zo!L1(idtp5r={*99B>Tj%PIvTK9Rk$(C9yJa82fM;6-;IRX|Oqb{<<ea<XN-8WV
z#<;aSyg+>BdWNzRQTtQ4!ux?m$kd@l33Tmc9c8cSasb^0dQ2X(1(KT?G9HF1Pw898
zlZ?xGYS4*BI1O390XWJ{aGYQTOiEei5_vp965z32xD`A{2jvfc9RzhS)EPK${%p)u
z;~#HRs^)opy_l?>{=M~Lt*{%`i}f0QX}zd4`y<qg_9a%S8q+w=p*SRTts=}PlYi)X
zafdK}mD1*9?yv~d-u$000zTYFc0t}YqcAsCCEvd}36k)wjGn$!8oM*9EPd;43*R=c
zcRvx|H*o)577aFH$GORTcLF9jY$ej*`^4wPTPrG+G51zfcFRCQ#Dvn_0In7yrGdg&
zx*jx@H_*mS1$wv2Cv+1>H)snqdUVxFVJdLUq-)0*Ut+8ux?y);C6h!%(uuTmneK7}
z-P*aMgrVENdN**;1|UfRx7OYGI~CpG&D{>-KgVj6E{{@D=g^5&vsw|Z#SX)<X~>Qs
zJx_-01=Jm~-J<Rd0v!H|dqWr*7Kz>896|&&uUgLMFc6M$_fPJE6<W|evvurTHYz#Z
zyxM(HG;H5NH2Ce`FzlIF@TF9`dxLgU+;86-?p<|iS04<-Xz-}m(B7u#i+o#!U7waN
zU}|cFUiuD;P+fTIW$_#k_`CIz;Y=ZE`nzLZ`LoeQeO;71yaSXpa^_xT7h6g6e=aDF
zix|9h>^!_T?5xR|1Q^PIb;?Q5@`Y06rov9K@2%z>?(3hp#KlZVInLx6*8As^C&AXB
zOs}OIeZot4mJv>!n+b(29^By6o%&?WYqSOI0Ew2<QxkNuD}gk><&xHetx`;>{#(kX
zhOXb(lA{-(4l9Jg$o)L}8GV3%sELH33!twI<41Q3<MpNg1={#q$MB;+5{7-<cZUAI
z=KmMe{KvN+2DJBgTJRs=8{ofw!C!c1-dnZ*_V)47Op`ytUAx8YP%+wmD{&ld3Yc&2
z4KN3kb>vJUK^2)XZCbqGR7EjfR`q~+B&aaVb+IO)Ka9$Nj7DpOJ`m~x7jiZenlc+j
zouPcy$+`6(LSPP_VH1bXN{g?Is3&)eC@Q=~&s1d~in?8tj=9pe-$FjQH*j6kLJA%(
z9Lzqidn`QXsuCmQ0Ip%>E-H)9F0pRL0YiGxbLoz*;IzuAcEzZmJfyp<B8wF*UZNrb
zzC&Sg(^jeJo>2>lIZ~s?XTjyhaIAmSSG@j9^-`#Eo8|4-*ZMtr)cC86-swzgWBb4J
z5f+ube}jkEA-WqLn{tJFNiD^%YROk#Y~8DCX+!J9wb!z&{Lycb)NkWNvqoC^)bD(X
z5B&cRP)h>@6aWAK2mr=Zf?4b;WNcDA000MK0ss*J003=aX>L?yZE$R1bY(7Tb8l|!
zJ?(PawwC{QX5Rtz-5J|m(Ge-?!)bMQTsvt!*ZG(_H~kT3REUHmHWaCllpQzMFR?GM
zvv0VMu=plOf)XWDvYjfOsU-q9I0rc2I3m9O`@aFO_aCt{K~uQ*9PCY!WEMYv_KZC_
zn!*5%(G&&A5&Ux=p(7`p^0xSy)ijTdrfoFMXD*ug;VtR+4ozo1OwiFEaTxq<uR$kp
z!XUwI?@<(cVL;|FkDBB^-abVMbYVg;_(~q&M{u4@!iaQzkDMfe;N+Zjrr@Szs+hE1
zhW<RkKtaMM2BR<natt^_3I4oCM&7Z>W-x+yLX3+togX?dVYu-}_+fH8Lu8IPiM(Je
zrYHD%!37G&$pp8W>0=j-;M`B%Lw`=keTYyT&Lao?9EJ1Q!QqjZ<)aF#Ks$#OJCQfz
zIPJX-6EKgF+W^CP0s@3w<boswGZ@DJMpGk6KH(*Z6Y%>5pTxMFgmd3D@KEC?Wc&gn
z*9q~k-;V(J4FNBR69ioX6(kb`e!mH$Pw@;o$Pj4$4sIr%GXY)<ToifNc*;=}PHFdx
z6Celd3B2#vhdZ%RMUd6jH@}c8FV_dmad^Um{a?|TGDip)i-K72i`bhO7zT(D;R?b$
zgg${Re(YoB!JqaUDc2nAi}wA)!;i~p&yc);vT|;#MDlN9J`i9;sT5p<V{j5c|2FZQ
z81E&D5P0P|Q5c7#1YBYf@&e?O?Tt|~pDiS17>1urgMeOd3kwptRGO-h{aO%9m{K5G
zphOY>YZ!TO=p$A72ZAeJGx|!gO?xW3tc5k1C3}bt=PqfxrhuU51<n!l2JGv=r9cPM
zI4%Na<330<5BAfR{X?la<fd>$Or}-we}x{WO#7a@w9m;oBaRXFn^>{@Al_T5uygld
zU-Hh;c@TT!NfJL3-Q)cRP*5&TO=TrNi7*zIGvtt^H&xkHB~A*{{$XSPS&GLca^{hj
z+)8}*8_Px;H$!8;F%P`YbHupzKtX(<#azW*(<8rOIv82vDK@{#r7f)VR8sh6h9atL
zpf8D(qE1%5gisyE+zh{sLU-;+#QB0H@Ds|cgvxe}c9SgKeq;Y;xKBR-wt|;z1v!k;
z;dH3rH3neWqO(~vt11{iw=a+@x?kr$dNce3^R}7MRBC%xW|~LGiZ&Xk9i7Y`w=8pX
z><(R{V-LHA-L_4mXS$Bj>^Y-uw`Dobu&F>&0WB7%0vn(BC`!mUAt7X^_p8jWa9R$9
z2N5<H<%O*x6^9u*benQ7HipsKY%DD*!G%GoMiZNGpE4XHFlT3rENm@fVN0-ZdnpUk
zt`2J3!?xQpY^P-!Hi9Dqc3a43nYL+J-R7_ZhovlR-JgZ4%wL^_tp{S^YE-Pi!q&sH
za3z`)7H(H$;np%1ZVAt&xs-)z*VZwzd%fePVL469uzOu(KzNK19YXuqZg$M>aj%qx
zTlZ(-D)U!o;noAOa5XAcVByxovv4JvBnxAPtH{FkG8VS0I})^Or-_CgXVf%WBZy_q
zc1&Yvj*wwl&Cw7ctL1iDr7UdUpM|T;U!8^R2V&uBRII?l_QSJqC7RZ7B-+bZxLw_m
zpj}%n)EahNXjq+26Wa{8YaBOQmSLJh)a|&#UeC2kS-5?F7OpaXbrx<v5DQnMVg(j%
zKRgRpqG=6BqO**JJB)>`qt;Rurd?sncAKqM&p<B3h+4z8(HkDOjFtr<YPwz6ZknYm
z+_^ssSDC*$3wIufg{x7q0t<H@o`oyXBv}|UTtyb{E@R=Y@P*B#EKIw0oME>;>a-23
zWsVHH<Jbml4qHaMIT~3eLLKCmI}+Xdvv8I9tFv(Tfmpa26)UiC_u*N%5>1LPY-(9p
zPL`)|4FY3-Z34w19|N$kFVMAe>EanfLK{B}kcU8+o)3)X;@L*ZZ@Ofx<gWPHEDEnZ
z7ti&KFPD@RRRCt5a&}-ftrj~&HD(dI_Rx*em7lg~bIXNnURKPM^R~SYT46BKQ!I6$
zi)JWr<2OONBJ}wO^aWEy&`#6V2YTJHc$F5UtT8JtkZr+&(D?+%C@$G*!U)Q#+{ctM
zygL}N#8XdxILVn4CH(;jkRNWmWRjjXU$eagnL{87b_%^f>{50{u=yi*IgwL1de?DN
znp6Ln8=pNbzsoje&eC#i8qpH}zGlB_MXh+kltqjVTO=T-y2BS`?79*n0etcTss`f;
zjF7A8P>^)fX!Z=%r<7gwXPvS+$Dx-Aj1u4l*Vux2V~k=j1_4S4;s7QI7LXXk^Js)=
zaKZ3aR6{U^2Cf(3KmIK{>lUZLN8mkHJ^)XH4GHwYB#e`|0iffA^MHJE;B*GPaS#I-
zxPYBtVtnEwaN@@yn1+Fuq?H%(ZHz?(Oc3<3w2%>S?s^IE!*P7HmnZSAxFTiJDm%Dd
zjJf_+oY)q&Fg>u=ZXbpaBg{0u_a}1C*wXKPz1rjQe6{!diWFTS0_GVGQ?B+JS9>0&
zDaK77a7V(j_@im!=Um9}*BpckFZgth2T2HVa_b}7l)zz3ANjbC0O}y$r$^?riy*@o
zlll?a`5lbLD4{(h(X#OZ4v|mWPQx+T629$h_W4j5>?#csEdt|e@2*iZGQUtp&>%5U
z8a9o@31LAE4lsS5N8#fgeoB}~ZfDF9+v5JOO6MDl0&yiYq-L9{FZik`{6f@+W`5=Q
z<|aSkN=q|;wrO)HoJswtK_cI{IW$g%($-*+YtwQ*W^61P)RlYh#oo~Ku}8+(Tu%F1
zNQXu^vG0QWc`+9UFMjcP4*ho_ZM>G`2~Cs{Hg2wTGG{H4Iia;_(VY}Liqktb{%Q|l
zs))Zpn>1Sec+mv^`0T$G#Ak#%H9;Jj=h6Xf%j~vn9DH@)$TsYr>lnk1Wf`qe%XM4G
z9J*-8R;0=-a)A<WiUvve2?cED<*vWO4G|2+j66<~O(>0jMW5%`{u8{CXpWR!!05Vj
z=C{8h`1d+?ll;5mATCit9F3TDWtDMc2`Q5bf-?|We0=`-amjPDSJKexl#Q_Mk`}vV
zm9(UE6`*ykG7PNtaT&Z$(=HojTFv7!)GgaA1u19Kw6)EiUDnp^c00W7Bi=RW`{B*$
zJWj$X-)^#(!Y`Mykk%S`X{a@wg#n^^l7dRL!_4!2rZI2~AKh{&&BcJjG$Qnh5n)d5
zg^2<Nc&iAMssLI`#4{r=6i?bhJZ#Fd;NX;4f#-f0j2j@vPv`M-mJJeL2afD<2tHu?
zuCO%^Z^)m9*#PXpE38N6Q~Jyj&wjz=(I+kO<dpl=^r`*v>MFXr3jQ?@2*UL90sC_r
zPO%p);@*pJ%zN_6%`<fEIp{r(&cmqRC&0L`{hGP{F?mE?ZPxR}HC~=mAI9<d8S6iZ
z9r8zjr4hXg;>ZDg;Diu|PYyb`q?<_WG*Rpgz`mcqJru*@`E-hP`kx43TQZo!F9$^5
z{EPy!$D~5}`$H0RV6gd#=)#h@V2lo4`smB+`E-aP^Y8t3lOmozvwmzh8z8fu3|iic
z7yp)kBhMJT%x+YM`Qsvx3L8`g`1d?K?G)N&QCV^Ee5A`eEcfZIm-Pg4dl|Fwz51@N
zfsxx#CMjZD*)zs(nWYA{5G~dy_Z76V4a#Z)ELEn4@lM5z<nIAvHwqyuy=-9F_&)y5
z^uQ7Tcw~s<ZP|wt46!s(&j~~1_BEb_H!>NUn%Klkxb~#(FGv5UTO532#YH`;1~cb0
zY4Ih|m}6##(=IP@@cuUS{EF@X`ZB{<zx0srN)L_UuQb0cIB`ms8WlVqeeK0_5^d9N
z9ATfgkxyCwf-c#qs^Xo{pHG8VFmWb%L`PvXg$Y{+vnL<CnQ<SRIxKi=&K)|l*p&$;
zXcGEvoOYzsgb~L|cKA7>o*eOT7^NXwa?G%qj;X^gS$~f%+zfZXl%%v{7wo5qtP=yk
z_WWw^YxC}_dB=@i#i^(ul}r;VZs2|9;4)b<%Pk_F#{Flx;6OA}j3dPPy21=+?6(JH
zu!eL#EvS!oM9h3NN*3}S72qQ4S(R9iIy+RGzodOxC+rT8PiD74h*3vN*ULqYH{~of
zkJ*oku*BfD5%goi(%2Y#)A{se1ZjAA=8e6CI+SVKC64&K5oXOGk<BfF5}MAETf7&{
zVSFc+2K!KSO$ZS`g^^1s<q|~HB4KorN27}7DiutwK=*jJH)N#fV-kSl2+k%sp=XMP
zV4H-qwWPn=4$#mR!$whsNfb)fm}<4nUbIPz_V<pG6of81ck?^J_JHue^BQ-!Wai3j
z5|vK1U3L=)kW=zl3r9rYV(eS&HR1)~{K>_R;4<;9QTz&fh#pyrHd}JaTEBU2!qyk#
zK!NI9|3#LPibNLcSrlRw5yzKOTH?=h7}4M&lR9YRB8NXjZsPy`=fD3K3{HK|`2@%>
z#wOUm9fsEk5aUFCKt>UphS)iBQ35?b9^?}i5sr<(S$GqG^I#O_au%f%|2T;NrHFbz
zLn>ni=KtrwJhIxeFTf4)3cCQCj30*3`9v}qfoss^fBv`8X!HXa_jiWON(mcfUkizv
z*I^=aHDy#@cmb*<Fxy2wyU6EpM?Msr{jaR?Zol8>vXcuC6run*v}>po&?jO9R#>DW
z2t?t{fEfrJ$B5_yG%yb}1pk2sV{2xaS>1$*`xc*Cppii#JH2j%jh|+i7~~K%B1C^r
zdKnE~hnRy;sf{!nQX}^T%2Z{OzI}o`IDb1hab2R5`zaw9j5GKLx*eRvF-rPnbj8WS
zPK1<q*nNaaKTGW?im+x5Fj85%31)*crnNQjaAbNxsx*?pKW8pE)bD54ge?jGKQ%zi
zh7t>!kL`XV)d7M}wjSV#El@fXL%fOFiTEooXvcTqi!Tn%AanO_<ME%&z>jf!m9^*6
z(<0wLXnZruj|Hc!*{I}{u@ja&M0KwoVMw`+IB$z#>(dP>^<kriqcYN17n`PfwN|hh
z#az1xc#b&iypIG>V_dSE@!WC5npD`&@=0EjSh{SM5w;-Y@T}S-OY#su`H-BnuEJ4S
z)41EFN4ibSIVo&UOTRl)8X^<n#UaI&2+e0oWSv#JmE>8vLiJ%G^JbM0P<^ff4qZJC
zxypurMm`;xt!b!^LdL19Ra<f|xK@}XY^)RBui*_~k;R%|aVI#&R&t!m0#AJ2(L-Sz
zx?FfumdPTA&IG9ECu)X})+8vNUFyl5yA)vRbSX6Ow$ywU+f*x9Y|R<7Vu!pQE%p#1
zTx?M!OOJEP^~LraOY(&C=Cd}1%o>eTSQQ5j`nH~4gCy_;o|<PPLBOIs+vXQ(VFGXS
zsV&fFIR{O0D@|eOvs~aiyp#tt)5Yp3@h6s{VYQ9&tE}QpAMxB6@6Nu+oCr@~y}*AW
zQqO;;Cd?RT54;ij;$fbm^W&c9XDK`itdWHLr#2~^!(7_Mi-RzsXAo*9nO{LLawdS3
zT=z*1Z4i^+A|xJWoBgjMp1s>&F;SOJB$FO6iV?t?g)`a<@uP>BmHmIu7crq(MR1Ct
zjl<}cKBZ~c@7GK*Hh>!^YEPn}ynt%nw7c?<j*;^(*%Xyw_>lY-iRTUZD4*NPrit>|
zt#$HUxzv*`Kh;i&Y-sqt0cfsCEF)dT+%jd5%;2ZZhgD5~$r{c9p&_3!!jwfG9OHHB
z>xm*c6xo)MWI+vXCCnqf4$j}=Cu&Mi(ukiE=E=~_x@Q&w$gCM|Dao5<S}c`HZqu~%
z$VDT+1Oq0obk^m_nEAt9QphoQiB%ur@#i2FWeOq)&tL*yVY>szZ2ap``Q-r^k%JKV
z@;7PB2oPaf;u&(hkw;#ZNVZ92+>V$(UvEP0sixAhth}bPSP}>^DJa0)1*#heR2QTC
zap6%k+2r-g4(>`KBw=T2WhW{wH3DS%bORu<{;d_NqRBS}w{DboNf1@F){_Y-Oj?M;
zSC1z%$3fMDB_*PK7tS;$UD{(}+q1FMt{9@8h;h|o2oYg!yBq@KV~Of<gHJe{_>>Fd
zh+Gs<dIp}0II24P402zY1uM&bI$!ZHy5uZc9yCi?DV#M^F;9Kxcv(sDZ()Sp-8Z8V
z-a;gf8K0<QyN2`nWGwj39LnscWd5}mxWw$`>I>WD<%K$_SuO9$Y0lKd-aRSxPkSBc
zYH<3w;wNm)byYaIZuz9)w_{H#*I#Yj^enBXB8j5K#Z(V#zA$QlqPDYKtEs^4S*~4a
z$ktOiYt$TM<b1bFk93!IUf^T$0&~Xa+jjt;-Z61QHm`JEocpP-lm1XxvnulVisi9z
zCpt>;8`*BJ;MU|*V)Vd|F%8XC(N4)c`aBOkuB~czeRSpFUzC<&T{vOehwz<>$5}&i
z+7F|oddg8*-<qX(g_0JGcDAI267g;Rb}Yv%PbOvh*DA7EPkYu^1*5KiJ`=J3HRYkS
zbZ5of!C$m)W=Ww;-9<5L<}Q}hz&yP=m(}whsYf6Hzof}D)oeWnsw8Z}7ucF9Un32&
zD-n6z5$i?@Ii5`JYgc#iBvT9<ue;c2UPHU9_bGj<@@tLN3rE%t0hBmSwTiM}Bx@e8
zRuAeb25`IRiMFf|J?#=s^@L3LL-}t89GHn{(y&zhw`RCf0t_Z4En;M`wc2a>Fyw{V
zwVb=WdR~na>d80B)#^B}o<wu_!as!fy(p1J3D2w0Oy*0xL~Qx1_Z*FTLEq`M^u=kE
zGX}-MRzqvZR0jag6QK;tikNGCpVnRF)MJhXS2I<OUH)+`3#yT`Cu2o-Imp@#>hfRW
zZ6)W&C`+ee`}{S_tas@~ZzbRPU<t`0`#zP_B(cBXoB4TO{b@_V;m<*Vw>RL0ZOwt&
zr7yp^^yR(sCcD(-Vz_mqyh~kvi>b?dpCD`|eR;14qIwE5L;Y&8VZ}J`n+d``mLWhx
zYijq3INa25>(oNPtAI?eSEEe3(qh&@h_bxd>;EvHD!8d^W##$mao?qdEZDJ+d&n?H
zCb?bSgvN2x85zT-d)#d{?NQrqv*oEWi(D<@4ezeZDrwnWnN=E8=&#Ibr2I<ecDha5
z=#1>4VK+yv(SvRL^|)sbUB`60sI>;a#{7j{+WX(KZyjbxTP3`#y&a4F7MkCPbqGEX
z`*7m><j*~?uUhtVw3X6iD`!uNM;6O|X_lWT+1!iVmq1(RJ?;v~T3+L>qPT^(xRV|;
z%qr=Qmvmh6689{Oe*xDc5eznp>Py@Yb4Hc$JC&b%<}$LDrN(^4)-UE`FAl8zRz4gk
z0jk9S&z5F&8_kyfuv0NLsF?aSOw9^ryZWWNdRa-kus(G6I9s!R+<=NZ9=_{q9`^fm
zNFimvJU!niX7v|m?B%r$Syl!OC5x>|CU5NGiK>}<;oOh}JSRb3JW)nVK0BYihC-V(
zH(3sUNw4%KimFL_kiCs!Ny2{NeH28E@|-<M4wTkT)M>w-*rgL|B=jHqH4t^(Xz;KX
zO>F1(hb>-bA>GC0K<;-vp@wBQa?iwO4kdQ)5_k%SW?9R(+onglO}pc=TCbU?G+#Y;
zN>o14Dg@t>R5kKmp+<1!*X}>v62UcJZ24ftfsZ3`!9(20>G#)qwSHOk)?uOatUvUE
z+-S2oJuC?XnX;?!lB!~KL_{lllS#XAr52U52=0Vb3CgIA9G6ji%im94Z)ml(pr}|T
zj=Q3?PMm(qpIwpi<_pbjF04h$oMMvF^9bdkBVT@@7#k{JIY3#%lETV9Pr)&(vCe%e
zYpMyMkSj3Hf;ZuAQlC`R6ePj5)na2Y;Q_4x4(7hE766l%4Q3kDyFzGHu)&C|u{OA>
zj$EhuR{yqv^tbw&dSg5$T@ZCt`m~XRn9=gfv#o1Vs;4Cv=OA;_X-jeSE48U|;;LE5
zv`ULg`Ct6{kDRT|R1fnqD78vTYfK;eWgib@tk=k3W_fe%7)2X#?y8-)ml0TYpNBpm
zzi+XncH4JF)M2nGxOJnv%L;9wh+3Dx*?Q=qx2{j@-i<Za;9IO7ru%yJ2up_rVk#?H
zd0u+lb;G@mZ910OG$3jp8+I4}Z;0Ba(Q%Hg5$qw`wHYRrW|2#k`=y$a^Vk&>?+S`H
zQBXXxx@gpeEyL`zdWJo;I!3Q)b&c-OX*<w9wtGW+4Mu*d1;tB~Tubi4fJ%ZrO*<*^
z@nLC`^=N-Qzjk6r<ij>sgSder#AQW-t5zXyxeRfII>glq5w}|AoHK+qCPB7d=X~Ng
z<TW)LD0N;zqpkX;E!Kah&Fa@?>nW@?bkZi&&Vt*SAY*g9F8B#~0}|a!@wk6*^q>EA
z_ygNjv!Ok05$8F2btERvZZ+Kl@>o~qzgnqu8I(1urxzbnun8M-$yPj5xM!hrUrf*S
z(tw10{S=qV2jeLOo-WYb2DP;Gm}WyNys)iSYoe<<R#!vmRIEJa3pJ2QhOOo9Yrd!Z
zu~#N<qi%SM6}{UjQLd|;TRlstd{|JBp<NETz8rK;*%r{aX9ij~<wF%GDjxH$KCyDv
zwqTg<ll|UmaI!|aWizEjk1tr6)%M=PRcf7t)6RB)JN8A8e6e%|NsAK?x`osfF6EbX
zF;L|-ii^4laOJ&n8zci8a>tA+WV*_y|8MW=m)ppZ`~O#U?|@_OVrj!~QleyA&T=I=
zt6E!jN!r~@St`|#Gn6Lghr%HxD?X+24*5HksyterAde6<z6OH<hM3`pC~4-leBuny
zXaJ2yqx%P-8=h4hB8@CeUMvF+SE9n`jl*8TvtboXAXAyIQItbcSVkxeBe@bZjAEca
zqDk#wOGCOWY*iXKI_1TCdn9_hC&y%2wil?dQLeEUtFbfc<XMN;+Gx)u9wa+IBs80o
z#?~vdMBpda-+Q7D9uu({L_j6^bd_nk%HZY6A(ktISZ3ICnFA~rN;L;qK1t`+(gBtU
z?k!Pv=3ZS4dUMgM2R`4<UNAg+Z`NE`PJQWm{3Gv(nK;flpp}{7oM}pvE0P4|R4V*L
z(VWfZcC+ic^-^QIRxdTZt!}B~Y<Z>DZq4-?+s#&Er%oHlrWDayV9Q^gh)7kA=9IqV
zXwGGzIjh^v#<sWRmRei8jZ)L?v`V|3#!jj0)|xwB%j;EZ%?yI9IhZ>XW}UxEmg~Af
zt_RqV_D_kJhA;nhI${RID?-Ed`Y@}qbyt!6w`iA@E|coJ`uBx8ub#i}YL$*A0Za_D
z!iUI=_J#fV`n3ZHMHqc?o#}{*pRh3)+I<=VRK>RY{cx#Cr^|WW3(CB)Kp%pvD_nQG
zwNr1jO1<4?x74gQYb9)SIi=lQcdK4&RGW3TlR;NNv+B1n@I`5^7tWuUUeJx^EQ2^&
zrXUBQ0rldi_~?#zKt9fm<9yX1XUWg|m@wy=qZ#76D~eF9>tJ5VBp<f6?#ZS-ipfNm
z75`6GQ)s4Kk!<0t7;3hqpaudHg4Pa9Kqu(M>a~@HM-rp?_`BvLs&8#9fr9C1bKggk
zid%t|yL=<6FFAO>e(Lar>%zw{Y*2F38`TBlb(x1t3C*;+h<w;7nWFQLbYRo0usyHU
zC6REsj&lU`PnUF()5>50(L)nK{iT?#<iODLnV{y{!I8)I^Vt6U1oPN_9@|gH#Y>Ov
zL)OUd6;KMkdJ`*<`iVr$@$Vk!sUn-%_GP2rTB$=ReXlo3&aD?X5|GtYSMF73I^mIY
zGS9y!$<L!}pCTwtSy-HJ{$M&d#cKe+=Xagq<iNl3AuL72i+z3%`+;#L@vZ*wV7H1A
zA~RnMe~xf_avVPm$*_v^MDgdTN>U_0!rc>&<yY&STCd^kl$s9tXLqNx+p2Gss_yP~
zwbSf*-A<1-kWDFJSR)d$&qMjrmpqiej8J}Sch}k3YV=CA9v0zdtL2qCjZUw$z1{6N
z&E}Td?QLa{WA3rhhUoU$M|5-`i*wx|&TA8?n{g;p#7h;6E48uKyXE`fmlj7_M7$`f
zgBG|nmF2GCcCpxPcK{2uTWU6IJEfiNdZ$#aH{9x$<8AG9+zfIzcUV|^5EwRg@a&g(
z5Ey!-lfbk>XBT^+wb~2+R9t}c<t*3f3CnsO@txAVCT}Sp3*2)l>k3UsR_1P*CqXSo
z=vN&h<=S;^L!|2@(dh$-dU;Q#BSu3~B2LUYVrVyt)B}tppFimg_3$FrMt{=3W~o&w
zS)&K22(J9h@dFXr+-F<RqzI>&Z&~8W=myoQB=$)XlMn)kx6Qdg;?5mPL=3SdsGdjk
z5_jMp4y!0;#F()RV9I()+m1v@MrqxQM_0I(!Ku)n0bYBKiO$RQS+38XnLabdLxtGP
zj&+hPxvU{gS6I`xZR-0fMgn~#P)F*ZaEW-E>4<JC3>r5glaN@*Yb>J4H3E%j@`_0B
ze?9r2j{?$alhGhok6v6&nAwxVxY2-Sq^=Oq^pps%CZH*zsA02k4>Vz3*Gg&U8?jPe
zWLPpf-(<cUn_k;=8E%<=?CER1AZJ7{36(5<e0_XQ$n<jP;xQ2;yo6v!d%h5dj^q=%
z1Nte31s5H|l{H*u!d9U!qvfd8h;vwu`5|w*D3D&a&$BmnU5xe68eK6a(az$}@z9C)
zK@wX%CY%o;;rZasw(w=L*`3`7sNn{vW;|YIWfudkjng4Jb~^pp2lJ{mc_K=NU`LNb
z$Zyb%Xs!^bIxDzvxLjOzu9H`zlT&(8o(QH~i>!W<IPx__i?0qYo`3?E@BPi^`T6Gg
zxx6z`0nWVi)Gm^9bbF3&pPOKgZeOAsD@V64AKk9=%B{-+%heq*N7q!vB{~0|lk4s2
zL)s;r!1^KDW#(krs;k1a=79EEZ+E-fYm~N})^@46Ro^K&+g`I&b=}?FR;Su(_9y|X
zQbco|`8jYs2d*yxxZbJOw!GbDqtxisc1q1&w_fVt>X(|;of`iCt?kZ^lR;iFOW1zZ
zLWobuCs~f`207M(h-vo60TJsm>99(nzb~DOY&4zVexj2lYo@5{hrXQY?gN%SQCh0U
zi&BXD`9gnx=N`#r^AivhrM@V@a8$7^aP_=$!0^wc)7KR(yh_m>anXy&E_*wV@G=r{
z=~dBevif;VgjSDg<2<RbHeQ>(Bx)AU(iDzRBx=XKV0KQ)Sx_*6V%tNEa8YQHNJr6C
zfCZ{*kpupzdeTTQoU4n+xt8b4LrzIE?xILWkjslA8V@Qjin22=yEbT>BC~QNQ3^%p
z$d%<rVv>DOyFZ?S_hS4@*crt8hrbdF@ps>y(CTA$qvn~Is}5%G*j~blkWDiB72(g~
zV>op_wN+rJikE=9%~q-Bv^u3`W2aYgc6XcDs_u1bjaskO*veOd`6_U2R)KEKb9=j9
zr{wi^s-<QJuL5_P-R+XwavII%PRnt6oec6i4ZN{-4ftySS~Ha4R4YL0(FYQsiXLYr
zIAgPl0C*@iaFq3U6rX>gM(?k~ufx&ZFk)+p-JH=3Y_0a>7HN_Uwt79M?$xWMZKv5N
zHL=8%I-odPZfAF=wq4z7Ic^3Se4d_&wDOmJ5w~LhgSvtXRfm4%ri>(Y0hdHW8dfnn
zEJ@Ngm27-yM%*V)Zb+`$Z_)-?eI&O@;@FYK*v#>meVjeMv*Za4HRg*1OdWKN-r<wU
z)gy|GQCh5<r>IQy;m^-wyol?2S6;w9Kt)A1be<r4M-Y^;r<xfjqrSJN<v}=(_Bc08
zukCTJV7xtBe^J~gG;8_)pw()Rv%sc0OuxQv^Ka7fx@ZdE|KETA=YOFee)!?U>*4mi
zCP2G8uY>j6l?QuvdfudaEszDH9vXXHOr?Jhh+GCS@IXlgn25p<?BPKI@<-;K9`61#
zZ*bGcBFmf`fPC_YUcb~nqI&m$g_CjeKL_1wZ{U!0*OSRj@VZjD!fJNfDdUE!eB>Qo
zY2V!R{VwV9(h=+N((kN!gG#4A>Qn|!fE&L;Nmh8<muXWx;2}6H6#w`K723;Zqrz)c
zz>|<R36;Ym7t(yW#oY(?W3cf`h}?<Clf2rz(30TCQUeLzA_X<wL-fUiLg>4io^(G@
z6b)7W6poCe_{gYW4Rq_fxW*MMsSen}ac&FFjsIKNDD`T+UaHpMznifKd%QGRKqg4*
zU@62^-3a|EQY*dMEWQf+w9Kb=!RM<Y%l(S?Z0S`I;mLin5#a8hY$#0+DURG4A^U0*
zKboco3=D1(z<6N(Vl9Xhfc_u*#CZrc`0+a@{fl?M7nNDg)*I9xU5(yjMGHe+NmLGQ
zuihYu>fY(Z83W4o7O-J(AoK7F4XN#coXN!LehpAC9rth(xiCL5^MoNQT)dL$!hnRa
zg-)65l+kan+YXn3wYAeHK-xfDpN;<#dlJY*8^UPHsND}n2%A<|myCH?!95;314R9L
zBnQzzP|u)@Yl8&^)NpX%-C*m+8+LJf?wyiM<xd@$)V^HMWOyDJ;-91OjI>Oajs{qH
z1iUFV>DchxtCjKp-XMZf-eX+1k60t&_e|-Wc=%uc*8A*Ct_{6MG{PI);vGs1c%h>r
zr29~o#X>irv4rEU(CY*tm<C-yHFZ4iCC|LiQy6K$4g|=~D>X~C=~!fg+*k(HY5HL!
zv2cp*7gIAyszL2DLvoX@y$o0}RL92is@jrJbEcE)(b!mp7;m<8gXs;}FewP@Ym4;~
za96-4(*zrOhE#Yy^ZR7xpvC@pOURZT-;e>&j*y<usdsmGWs#@CnYXN~D~)4gg*o~e
zN^Kt>82AEp<>4;HslMnEXy!QnL`O|*ai}klWaM&sz?7J#-tg$^4v!^AQC(xnj!>4%
z;c4INwFjCRUZhUNi|+M>MuyZ^s#PQZl=91U#oD#|6;BMmB&Zmk<~O~P6Z(RESCkyj
zeasCPT~_#L$Tw3#$$40(oD$1a;<r(*MlH^HrUst(mxP(2;QH8-a_&W~RXYtb)Jj85
zy&3h-<B>b<CNZccjPdEukvGMR#&a=w<KiWT&OF95<CCv+f{@3!@!Tj?n_A;JG@7NF
zIBWraGVOcR2*Q;q%Wrw1r#D^~`mrXpP@zAfizIF5l4_KAl1S4sB_DhmMpbj+i^m;c
z;TmUS9RB&rw)L<jZ&(y;7SXGORRNa?I_`juY0ycXei7Epv;a^Ie_4H(*hSl=&VA_=
zFMoldOYR$S`p^vl621}yzo~nWo1xrnMKHwc5fR37`H=UaI-T+bu{?LvH{}7Afh%u-
zTcYgz+jQ)a1v32>RO;2*E)}y1?#TY=ejrIFv3LJ2It%dOY*3!FrI3#_#d4Ga>QJ}n
z{8bPoXuffo3gWhb&AK-xHtjy{ba}i4QBDaR`w@64zZP0rtv(^D(*X74<+CuQaeunF
z09TVH>(CYi(yoN}VY`us7lU}|+QoWrI04Ty+@!_tp+`O}Tw&iPxQQks)Pd6`2DqSs
zA9!vVoe$5hJ#>wG#N!)3>0m;A{6`<>FOt{f&=`L(@LZo1If3Sd;p4-pw<MT{*RcT#
z*AU+D3NM3!0g@N@NRP5Oxpv?m`~m;xz@cP)G$A{ufSnJd*ikQJ1TW)WqYtCIBKn9+
zpAL%XXUuL9?X#8jW*ME}4#&J<8`z}<T`><R6oG3!8T(gPxPrK09FRJ)K?ifu_ncrt
z$dMH_r&!i5wv?G!T`i#!Iu$LwAGR^?3N1}<2r><lMK8qABq2^$D6mpNhp^%&O~;1=
z)NVBF-=nXdcSCyWG}?hQ6d{Yq(DU4Y%L0)gw|qXVRMw*9U!4#8-b9e{+)G-GJ>=eF
zUEp^&zMK~z8;Oe)c)s((#pWBDb$T<rymo?1JeGU@H=L39F5l?F!sd{0EC5wd6Eh2l
zrv58#b$ZSF%<vaEYN8;;p#tU+!kpqaa52cnd4a#&+bI9TKjNC<%GQe7px35E3Y0D;
z<M(<Sg6aSedU$M(y({mV(l~f%^Ajql`;O--k~Z7?QoYzj;7_Kla9%*0NGc8!TWD!D
zC@pLcxn?99v!@ck^l{!F8K+UsE`w>0_P;q(jb>7UK2#T723=5Fkv;vI#9hAMQj@-}
zNl(}K=EEU1S%hcslC?ryvNX8}JD08pBRuf*Ck!;CCga151pK0H@D`!1DvbszwS9{}
zz%ax*0-^<m^E(t`23qg-;0sWr%7zSZ8;Ufemc2d3pHLX{(R;_~g=)uG>GQ&`$G;qZ
z`u!Nfn-V;U>sHp%tl2>^&;!?s>@NV!lA(@YNr|MArFxMBo1yMubN3K!sEQN@aHT>f
z3o>oMj6tGD%sS@AKrmsALInw7yM%6J9m*S7oblD=!1=Zzw_g$cKu)sa<JcJ2HAH*J
zeD@w~3UAmY6W`~vt&irUpK*JR+{AQzLW4w+w$-Pe-oSAHpj{8xWJamiex8;7aQ1Z0
zCd5yYH}0RvBs@O5cJwX6vYher5OAKVmXV1wnS$w9Xx}=1A6U`SWA>UG@hNGndioeV
zS+G8#Ic+>y1reVx6+=?Rore0P8mE@l{dJ*jPJpU+jf{X*4R(_6^xNdv3Vodl2R;_}
zTd>Xa-{Ho!vD5#E)4*EKkZPaCaDAh59-0K}qV~`QztVW5m06tb@Ee56nYikc91ZXq
zMCVl2H<Q=B9{PBQnOo|tR;@M+h2d{IE%Uc}&G@ZW+coEFne$bf=5Nj2UE6v?*H7+0
zIyW}}Oh`K_Xznw%`b{wXN$MUPW<0AXc#Q631l~F*w8!EUWO-sJk0hrcC%%dy>uXbL
zlXE)_KfiuHJ|&h|3Z_Ey&CHtq!(57i%!6cy1MUuvOwq5zacb%EUhdE(9t}JnQ527D
z^oDLFVJH@3ai=i19x!tb3R4U`+tSD?j1>mQM2>NHnd?Xr(}mY(**TFqHbf{f68EC5
zK0p-AC>IoM1BpYcd0}Cg7(;A9mppz#mLjXbrE*0)+UeM$E7|37wa=V6U5|*R4P%Ne
zohpQ-*Xm4?g-7f?vFo5LaB1;X<oEB~5Pf(+crl8cs9`(m;Uu#Cijxs^#raUMOcN<J
zczDnou!6JDT@-SraT>LCjFO{9@v80ncVe~UH^PQZD3UKO_9NPqzqQp6+)=bIyK{^x
zf_jjSSRR~=U<I{Fub67JB8<QfKj~iM^dG&+^@u6h{vk}TzRp+7a*aJKr^EgJDDYex
zwvg<FOG?!rjlRMOI`X2R<!S|4BgQj>u1c{sE_Lf@*jhu$M3e>`_hvlV?1;yaTU#W~
zEH+k^aFW*AG@_2I*iVT@nl})F!nj7H6SOG}f!*2lG6bR+*&M<I&x?XE&C-PO&m4YY
z2|vlM3shK&Q57sQ0yYz^Vqc#Si!uwvGC$1)C_zr`siR)%Gf*$}9QEQa4fP_9oD5zz
z=tUJmma%@J(0z`em%35EtJNn&p9|>a4B!vE+Gq?ij$gpy40de*ykO|vv0WS97<IgB
z=hh#M12pOc-uRYo;D9(6o4!8dUVxBL84=2yU~kl&!rTQHD$zmrDv&p6XpLFJ1S#_W
z#F^3NP6Gycd@uv-@|5n?C?wz00g10E@?lmowzF<_LVm{0?360zLVNoKp%U8yti9uc
z1YcnXFpDUMzzw*9gJ3o`-u&&)n@PA0o)-wwzn(7`0h2Rd+Ym|_Pe%Iej2tLWx>dW`
z8?+s+YyjQMBF%Ca>rgeBKs6!CMGtZz;FTD*g+p6Vh;5mfrh2hyhj~GnKrbkYdg1UR
zGQC}TByPn~3DRXWI49<ufM$r0N}o<iR({XPCf{N%E<WM%4M2$BKPf<n2;L+r<$FjE
zzkm-M9wCqycHj~nP{l5%z<j8v6idvA0fS<h+l)AQBz%b__Cpq`aG!e)1&O52p&&UF
zL`s!IL1N!>C`kOVhhF4Rkl16Z7}gpJ(k5$Lz8E1Im;bF7dYU1WL^>PWGL<7n$de;R
zVowUL)*LZ%NS8mvv&5H<<<L#w0}_M(dUz=F8~>=0PQGd&Bq4r8N*6<sl;?txlrTv?
zpmDL(FRXLag%s1HMATO~bYWiTg6g+Ea_g&vF4T4MkpjA)VSjGuLOORgS_*W*GMvE3
z=FkOra_EBLXAWJ+3|+9*1#?3ex`~mQ3?Ky)=YoV%0UMA)TAB+`cbwW&2PrgWfD{@z
zNWot?NCCXY+?*6Z1vseVjJn%iHe^8+NtUs3q0oJfkcEa(udCH3M4t;}L32(A;1pn^
zZFtzi!0G#4e>4pQWPt@+BS%hR^Kc`w_{7EvL_NlE*g~sZ-Q-7lh(HiIWMe=bi{U2U
z2n{E|T|J}+gg9Y{w~US^h#U+IJWcLAZ^$BZwJI-$vwtaW>kf~m=;8`@Fm?A|rUBH#
z0RTk+;f7S`2?<^p!k%bN$oUas<*K8Z22){qzy=E%*qy9_HrPeu0X<FQys-c2<Hz>#
z0s4Ei|LOSb<kJTlYWwNa+412SYVV&N{dRQr&-CTtU*8{nI6G;d9YOe%1TfoYhbQe1
z=;No~4nH0qpV7A`hnUuJ`{?wveY}4Nr+6b2J4l1`9XU#472J@cIVxD6l7>K`q~K<5
zp^bs(3_&*I8*^IKO<D_$l<k4E6S^Or8yFyh{3t3GunnG{$x5k7F;X7lT#MsDR7A~e
zFpUk4#tK5SAoPs>$%d)XKl31M^iPPti9gQ>k;4!+BiHNtc&gdJ0?x<5Ccq5hLrm&%
zYPgBhK|%r8Gb^-MwDR11SO!u^#?%iv7lZ~aQ;>-(EIBlqf{<R%DPi3d^i&NA)I<<D
zk&XfOk)vsBa<3hlX1%a#@-a-wN!ACch7zD^2~TPiTf!p)+)$`$!{AZ$7#?PZ(WK7_
zP6gtvPn4sm<R?c_Y3r1usB#ol{83O;pp}h7VhIo`J`0%2Bw3<}rRemr7}S!sbh{SI
zac4R1On!3Q8F^AbmvY>h=E-qqy4R_3XLPbao`9cy{~j^+Ig%_h5KZf87c5yGQ51og
z@t{N!;q(wQodU=YBGRYI4<ce&M9}e((R^x1_sDIm63wSwF{D8AY1p3|&6h6Hi<W}s
zvy8MevN@U$o*d0*_?e^mGNbuyb-~<dzAQ+A3>ZICeFO=mS~eKJv@{o>1Ua>*j`3^G
z!1y(DjGw=FjNd58@7^+sAj{aiQ0P8KOkdNe-PP(7qR$x9NAKPu*JR}PZe_atNo$zT
zp6vCf4w_;G%fJL?xpXTI4b<Ihg>W-}9tD99<q{v2NKWAwQ80y;#$0!5Jw7gOPdYs6
zxxlfMT!fwcwx;~Hrd8b56v2vcj7c<Xxn|Ik{G^^7W0GS`qEC)7krI13#zgbHID`U;
z@gC%tB<T|`Ae^2<5A3;GbLau_KY**^`}e3i5%(lTumz8PPtwl@UdQ=WNjX9xntq<h
z#q&fcs1E8Qx4BA$LQ}h>u}3Iq*q<Arkj`(7mV!{Qj2kerIYI%R9HC(NnIjZ3BNS|P
z!6Fd~c0r2_@B~w31PP^1Ht>YBG#8)&Ikl$_PuQ9PPuR-g3I1~62_XjPWup^R31k_!
zE)=@Y5uLDQ)a+{Y3DM_*PFVdVN#IJzd_&UDG;@AEl0~xodL-|;MgNy^J<^}Rho`?9
zNqdk&>Jt(2dwrhMNhHtdAc`C<kfQ~1v_SO9(E?IpFGmY#o)?D}$j>t{X39YYIj8_-
z02LgD_vjFhKz@e~duB#*l)`NMX4dZR=NZ#h-I_=4)+%G#TUx{0KBlc<f9{xeI&UXh
zN=)0*+sw%3F>QGAn6}|(9@EYo)3((G^TxE3eD@im*Cw_F359!`=yh6}3($3(+Eb5S
zZ_kKcZ|Bi#f8o*VWAARCMUGx}<XV+JmT~(+q5B*o*V{(@tyZ59eJ+vfBkt`A_<nkb
zRP*6Lkm((`h=w0SS4K1>J?i4FV0i}9{=~oOd-5qTP8T{YK(62Gd0?ZHiHq!|j_uUP
z^_&2fo$Skp03CJw2rkluwq?lIv0Rg+W#$u$b%SJL{SrtK?|6<j=?F^q^sIey7Kus1
z{v7z4^+u5sl0O!C)<0o9nik7K(trNjo8*vm63w*Nh}Z;|*C?h&qon#|c`!|WUR*HE
zHVUQ&xonHK3Q{Emn;@WMS=J&0LkGvF#@<~*T<Bl~CSJ<OP(lcUKFf#+*#&3#JQ-uv
zAYLpvod+NTRqZp9hoLcI2+azV<#C-f485GVj_!5p*h!mMy4-*wm+H9D$VANeMH|d+
zB4H8w_rt^HoY4@ynQA#2@-312RQZ-jmStVSN2+fDud7!XKHAorn)cx%4f}J4kJ7mu
z&{D!jmM$MgHV+@clZSO&SvVVr7LK@f>P9=%9<*w!p<1R&j3u#zhDp&hE~T`ZnIV=o
zwM<hb;aZ|mA{wH^QadHID2g)F7D21NYOJv&YAcO(wD)c9H|IQ@@BhAY&dWIu=REv>
zs<hR{s@wc3xx$cY7M<Q}MbV)9m&Swhu5@eD(<$@7boJt`kr~Gd#kB$tHN?7t8bS`8
z0=ICIvNvPH|M2-b>EN!0>KY^1Y+r;?ufcw(`aUL*c7IQQwT2uCq^Z9e!`^N>2vkb=
zojeuU6gG&nd+wN|5}17bp1`tIe~5(5Uq?(|-qFk+la^`&Y>A~5VR<2~sni=8{1ToY
z(HzUEm4aBxCFYmSJaP#Y)zJ_6AYq|Y;CH2NYmIkNAzZku@&Wee3y+@;m9!%%XLM>Y
z{+8zBScwRpX2?CoR(UUcYeOV_Tf5SerxP%Mn>Ctq$JT1co0RQ(-3kt2j(@~3Ywm2(
zJ^Yy^?uY&pOQrbvaX=Y<n5cYorkU;@j3&phXwFSRSzy;DdlkBB?;AQQwKLz7J6~Hs
zwmE0I)KfDaUhE-xF2qvfvl!gkp~^d5$6GS8)DMX9<9cbTc6h%#trkST8CE^FIA4#x
zUy*9oaGE+F9fm~y7=<?0C-QB&3*(+Vdd2v#>XN3NF76Tx(3(DaIkQiNY|Oa7ec!a+
z;;ZH@T-c)n?tLhTL4D8^Gztpu*8DfI$FWp_7Fy$6p%Y<b;<~JkBI?k1Tbx-hrh_5B
zWe>V7?*3+~GJBz9qwmSMo#J*JBN};+bc2kv(oli7=w=txcTCLE+O-fZx++<1ig(YB
z6>WUhQ$8CID|4LI<Iqjd^|4aVm7{5hAoKESsA_ep`hxoV<V*2*GWT>x>pT~Of7S4X
z-2;s9!yRsa2G!;Uk13QT)<x|zCx3mNHYXzlDp$dcp8*Zv)~q1XaG5sMmlf{q)pbP}
z$&(b~{!8Dhi_@Wjx<&?XU+8GjI;uH6zE_F47p3)0q~Cfd7|0Pbv`=LVkpoK8z<DEm
zqU4ODmD~gu*W202+e;A2i-r6HL_Da*um-n0(lkCTJvy<**w%u<2>-CS`<iJ6G4fCR
z<=ENS+%v-Yr$0?LM=3jZF{VbFW>}q3`}OVj^9Hd{W_*{o><U*6lwcD)@;P;d1K^Y1
zX%Trw)Svbt%^GL|s^2(^hU3~g@8J(;@Iw-dnGV3sG3)nxe14A9tEf3dWw9#oK1NtN
z@c?ZuvKzVZMgMUP*Io2|(R$YplkL_7kIf&yV0Oh1ZPCv{r$Li>Hr5dwy250QSweFp
zI%E=h(n1Rq6B8y2Nc!p4fM>CVxSr5V+&hi0<|-d$_Q6!39Y<9_SU~6qRX!!mN!+G^
zMDW;_qy_EC#@KrdiU<wsiOQ~B@Va9gZ>|R8m9MvsEWdEmJH97-u<@LYBl;K@m)e1X
zpo4%$nDo_7nz~yX{K1MnlA~ZEhFc*P>@dmzt#5LtvyuXpu%J9rkewzw!SLo#*TK}T
z%P&R^Rjh8-P;PRUlX6?mdNx9xbWQ9L!yao5o7S|=Tw%#4tF+iRK<4*vC`+V5UaPou
zpLhHh^C45&#n9oSU?1|Q<g)G{L29AHasy;~TQ1+fy)?midy(g=6z0oL5xiQrjsp&5
zDk@k@_ns2M{44?`0K>(er=TT~r`j}5Mwd5lZAxCiK;tq3YYko`7z-|qQB>Q49J8mr
z9!k<w{tUIb%$C&6>N+80u^vN!Zp3nv;{ySVw#DS4<0(d<+xxT#D$F6VW{K2jzHUQ~
zGuP-Tav0`y34BgEV{AsF6A>F*sHSk!h-KMISECiD{&RO%dapEG77p$c&l)vgSF6K3
z8Bd2HX>N6MoUNti2ZT>KUNgXJXtPhNgTKlag{<x7<m6;thd!auB~Y7XRf=VXZ$~|L
z+&wzm-&K{$c_PVs#8Gy+`{OU>IuWRh$U7&da+bN3T`0FUin#oF^?$Pxm(5m8rd4|`
zxJBz`f^Xvt*bsypn-M4@Z#+2gTm7|YsO1DVV3F=nYf!3~31yzhV6#W5yG-V@@Q+s)
zcf2wxm-YYSljLNUoDtOLzDR5tPGLT)<Npz!{QOSgtxxr^T>FwbehlF|R3Eng4oxq?
z#v6xgacL~Bo8IrsBYx=>`j!(YTlHNhn&lX42i6zVNG|EbQ(hEaSxOU8lAt4vp7dt!
zv1iZo1vA&zvmznK7QFT4*T(fmwG{aBVA10UM++F!fx`fMAxbUtFR*66`o@Uthr>wl
zfdW=sgOpz(dU^shB2RhD+qOq~mXownv>W6OO@6C{LSNnt9@ZkT@9J_2NBhHV%wqS~
zWM%Pt9f!iMa3SCcz(4EZ9I=oALICi$aAg0Wj`Q~>f9ElOEB#-Slq0E~|6?_~!bL>C
Pr2vmS?kFC!|Azho)r@;o

literal 0
HcmV?d00001

diff --git a/Solutions/Vectra AI Detect/Package/createUiDefinition.json b/Solutions/Vectra AI Detect/Package/createUiDefinition.json
index bb309bfb74b..74014f15726 100644
--- a/Solutions/Vectra AI Detect/Package/createUiDefinition.json	
+++ b/Solutions/Vectra AI Detect/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AIVectraDetect.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Vectra%20AI%20Detect/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Vectra AI Detect](https://www.vectra.ai/products/platform%22%20/t%20%22_blank) solution for Microsoft Sentinel enables you to ingest Vectra AI logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.\n\r This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connectors:** 2, **Workbooks:** 1, **Analytic Rules:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AIVectraDetect.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Vectra%20AI%20Detect/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Vectra AI Detect](https://www.vectra.ai/products/platform%22%20/t%20%22_blank) solution for Microsoft Sentinel enables you to ingest Vectra AI logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.\n\r This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation. \n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024.**\n\n**Workbooks:** 1, **Analytic Rules:** 7\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Vectra AI Detect. You can get Vectra AI Detect CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
diff --git a/Solutions/Vectra AI Detect/Package/mainTemplate.json b/Solutions/Vectra AI Detect/Package/mainTemplate.json
index 06228dec2ec..6c56bf8cf55 100644
--- a/Solutions/Vectra AI Detect/Package/mainTemplate.json	
+++ b/Solutions/Vectra AI Detect/Package/mainTemplate.json	
@@ -39,27 +39,9 @@
   },
   "variables": {
     "_solutionName": "Vectra AI Detect",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "vectraaiinc.ai_vectra_detect_mss",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "AIVectraDetect",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "AIVectraDetect",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "uiConfigId2": "AIVectraDetectAma",
-    "_uiConfigId2": "[variables('uiConfigId2')]",
-    "dataConnectorContentId2": "AIVectraDetectAma",
-    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
-    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-    "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
-    "dataConnectorVersion2": "1.0.0",
-    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "workbookVersion1": "1.1.1",
     "workbookContentId1": "AIVectraDetectWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
@@ -68,787 +50,57 @@
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.7",
+      "analyticRuleVersion1": "1.0.9",
       "_analyticRulecontentId1": "321f9dbd-64b7-4541-81dc-08cf7732ccb0",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '321f9dbd-64b7-4541-81dc-08cf7732ccb0')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('321f9dbd-64b7-4541-81dc-08cf7732ccb0')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','321f9dbd-64b7-4541-81dc-08cf7732ccb0','-', '1.0.7')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','321f9dbd-64b7-4541-81dc-08cf7732ccb0','-', '1.0.9')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.3",
+      "analyticRuleVersion2": "1.0.5",
       "_analyticRulecontentId2": "ce54b5d3-4c31-4eaf-a73e-31412270b6ab",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ce54b5d3-4c31-4eaf-a73e-31412270b6ab')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ce54b5d3-4c31-4eaf-a73e-31412270b6ab')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ce54b5d3-4c31-4eaf-a73e-31412270b6ab','-', '1.0.3')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ce54b5d3-4c31-4eaf-a73e-31412270b6ab','-', '1.0.5')))]"
     },
     "analyticRuleObject3": {
-      "analyticRuleVersion3": "1.0.8",
+      "analyticRuleVersion3": "1.1.0",
       "_analyticRulecontentId3": "39e48890-2c02-487e-aa9e-3ba494061798",
       "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '39e48890-2c02-487e-aa9e-3ba494061798')]",
       "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('39e48890-2c02-487e-aa9e-3ba494061798')))]",
-      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','39e48890-2c02-487e-aa9e-3ba494061798','-', '1.0.8')))]"
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','39e48890-2c02-487e-aa9e-3ba494061798','-', '1.1.0')))]"
     },
     "analyticRuleObject4": {
-      "analyticRuleVersion4": "1.0.7",
+      "analyticRuleVersion4": "1.0.9",
       "_analyticRulecontentId4": "60eb6cf0-3fa1-44c1-b1fe-220fbee23d63",
       "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '60eb6cf0-3fa1-44c1-b1fe-220fbee23d63')]",
       "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('60eb6cf0-3fa1-44c1-b1fe-220fbee23d63')))]",
-      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','60eb6cf0-3fa1-44c1-b1fe-220fbee23d63','-', '1.0.7')))]"
+      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','60eb6cf0-3fa1-44c1-b1fe-220fbee23d63','-', '1.0.9')))]"
     },
     "analyticRuleObject5": {
-      "analyticRuleVersion5": "1.0.3",
+      "analyticRuleVersion5": "1.0.5",
       "_analyticRulecontentId5": "33e3b6da-2660-4cd7-9032-11be76db88d2",
       "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '33e3b6da-2660-4cd7-9032-11be76db88d2')]",
       "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('33e3b6da-2660-4cd7-9032-11be76db88d2')))]",
-      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','33e3b6da-2660-4cd7-9032-11be76db88d2','-', '1.0.3')))]"
+      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','33e3b6da-2660-4cd7-9032-11be76db88d2','-', '1.0.5')))]"
     },
     "analyticRuleObject6": {
-      "analyticRuleVersion6": "1.1.8",
+      "analyticRuleVersion6": "1.2.3",
       "_analyticRulecontentId6": "a34d0338-eda0-42b5-8b93-32aae0d7a501",
       "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'a34d0338-eda0-42b5-8b93-32aae0d7a501')]",
       "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('a34d0338-eda0-42b5-8b93-32aae0d7a501')))]",
-      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a34d0338-eda0-42b5-8b93-32aae0d7a501','-', '1.1.8')))]"
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','a34d0338-eda0-42b5-8b93-32aae0d7a501','-', '1.2.3')))]"
     },
     "analyticRuleObject7": {
-      "analyticRuleVersion7": "1.0.9",
+      "analyticRuleVersion7": "1.1.1",
       "_analyticRulecontentId7": "6cb75f65-231f-46c4-a0b3-50ff21ee6ed3",
       "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6cb75f65-231f-46c4-a0b3-50ff21ee6ed3')]",
       "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6cb75f65-231f-46c4-a0b3-50ff21ee6ed3')))]",
-      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6cb75f65-231f-46c4-a0b3-50ff21ee6ed3','-', '1.0.9')))]"
+      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6cb75f65-231f-46c4-a0b3-50ff21ee6ed3','-', '1.1.1')))]"
     },
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Vectra AI Detect data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Vectra AI Detect via Legacy Agent",
-                  "publisher": "Vectra AI",
-                  "descriptionMarkdown": "The AI Vectra Detect connector allows users to connect Vectra Detect logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives users more insight into their organization's network and improves their security operation capabilities.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "AIVectraDetect",
-                      "baseQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct == \"X Series\"\n"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "All logs",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct  == \"X Series\"\n| sort by TimeGenerated \n"
-                    },
-                    {
-                      "description": "Host Count by Severity",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID == \"hsc\"\n| extend src = coalesce(SourceHostName, SourceIP)\n| summarize arg_max(TimeGenerated, *) by src\n| extend status = case(FlexNumber1>=50 and FlexNumber2<50, \"High\",  FlexNumber1>=50 and FlexNumber2>=50, \"Critical\",  FlexNumber1<50 and FlexNumber2>=50, \"Medium\",  FlexNumber1>0 and FlexNumber1<50 and FlexNumber2>0 and FlexNumber2<50,\"Low\",  \"Other\")\n| where status != \"Other\"\n| summarize Count = count() by status"
-                    },
-                    {
-                      "description": "List of worst offenders",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID == \"hsc\"\n| extend src = coalesce(SourceHostName, SourceIP)\n| summarize arg_max(TimeGenerated, *) by src\n| sort by FlexNumber1 desc, FlexNumber2 desc\n| limit 10\n| project row_number(), src, SourceIP, FlexNumber1 , FlexNumber2, TimeGenerated\n| project-rename Sr_No = Column1, Source = src, Source_IP = SourceIP, Threat = FlexNumber1, Certainty = FlexNumber2, Latest_Detection = TimeGenerated"
-                    },
-                    {
-                      "description": "Top 10 Detection Types",
-                      "query": "CommonSecurityLog\r\n| extend ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"), tostring(ExternalID), \"\")\r\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID !in (\"health\", \"audit\", \"campaigns\", \"hsc\", \"asc\") and isnotnull(ExternalID)\r\n| summarize Count = count() by DeviceEventClassID\r\n| top 10 by Count desc"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (AIVectraDetect)",
-                      "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct == \"X Series\"\n\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct == \"X Series\"\n\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "innerSteps": [
-                        {
-                          "title": "1.1 Select or create a Linux machine",
-                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                        },
-                        {
-                          "title": "1.2 Install the CEF collector on the Linux machine",
-                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 over TCP, UDP or TLS.\n\n> 1. Make sure that you have Python on your machine using the following command: python --version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                          "instructions": [
-                            {
-                              "parameters": {
-                                "fillWith": [
-                                  "WorkspaceId",
-                                  "PrimaryKey"
-                                ],
-                                "label": "Run the following command to install and apply the CEF collector:",
-                                "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                              },
-                              "type": "CopyableLabel"
-                            }
-                          ]
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "Configure Vectra (X Series) Agent to forward Syslog messages in CEF format to your Microsoft Sentinel workspace via the Syslog agent.\n\nFrom the Vectra UI, navigate to Settings > Notifications and Edit Syslog configuration. Follow below instructions to set up the connection:\n\n- Add a new Destination (which is the host where the Microsoft Sentinel Syslog Agent is running)\n\n- Set the Port as **514**\n\n- Set the Protocol as **UDP**\n\n- Set the format to **CEF**\n\n- Set Log types (Select all log types available)\n\n- Click on **Save**\n\nUser can click the **Test** button to force send some test events.\n\n For more information, refer to Cognito Detect Syslog Guide which can be downloaded from the ressource page in Detect UI.",
-                      "title": "2. Forward AI Vectra Detect logs to Syslog agent in CEF format"
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python --version\n\n>2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "4. Secure your machine "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "2de7b355-5f0b-4eb1-a264-629314ef86e5",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Vectra AI"
-                    },
-                    "support": {
-                      "name": "Vectra AI",
-                      "link": "https://www.vectra.ai/support",
-                      "tier": "developer"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Vectra AI Detect",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Vectra AI"
-                },
-                "support": {
-                  "name": "Vectra AI",
-                  "tier": "Partner",
-                  "email": "support@vectra.ai",
-                  "link": "https://www.vectra.ai/support"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Vectra AI Detect via Legacy Agent",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Vectra AI Detect",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Vectra AI"
-        },
-        "support": {
-          "name": "Vectra AI",
-          "tier": "Partner",
-          "email": "support@vectra.ai",
-          "link": "https://www.vectra.ai/support"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Vectra AI Detect via Legacy Agent",
-          "publisher": "Vectra AI",
-          "descriptionMarkdown": "The AI Vectra Detect connector allows users to connect Vectra Detect logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives users more insight into their organization's network and improves their security operation capabilities.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "AIVectraDetect",
-              "baseQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct == \"X Series\"\n"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (AIVectraDetect)",
-              "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct == \"X Series\"\n\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct == \"X Series\"\n\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "All logs",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct  == \"X Series\"\n| sort by TimeGenerated \n"
-            },
-            {
-              "description": "Host Count by Severity",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID == \"hsc\"\n| extend src = coalesce(SourceHostName, SourceIP)\n| summarize arg_max(TimeGenerated, *) by src\n| extend status = case(FlexNumber1>=50 and FlexNumber2<50, \"High\",  FlexNumber1>=50 and FlexNumber2>=50, \"Critical\",  FlexNumber1<50 and FlexNumber2>=50, \"Medium\",  FlexNumber1>0 and FlexNumber1<50 and FlexNumber2>0 and FlexNumber2<50,\"Low\",  \"Other\")\n| where status != \"Other\"\n| summarize Count = count() by status"
-            },
-            {
-              "description": "List of worst offenders",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID == \"hsc\"\n| extend src = coalesce(SourceHostName, SourceIP)\n| summarize arg_max(TimeGenerated, *) by src\n| sort by FlexNumber1 desc, FlexNumber2 desc\n| limit 10\n| project row_number(), src, SourceIP, FlexNumber1 , FlexNumber2, TimeGenerated\n| project-rename Sr_No = Column1, Source = src, Source_IP = SourceIP, Threat = FlexNumber1, Certainty = FlexNumber2, Latest_Detection = TimeGenerated"
-            },
-            {
-              "description": "Top 10 Detection Types",
-              "query": "CommonSecurityLog\r\n| extend ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"), tostring(ExternalID), \"\")\r\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID !in (\"health\", \"audit\", \"campaigns\", \"hsc\", \"asc\") and isnotnull(ExternalID)\r\n| summarize Count = count() by DeviceEventClassID\r\n| top 10 by Count desc"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 over TCP, UDP or TLS.\n\n> 1. Make sure that you have Python on your machine using the following command: python --version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "Configure Vectra (X Series) Agent to forward Syslog messages in CEF format to your Microsoft Sentinel workspace via the Syslog agent.\n\nFrom the Vectra UI, navigate to Settings > Notifications and Edit Syslog configuration. Follow below instructions to set up the connection:\n\n- Add a new Destination (which is the host where the Microsoft Sentinel Syslog Agent is running)\n\n- Set the Port as **514**\n\n- Set the Protocol as **UDP**\n\n- Set the format to **CEF**\n\n- Set Log types (Select all log types available)\n\n- Click on **Save**\n\nUser can click the **Test** button to force send some test events.\n\n For more information, refer to Cognito Detect Syslog Guide which can be downloaded from the ressource page in Detect UI.",
-              "title": "2. Forward AI Vectra Detect logs to Syslog agent in CEF format"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python --version\n\n>2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]"
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Vectra AI Detect data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId2')]",
-                  "title": "[Deprecated] Vectra AI Detect via AMA",
-                  "publisher": "Vectra AI",
-                  "descriptionMarkdown": "The AI Vectra Detect connector allows users to connect Vectra Detect logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives users more insight into their organization's network and improves their security operation capabilities.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "AIVectraDetect",
-                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Vectra Networks' \n |where DeviceProduct=~ 'X Series'\n |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "All logs",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct  == \"X Series\"\n| sort by TimeGenerated \n"
-                    },
-                    {
-                      "description": "Host Count by Severity",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID == \"hsc\"\n| extend src = coalesce(SourceHostName, SourceIP)\n| summarize arg_max(TimeGenerated, *) by src\n| extend status = case(FlexNumber1>=50 and FlexNumber2<50, \"High\",  FlexNumber1>=50 and FlexNumber2>=50, \"Critical\",  FlexNumber1<50 and FlexNumber2>=50, \"Medium\",  FlexNumber1>0 and FlexNumber1<50 and FlexNumber2>0 and FlexNumber2<50,\"Low\",  \"Other\")\n| where status != \"Other\"\n| summarize Count = count() by status"
-                    },
-                    {
-                      "description": "List of worst offenders",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID == \"hsc\"\n| extend src = coalesce(SourceHostName, SourceIP)\n| summarize arg_max(TimeGenerated, *) by src\n| sort by FlexNumber1 desc, FlexNumber2 desc\n| limit 10\n| project row_number(), src, SourceIP, FlexNumber1 , FlexNumber2, TimeGenerated\n| project-rename Sr_No = Column1, Source = src, Source_IP = SourceIP, Threat = FlexNumber1, Certainty = FlexNumber2, Latest_Detection = TimeGenerated"
-                    },
-                    {
-                      "description": "Top 10 Detection Types",
-                      "query": "CommonSecurityLog\r\n| extend ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"), tostring(ExternalID), \"\")\r\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID !in (\"health\", \"audit\", \"campaigns\", \"hsc\", \"asc\") and isnotnull(ExternalID)\r\n| summarize Count = count() by DeviceEventClassID\r\n| top 10 by Count desc"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (AIVectraDetect)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Vectra Networks' \n |where DeviceProduct=~ 'X Series'\n |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n |where DeviceVendor =~ 'Vectra Networks' \n |where DeviceProduct=~ 'X Series'\n |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                      },
-                      {
-                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "1. Kindly follow the steps to configure the data connector",
-                            "instructionSteps": [
-                              {
-                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                              },
-                              {
-                                "title": "Step B. Forward AI Vectra Detect logs to Syslog agent in CEF format",
-                                "description": "Configure Vectra (X Series) Agent to forward Syslog messages in CEF format to your Microsoft Sentinel workspace via the Syslog agent.\n\nFrom the Vectra UI, navigate to Settings > Notifications and Edit Syslog configuration. Follow below instructions to set up the connection:\n\n- Add a new Destination (which is the host where the Microsoft Sentinel Syslog Agent is running)\n\n- Set the Port as **514**\n\n- Set the Protocol as **UDP**\n\n- Set the format to **CEF**\n\n- Set Log types (Select all log types available)\n\n- Click on **Save**\n\nUser can click the **Test** button to force send some test events.\n\n For more information, refer to Cognito Detect Syslog Guide which can be downloaded from the ressource page in Detect UI."
-                              },
-                              {
-                                "title": "Step C. Validate connection",
-                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "label": "Run the following command to validate your connectivity:",
-                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                                    },
-                                    "type": "CopyableLabel"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "2. Secure your machine "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "2de7b355-5f0b-4eb1-a264-629314ef86e5",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Vectra AI"
-                    },
-                    "support": {
-                      "name": "Vectra AI",
-                      "link": "https://www.vectra.ai/support",
-                      "tier": "developer"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-                "contentId": "[variables('_dataConnectorContentId2')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Vectra AI Detect",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Vectra AI"
-                },
-                "support": {
-                  "name": "Vectra AI",
-                  "tier": "Partner",
-                  "email": "support@vectra.ai",
-                  "link": "https://www.vectra.ai/support"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Vectra AI Detect via AMA",
-        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
-        "id": "[variables('_dataConnectorcontentProductId2')]",
-        "version": "[variables('dataConnectorVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId2')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion2')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Vectra AI Detect",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Vectra AI"
-        },
-        "support": {
-          "name": "Vectra AI",
-          "tier": "Partner",
-          "email": "support@vectra.ai",
-          "link": "https://www.vectra.ai/support"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Vectra AI Detect via AMA",
-          "publisher": "Vectra AI",
-          "descriptionMarkdown": "The AI Vectra Detect connector allows users to connect Vectra Detect logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives users more insight into their organization's network and improves their security operation capabilities.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "AIVectraDetect",
-              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Vectra Networks' \n |where DeviceProduct=~ 'X Series'\n |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (AIVectraDetect)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Vectra Networks' \n |where DeviceProduct=~ 'X Series'\n |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n |where DeviceVendor =~ 'Vectra Networks' \n |where DeviceProduct=~ 'X Series'\n |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "All logs",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\"\n| where DeviceProduct  == \"X Series\"\n| sort by TimeGenerated \n"
-            },
-            {
-              "description": "Host Count by Severity",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID == \"hsc\"\n| extend src = coalesce(SourceHostName, SourceIP)\n| summarize arg_max(TimeGenerated, *) by src\n| extend status = case(FlexNumber1>=50 and FlexNumber2<50, \"High\",  FlexNumber1>=50 and FlexNumber2>=50, \"Critical\",  FlexNumber1<50 and FlexNumber2>=50, \"Medium\",  FlexNumber1>0 and FlexNumber1<50 and FlexNumber2>0 and FlexNumber2<50,\"Low\",  \"Other\")\n| where status != \"Other\"\n| summarize Count = count() by status"
-            },
-            {
-              "description": "List of worst offenders",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID == \"hsc\"\n| extend src = coalesce(SourceHostName, SourceIP)\n| summarize arg_max(TimeGenerated, *) by src\n| sort by FlexNumber1 desc, FlexNumber2 desc\n| limit 10\n| project row_number(), src, SourceIP, FlexNumber1 , FlexNumber2, TimeGenerated\n| project-rename Sr_No = Column1, Source = src, Source_IP = SourceIP, Threat = FlexNumber1, Certainty = FlexNumber2, Latest_Detection = TimeGenerated"
-            },
-            {
-              "description": "Top 10 Detection Types",
-              "query": "CommonSecurityLog\r\n| extend ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"), tostring(ExternalID), \"\")\r\n| where DeviceVendor == \"Vectra Networks\" and DeviceEventClassID !in (\"health\", \"audit\", \"campaigns\", \"hsc\", \"asc\") and isnotnull(ExternalID)\r\n| summarize Count = count() by DeviceEventClassID\r\n| top 10 by Count desc"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-              },
-              {
-                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "1. Kindly follow the steps to configure the data connector",
-                    "instructionSteps": [
-                      {
-                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                      },
-                      {
-                        "title": "Step B. Forward AI Vectra Detect logs to Syslog agent in CEF format",
-                        "description": "Configure Vectra (X Series) Agent to forward Syslog messages in CEF format to your Microsoft Sentinel workspace via the Syslog agent.\n\nFrom the Vectra UI, navigate to Settings > Notifications and Edit Syslog configuration. Follow below instructions to set up the connection:\n\n- Add a new Destination (which is the host where the Microsoft Sentinel Syslog Agent is running)\n\n- Set the Port as **514**\n\n- Set the Protocol as **UDP**\n\n- Set the format to **CEF**\n\n- Set Log types (Select all log types available)\n\n- Click on **Save**\n\nUser can click the **Test** button to force send some test events.\n\n For more information, refer to Cognito Detect Syslog Guide which can be downloaded from the ressource page in Detect UI."
-                      },
-                      {
-                        "title": "Step C. Validate connection",
-                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "label": "Run the following command to validate your connectivity:",
-                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                            },
-                            "type": "CopyableLabel"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "2. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId2')]"
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -858,7 +110,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "AIVectraDetectWorkbook Workbook with template version 3.0.1",
+        "description": "AIVectraDetectWorkbook Workbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -949,7 +201,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "VectraDetect-Account-by-Severity_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "VectraDetect-Account-by-Severity_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -977,22 +229,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetect"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetectAma"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "CefAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -1004,6 +244,15 @@
                   "Exfiltration",
                   "Impact"
                 ],
+                "techniques": [
+                  "T1003",
+                  "T1087",
+                  "T1021",
+                  "T1119",
+                  "T1071",
+                  "T1041",
+                  "T1499"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
@@ -1028,34 +277,34 @@
                 "alertDetailsOverride": {
                   "alertDynamicProperties": [
                     {
-                      "value": "vectra_URL",
-                      "alertProperty": "AlertLink"
+                      "alertProperty": "AlertLink",
+                      "value": "vectra_URL"
                     },
                     {
-                      "value": "DeviceProduct",
-                      "alertProperty": "ProductName"
+                      "alertProperty": "ProductName",
+                      "value": "DeviceProduct"
                     },
                     {
-                      "value": "DeviceVendor",
-                      "alertProperty": "ProviderName"
+                      "alertProperty": "ProviderName",
+                      "value": "DeviceVendor"
                     },
                     {
-                      "value": "certainty_score",
-                      "alertProperty": "ConfidenceScore"
+                      "alertProperty": "ConfidenceScore",
+                      "value": "certainty_score"
                     }
                   ],
+                  "alertDescriptionFormat": "The account {{saccount}} has a threat score of {{threat_score}} and a\ncertainty of {{certainty_score}}\n",
                   "alertDisplayNameFormat": "Vectra AI Detect - Account {{saccount}} reaches {{level}} severity",
-                  "alertSeverityColumnName": "Severity",
-                  "alertDescriptionFormat": "The account {{saccount}} has a threat score of {{threat_score}} and a\ncertainty of {{certainty_score}}\n"
+                  "alertSeverityColumnName": "Severity"
                 },
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
+                    "matchingMethod": "AllEntities",
                     "reopenClosedIncident": true,
-                    "lookbackDuration": "7d",
                     "enabled": true,
-                    "matchingMethod": "AllEntities"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "7d"
+                  }
                 }
               }
             },
@@ -1109,7 +358,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "VectraDetect-Account-Detections_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "VectraDetect-Account-Detections_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -1137,22 +386,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetect"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetectAma"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "CefAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -1164,6 +401,15 @@
                   "Exfiltration",
                   "Impact"
                 ],
+                "techniques": [
+                  "T1003",
+                  "T1087",
+                  "T1021",
+                  "T1119",
+                  "T1071",
+                  "T1041",
+                  "T1499"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Account",
@@ -1183,31 +429,31 @@
                   "aggregationKind": "AlertPerResult"
                 },
                 "customDetails": {
-                  "AttackType": "Activity",
-                  "AttackCategory": "Category"
+                  "AttackCategory": "Category",
+                  "AttackType": "Activity"
                 },
                 "alertDetailsOverride": {
                   "alertDynamicProperties": [
                     {
-                      "value": "vectra_URL",
-                      "alertProperty": "AlertLink"
+                      "alertProperty": "AlertLink",
+                      "value": "vectra_URL"
                     },
                     {
-                      "value": "DeviceProduct",
-                      "alertProperty": "ProductName"
+                      "alertProperty": "ProductName",
+                      "value": "DeviceProduct"
                     },
                     {
-                      "value": "DeviceVendor",
-                      "alertProperty": "ProviderName"
+                      "alertProperty": "ProviderName",
+                      "value": "DeviceVendor"
                     },
                     {
-                      "value": "certainty_score",
-                      "alertProperty": "ConfidenceScore"
+                      "alertProperty": "ConfidenceScore",
+                      "value": "certainty_score"
                     }
                   ],
+                  "alertDescriptionFormat": "Entity is an account. Category is {{Category}}. Threat score is {{threat_score}} and certainty score is {{certainty_score}}.\n",
                   "alertDisplayNameFormat": "Vectra AI - {{Activity}} Detected",
-                  "alertSeverityColumnName": "Severity",
-                  "alertDescriptionFormat": "Entity is an account. Category is {{Category}}. Threat score is {{threat_score}} and certainty score is {{certainty_score}}.\n"
+                  "alertSeverityColumnName": "Severity"
                 }
               }
             },
@@ -1261,7 +507,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "VectraDetect-HighSeverityDetection-by-Tactics_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "VectraDetect-HighSeverityDetection-by-Tactics_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -1289,22 +535,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetect"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetectAma"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "CefAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -1316,6 +550,15 @@
                   "Exfiltration",
                   "Impact"
                 ],
+                "techniques": [
+                  "T1003",
+                  "T1087",
+                  "T1021",
+                  "T1119",
+                  "T1071",
+                  "T1041",
+                  "T1499"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Host",
@@ -1344,40 +587,40 @@
                   "aggregationKind": "AlertPerResult"
                 },
                 "customDetails": {
-                  "AttackType": "Activity",
-                  "AttackCategory": "Category"
+                  "AttackCategory": "Category",
+                  "AttackType": "Activity"
                 },
                 "alertDetailsOverride": {
                   "alertDynamicProperties": [
                     {
-                      "value": "vectra_URL",
-                      "alertProperty": "AlertLink"
+                      "alertProperty": "AlertLink",
+                      "value": "vectra_URL"
                     },
                     {
-                      "value": "DeviceProduct",
-                      "alertProperty": "ProductName"
+                      "alertProperty": "ProductName",
+                      "value": "DeviceProduct"
                     },
                     {
-                      "value": "DeviceVendor",
-                      "alertProperty": "ProviderName"
+                      "alertProperty": "ProviderName",
+                      "value": "DeviceVendor"
                     },
                     {
-                      "value": "certainty_score",
-                      "alertProperty": "ConfidenceScore"
+                      "alertProperty": "ConfidenceScore",
+                      "value": "certainty_score"
                     }
                   ],
+                  "alertDescriptionFormat": "Source entity is {{source_entity}} and category is {{Category}}. Threat score is {{threat_score}}.",
                   "alertDisplayNameFormat": "Vectra AI Detect - {{Activity}} detected",
-                  "alertSeverityColumnName": "Severity",
-                  "alertDescriptionFormat": "Source entity is {{source_entity}} and category is {{Category}}. Threat score is {{threat_score}}."
+                  "alertSeverityColumnName": "Severity"
                 },
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
+                    "matchingMethod": "AllEntities",
                     "reopenClosedIncident": true,
-                    "lookbackDuration": "7d",
                     "enabled": true,
-                    "matchingMethod": "AllEntities"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "7d"
+                  }
                 }
               }
             },
@@ -1431,7 +674,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "VectraDetect-Host-by-Severity_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "VectraDetect-Host-by-Severity_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -1459,22 +702,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetect"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetectAma"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "CefAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -1486,6 +717,15 @@
                   "Exfiltration",
                   "Impact"
                 ],
+                "techniques": [
+                  "T1003",
+                  "T1087",
+                  "T1021",
+                  "T1119",
+                  "T1071",
+                  "T1041",
+                  "T1499"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Host",
@@ -1506,34 +746,34 @@
                 "alertDetailsOverride": {
                   "alertDynamicProperties": [
                     {
-                      "value": "vectra_URL",
-                      "alertProperty": "AlertLink"
+                      "alertProperty": "AlertLink",
+                      "value": "vectra_URL"
                     },
                     {
-                      "value": "DeviceProduct",
-                      "alertProperty": "ProductName"
+                      "alertProperty": "ProductName",
+                      "value": "DeviceProduct"
                     },
                     {
-                      "value": "DeviceVendor",
-                      "alertProperty": "ProviderName"
+                      "alertProperty": "ProviderName",
+                      "value": "DeviceVendor"
                     },
                     {
-                      "value": "certainty_score",
-                      "alertProperty": "ConfidenceScore"
+                      "alertProperty": "ConfidenceScore",
+                      "value": "certainty_score"
                     }
                   ],
+                  "alertDescriptionFormat": "The host {{SourceHostName}} has a Threat score of {{threat_score}} and a\ncertainty of {{certainty_score}}\n",
                   "alertDisplayNameFormat": "Vectra AI Detect - Host {{SourceHostName}} reaches {{level}} severity",
-                  "alertSeverityColumnName": "Severity",
-                  "alertDescriptionFormat": "The host {{SourceHostName}} has a Threat score of {{threat_score}} and a\ncertainty of {{certainty_score}}\n"
+                  "alertSeverityColumnName": "Severity"
                 },
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
+                    "matchingMethod": "AllEntities",
                     "reopenClosedIncident": true,
-                    "lookbackDuration": "7d",
                     "enabled": true,
-                    "matchingMethod": "AllEntities"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "7d"
+                  }
                 }
               }
             },
@@ -1587,7 +827,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "VectraDetect-Host-Detections_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "VectraDetect-Host-Detections_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -1615,22 +855,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetect"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetectAma"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "CefAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -1642,6 +870,15 @@
                   "Exfiltration",
                   "Impact"
                 ],
+                "techniques": [
+                  "T1003",
+                  "T1087",
+                  "T1021",
+                  "T1119",
+                  "T1071",
+                  "T1041",
+                  "T1499"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Host",
@@ -1657,31 +894,31 @@
                   "aggregationKind": "AlertPerResult"
                 },
                 "customDetails": {
-                  "AttackType": "Activity",
-                  "AttackCategory": "Category"
+                  "AttackCategory": "Category",
+                  "AttackType": "Activity"
                 },
                 "alertDetailsOverride": {
                   "alertDynamicProperties": [
                     {
-                      "value": "vectra_URL",
-                      "alertProperty": "AlertLink"
+                      "alertProperty": "AlertLink",
+                      "value": "vectra_URL"
                     },
                     {
-                      "value": "DeviceProduct",
-                      "alertProperty": "ProductName"
+                      "alertProperty": "ProductName",
+                      "value": "DeviceProduct"
                     },
                     {
-                      "value": "DeviceVendor",
-                      "alertProperty": "ProviderName"
+                      "alertProperty": "ProviderName",
+                      "value": "DeviceVendor"
                     },
                     {
-                      "value": "certainty_score",
-                      "alertProperty": "ConfidenceScore"
+                      "alertProperty": "ConfidenceScore",
+                      "value": "certainty_score"
                     }
                   ],
+                  "alertDescriptionFormat": "Entity is a host. Category is {{Category}}. Threat score is {{threat_score}} and certainty score is {{certainty_score}}.\n",
                   "alertDisplayNameFormat": "Vectra AI - {{Activity}} Detected",
-                  "alertSeverityColumnName": "Severity",
-                  "alertDescriptionFormat": "Entity is a host. Category is {{Category}}. Threat score is {{threat_score}} and certainty score is {{certainty_score}}.\n"
+                  "alertSeverityColumnName": "Severity"
                 }
               }
             },
@@ -1735,7 +972,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "VectraDetect-NewCampaign_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "VectraDetect-NewCampaign_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -1763,28 +1000,20 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetect"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetectAma"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "CefAma"
+                    ]
                   }
                 ],
                 "tactics": [
                   "LateralMovement",
                   "CommandAndControl"
                 ],
+                "techniques": [
+                  "T1021",
+                  "T1071"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "DNS",
@@ -1797,36 +1026,36 @@
                   }
                 ],
                 "customDetails": {
-                  "CampaignSourceHost": "SourceHostName",
+                  "CampaignName": "Activity",
                   "CampaignReason": "reason",
-                  "CampaignName": "Activity"
+                  "CampaignSourceHost": "SourceHostName"
                 },
                 "alertDetailsOverride": {
-                  "alertDisplayNameFormat": "Vectra AI - New Campaign Detected",
                   "alertDynamicProperties": [
                     {
-                      "value": "vectra_URL",
-                      "alertProperty": "AlertLink"
+                      "alertProperty": "AlertLink",
+                      "value": "vectra_URL"
                     },
                     {
-                      "value": "DeviceProduct",
-                      "alertProperty": "ProductName"
+                      "alertProperty": "ProductName",
+                      "value": "DeviceProduct"
                     },
                     {
-                      "value": "DeviceVendor",
-                      "alertProperty": "ProviderName"
+                      "alertProperty": "ProviderName",
+                      "value": "DeviceVendor"
                     }
                   ],
-                  "alertDescriptionFormat": "A new campaign named {{Activity}} has been detected (reason is {{reason}})\n"
+                  "alertDescriptionFormat": "A new campaign named {{Activity}} has been detected (reason is {{reason}})\n",
+                  "alertDisplayNameFormat": "Vectra AI - New Campaign Detected"
                 },
                 "incidentConfiguration": {
+                  "createIncident": true,
                   "groupingConfiguration": {
+                    "matchingMethod": "AllEntities",
                     "reopenClosedIncident": true,
-                    "lookbackDuration": "7d",
                     "enabled": true,
-                    "matchingMethod": "AllEntities"
-                  },
-                  "createIncident": true
+                    "lookbackDuration": "7d"
+                  }
                 }
               }
             },
@@ -1880,7 +1109,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "VectraDetect-Suspected-Behavior-by-Tactics_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "VectraDetect-Suspected-Behavior-by-Tactics_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -1908,22 +1137,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
+                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetect"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "AIVectraDetectAma"
-                  },
-                  {
-                    "dataTypes": [
-                      "CommonSecurityLog"
-                    ],
-                    "connectorId": "CefAma"
+                    ]
                   }
                 ],
                 "tactics": [
@@ -1935,6 +1152,15 @@
                   "Exfiltration",
                   "Impact"
                 ],
+                "techniques": [
+                  "T1003",
+                  "T1087",
+                  "T1021",
+                  "T1119",
+                  "T1071",
+                  "T1041",
+                  "T1499"
+                ],
                 "entityMappings": [
                   {
                     "entityType": "Host",
@@ -1963,31 +1189,31 @@
                   "aggregationKind": "AlertPerResult"
                 },
                 "customDetails": {
-                  "AttackType": "Activity",
-                  "AttackCategory": "Category"
+                  "AttackCategory": "Category",
+                  "AttackType": "Activity"
                 },
                 "alertDetailsOverride": {
                   "alertDynamicProperties": [
                     {
-                      "value": "vectra_URL",
-                      "alertProperty": "AlertLink"
+                      "alertProperty": "AlertLink",
+                      "value": "vectra_URL"
                     },
                     {
-                      "value": "DeviceProduct",
-                      "alertProperty": "ProductName"
+                      "alertProperty": "ProductName",
+                      "value": "DeviceProduct"
                     },
                     {
-                      "value": "DeviceVendor",
-                      "alertProperty": "ProviderName"
+                      "alertProperty": "ProviderName",
+                      "value": "DeviceVendor"
                     },
                     {
-                      "value": "certainty_score",
-                      "alertProperty": "ConfidenceScore"
+                      "alertProperty": "ConfidenceScore",
+                      "value": "certainty_score"
                     }
                   ],
+                  "alertDescriptionFormat": "Source entity is {{source_entity}} and category is {{Category}}. Threat score is {{threat_score}}.",
                   "alertDisplayNameFormat": "Vectra AI Detect - {{Activity}} detected",
-                  "alertSeverityColumnName": "Severity",
-                  "alertDescriptionFormat": "Source entity is {{source_entity}} and category is {{Category}}. Threat score is {{threat_score}}."
+                  "alertSeverityColumnName": "Severity"
                 }
               }
             },
@@ -2037,12 +1263,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Vectra AI Detect",
         "publisherDisplayName": "Vectra AI",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Vectra%20AI%20Detect/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.vectra.ai/products/platform%22%20/t%20%22_blank\">Vectra AI Detect</a> solution for Microsoft Sentinel enables you to ingest Vectra AI logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by <strong>Aug 31, 2024</strong>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 7</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Vectra%20AI%20Detect/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.vectra.ai/products/platform%22%20/t%20%22_blank\">Vectra AI Detect</a> solution for Microsoft Sentinel enables you to ingest Vectra AI logs into Microsoft Sentinel, using the Common Event Format (CEF) for Security Monitoring.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on <strong>Aug 31, 2024.</strong></p>\n<p><strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 7</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -2065,16 +1291,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId2')]",
-              "version": "[variables('dataConnectorVersion2')]"
-            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",

From 8422ef3f729378413b537b19634fd8b2e6bb33df Mon Sep 17 00:00:00 2001
From: v-shukore <v-shukore@microsoft.com>
Date: Mon, 2 Dec 2024 11:19:42 +0530
Subject: [PATCH 7/8] Update ReleaseNotes.md

---
 Solutions/Vectra AI Detect/ReleaseNotes.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Solutions/Vectra AI Detect/ReleaseNotes.md b/Solutions/Vectra AI Detect/ReleaseNotes.md
index c7576ce7028..8327b8e4df8 100644
--- a/Solutions/Vectra AI Detect/ReleaseNotes.md	
+++ b/Solutions/Vectra AI Detect/ReleaseNotes.md	
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                          |
 |-------------|--------------------------------|-------------------------------------------------------------|
+| 3.0.2       | 02-12-2024                     | Removed Deprecated **Data Connectors**                      |
 | 3.0.1       | 27-06-2024                     | Deprecating **Data Connectors**                             |
 | 3.0.0       | 16-02-2024                     | Addition of new  Vectra AI Detect AMA **Data Connector**    |
 

From f9dca7d382163f4c11e94db2ce6785ea3424a3e4 Mon Sep 17 00:00:00 2001
From: v-shukore <v-shukore@microsoft.com>
Date: Mon, 2 Dec 2024 11:21:23 +0530
Subject: [PATCH 8/8] update workbookmetadata

---
 .../V2/WorkbookMetadata/WorkbooksMetadata.json                 | 3 +--
 Workbooks/WorkbooksMetadata.json                               | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
index cab991f7f99..e954c66e7c5 100644
--- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
+++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
@@ -1215,8 +1215,7 @@
             "CommonSecurityLog"
         ],
         "dataConnectorsDependencies": [
-            "AIVectraDetect",
-            "AIVectraDetectAma"
+            "CefAma"
         ],
         "previewImagesFileNames": [
             "AIVectraDetectWhite1.png",
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
index 1edeb208dfd..5efaba51929 100644
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@@ -1559,7 +1559,6 @@
 			"CommonSecurityLog"
 		],
 		"dataConnectorsDependencies": [
-			"AIVectraDetect",
 			"CefAma"
 		],
 		"previewImagesFileNames": [