From 325dc6550ff62d38e5aacbdd31178a77c9450b24 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Thu, 19 Dec 2024 14:19:37 +0530
Subject: [PATCH 1/2] Repackage - Barracuda CloudGen Firewall

---
 .../Solution_BarracudaCloudGenFirewall.json   |   7 +-
 .../Package/3.0.2.zip                         | Bin 0 -> 4742 bytes
 .../Package/createUiDefinition.json           |  36 +-
 .../Package/mainTemplate.json                 | 389 +-----------------
 .../ReleaseNotes.md                           |   1 +
 5 files changed, 9 insertions(+), 424 deletions(-)
 create mode 100644 Solutions/Barracuda CloudGen Firewall/Package/3.0.2.zip

diff --git a/Solutions/Barracuda CloudGen Firewall/Data/Solution_BarracudaCloudGenFirewall.json b/Solutions/Barracuda CloudGen Firewall/Data/Solution_BarracudaCloudGenFirewall.json
index 7b7560c35b8..2fa656b3e54 100644
--- a/Solutions/Barracuda CloudGen Firewall/Data/Solution_BarracudaCloudGenFirewall.json	
+++ b/Solutions/Barracuda CloudGen Firewall/Data/Solution_BarracudaCloudGenFirewall.json	
@@ -2,10 +2,7 @@
   "Name": "Barracuda CloudGen Firewall",
   "Author": "Barracuda",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\" height=\"75px\">",
-  "Description": "The [Barracuda CloudGen Firewall ](https://www.barracuda.com/products/cloudgenfirewall) (CGFW) Solution for Microsoft Sentinel allows you to easily connect your Barracuda CGFW syslogs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
-  "Data Connectors": [
-    "Data Connectors/template_BarracudaCloudFirewall.json"
-  ],
+  "Description": "The [Barracuda CloudGen Firewall ](https://www.barracuda.com/products/cloudgenfirewall) (CGFW) Solution for Microsoft Sentinel allows you to easily connect your Barracuda CGFW syslogs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Parsers": [
     "Parsers/CGFWFirewallActivity.yaml"
   ],
@@ -13,7 +10,7 @@
    "azuresentinel.azure-sentinel-solution-syslog"
    ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Barracuda CloudGen Firewall",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false
diff --git a/Solutions/Barracuda CloudGen Firewall/Package/3.0.2.zip b/Solutions/Barracuda CloudGen Firewall/Package/3.0.2.zip
new file mode 100644
index 0000000000000000000000000000000000000000..623de2c753ffc989be99840170c56a7d18f7ed60
GIT binary patch
literal 4742
zcmZ{oWl$83*2Y)5k#3X)mTsgG=?;MfmR49`=}tkqk?s<tq$L+vT2e|vX(X1A1*98Z
z|M#7F=bgFtp7Y_EIWy;c{XOT=QAfuh2LJ##fHJpKNa}A?FAxg=P$mWdsQyl^+@Wtg
zp<tK-)CT4Z^MtuL^V)m3IF}miJ1>clKgd`fxqfu2cbsoXb(()#&46ec$769wE;%5U
zq_&I6fa?@1=^CtX_Y^=ATi6!FX9sjq<SSShA2b;YzWH={wB6nb0glwkKvK|ET;G`H
zHt}q&s?_IDnmE5vA-a0vh;7-5>6-}++uql%QX?<caLl!|U)W}J`(4M^DT1nXAg-@f
zxK_)0U6h~}zE-weZy+pfAQLL!>}W+Z;kK5KvOEuBeeolZ^pK{i&Z7)6%7a(*m4RXX
zO+`a<v=6o~%b4VG$Q};yPYv3a&MpRH(Nmrg$NU?hSzv23@|gl{*!T5RXxs-I=u`Y$
z@~S@91WFzzg?YG2<>UwjV{H64j?f4#tx0gThS#No2UV6P;!KTX0ptArrPD*uo@}3D
z-u%Vo476oT>61kolI;@-A|sE6D5tIstEvY?|3gg;9LpU^VZk*nYdt8)u@`=rkb*hj
zfmX7AB=Z=mj%|HJN|}k6)+`%KSPM6axbb~w;IWF~2j&u*Da`u8%?-SmJ4WeO0wp$S
zf&!U@`Mx*9oW>ULrtMS;p0s)AyT(6<nh;=7wq|n*Jsl)B%be#)nbFWZkRuCqn@<1p
z)V-ERUXT<gJe7Y6E*kmn*`VjM&R~RGl;!tGbWQ%La5Ty8(FOv8gc5n~pPZa>4rNTz
zapDb){x2{d&rky$Z}!P-Udx-1Pxau(yE|A`;hm6mQo7@-w8uwfXua@!C!b*1qEtEm
zD#lOpqpOC!=>@Y*N_yWYzZH(zxvUX&m2Oka{5ppLS2VfR{8LUk=j!NeE@ut04H|qY
zkJ{1~t_o&%iJ&|OwIS~Q-=9R$(P>&sr(4ZB%SeT#xSQ%tbh1R)h?u@DsHr%DhMy`E
z+cqM(f)afv8gbCk?=-Eu+`k-ISBTLOp=w1#d+*+^eypHJm*WP8rfuQK;C%`FGGl}{
zc2&uWn;1;fV-U_;&6RRMU#-B|V+t@Dtg9_dRAS3V*nN=dWu(hqMc2LTS(zDJ`IR@s
zz3hEAq-349GY_>a5NK<jUjTH7zSRQ(H9nR!$n{Jy+DHJuDt+=J>Hn#0C04-jp3Kt6
z&kCm!Us#C)_=(-7e*CR$B<?hJqg=LZ00yaoBCn#6xCY-<Ko!j(2^pCFVX&_+nRz1%
zcY)(=^{aeLm?Tz(sjmpf*eqdgOM5vtG*$nr3jRxiO6RK_m}6%o?FLCc_k=2BK(0kM
zLi*KR=f(P%utDS>Y?K4+c46pQD<Qk?`V^f{Sqz84irX}eux|`r(k;{bgox+G_DMYL
zq*Dy3bvdK_R0pO7Eg2mK&jN<GzE#SNr;Sc+ac@N$>q7&7k3KXc-B~UAa~i0v1Zhz3
zvCFZwmGN$SVY+zB9CjqBf=TR&dFd~>-)2Z7K6c6}%wyS^KXL<$T|ZgJBcigbv>WPw
z%rE{vQECxUoR<53de}vk)=HvO&En!6t!(N->R$#<KDs`VxIVo^Q)m7}G4Q*%s^Z%C
zJ&gRQB`t$?#f!CnqXaH6czWF-l2&WzoqPH)I5#bkweMMgkK#7qT6kZYhM**m*tt10
zR#|MeY+hkfl8%B@`^V!}t%d|ZtN=t9j;L9%-|S360vG9cWOMWi>U-A~#F4BUyI6*R
zy>H!D1aW+$^Y}q;l@X{~Z1?kYqQK%ZJBIF)W}aeG;@O{$ftW}IVMfo&bv^uD<%~Gh
z&Z?KaN)owaU4>&Guy+3xp;~wuM&Dk?;7Sc7hsYzd4X%Yu{rsm>YTzu#{f@(|1uSYx
zbF@Lo6LbPbf%{-g661I~Ru2yy-BmD1GHsW??@nEfI*$P^k=2>k-nahU1SEju4dM89
zADa{eW_<W)0SJ3j&vYy>>n`tm(geYdcbOBnpFL-=2~u%*?d6^HUY`6<1oHDt>de)#
z10~^M2F14ek@X(o;H$TXbJSSsE{L-{wkVe)?24Q1C)zPfaFEiibaC8#Evr|AeesI$
z3i{8J<rj$^w-*F#Cgx{us{$_5d)=#OKfzY_k2s>v7!QxZ@8bC_8=cI>#%NEG6DMKI
zV()UP{pbBVhjX3<X<Hj&vUv0u>&+6`-t~092k87CRvi9f1(N8sVS^6<WJ&@6B!98u
z^akdv4|Q^N{0o<V0p-Bt-g!xk^znU2Aa<V*Hk(fdLpcwnVH0M<UNfEJB9><RJu|Mc
z(pyJo>(|P<ZjCEwm)w_jmn@?4v4ZE&5mhQf`V=#`h)mFFZ}z&YLg2%Lq#V|JgY`U~
z-CqJUW6fG~n<HOa;;Dp-gjy_P7-!Z5M+S?GwgT-NI)v^6>QDLSv$cR3gBw^w`Spsl
zdgFuLoXK}EenAYmWV_wl2-N|_P|vbWhC99^3w}-J%H*)gd4Q(yj0cn3Zlb;#tqn<Y
z7~wLSDhEoM(yi=C+HM|y8+i)3$8ZpL!!E1(Fh1`>%HT0Tw#%rUBc0q1-GmWo6s~U~
zatgAW73Gk3S5q$-qh}kI&?bTi&UozR*XA&Lt2P=v%59E~Nv3PWXhfn)$sz5{(%$+L
zfz>&*?%Wh=1=~`D=J=X|1H~k5!@{c6aYhPF&pE)cI&C;jU1(11nlBl*6+$=LhBw%Q
zKldhbU&V~Flk*>JW+h$5|51P`F)Oh8PYe&0CK+;;GU3zbJ{xhL=oep)RnRzbc<#qB
z&_^J%%sdbtvUwYKe=<-5VQ44}s)}7UGAp-y_sZ4bDq}o8ALngNI=iievlBTkS~0aT
z<|4`HPFBQrR>YN)m@#Dh$J9A-YwKhOlrILM)Zp!~&w3J|oXFBs;TA0~z#M>^;37;+
zQO%kfkJu<8S2MMDCs_STM!9*yS=QJDiro?ZsqgMjBD7}vQp~IiE0nd|$+hRTR|*vs
z<177n9wqn_Y?2Ee`fg5Js?Ap!u7OrzdcPLYMfu>aj^V=t@vNCO8b-9`5uPUf;7QjG
zSG{<e*bz~x?oe?Jb^M!N?;^aiF68xvZdRXbfN&mxa{qlM->T#|DkQ`#OpLLO0wpWV
zgP9U$=U`O*>q>L9L_mS|8B6Tswy`Fjv3)VSFG}DOsaz}V2NgQ?5^R|a2CAJzJxb^2
z$FZAMls2S2_})>UY8PZV!`5*O?h0udYro75ySQ2#VH7%AN{P0>zTnR(p_W!S4X<d?
z!eR@lTGEbulywy#6&~M4OJ~kvo%{?gdPN(*e_}`@L&*)upGFwDCDy>jmG(V_=A2?E
zEf0*QXLB8J<}$IHmrvuwa8L4#v-e35t(s-JrXKSevn+<0LLA5%9L+W=25%qlXY=vs
z8X;yLEoYG+zujXq_*QlQfm__cjlqVKcG!%P9)W@ES|Lsco;vUx1c41T6*g!;XNdjd
zjcji{-tg{L95UO4Owhx8F&FaeA>P7xE@YCI%W`;@8XhuRJHX6~e2^j2<eLuQ4~yZH
z{cFzG9WD6kY65G&c-gg=f$6F#GA~VdaON6+IM29$M<PPO6T;nTlIoK7rFFeK%WFF)
zlLfrLj&vz_36;h-y~Fm1>}uZZ4)R(oM$!UY_5(0q<(5*S&*SDZ-B|3WelKW4^MJdl
zYB)D%$-Kz+X2x(GvXNU&J8Mv@KS}rm+lFRjVR-Ou>o>RQZEDOv<L=$0qljC8oCFlC
z_hMn#8?qDo-K6Ca@_sERCOQf0m!kVcKvoKLM{`gs*x*yiJNuCh*(x_FxBb)lmDuZ{
z^`NoWPNLzf`IDDoD;E$!U=(r4N6MmTbsP?ni*T`)*Ch1X=5NvVH`!?z5%UB)6<Drm
z=n7W?hiGD?x`s^k<Jfy!8*{5c6zDncWQ&Ims3)1`)?>b0$BHFScMcru*b6@Sz^0dJ
zBVA$zs`G;;1GrsQ>FfL!UXOKsJ9NBtqRf<K5l-X(!)%8wp~9<(8!Ruc4MJ6RuS$Nd
zl@NC7G6mD?3}K076AnSc5#Qf5X|GX1bX(G&nzXZZL7Do2y@{ep6X{faM|)U(JrL~I
zwas)rZlNQ@GvkP@z!l3OKT0sBZq<czk`KK6s!_;p7iJtK)1+)<hl**)EE6E!kCZh$
zkWSXB$otX|VK+1D5fn6AnUw|GkNI<WupZQf%t+_7N-CimUR=2v)?UU+kgtpLgtdM)
znSsck*gVqelHYNWip%sm_lQ{4#i8lW1oNE_p4#g{$1?Fs{R`UMHd-b2DJZJVv)Sm+
zawhx-(tzs+oD652QUp%kkvkh%oSm2>&-oZyOx*Xv>|zJ<4%|D7EE|xPMrW79KSKKa
zoct#DOC(M$f`v*GdRukWPOk9G#!L6Fba}oD_nRHF7(@Rsm@kEyfBV84)nM%S18!R)
zZC{+8twmt?9Y(Wl@P$)-&(5N?u)UnFX=6lP8+Nl%$*svWj>1^=0k2TPdfTCeZUWl1
zSmw!=gXdBm{4YYJtBK|(dl<$+rk@G!%4BnDefJ*ELaXX9U8VHiUHgs4whQoJM)?OG
zB490&2obG;i44E|?aj%NmGk*o15V^^ep#}Qrz7^MN0r6eI_j|JNVirKS@W$qW5)PP
zi@Hq4@>E)V)Lg!8&*QUjI5gTDCw<7(haKEHTjM`FdZ?Sy;U!+(X}M(d(4M;QXneSc
z81u4NZRd0Git+fDu4J|zelxj5)|?}27@;*8?gmygRqjdqdM)-GhJLmc8yM&3C#_z{
za>7xqR_);~qy+eOAi_L4cZK?D@VB<bzVD*BOZx%SV3b`gpO=1=2%n^rxiTkMEN5TI
zVPCQIn&-Tzwq3_idiT)lBT(d?<jH4uQCl-p`|cahefaF}@`AY^bvxBU2tqaabSqnJ
zNrsXI#W4zcKw;*NXl-{l#eE5t0MWaYmjT61<RhpBhoXf|w$wW+@mLygyoxujcs%8{
z_i1Ug)t9Z2cvF5c(xs*89<mn8?o+~G)xvyMz(e8td%6=r)8c8sNqCC*D;ep1r&wb_
z5y-1(TlbB$8c;;>Lqo@=KBh%}1IQ(t1Rbikspu)<o6-7o=FD2IFx^*LAZib@^9e3p
zR*9h}A{d@4g#7y2FvbY<0}>p5t%%Ytc{Nqbt{tDFlWI!BhK6y_UQFe6{{delWB_X-
z;~NqVUw3HAS|nwJgOOc)uJFOG=yhLw(fET<bv*#A0;bc1t>~-}nHNSc)x~6aj;rAA
z$kQ1Jh*roB*H~C`@#-Pzqjrd?$g#lTWPSlGvi4Qx9ZRFc|A@O7Zjhr8&d2Znv7q*t
z`h}3QbR-yqaPs+DYc-EM`0Z}U`;hQAn!_}jS1uyt>?!;SOnpOO?~kL6#6VLPW+u%&
z%qV^IzKCvNU)b{A7~)y*9!6QG?-C>B1gNA+fSM@}THRhJ&Kgj6kq3(Sg0FIOyx2(-
zC7~b?N5l1%HR=U|T_Z{{oKu4!I6~dQp9|~YX;qV4G>{P?eyvPG#265VY0Ggsty-dn
z6K%2ne(hN1rL_?4sxMlvs>*^WNUiml=`gGTbxWb{sW|m~Dh!#Z6Y-(7(@}|0Lm9(6
zG-?w(=3lOpTo)|J3v>^5;j&b9l<gO%rmm)|W$0QCd8f4S+cR8fEE_F6r$``s?sa?b
z&z?6>LEhS5bS_q^NuOid>>=S%xMow9y|!0)m}2<?{WvMkjJfqXhHaYJX;cyARRT`E
z!&9CtA!AJLwoV1+(Hf%gY`5dJrA-su1|0WfoZMe=mI%Bu&D>v$<<be-3^@(8zkBS7
zz8&$uXv#e$>jGe>7nM`0W?FT~tUq~)ZNFA|Vur_U!oGCbd!8_Nj&iKuN-jWuAWodt
zwnZ1TrOu9Bo4kP{9T-*9wJ7h)mUreJmk{lF<qKxaj_?ltU;?7}xXt{d3CSt5#E0(b
zWIpT;<X&z3OyGLiE$|hjT9@A;P;wLm0^8gbI%zjD)#%;~gEl4)SOcYsG{W+gd$q3X
zb?Ch+<9^z;J>*kfx_%x30z-~)gqN#m;SIRB!w$JCX&7g$?iPl{fi-fPm-v*C@N{p0
zq*@Lv;P&zM=-1;TnvVJtG;+XyPka74bHEe8^MB-T{g>?L{~!5J-u|D}|2<;(H%R(7
Xr>~=q`F9Kep#AOezl!?j9{~Ih>qO+N

literal 0
HcmV?d00001

diff --git a/Solutions/Barracuda CloudGen Firewall/Package/createUiDefinition.json b/Solutions/Barracuda CloudGen Firewall/Package/createUiDefinition.json
index 4acabcbce00..fd995000448 100644
--- a/Solutions/Barracuda CloudGen Firewall/Package/createUiDefinition.json	
+++ b/Solutions/Barracuda CloudGen Firewall/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Barracuda%20CloudGen%20Firewall/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Barracuda CloudGen Firewall ](https://www.barracuda.com/products/cloudgenfirewall) (CGFW) Solution for Microsoft Sentinel allows you to easily connect your Barracuda CGFW syslogs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\"width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Barracuda%20CloudGen%20Firewall/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Barracuda CloudGen Firewall ](https://www.barracuda.com/products/cloudgenfirewall) (CGFW) Solution for Microsoft Sentinel allows you to easily connect your Barracuda CGFW syslogs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -50,39 +50,7 @@
         "visible": true
       }
     ],
-    "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Barracuda CloudGen Firewall. You can get Barracuda CloudGen Firewall Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      }
-    ],
+    "steps": [{}],
     "outputs": {
       "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
       "location": "[location()]",
diff --git a/Solutions/Barracuda CloudGen Firewall/Package/mainTemplate.json b/Solutions/Barracuda CloudGen Firewall/Package/mainTemplate.json
index 453da84a8ec..baa54d94cc9 100644
--- a/Solutions/Barracuda CloudGen Firewall/Package/mainTemplate.json	
+++ b/Solutions/Barracuda CloudGen Firewall/Package/mainTemplate.json	
@@ -31,18 +31,9 @@
   },
   "variables": {
     "_solutionName": "Barracuda CloudGen Firewall",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "microsoftsentinelcommunity.azure-sentinel-solution-barracudacloudgenfirewall",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "BarracudaCloudFirewall",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "BarracudaCloudFirewall",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "parserObject1": {
       "_parserName1": "[concat(parameters('workspace'),'/','CGFWFirewallActivity')]",
       "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'CGFWFirewallActivity')]",
@@ -53,373 +44,6 @@
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Barracuda CloudGen Firewall data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Barracuda CloudGen Firewall",
-                  "publisher": "Barracuda",
-                  "descriptionMarkdown": "The Barracuda CloudGen Firewall (CGFW) connector allows you to easily connect your Barracuda CGFW logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.",
-                  "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "Syslog (Barracuda)",
-                      "baseQuery": "CGFWFirewallActivity"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "All logs",
-                      "query": "CGFWFirewallActivity\n            | sort by TimeGenerated"
-                    },
-                    {
-                      "description": "Top 10 Active Users (Last 24 Hours)",
-                      "query": "CGFWFirewallActivity\n            | extend User = coalesce(User, \"Unauthenticated\") \n                    | summarize count() by User\n                    | take 10"
-                    },
-                    {
-                      "description": "Top 10 Applications (Last 24 Hours)",
-                      "query": "CGFWFirewallActivity\n            | where isnotempty(Application)\n                    | summarize count() by Application\n                    | take 10"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CGFWFirewallActivity\n   |where TimeGenerated > ago(3d)\n    |take 1\n   | project IsConnected = true"
-                      ]
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "Syslog (Barracuda)",
-                      "lastDataReceivedQuery": "CGFWFirewallActivity\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "write permission is required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "delete": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "name": "Barracuda CloudGen Firewall",
-                        "description": "must be configured to export logs via Syslog"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias CGFWFirewallActivity and load the function code or click [here](https://aka.ms/sentinel-barracudacloudfirewall-parser). The function usually takes 10-15 minutes to activate after solution installation/update."
-                    },
-                    {
-                      "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Linux Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Linux Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ],
-                      "title": "1. Install and onboard the agent for Linux"
-                    },
-                    {
-                      "description": "Configure the facilities you want to collect and their severities.\n\n1.  Under workspace advanced settings **Configuration**, select **Data** and then **Syslog**.\n2.  Select **Apply below configuration to my machines** and select the facilities and severities.\n3.  Click **Save**.",
-                      "title": "2. Configure the logs to be collected"
-                    },
-                    {
-                      "description": "[Follow instructions](https://aka.ms/sentinel-barracudacloudfirewall-connector) to configure syslog streaming. Use the IP address or hostname for the Linux machine with the Microsoft Sentinel agent installed for the Destination IP address.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "linkType": "OpenSyslogSettings"
-                          },
-                          "type": "InstallAgent"
-                        }
-                      ],
-                      "title": "Configure and connect the Barracuda CloudGen Firewall"
-                    }
-                  ],
-                  "metadata": {
-                    "id": "afbf6c4a-7190-442a-a649-5c18a907ceb3",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Barracuda Networks"
-                    },
-                    "support": {
-                      "name": "Barracuda Networks",
-                      "link": "https://www.barracuda.com/support",
-                      "tier": "Community"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Barracuda CloudGen Firewall",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Barracuda"
-                },
-                "support": {
-                  "name": "Community",
-                  "tier": "Community",
-                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Barracuda CloudGen Firewall",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Barracuda CloudGen Firewall",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Barracuda"
-        },
-        "support": {
-          "name": "Community",
-          "tier": "Community",
-          "link": "https://github.com/Azure/Azure-Sentinel/issues"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Barracuda CloudGen Firewall",
-          "publisher": "Barracuda",
-          "descriptionMarkdown": "The Barracuda CloudGen Firewall (CGFW) connector allows you to easily connect your Barracuda CGFW logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "Syslog (Barracuda)",
-              "baseQuery": "CGFWFirewallActivity"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Syslog (Barracuda)",
-              "lastDataReceivedQuery": "CGFWFirewallActivity\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CGFWFirewallActivity\n   |where TimeGenerated > ago(3d)\n    |take 1\n   | project IsConnected = true"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "All logs",
-              "query": "CGFWFirewallActivity\n            | sort by TimeGenerated"
-            },
-            {
-              "description": "Top 10 Active Users (Last 24 Hours)",
-              "query": "CGFWFirewallActivity\n            | extend User = coalesce(User, \"Unauthenticated\") \n                    | summarize count() by User\n                    | take 10"
-            },
-            {
-              "description": "Top 10 Applications (Last 24 Hours)",
-              "query": "CGFWFirewallActivity\n            | where isnotempty(Application)\n                    | summarize count() by Application\n                    | take 10"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "write permission is required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "delete": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "name": "Barracuda CloudGen Firewall",
-                "description": "must be configured to export logs via Syslog"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias CGFWFirewallActivity and load the function code or click [here](https://aka.ms/sentinel-barracudacloudfirewall-parser). The function usually takes 10-15 minutes to activate after solution installation/update."
-            },
-            {
-              "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Linux Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Linux Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ],
-              "title": "1. Install and onboard the agent for Linux"
-            },
-            {
-              "description": "Configure the facilities you want to collect and their severities.\n\n1.  Under workspace advanced settings **Configuration**, select **Data** and then **Syslog**.\n2.  Select **Apply below configuration to my machines** and select the facilities and severities.\n3.  Click **Save**.",
-              "title": "2. Configure the logs to be collected"
-            },
-            {
-              "description": "[Follow instructions](https://aka.ms/sentinel-barracudacloudfirewall-connector) to configure syslog streaming. Use the IP address or hostname for the Linux machine with the Microsoft Sentinel agent installed for the Destination IP address.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "linkType": "OpenSyslogSettings"
-                  },
-                  "type": "InstallAgent"
-                }
-              ],
-              "title": "Configure and connect the Barracuda CloudGen Firewall"
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution."
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -429,7 +53,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CGFWFirewallActivity Data Parser with template version 3.0.1",
+        "description": "CGFWFirewallActivity Data Parser with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -553,12 +177,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Barracuda CloudGen Firewall",
         "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Barracuda%20CloudGen%20Firewall/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.barracuda.com/products/cloudgenfirewall\">Barracuda CloudGen Firewall </a> (CGFW) Solution for Microsoft Sentinel allows you to easily connect your Barracuda CGFW syslogs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Barracuda%20CloudGen%20Firewall/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.barracuda.com/products/cloudgenfirewall\">Barracuda CloudGen Firewall </a> (CGFW) Solution for Microsoft Sentinel allows you to easily connect your Barracuda CGFW syslogs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024.</strong> Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -580,11 +204,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "Parser",
               "contentId": "[variables('parserObject1').parserContentId1]",
diff --git a/Solutions/Barracuda CloudGen Firewall/ReleaseNotes.md b/Solutions/Barracuda CloudGen Firewall/ReleaseNotes.md
index ca8579e4740..b9ac3659ce4 100644
--- a/Solutions/Barracuda CloudGen Firewall/ReleaseNotes.md	
+++ b/Solutions/Barracuda CloudGen Firewall/ReleaseNotes.md	
@@ -1,4 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
+| 3.0.2       | 19-12-2024                     | Removed Deprecated **Data connector**       |
 | 3.0.1       | 18-07-2024                     | Deprecating data connectors                 |
 | 3.0.0       | 12-10-2023                     | The support information is revised/updated. |

From 91365cc9bc57b490fa32f6e233de248731c859f5 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Thu, 19 Dec 2024 16:30:54 +0530
Subject: [PATCH 2/2] Repackage - Cisco WSA

---
 .../CiscoWSAAccessToUnwantedSite.yaml         |   5 +-
 .../CiscoWSADataExfiltration.yaml             |   5 +-
 ...coWSAMultipleErrorsToUnwantedCategory.yaml |   5 +-
 .../CiscoWSAMultipleErrorsToUrl.yaml          |   5 +-
 .../CiscoWSAMultipleInfectedFiles.yaml        |   5 +-
 .../CiscoWSAMultipleUnwantedFileTypes.yaml    |   5 +-
 .../Analytic Rules/CiscoWSAProtocolAbuse.yaml |   5 +-
 .../CiscoWSAPublicIPSource.yaml               |   5 +-
 .../CiscoWSAUnexpectedFileType.yaml           |   5 +-
 .../Analytic Rules/CiscoWSAUnexpectedUrl.yaml |   5 +-
 .../CiscoWSAUnscannableFile.yaml              |   5 +-
 .../CiscoWSA/Data/Solution_CiscoWSA.json      |   5 +-
 .../Hunting Queries/CiscoWSABlockedFiles.yaml |   3 -
 .../CiscoWSARareApplications.yaml             |   3 -
 .../CiscoWSATopApplications.yaml              |   3 -
 .../Hunting Queries/CiscoWSATopResources.yaml |   3 -
 .../CiscoWSAUncategorizedResources.yaml       |   3 -
 .../CiscoWSAUploadedFiles.yaml                |   3 -
 .../CiscoWSAUrlRareErrorUrl.yaml              |   3 -
 .../CiscoWSAUrlShortenerLinks.yaml            |   3 -
 .../CiscoWSAUrlSuspiciousResources.yaml       |   3 -
 .../CiscoWSAUrlUsersWithErrors.yaml           |   3 -
 Solutions/CiscoWSA/Package/3.0.2.zip          | Bin 0 -> 16426 bytes
 .../CiscoWSA/Package/createUiDefinition.json  |  53 +-
 Solutions/CiscoWSA/Package/mainTemplate.json  | 633 ++----------------
 Solutions/CiscoWSA/ReleaseNotes.md            |   1 +
 26 files changed, 98 insertions(+), 679 deletions(-)
 create mode 100644 Solutions/CiscoWSA/Package/3.0.2.zip

diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml
index c62fcb1e651..90a2c5f05d6 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -30,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSADataExfiltration.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSADataExfiltration.yaml
index 6033e23c386..4c2e74236fb 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSADataExfiltration.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSADataExfiltration.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml
index a513c6ad138..39e2d390bbd 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUnwantedCategory.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -39,5 +36,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUrl.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUrl.yaml
index 449818151ab..3f7e15abd1a 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUrl.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleErrorsToUrl.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml
index 6f3e7884acd..4e1d2f482a1 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleInfectedFiles.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleUnwantedFileTypes.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleUnwantedFileTypes.yaml
index cdefb78a114..d1dcac18c30 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleUnwantedFileTypes.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAMultipleUnwantedFileTypes.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Url
         columnName: UrlCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAProtocolAbuse.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAProtocolAbuse.yaml
index 5db278ef907..304738abd62 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAProtocolAbuse.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAProtocolAbuse.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -33,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAPublicIPSource.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAPublicIPSource.yaml
index 9fad5846b10..2a7f25bb5e2 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAPublicIPSource.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAPublicIPSource.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -29,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedFileType.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedFileType.yaml
index a396a5e4cfe..486290b4adb 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedFileType.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedFileType.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -35,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedUrl.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedUrl.yaml
index 7dc25f0ea56..2da19102e80 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedUrl.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnexpectedUrl.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -33,5 +30,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnscannableFile.yaml b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnscannableFile.yaml
index 6682738f32c..e926bdb6ac3 100755
--- a/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnscannableFile.yaml	
+++ b/Solutions/CiscoWSA/Analytic Rules/CiscoWSAUnscannableFile.yaml	
@@ -5,9 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
@@ -37,5 +34,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
diff --git a/Solutions/CiscoWSA/Data/Solution_CiscoWSA.json b/Solutions/CiscoWSA/Data/Solution_CiscoWSA.json
index d9d68ffd6f1..ee3944d6187 100644
--- a/Solutions/CiscoWSA/Data/Solution_CiscoWSA.json
+++ b/Solutions/CiscoWSA/Data/Solution_CiscoWSA.json
@@ -2,7 +2,7 @@
 	"Name": "CiscoWSA",
 	"Author": "Microsoft - support@microsoft.com",
 	"Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cisco-logo-72px.svg\" width=\"75px\" height=\"75px\">",
-	"Description": "The [Cisco Web Security Appliance (WSA)](https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html) solution provides the capability to ingest [Cisco WSA Access Logs](https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html) into Microsoft Sentinel.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+	"Description": "The [Cisco Web Security Appliance (WSA)](https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html) solution provides the capability to ingest [Cisco WSA Access Logs](https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html) into Microsoft Sentinel.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
 	"Workbooks": [
 		"Workbooks/CiscoWSA.json"
 	],
@@ -21,9 +21,6 @@
 		"Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml",
 		"Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml"
 	],
-	"Data Connectors": [
-		"Data Connectors/Connector_WSA_Syslog.json"
-	],
 	"Analytic Rules": [
 		"Analytic Rules/CiscoWSAAccessToUnwantedSite.yaml",
 		"Analytic Rules/CiscoWSADataExfiltration.yaml",
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSABlockedFiles.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSABlockedFiles.yaml
index c4cf59fd904..1d2f3b26e71 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSABlockedFiles.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSABlockedFiles.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches for blocked files.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSARareApplications.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSARareApplications.yaml
index f5b719aa253..a8e501d85ae 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSARareApplications.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSARareApplications.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches for rare applications.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopApplications.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopApplications.yaml
index 5293ff017f4..e5925b67968 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopApplications.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopApplications.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches for top applications.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopResources.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopResources.yaml
index b2b1f8aae8e..ee225f7d5bf 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopResources.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSATopResources.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches for top URLs.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUncategorizedResources.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUncategorizedResources.yaml
index 00694c6ad18..32cc9d23f43 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUncategorizedResources.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUncategorizedResources.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches for uncategorized URLs.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUploadedFiles.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUploadedFiles.yaml
index b694116fff3..808465d344f 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUploadedFiles.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUploadedFiles.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches for uploaded files.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlRareErrorUrl.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlRareErrorUrl.yaml
index c910adb1a04..9249da80754 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlRareErrorUrl.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlRareErrorUrl.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches for rare URLs with errors.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlShortenerLinks.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlShortenerLinks.yaml
index e449c695938..4972c92636b 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlShortenerLinks.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlShortenerLinks.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches connections to Url shorteners resources.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml
index 323bfc96e07..4e3dac69c4e 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlSuspiciousResources.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches for potentially risky resources.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml
index 82d734ceee1..6a5e3a3fd56 100755
--- a/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml	
+++ b/Solutions/CiscoWSA/Hunting Queries/CiscoWSAUrlUsersWithErrors.yaml	
@@ -4,9 +4,6 @@ description: |
   'Query searches for user errors during accessing resource.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: CiscoWSA
-    dataTypes:
-      - CiscoWSAEvent
   - connectorId: SyslogAma
     datatypes:
       - Syslog
diff --git a/Solutions/CiscoWSA/Package/3.0.2.zip b/Solutions/CiscoWSA/Package/3.0.2.zip
new file mode 100644
index 0000000000000000000000000000000000000000..f2f023526e33eea949ebb0a4f60f76108863ecf9
GIT binary patch
literal 16426
zcmZ|0b8sg?*Eal%ZQJI?ww-Kj+qP|EW81cE+sVco8~bJN@2+}L&pY$SRCit7bsfx^
z)6;zvq(MMY0RR9bAUZHfgYI7B`4Soc2o(hYFur?@98C<IO;jvIOiV3oEu1avZ0RkX
z>}<ESE^IeB(7$^7dO-Gd2wnHI7QE`S16t|0z!tKt=@$tkk>-$X97rOt6DuxUVJ;gl
z3$Kzc-O8fKHYFEhQ!oV?>L??5(yq1LC467+b1|(xm)!%x-7h$;z*fkAzv{;~Kak+x
zmxqg3zkfJYi0=MW{F;Fc{p|koWtcxGL~ZPsrfWkhwbP4;h%Qc{{?jWhOyd{z_LqtJ
zOS<ynH?;d@n9!p3bx~=GBFZK~dp!-wQ8quc4I`pUjcjVKT-)!2y3=5My)vknoJb1C
z4s(Gdmg{4)8Xp!pcXN?eZ|2`(o+-6Dg$&W9CWiMJf5{7}m^Zu}bfv`aHT<Y;;$wf3
zu$VTH5+%kQlD_x4MT=oY*#is$#`*((Q8V8Z-6}H-UGF4)9{t?)&dO<BlX+w7gO$f8
z%e}#b<b<<+{aEzy#=rjaC9HAl?UsfY8i>>1lnyyvWypqTT`-_9ZOmh0^g~gT5esK>
zFkbVtThTxYm)DGC<?q+Mp6ii_hS&H^tOy&MtO;KeOenKy?e95DB51a_`~Imtvii3#
zca|}6m!Kz-USU$kf_+j%Le>K(h3Of3Bi5)47V_$uX@&q{X2w@-u<DV=87?<<;-=$1
zJO^pugithRXN?BxT5}Z{p8{ymdS-EUFNTpzb@%dA*BLQMWGQ^Fz~+7hGr?_ZwhQhQ
zu6=h9Bm^a9iKe@sv&hTqfS?S_=g2U81~HtmHH_T1fS7?9A()r9LQv>zTb`Vode{ia
zczCXmda{U761F=Y16Yu@sn)WFuRb;16w1M~-Qk_V9eaCd%IBS;ba%#{zA=oYy`0-G
z!?uk!x7(uu7<b@eJ=o_{`I+!&K?{p*M8gtJ3jH$N4l0ddJ3UfhrEt1IW(RK`cE&hS
zf`(e5)~HniGP6QA5>FhMS?W>^1XX{CRfKGrT*MZpJ(*A<Ao|tr8!UF%8BkOirc2t>
z$qxIIS=>*?K|Oih>py(8_GMs0uncFJ8xSm8$juBemhTXT6Wtym-ff98hYDmk!#r79
zFXZ5VVdkfR&%mt3R)9SW_}ry(L0dYxrAjaRb<?g8o(Z1z@#Nqn&+*8EDqWHaG6M>O
zvps-Nfg}XWaPJeM({q8Nb;THci1;+7o$^c$DEdT=X?y&M2cT#4)w%wN7n4vlMYKUw
zwc9IVU-^r7VT_l9uj5gSZf^_M1ds{C!!2F^=}~)gtXeuQC`JV4mJ&{2?R?Tx!giVX
z%7CW3#}LMTxb#0Yh*jlNE!PPeKpQ=vq=USw^J`pIluC2`94)pAOmS(zObJ6ximm)n
zjBIm*3{s}-b->8%g)u!-!K==y`US0al5Db*((j=#qn-U&f#C7N#)hglr4OEw89W#i
zKRIDaU_WGbA>uo2-b|FWQF8_>B0c+<MJSP>+I$!`Jh)mhCX`~}D5@R)vUQTm(3^K8
z^kz?r+T@qOM^uDa1hZ)H(;%bCx<Eyl0}{|v*QkWbdR{@QC`25C8&)7eT0_{aaEepC
zU>xG>4#Dd6DLK$#IPtSet`Y=||DIsDFG{&MSd7&y!eDoZ-JJ)sn?a*o$>b#BqCr6#
z>f%d6yijC-Q=@v|O-(9<BC*Y!bCx%Oh)mm>M^7Sp3%%7IcMmFd5bBvS4aiAI9~{dc
zB25Jcr)SnJgE+>Q&E+iDHjFrDBTom#uyc_Do_pKiMA!zB&R6`S^+EudQtCz1PB(Wc
zA);v>+*WJ~!M&++BqE|{ce`ADP!{ggEN4tNr>@7J0skpf-fOTM53x(GbNix+qca~^
zkNBLBzI%b%BgD9Dh5N_|N$L5~TtcV`lo~W{>1^#R>^2fhI}DhB`7ODsT>(3BM+H}v
zP*E`WRZapkn7|m(w0j@&FFU@_v0MO>{00``W`;+T+c|jM;+bF3ADz_ai#iN`G^h{@
zEf;?zmoNBV*UlRAE$DuD&gRlI#O&}&;3ONIk*+;iW=#Bcy!>`o&ij@kM?L2a+4ri?
zUB{Fff1fVkLu-h*M_ZN<=OW|Eq^$Q7E3zH)d?>phnC_1<XN;<8YC$X>S*uP6uNBoW
z8c@rm22@VazZR;e5E<~WYr=7=LC?fKJJqObxQ?-(598ktL^LV<X(&NwC?#rwmyb{D
zi9>Tl>6?&OYFGwQ9=^DVXO1T*CSFs~M9c=~aYJ<IPO>%Bi48Z@j|ltWMAGZprPfga
zCAu?kCRpr}%Uq__IT+=P4I<9kNzsk-py|Dq8EYoyVnSIR#tjt=>{*jM=t~Pi4SG?T
zXlkuhjhT@6587;W?(Cz#FjU4EnEH?Nb@;0aDnwB<wdu$Pr7h}Y6V9aZp9ETlX7QEF
zz34MF@V_obhT7enBn`VSs%&3_ln93teTzp`#9Bi89z|+cTL_lkTb=coyNrN999u~0
z#fUo;Wac$Y&5e0AbSi(Pgi1+ic|Gr&&i779u6FJ_TC^dtceyt3pN6jfeCf7rE3(Gf
zvhN;JjUQoAmAq+3YM`RF@tG|3q#vGEUH>7zR1;^6{ZI{KvE#KHNe#B8J_}B2vv{v$
zr1Eh8p5%L^Bk^}QU#Oh%G9^p5P4l;C^IMmPo_4t3Vb9t!z)KVjQ9}TGmg9V$k6Gde
z`|lFzx9cg{UPnz)A=L16OB3}VN9mFiDM9@#Gh)IP*_JVcc-$X!(_|Gosxm1#3^)tV
zUia4vPrkw%d@;kNq|$#Bx_)l4<ETA+Wz%r!Fh)FPP;zvepz)bYgxK1_;-JWwSNod)
z+SDCP_sF(pr1xyKdlCL<_bL(vbb-qC|1lkCGlAsk;)Tq@$FtU6L}=As-1|25TbV`3
zgnNU%cINYRT#I<2i`-;($&{;|Ms-}Ks#T61$CA=x(!o6OE-{p~_HtY+$!?@AJ#Y!n
zCH-#0c`i%Q+u_m?6(k#Im5?kPcc26xd(8=jTa6j*iw==T#G;n!(PAj-EBedQ4>rKP
zO5h}QqH}b%-P4o(;kmcx$$9cBllP>i&&mhaSUW!Zd5O!b^@XYs%N3oKz1><Dbf$#w
zbLeJK_olqd^Dk<S>=E$M@CIU2^e5KBRNDI8F8u4Bn`Bd5;TX|_q|HMDwKF$6B+zxJ
zvfV}yg^OpXR5{7!nwnL;)qAhXCzpwqTIbxwQAgljjfT~7?k@jEM`^u|ZFQFR>4L5m
zZ<EiQ&s*THMEz?kG=8(j0Az1b|ND}zf~4D#)lb%m>nVgpxAem$_*MMN{(fI=leC$Q
z0YIfG(=5Vs$AEw<vMZ{C*!y-$Q0>)6w6!Z?GVnN5NXpEW$V7#GX2mLj1DBL0exnUI
z*865KY_>y}{wsc7VR^MbN(u{nEW{=#`~_x@+M4?sAzPiLIXEgpD;(<3881Ni=Q~WP
zLk|c!zgg6{ss62brhY=rjW+^dVM%Vde3RIY<*#>_%3j&67lQw7(KsmT$e`&0I1c^%
z(&=soZZeNp$i+J#vE)etl7PJLj00(rtcm>Q)>-SOo+BbYTX4=G<niui+($tArx!z5
zBz^Z`mkGyg+)1*M6)4wi%Xl-X8nYh);o_Dl!jII~ebY#z!RiS)^erZW5CtxdKWs*4
zY5{3iL6aTR;l-QA)XkEbz4@(ejcb)#TQ=FUMQkmfK^Twr3OO~apQk3>^z?K4zie+q
zI&IWs^b)1nuPs~Owx+uR!#1kB&a;nJG;Zf=Tr{?Fi}<WeX=;MFG7k7ZKKT{?j|4ee
z`xPL-0su$_0t1k~6J#3$3tMFq8++^TH2FWN@s-cE>n2Cb?@x`3E|5)TtMQri7D`3G
za;a=b>(ayWk2af9=I#SpR#72jZsc-eDsDcP1uNU%w)h6WP4TaI#;yGc!ITK0q#7QL
z%9J8RfN|DvzApkcfBvsWJyetH-nZX~F)`g~6FZEM<X@AAhd1N%YxdDV*d!DjOkY0d
z`6P>Yi*8>I)fFyF6*a2OMliBse?a8if<}@Okn#%sUTW_3p5P^cN-jWe{?v}$+pP8<
zn~SS_5cu$m1sGrf)$|j*0P!%D^v^xoFFd!LwfAfypsL)KCPiF;^~M&OwFwa+DNSLj
z^^dmKY|pd!4<!4mN}P4(I9k4!yuZE~Bb>Y-q4WLV0ig!C7)27amjpD<;`a~k83Z!g
z@ZVUQA)-ZH*l}OSGed^nsAlrEDD0-k2KHhXQjI?k3-@q8$~>6OX3ISx#1<&^G&KD-
z7PNRRF_SmXe&TBjV0uh&DSIdhI3P48l7`YYF?{JUbT?v!>;by)&HMPoqZ8@I?^sMI
z7E*m=RocbQG3kiEx)zVT!=h?Agcz%1R3XD8KE8ggd7jS2Bv&f5{L*PB*!Znb?=viv
z;{zf3#Oo%L*vqYW04vh*a!>Ms42_+hPC-S!+e9cGbpc~eh}x#tE(B75T7z6sbs+AE
z+#FL|mS+ZO1*VEUrKhan&Lc$rrOKIQG3`s{smICjqB-Ric#J#K&@3B%Jgevt34%tp
z@plG~k|OqpC#3aaSc?e0l4<t^c1P@09+Ist0obA>Jq_>bXGwYbgP|<u^U#1U=^7C+
zc|DUDTGpZe*^^tS8BRBnp%-sDtCvVcu9aDbLkGi;luu|6bs)I#B+-tLi;+W*)WG^^
zm%6BC4$<Vjfr0CAxF-wl5Oj?g-wH*g<)PuN_Yv<OL})DwjqKLbB(L+97WKn9(hk^~
zPcYI(SRc6K{MlJ0QE>Yq&3X~6H>U%)SN)7PafL^|#|j42+<KH}4rf9IM5msCGPIsC
z%>e7(m`>y4y*fvp%28IP(i}XVp~rGu^kda)FUw>5^R-@i#j^Kznc>c@UyUv&MH1|2
zabk%cN|}}FO-_k97Wbo2!1v&?R?&v!MnM6^IsKHiBhL1{5876iBWR_-Fwu6DL{O^x
z@Hi^89TNt}J!(XH$qIq1`JhxWQ<tPxMOH)s#Q9;x_C?s`o)tO*@O*cCPhUW;deZ70
zwl5XIfr4;_@C8``f<Nh@z)H}}jPJRjYhMo<K8$w#^Ix&C@Hs3wV?4?rmnf=cG&`1t
zq}|HfdQRNt@+_5iLF8hXW!16*?K;#ayviNyIEG7HZ_=pl@ZG8VduC~RC&^h*mIb<V
zR4$seDrz!iRqU)nH^e;kM8$dyFssQcEa^g#rOoMVSU!AeVnoy-H>(u7nu%{$hK8jR
z**0a3SE@QTT0MDHu5nnKS8FaTduuh8eP!*~-+2XZS5`=Mk<dYhwHT1?bhNujEfyE5
zRU5YzaU>d*yP>4!7T-!DJ(qPWYt*J=6){lld~^=b^aT~VJQLhq9BvbfLg($CVACC1
zqb*gIE3uVgObaViGs{Yr-yd~*&7dRI^pe~~)e%wc3MIPW{^1!hTHfH6R5yKsmGLs*
znhTd%R93OeRxM6Vby`7(H`V_OZ<Oeg{RhXZ+*oODDHf6z-hNa4dFA3+V%c0tZrPlv
zI?ePA*ZwcOQlg9QAN-1~!4s~sdIhc$gcs&59mvU6r8cwKRorfs`!O`nUCRo&77`}#
zzy>3tm5yFFv8jT6gLSF4+_M@&R?p7D5+cK=S;KDWg0AsrBdy|WemD7TWE~;pj$DE}
z_rU>~<fdu&JbQdGwoO@rtssF_=5*@D>Vt3fu3Z88Ib>vOBmLEXbfej9ud7J+qn^-0
ziw<<9*Q8vvc1873tgyT#CKQN&8k;Hq^|6GUtFf#`a)_A6UesD)>E4n{s4D~KosZYa
zh<AlPlabS@vbC}q-jaRUvfDE7(EMDXHMRtMZe7z9rb{Z@Wky}-HR+RcJv%xcW6xW$
zbC1(kwCLk#DW`fslRR$Z15__M>L@sOl~OuiF|?Ht8*T8Sjh+bYN6r8+jmSQzN}FoY
z0ILHUx#R`wPdimO>1quwjuV%qfDG;r>-5xO4Z6Y_){6{kZLI)km}G{Ufo7NTIz$XI
z<+c_eYTAKCU}|j!rG3nRGPDXt$w<%7*ySMG6=qHU*rf+}_tP<D9F;=oLS|?7#-#Fr
z$72=sB5wz@np(+_;Wo<rfyc+nIz;(s=v7b^bp|B^9qo|8B31co7MDKx3ph-AmQ&Mi
z-%VvL&2DHHyVK^_l=6YMJ8D{`o;K(UD<y*;^ipMYJ-%q@2NpnRwy5Ry!dnT1lH4wE
z3g=wW2&qtuvapX>+3*4@p(PhKFz68Ho+Z%iscHrZcf%@e_2g*ihXujV>?^ecLOgVP
z5-d^5ZB(`)l1km{R=;EcUsmL_`e)6mDp&nOYFFwV@J{cZy_!}g74}XZXy{aW+98?$
zrC{&$NliPn2&~$sQZzvKPm`ISs)g(40_;|;Ky*MwB3Dg}EGo@hp52xi*`9PiL$oF<
z>m*(esJAqeprafVg+jD0)C`Dn&=vMw6QEm%Rnke9tzs-|p)Z0Y2J1nyHGi_c)zJc?
zfVhIO00kA#%qnf&z%;Z9-&$y0H3<p%r^qX~x&dMyy1apGVzfWumG*570bHpoVS)pe
zOZtkH^A>{=isE|!4Y=xZ5O1aFmVxa5TH;UDe=U*yA4|ZL*;_t_x3(yvsU0xds8q7K
zsNbksU2y^YJwa;mR1-F;*kpfREWNQ}<}s_WS4>vcOMpqy+9|IVjT%}fYwVWQ=p}@t
zYl<X9VVpG~N6IX?ddg0pp29(%GC{$vDR{{iRl-#xC_*6m0+5{7BfA1!xDud~6^>l!
zmLlpE#S+-{i{--0g+yavq#N4+L0{$u;Dvbh_W`#~7VG{m4>_pVh_jbj5pGgI{CYw;
zC+q+yh)Q{$=b4tgDkJKew$?fweM4p~W6Nbt-Ys{?9|xy1V$U*49b^%mE`~MFq}<qz
zR5sTzt?WbZD~VWiEP}Dee$J-IM6<nl*L_GePu6N9U&KV8oZL(TXii*iMS-EO)0l`{
z8j*e0I`0#~6JGSnv~}w?N?liKw_<_j+@X$k5QFQ#Cp+sNlZXD03z=K5$t}^3Gv(-;
zS!&OHz%MhjXNsh+ARH&JiM)}#GSx5BKE^I)6vzvqVr5(TPAWGThUf%#W`>V<n&*Z?
zc{k!2zI^2G6GbKI*VtKEHp9t|N>1!Trxz!!Qr?Wa_VwX2cM^^h9&P$o{h6m&XKFv^
zr&)LsEXOav^L0Z0Ws`Iy1wr`&xnXSlm%HHxA6MomZj*OI$M#uw=b*X=GKn)3>BRN=
z#&tGS_js_9As*2R)O&gFhl;@q*lc}l(iVfR_lvvJ*TJy#v1$18)qxLR`~uK3w6P#u
z8Zhr-A38X7;R7sz#>=?fPk#Fp_Mc(a9xA$B5|;@cx4_p0!#vcXwRzY2N+8B~RC+sY
zg$Z7@FF?QiUvy0Tfz81vxh1bJe3uGi?B=pR58X+On*0>uXq@dkpF!3JnMiTL^p(+6
zEDlGRp_~_x^+jJcuL~#34Cn<s>nY8qMUO4CNP{ezUBa1z$PO$a=0Z#>YlPg5wW_hO
zEmygI<u79g`zug6EZYen)xw(jj~Qt?;q@^6l14@^vsGu=k;1vNlpU-;<TWi^IbEta
zx(`AJUb3gnB_M}q|6#-|z;-B>MPY7kBSrXGuruX8Z+nhq_e+I03R`RWp;NUIEmh_7
zHiZ#5k#OXk+eY8_mcK_xliwXP1UYxDP?54`SCZ6-@{al=7M8)sxs!bp?`&qo(94%r
zuKZ9YM1YEwt~})txLT$Rs+`Cp>D0Wnb?2)3o?rr#M+{91=7@&fRzG@7OV0!B6DyGQ
z83DCp6gx-R;qUOqli88JZb9~&-w^i80s<_<O8__JJz{h}!h+L!7zje>DFJ^1*PDJ>
z832SkPpAa#6>=&;NK$GMuN~iG8-$LVxyvqp;e^eotf7(AE^omh_rN(Hjg9(`VhjIp
zNjfQv4P3J6Kp$HCGhz5R<9dcUchHVOYJC8XUrV*Vgd_XU?c61FD@nR!vXuqW_WE0&
z)NUYh@KYw$p43vgc@9DNwD1&5f4|`afmB&fKAXrgpxU!>h}Fg0wLY#f0u$Bp>HRa1
zmTQ6P(WE_tzZ=X9<P@o3PdVhbk~RYSs5DFV<WPlCkDxRdY0z>3-nne&u2fkT?u@|u
zT!JP_uH0;vyk2`UqrBRJH9M?K4>dW}t~-73G<l*Rg(m&)FN#74YK0J3Qa2H{6@2<i
zjBzRa-Aeiszsd<4FEgkElO(n!Hj73v+uUWne?!y~=)3yGTMpzw9HM`0A?WV`qDka1
z$U)_Cg##xrDT10tBhft})~{s1C67m#-+VTezo4CT6mmbGYlWBNU5RYpHws%m*Rws4
zX9&Y5_fhoo?%uXX7k4|(d}Vkuve@uE#{hbVtTJ4^`E$x#^f{c}5J?E(07*1e*%n5t
zS78P&UggvB{J=JtxZh)U8=7all(}8=R2=0X7!CE=*`#Oq)OyspH9J&_i4$s<_XD&p
zx#Oi>Z>37@FI&yoeEI_uS9EQ_H_L!7>^e0-xc;3nRjC=l4bI1o<m`|KfgDh%i}+ct
zI$?0%6BP6@gX}5{aR+{J3rGFVQY%&S>dkUMkKjwMJ*@(O_PBT~laGn&^`{$8Mqq7`
z$lPH=QGjlwv$D&}d7i%H+t@FqyA!}fSnO&dYIfQFi~|}-I;}y7dZHzNpFSP=-3UGr
zPb8;rZuoj<WBuPYQjgIH&6}7j%-D!jQVv{_C}i)bXry%aE%R%G0fWFdI>`?L+qi|V
zYg>6J`4)}DqM$z{Kz{zU(n^im%mq*LKyCzLysMyYgHXv<>3o3{c)tkzN1}6Z<X}>1
z9itWEY43P>i1>V<21vO9vW$lv+mrVhW=|M5VRX2<6s{}@CvZWJVk0u2NVi!B33FZz
z{c~Pjw{u#z@u$3RWv9I7eW$!%Yp1*;H>bQSkY~JaglD`19A~_D3TM0%=4aKOeGe;4
zrk-&e)}B!@Sxf2=e?%;dg!#;hZ;|EGsS)baDYf_)z~|5kJxc?`2B>u$;dA?#`kgPk
z*n#KflM9g!=IZ{ivIWMY!8LLTeG;aLa45`})eIx>C8n@xmPY&t<O;3AS?nvm;0D$A
z5l##{BLs%<ThzQ+F@c)$*MP}*TEk2z0GenWUA)DaCEOd$;H?8`_|59&2FFnYx0bvQ
zdVBGP0DLyUalnPHf7_n5<6fuFJZfH=K0CgYxyKb|0=NCXS_AQe<EF+g+WVm}I!+l)
zbE=FVFC2D^NMFuQhriE-cg(dV5$f=(QiWL;8EfB7c@XnjCM31*^dTeaP@|7b+H_P`
z3sOAP$|Qf4ZSm)y2J9B_xo&-;5hYq7H=1dn#+@dAPC%8fAhW>H=T4pY7a9{1U-ieC
zjF2wGY$M#Hn{Tz|)B>ix5(T4_>))#3sq;hG1n8Bpg?q|{1LJvrda@xa$hJi$kM()3
z%d5t!GYgEF`^a(biwOhC_ug(k!fg++155^4)aW~{4sh0sX^`2L#BNU2LG$(WO%km7
zX)3!;bvFonAw*fINQ8WRZ_(;nqm&@U1^bu-;jcAj>Evokvo_i?^fkYZKlNUH(xED6
zJo$>8Sn@XyKMa%$c5=h>IgM?`@&}H%l?nSWgzR*IqWwu4uYCRZH3nE=f#Dy}AYFnz
zbnO8%!AyVEUl$Pr&!~SxVj;FxD}UYp{jx&@*Jmefi{*Lc{|l3ol?du?!NQwAhm8FI
zKdJ~387JNULm=9!hgo$LKO_a%n#Sm8fmw{ci!ziB-W~%CLNEB%&w<wPO$<aRLX0da
zSrL&WdT-DoPK0Q5zI~J;X&h3_&yhwLwY*ZS=;Lr_><Uk~i)kr0lz!Bpi&O&Z9OCN2
zeo)K;B5zagC879|7f?R8yQBi7(O*uU9gzUgrA~TnTR#eN#;lgWY`nn_-~d)9jBN{L
zhrD@$oPrRmHU2B(jRv%%_#@DCJ8Vs#yIwY^9fG6_nb2WVpuF$Uxaz*vPo&6C7@>AS
z^F4{l5yIBEN;d(Z1-XgeW?9Mh>U*>c=c|MnSPMNMPxONY=+D*{78IdaEEKDc%O{|M
zhYy<F&gT`IoI55k24-PFwWDvQoIoWdDVF++#_{P`9=hJ;$KXw->k$p8U(lkT1?b=l
z>zN9FzyB6Y<GzycG<4DjhvD$V1!5i%sU{yy79UNlZ_BVgAH#D2G+zv5I-gI!RH_AK
zb3}kCf(@|VRXVlEW|TWidJU`JEJ7(`tV|-t;?zkt!ipIK+&f9DoP*g+8S1lV?#)6j
za!S4%WW*|Xo*aT>@FpF!WvZ8;A~lM7!jY&Y)|tM*SL&JtN~%LLt#G_o)Y)YQF=TeY
z&9BxZ1T(D1KzJzfb++GbV<H6fkFRnNEuhi(y~)A0xr+BA25eFL$jf8b$WCYxaHoe$
z<fs$lYw9X4?s2`2O(kP7`hHBW8m|4gNj^5c$7@BDvLh=suUD~p9_@#4d|g#9CSpB8
zlOw<LuN-By`<GJmp)l++>PaWwwPq9=URp|c|KzCYf}K45EumVMKBD^pYO3wny3ehN
z@~or+AInr@k=UuF*3p@=2YIQZ!QDKWQu|X;Ph&P#4QboV&hVX@?Z;BZ2V6<<yXQeg
z^XM9%76+0D`v~BtU%$)mpP^Z9yIT80xlW?yax;9}yB<spaDFxS_Kk=F;1po#YMfXx
z634n!`DRQ(mwj77V?GTqpet)nKxh3$ozHv%KOkCXZtER`=IJG3R*w%SebI6+9ehsU
zck;Qtd&`9-#fc6TfY;0HrWd*f<Zte#zG_>&T3adJ#TnprcXr-h^l(>;@W?HKhxHyZ
zly2xM<m}7b&0z^^3?cT>yQ&IMX7jx_M-UCe3B*JYl#207EIl5GTVo+4<?6$tV1TQb
zG&uII)wA<|gFNUE6;<;$oyTo%l6+Ld>*;3<z1i*a`<aJ5o~q2K;lj4KeZDV|n}E2N
z;v(aNMXm(INA@nQF%(^HAnc{TQdA&oX?%a`-l*uF=R5(GhM9T%d2CSmh-jZQ-XL{{
zXx(`AiN5mP@L7Az1GlV1_(h0y2;z{_$9aJ@S?TJ24y@Gt+g$4F5j=bB%kCBL%qekN
zXDU+epoJsZjK%E6Jf1)iw**QrtUJyD`y2NWR`7ZQOatLPBYSm5d|gcjGBCMAIG5_c
zL=8UReK@qm1B*uPx9Fi%gt#)FKUaldL(GR`Jc1W>i5#7$yiU_=9+`NALwiCov*Yk-
z{R0DJd-Us`j$ke~0%wdmFZ#o!EfFdDnx$*HDVRanQPkCiYIQF5c_l)^(^hyl%9tke
z2M(n%7`GrADihOlZqC4_Y=A^OCAwuzKRMt$>yC`N*~Oj#xT5-gw)j<m1i52!9tgO5
z0ZX$aMcWP<j1nBh{6;l?BP0qnf}J&U(9k>AYYcY`D#eFuv=MxJ!`QQfM2})hqOWlu
zA9c<u+#$^>-_A@L00B)M!b133K!}<;@;%7o!S^t$55$WxDBW4#a*;T>nQ+PjQVIYJ
znesIwELs<bS48VCJSOQ@b-P<bc*WHrlnS;+@e>lG1Cp)Ao9m#u3!q?YFCCbe%OBu$
zx+<uBfxX-H^11^_yQOt34;7A`7!&@i=nj5hKtkUAZm|8XgW-T)oHjtYP}>IP)u5Ui
zH2geYX_`?X_=w+mSQyg~F>vCoTNW`AL8-s_$a|Yy7?3lb;~Zk^S&wpWD473irx0SO
z)K;3+B3KZZ^4-0qp5%&hTzG0PbmQv4W#jT9(__t|XIOi!_1{gj8ZJ)o{5JD!I<Ctv
zAAyxfW;Sy%%reCcZ&_;U`=YqH0${6p5eZ~t(Nj;X_2%+R)8HB2IM^gGEN*KseN><r
zP@8;V!-NLq^{M<LjS#xA>gf~u$rf;E3|DeDCg;zEgH?f(#PwPQ#z$NpbEu;du2Iw;
z^$Ux<AlPCslldZ%aJ`|}pZA7D+{lrq0k(#-B}&6En|tqV&nd$7ds?E&O`(!W(**-X
zG}LSpVU4#gs5J`=efnNV;Gz+!hIEG1*rPQ-d6B2gg@D4<0Zkyhtav_VIKE=wD7klc
z<;GWCdd;L?BRFY7o(bJZC1{WD{1B(Os%{i}Acu&Edv&N8=3|^dyN>9v3N0tg&h!}z
zGOTUJx`p`;W??Pb>B`11H8FgiSMASyr2FdP2A*_M*V4yFwl^F0RbIHg^?$XlF}-sc
z`)a~PxbgG00jh3v0kqEc19Ay#;mUE%DemEIIN5#vIlNpj@8k)0IkDDEXT%Q}4^G6#
z$Do*KP7>m@W1aeE^$oEU#oL2iE~$jq6#gu57XtyU?lB643@+*EZB<H-vC8qk{j6RF
zFY*<wSfmvraEnp=L5aTdx<1O~?(V}D?Sagix#YnN(*ml&oPV0ZUc~$`xDpi<JFodW
zoxLODMajBNIVSxWpYz~f8QWP_2M~av8Uvn-qa0!qj#yZ1a95H(X_CZ*FY#zc;lxHC
zQwWqq9S8RXzmNB<Ld_u39@t_^U~r@~Dhovd%Zzm;g%3_j2zbhY?B7S1lfA?(N)lym
zsAZ0(pfNc*ZxsJDCaWH0oyHJk0g^Zn%qXXF(hjDiL2#KfGs`k2E1K@lPP)$wddiNL
z8zdi&mCwj9B(~%B3rv^EN}qC|2!K+lhMxXJ*5GhzA%42GPh*`uEXmDGf*OO0vm{1o
z7s(Ope~8J9coN=`iOI~Fxd9_L`S?%<x+~@Ws8YroqCn%Jc6T0kO=#yN#t6B9b8?zn
znRNATZ!dV7e0FHpu%P+f(Mao$acp(WQ6CX}WxdLpK<`N5sM9~x_rs|$vbk39BJ=u!
z%&|$7r%NOj3q~}%6sw(=2O~C9&`7+A?~X@ZgC4VjSb8sG9fS-G29K2A!}WKcLMD#V
zU-91D3@#@491o~`4}!7Srm3N7_ZJiinUD`4Fn5bzXJmCdXl*5#RI%p3f7?%9+v(y?
zmX@L(wAm5y^3Ef)hp8hdCY`Vh>)4sqNHp5V2SrVH2b1(#f)UrIWwMt-z+#L^k37r^
z&E2E3>{p~<oG&d^Ys$L15^D3&j%TJcGLu%;v-=p=%I@zXe(_|dWtdLTH7A_1u0Q2z
zP%I*;&jAr6=sfZomr!77@fL(fx<kN2RZ>EJ*4*ksjQFFtB;n9wi|?U|jD!szrl2Zu
z>H^CdpK5EDZAl9~Ck7+2t#eB<1?CZ=GudfLj)<b&zB34sO@;N%8lDe<q#<ijp|_)w
zV0owbh=NZwdN{}zKU>@!9-0QUylSyI3YGj(MU10p@esCG3*Ey<X!kIJV6z)z{1As6
zWH6y#KzhATEwIKs*@3pr`9<s7jNV*(=2aRQJfK~rBCCVPwh3RiEkkR5rq(M?L}IH!
zsOp&!e>rToHW9sa63U-;&0sQ^Egj4`d1H#TLpzvh;@${rm%2aA)TI&1{=Yh%cEtbp
z=KqNKA39q(x-<x@I7zZHa7MBs-B6*lW+2r}i4S`Ce(&eqi?63~4EWwk{F06RITI;Q
zkC#U4IC2s?Oi)Xm&d9yv4(2d|bvq0OGzexedVCm;VkU5p;KRUmsq+#4EMkBa){(|J
z)vb(culQki*0xKq>9KQbA1Qnb?$=KdGQ*PMLp{sqyVV$%;e`3|XES3jz+cFZx`@d2
zT;|BITkHCD%rLw8H2DCTg0xiDqX=4uIJ%~V%#4u6ol&)LP;?-w9vVT&bQxET{F(Of
zXxr%a`?Mj<aIzk%(cYichy8w9FsIZZ{*;LeHv)OTi=3?P-j_Kar`tbWUiYn&_fk8b
zxARXXzj+en)vo2ni`7q#rj)#4Ni%H=TaiQAhD#@;{}7$mSGx}FTDiAL4Byl@w47n6
zoe$K5Y+{B$ywx-SkKra}Lj$|C%{RG<+cs&t0uREPAe37~zZ4PjqEO-rc3d8=-LI;8
zQmFHsNx;wIqIADlo0~+ZZAEEBx_^zxr~*w`&uXu+<{2OJYTf0~wW~N?v6Iu;N-n&!
zHNuVy!JksM*u(qjxj&OkPHy3kDG_@G>tt*7soi<1&JF7X=vac)Nz3YTHY=?iLw_*+
zW-Kv->n?JMGc{KEgC)$+d=;o$XGk+5Q@<M9V}G0cDh!1po_ye410jZ4O19n+xt|I9
z0E`Ian-!>sOxgnHdpnSt$-1pcnEn&v*JQmME=+B($Dh-i5AGhA9QyVun56Rat3jOV
zd22~y)A#rc&5}+vFKFYE7B*w@xZC1{4BP|xkSRz{_~a@PQ&J|9gbX+lQxUpx>i7(v
zzs{X~8Mx&(tQ?JudfYHGOE7&I9iV2a&@)?YC=t^)Dsj|ol@7C*ndNpEY#^T9D05SP
z3>kqe@>zu$nV?PE-T$f=960=SifL|Em*!pcs^kY-QPRU%NgRDyP?v_kEgjGV<pq*b
zHKaqfN>HB!H>4{_HAYjHj_qyNQIL+EYr(eENUzNf(R=_d6HQZ?tjJHTgamS*`N3$>
zU5KUO;x)n%)#Jl4Sz76a16{}H72FV?vK1p5)(PFUN1o(Axh1}H-7@bVm2)<DCJ)qh
zY6YTwhpC5cKTh<e>>rgUEif+CCkjlDY`-qhC%Tka1#K_MowFIzbR=O_nUEUtx}i~2
ztmxmwLb}kPRCJsqY?i}_*F^ezU|yhNx9Wh`XsWngCtX^on;pal>L<X_Q3^)I`XqP4
z_xQkR^+)~qs2(9@p^#FLd7YB!0Q1r4@X=617aB2Z*u?Ph$7Wf&jj%(BlN8}?R(sr#
z6C3udg|TO3OlhAJw$-51Kc2Jyc)G{tbqbD4@rWOABG0Z1@Q8o&1fCstvuuS~A5Yj+
zCE<p-Z*CluYXq!YNEw?okHL!+VW#p7y2;&^X*Rw+MFVC3P6gspu4F$)+-*f<5v$#F
zj|<GVQj|EkJA8y=drZr<rIvBrbkoLdK<Bw!?DSzQg=!1)_=<kwltqc55&YF22Wr8F
zU1VX(<uhFhu=r&KV)2h%(LZ*CF?lfG?Bc}&S&)m?1>(iN*?|^~J1e)s<c%k+tAeon
zV+W9}1msyr`kOWbV%P^p<+8nUF8ZHOx@M`WJy}Tpc~F6c4TgyDj8c$Fgn}88>UB()
z_1WR{<~_~+WXc`F*LFR3+E{+CyFrA-AY7jj{7Ed3?um^|*wKfc$KCZ)w%Fpt!>6Wv
zz+%%%=;G0j9u~PI;g52AY(f6O#1xL0Aq!Hu#sH3(GBS<z@!s{FbJqY?&cIE}I#Yul
zSM(|i41ZP|sFf=0s&@Pi{3eFGo%NYkGap)6%~x|V)svhb+KW5%ZQyY}zC|0EZM@J%
ztQfhSUvn^!nk20vbPzWJc5ZnnhmFt4eZvK&8+s9)J8%2=9?LB}#%-`2^D_^~oAN*x
zO{?G+|Cm+%W2TQM=ogfjQWqQSLR!@rP#62nO!7sxM6FXNTrPI11$+LV--|kPfrZP7
z6LZmsJC}S7vDvttPbS%MU`sq^s&sv4Rn9FiEA7tp$ARq+r-HZEe{nwWr2S9|9dvu&
z-QTpH9}dGZqY!duI&)|Ba&xvMy39m@c$2Jc;yGrw#BCclPH(d1O0L&DptDLF*|I3U
zgMmZNzhH0=$wio4HRM4$L*kGFH{|gz7}(<rvb%K(<l+L^vY!4Y7`&M;122hJO0AhK
z*CFr`4*rEj;xfKiZj3$3Smgi3obNh|`7mFx8S<vTT(arX;ys(v6->>CX0}oi3D#(D
z&J;8>x@V_&t;rur!fr-)YByFna1ut^lUAmZ3%t9({y_oke&?ZweK1b;SD7%bZc-3R
zI$eB#2l@B9K)U$WuPV~Ku<LbOjJhP6hU!q))IDqQKD_j?IQ%}lo?o$uDNy0TK3ri}
z66R*bb8;LA?GF5$&)`iBE;bNlUP3s1nET{6DW|Qqd%N6V*Qi$dN0v6wZOpAz-b{hu
zX7A7lJ4n|)I#0J#gtz1fT|0V*PhXt7m<W~VsQT4lG*T|1%z1X;d}4aIz<4i_Nb!rI
zx3CoURIYh1bDRLZo2_~#(DkHY6tcju*ogx<gVn*K(x&?a;5Os<piNlmf4>-$VYp)y
z5a}<R2j6;>svyjLH@E%<J_lp1Q0A$b!u8V?=uy<1DEHuhIA0j&sXC?E{SY-4QZqZT
zljG~|Jj=<^&Q(*jhiBfujR}j3ag`akJdSx{<31zHbFN9roDtXW%kw@k5-hw!k)_C6
z@W*eTS!cmzxsRAx$i-;Ib;k?>x*ND%dt^N3_ks+*+J=SeAv90TBuZv-7Ekw1(Msrp
zENR2I%-+I!f>aBUMu=K^igz&u9kFOzh2xGPi&JVKWM@;)z>=)EfbctlZ(GCRPA+zw
z$8)d2=%^%0K*1Df!`%50#^1+mo-DK7U*Y1LU(c7&aJFj_YowAws9gp}xQ-bItx`N=
zgL2xPGYEF=l1Xo{D@;&PR+e)J4u^`pU5k*xFRe90lXnc7g^I`{E+Rps)+pzkj^@`B
zRU!VQOd*c}<tG4Tc73Tsh=*37IpzsCyrDcbnjl$@oF8piria3%zmWb>qbT%ZVm}z-
zqameQ5Q@y2T(-ZVI5;dTiOoFKL@F&O{Q@`;q8%b-p?7Xo`bEQ-*$LdZ46WbtD|lTM
zx^drQ`SrPn7g|WieFsrX^Zh#-oVlVKR+?<wvAlCb)yv{N;91KEFnHvxs=XHXH_9_}
zB@ap2H~OwR2ii*1<A|I>>;Hrk7#RS4C`K?)A4gTW8yA~Xbvx7mCk}Jy^7RKHzhPg!
zu0NXj*n0#C1@Rj{AYvY%y)bMRE;i$SkFakM4hO|zE?x-g_47y}(ujbPlChs;6m-SZ
z`$4*v7*E)mO-9-_9IwBz4kCU+Mc5yl+XWyUD}P#u*XP{5b|4fK+|5i(iO&lL{l*2v
z=ao@uK#`{NuWJI}rYd}73RLmoXr-ON(4Exg`aFTK)zi%Pq~`mc7Zvs8#r9cUWo~p>
zvi){W^)+!U#8jc&(DACwem#DR9swU~F{(ea8S8r6@2R|GYXGY2?$|#t@1{tATGWf|
zoDc%T8jZ>)SGGe7jxf;M)kpC=5FcHY3Tb{63<Tvx&+wWG0@nJbUI70i%?oF5zeEhS
zM?94mZ!%pFi#Z*Mc`StfS>%tgHm=0d#@1oWfZOs0mw?#mwmg<oIukkB0bKuS75P@(
z61^i<Q3jO(R#Cg72-}r@kkcz_xV4X@Nb1k4Vx)D)uct%8hQNC~DOKVI<b;&)OK{?b
zf)Zo0@Jr;zRj|Dc+7(0O$2)r)jc?1Bb^@=SgV|Tp?{AETSar|ei<vJ%OE5Qhwl+dm
z=UDt+yyO=SM*qEC2{2@y3oO1_35C>+e5Un#c_G@Wq}`W?@|&PrG#Mlzz}iT@F_9ui
z?n(BV%3a03Z+eExS^e3U_Lg`<R=OcQn0A~sKN`RQMgfvs70f{9O|?G>7tA0kJ8smU
zR?fK#Olg7+@dK)xM@l30H+0qSn!Mx~;N%7(#R+jiDuygRsO1qYw$GE8pCu~srpByx
zW)2f#CA{*Dy_+1xvYjC7wtr|iD3Pi2Mc4&sp;gJp>0?w)36ny+`Z7RYXaz{Zcg^zC
zFp^Lv??9g%oQ&AfVxZQ$+OiNvqsQ#byGnTW6?1N0L@0O;D5qFOG<CK4O!7<?K$F88
zhg1U@Zf{78=$Jt%5Qes>>zJ+r1K%G}^-YW<>k_~9-9O=oe|G4f637fJr5c!mT$QYU
z3?7*Bt?y=ilcy{@peClMkaUqk9?gG(O??ZNG7a3+KsEm@7)@dIHRfjD&vdg`^^)ap
zxti_FkS0w_6u;%_Oq(65BkT4HrH#?}(;XzQlYuuT6FcK9YaTU>G<ATiiXWtb64MX+
zT#@^KE*6{>O12+)QNm+m?8e0VePQ`#b|bYR?XYvqc$~$@us{cWgkA`(a^G-IB@>gX
zZ`R*ekAFLR<WI-ynUn0#*!XkjdJ_09P}Ud`@QIHu#vL{DPZnfZw4!OZlnQWWN*82h
zSu(^prrsM8KpdlHi7GT8A170mig2<c9;337Rf=*>PQzdb@HMVQO0rCn<eFI2^d<j+
zzFVgj;L}2W)uy_GqQ+|5BhP&(`C{(1<o^FtA?_&G7N!`lU!U0`+!Qs}n}j$fLY+Z|
zdtVCJGhI1v560)D`J<6zJoiD;t1x`u`?^O|ehqjgy$dx5Nt`a-Gdr#KKw#>j6e#Ju
zA;8gGeBD(iSJTsEGhu%p2eUSD)Tn0rliketmw7o=y6He@*zqlr*<(&5)r4Xvg<>ss
zkv>XF{c*LVg<`*jgX2tfA|rrsM0Gy?jvJg(V~RqtIFOu?zY<dfVu_tv!ET0W@ePry
z?_LbQ-=Mn8&OnA1n4962Aq=%B201T(4sC5+l%op|kZ6nT?{qz7Q^UVL+hStz@|v{I
z9HcP^1SlLl!UbAhG$+0X2%u$=bxWMKB}GhjC5hp~K2Iv44N|nM=`O%uu}|Y?Uvg-a
zen4X&wU<$~2qwI#Cf0%=V6q~2H=e!I{P}07@q2@O&3s&~b^schC>~iiIU(ADE;S+A
z@zC`nq2D931&s3wGyvoVRYJo{vMBo7UlSS}`Q{G^O#=C-$Y>InB9bMGtU(f(6n{1#
z7s+@()dO@>hb3hSbnqEyzC+}SliE##9FXoxg8RDEZNvKU(>(ssNlZrZ<M+aC+1Bhw
zquhVIH7R|a<qz~eyb<lkg2Xxnd;)7u9A>X<b{u9;uh17LBg?}^Gycw|(Zc6Ays;5_
ztJ@_obHF)7yx-JT?sRh52b2P{=j;>GTdV{%)^ykj!y=S3c=)4p_Wi*VJdYQnfG!7p
zCuxr4fQ<!_WSi`O&8>Lo{qUzyPEy-&T1Qd0+)Y~!aM2|#l#*jbH;aVE43rOUyplcg
z_ev*TDKHtiXiFeoX({<TN2mSuLI;pFUFIjBr$UfTEp7+SY^RwkQl;x7Z>|8PAb`s9
zeoB*@r6O3q3ZA*5Ws+<=$-LtPy5wSOAER5G+Itvkm1Z6VP#ci|*54w-z)w5xtd5_a
zK!g6ifA#nJc)UJN{`hk8vii)&Tk+f4!9Vsh5fs~_dVdgXx8m52MK+t-4e#X3Qq(2r
z4*dC?IHHeN`e!_5FiIk3F>E33Xk_0cVT6+(*-Jq_fYma>;saQpr1iJ-V2lax<R}ns
zNVk`ix=<{#V{-f<xKQlDZ{y{>!#j2fvlZTw1XDp!ds=xHGF2xt0r6@`=Oxn9Hp97j
zcDS%SB96W@k1*kxa=oQt_3BNXHO0x6-xffZl$R23z_1MS8g0%VRzRRke^eg6(B=E(
zQI9+j&s%CBCEYz^E=;&V%sD36KtgaW)d$T`7Es{8h_QYgFKLzVL<p2@$`Z$CMhZ;O
zDCIoI%&nR79^+A2Otz<X=8@@khA)xozJn&@JHd0f^5%lpE~gG#d9do?*V3IO@+0fg
zaM2Y6lj+jjYDTQu66?}f%c%yhM$QCc^xHKH6{%<edg)}p<#~X**_>2>!U(p*7&dOW
zl@PPNzcGMCng6QSU)?(+FEb^E<J9Pfa6h8W;7Dz9jM=t_5Hw%DTra<n)%M)+DHzJ=
zyk*0TW6aN`=>52a$hm;^eFfZ1P3Fd(F&sMv!x9Mks}p$akK4}4Z_ST&hhc>+2>W0J
zam5l~79#lu?uw&>jLG=6yZFEOea-$Y)lPVlB31BZLxt45=<SFRTmkZLUBvHKmS^n1
z{;C%H!28~89`$b$n#31Re2yb2$I~NH(whqQV`;H{_RW_^y*oWII!qHOwuSu7!iMjU
zCTA0E=l}dR%16gr(fW59=w|xqlj<%X@=hAc?*JLKN)|wm;xRXPQ_z7=o#YV_djjTx
zs)kZAR=)oE`I!*WPF}zim*B)h#tW?l&_0~I<?RvYWqr#}lpP8+DlnSUdH6JkoJM#o
zeL{Q`h#5$pkW5xuhp5L#tT|9E{9K{1vA{+tGz(h&@XrYNMZ%9*W2cX&RWq)-%6{`#
z2k!0VM~{%m=RIm9*B_UBY@HAPkI?7s^AF+b&GTQvM!*yE)s`>4s8MU>@ba`CC-4I;
z4R~cw-r|PG2-6t%@Vh{35D!QTR5v(LghK(Q7WOA`zx<xwX4sOGo++eYi48pZmvE-o
zW4A@1N$=w7#AcAXTE$7K@|1Z2x2)b^w75%o1Qn}Qz6Qt(7iK&|+3$zb9$T$?Ox9kE
zq0t7_19vE>jGxMn@`dLF-NGP)-uf>YZ^{$`ZBs{Jv|MB7zUG<2$M|mSh=j>u*WDw?
z(dVvAc$6+z3P3ou1k<o{6a<sEyvf#pqbMtYhj-Vgk9E4RIrW?XVmnZX5ft?b%MPWy
zBS7^MOPOJCWdEGPS!$LOdsG->Md_$4uh2Mwf(>YNWKCi8381$L=gB(Ky&^QXMN%Ml
zPu$DGqo9!cqrA`P;f^_4=KGX<>Md6yQN~}g1;&USIfrTR2|a*EYf^bd<A!kt+knmx
zF5?6Iq#%(s7Oxw&eFyj%+u!`~glJjv2Pgd3wa{4^r<}Mn_BB&3(|VXpxpY_alWvCF
zs(AnCq9;tQ8Z#!t+vxW~dvy@JN6P$5q*!>{xiD?}=(=s-R+GJo>W!oK1V8q+Z4fVg
zFk#C4<#g|`T;X7y%9m#b!y30(qg*hmBjf$qQm1TE)A_iQ#~~4ziyxDN2ccdgESQPR
zIA43ISTwE`3i}=o1&rP`!53h|#U|}0*5k=*wNOsUQn(6JtWj|G#64uHwZgw7QPPHG
zS%xxj=PVJj#1#}a5jF5)H~5*HaouUP1g|Yh7Ttlz^rWZLcSP0;Ib|9i7kExq`I`<*
zEcuBzPn)1kRras3Xvi@4lOoqNv#7Wn_W};{VXcJ8cdJx&p6c5nbG<t*7iACHQ^%cb
zsB)~lbF4D^oOqK?-jsM&UwKy91I&1n%zUVFT=-_+$ZxjBj@s){XW{r}V`TT*Gsc~q
zsB$vBb27ij&?KF#DDkwu@U*f8oVb$DUKP9B-h0^E0ncX3<Zw&hZtdT1t%K$aGMe@L
zRMMHDDK~8+TONL;SBIu+4ovL!R|>S@)7jbR6JykwH13FIA1R$Q=x9NbS!K?kKa9OS
zb4;(X16}kaUo`pn!KVYi_$J1<J@yS0{tvJoNrwF&FySB2))sW}m|kAzc-Ys<xZ`MB
zpN1#fCq^cXXUikxgs(c`Y~f_2%K3Vo3yY!C$)s2i#{}!-@bR99V#RadQ^E4#XN-d9
zGKF;b*+d<GuPI>OXY(G!F{p^22j<ygpAb>Dnr&J0pl+(0;}>a+bXX;f%$YUj7rt&7
zZkzkDHT-Fdc9&>0ifT7TZBpd~1gd@>XFu+w?1Rh5O2rI^N`tD1VOAz8zGEjulueQa
zqV4nBs$T&AUjhYbAYfF$|GOgpyXNSByZ#^b`TzGM|992W|C)ga=6|SRQji7%{|5p7
NzJtG?@%;Z<{~r_biYx#C

literal 0
HcmV?d00001

diff --git a/Solutions/CiscoWSA/Package/createUiDefinition.json b/Solutions/CiscoWSA/Package/createUiDefinition.json
index 26c28ec7da6..ac56749d4bf 100644
--- a/Solutions/CiscoWSA/Package/createUiDefinition.json
+++ b/Solutions/CiscoWSA/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cisco-logo-72px.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CiscoWSA/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Cisco Web Security Appliance (WSA)](https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html) solution provides the capability to ingest [Cisco WSA Access Logs](https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html) into Microsoft Sentinel.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 11, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/cisco-logo-72px.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CiscoWSA/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Cisco Web Security Appliance (WSA)](https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html) solution provides the capability to ingest [Cisco WSA Access Logs](https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html) into Microsoft Sentinel.\n\n This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog solution will be installed as part of this solution installation.\n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 11, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,37 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for CiscoWSA. You can get CiscoWSA Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
@@ -337,7 +306,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for blocked files. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches for blocked files. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
@@ -351,7 +320,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for rare applications. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches for rare applications. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
@@ -365,7 +334,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for top applications. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches for top applications. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
@@ -379,7 +348,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for top URLs. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches for top URLs. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
@@ -393,7 +362,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for uncategorized URLs. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches for uncategorized URLs. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
@@ -407,7 +376,7 @@
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for uploaded files. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches for uploaded files. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
@@ -421,7 +390,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for rare URLs with errors. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches for rare URLs with errors. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
@@ -435,7 +404,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches connections to Url shorteners resources. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches connections to Url shorteners resources. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
@@ -449,7 +418,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for potentially risky resources. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches for potentially risky resources. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
@@ -463,7 +432,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for user errors during accessing resource. This hunting query depends on CiscoWSA data connector (CiscoWSAEvent Parser or Table)"
+                  "text": "Query searches for user errors during accessing resource. This hunting query depends on SyslogAma data connector (Syslog Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/CiscoWSA/Package/mainTemplate.json b/Solutions/CiscoWSA/Package/mainTemplate.json
index 6e98d3e3288..5685510cd2f 100644
--- a/Solutions/CiscoWSA/Package/mainTemplate.json
+++ b/Solutions/CiscoWSA/Package/mainTemplate.json
@@ -41,7 +41,7 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "CiscoWSA",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "azuresentinel.azure-sentinel-solution-ciscowsa",
     "_solutionId": "[variables('solutionId')]",
     "workbookVersion1": "1.0.0",
@@ -108,91 +108,82 @@
       "_huntingQuerycontentId10": "77ec347d-db28-4556-8a5a-dbc2ec7c9461",
       "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('77ec347d-db28-4556-8a5a-dbc2ec7c9461')))]"
     },
-    "uiConfigId1": "CiscoWSA",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "CiscoWSA",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.2",
+      "analyticRuleVersion1": "1.0.3",
       "_analyticRulecontentId1": "38029e86-030c-46c4-8a91-a2be7c74d74c",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '38029e86-030c-46c4-8a91-a2be7c74d74c')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('38029e86-030c-46c4-8a91-a2be7c74d74c')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','38029e86-030c-46c4-8a91-a2be7c74d74c','-', '1.0.2')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','38029e86-030c-46c4-8a91-a2be7c74d74c','-', '1.0.3')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.2",
+      "analyticRuleVersion2": "1.0.3",
       "_analyticRulecontentId2": "32c460ad-2d40-43e9-8ead-5cdd1d7a3163",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '32c460ad-2d40-43e9-8ead-5cdd1d7a3163')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('32c460ad-2d40-43e9-8ead-5cdd1d7a3163')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','32c460ad-2d40-43e9-8ead-5cdd1d7a3163','-', '1.0.2')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','32c460ad-2d40-43e9-8ead-5cdd1d7a3163','-', '1.0.3')))]"
     },
     "analyticRuleObject3": {
-      "analyticRuleVersion3": "1.0.1",
+      "analyticRuleVersion3": "1.0.2",
       "_analyticRulecontentId3": "ebf9db0c-ba7b-4249-b9ec-50a05fa7c7c9",
       "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'ebf9db0c-ba7b-4249-b9ec-50a05fa7c7c9')]",
       "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('ebf9db0c-ba7b-4249-b9ec-50a05fa7c7c9')))]",
-      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ebf9db0c-ba7b-4249-b9ec-50a05fa7c7c9','-', '1.0.1')))]"
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','ebf9db0c-ba7b-4249-b9ec-50a05fa7c7c9','-', '1.0.2')))]"
     },
     "analyticRuleObject4": {
-      "analyticRuleVersion4": "1.0.1",
+      "analyticRuleVersion4": "1.0.2",
       "_analyticRulecontentId4": "1db49647-435c-41ad-bf8c-7130ba75429d",
       "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '1db49647-435c-41ad-bf8c-7130ba75429d')]",
       "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('1db49647-435c-41ad-bf8c-7130ba75429d')))]",
-      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1db49647-435c-41ad-bf8c-7130ba75429d','-', '1.0.1')))]"
+      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1db49647-435c-41ad-bf8c-7130ba75429d','-', '1.0.2')))]"
     },
     "analyticRuleObject5": {
-      "analyticRuleVersion5": "1.0.2",
+      "analyticRuleVersion5": "1.0.3",
       "_analyticRulecontentId5": "93186e3d-5dc2-4a00-a993-fa1448db8734",
       "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '93186e3d-5dc2-4a00-a993-fa1448db8734')]",
       "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('93186e3d-5dc2-4a00-a993-fa1448db8734')))]",
-      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','93186e3d-5dc2-4a00-a993-fa1448db8734','-', '1.0.2')))]"
+      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','93186e3d-5dc2-4a00-a993-fa1448db8734','-', '1.0.3')))]"
     },
     "analyticRuleObject6": {
-      "analyticRuleVersion6": "1.0.1",
+      "analyticRuleVersion6": "1.0.2",
       "_analyticRulecontentId6": "46b6c6fc-2c1a-4270-be10-9d444d83f027",
       "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '46b6c6fc-2c1a-4270-be10-9d444d83f027')]",
       "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('46b6c6fc-2c1a-4270-be10-9d444d83f027')))]",
-      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','46b6c6fc-2c1a-4270-be10-9d444d83f027','-', '1.0.1')))]"
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','46b6c6fc-2c1a-4270-be10-9d444d83f027','-', '1.0.2')))]"
     },
     "analyticRuleObject7": {
-      "analyticRuleVersion7": "1.0.1",
+      "analyticRuleVersion7": "1.0.2",
       "_analyticRulecontentId7": "6f756792-4888-48a5-97cf-40d9430dc932",
       "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6f756792-4888-48a5-97cf-40d9430dc932')]",
       "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6f756792-4888-48a5-97cf-40d9430dc932')))]",
-      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6f756792-4888-48a5-97cf-40d9430dc932','-', '1.0.1')))]"
+      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6f756792-4888-48a5-97cf-40d9430dc932','-', '1.0.2')))]"
     },
     "analyticRuleObject8": {
-      "analyticRuleVersion8": "1.0.1",
+      "analyticRuleVersion8": "1.0.2",
       "_analyticRulecontentId8": "4250b050-e1c6-4926-af04-9484bbd7e94f",
       "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '4250b050-e1c6-4926-af04-9484bbd7e94f')]",
       "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('4250b050-e1c6-4926-af04-9484bbd7e94f')))]",
-      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','4250b050-e1c6-4926-af04-9484bbd7e94f','-', '1.0.1')))]"
+      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','4250b050-e1c6-4926-af04-9484bbd7e94f','-', '1.0.2')))]"
     },
     "analyticRuleObject9": {
-      "analyticRuleVersion9": "1.0.1",
+      "analyticRuleVersion9": "1.0.2",
       "_analyticRulecontentId9": "8e9d1f70-d529-4598-9d3e-5dd5164d1d02",
       "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '8e9d1f70-d529-4598-9d3e-5dd5164d1d02')]",
       "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('8e9d1f70-d529-4598-9d3e-5dd5164d1d02')))]",
-      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','8e9d1f70-d529-4598-9d3e-5dd5164d1d02','-', '1.0.1')))]"
+      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','8e9d1f70-d529-4598-9d3e-5dd5164d1d02','-', '1.0.2')))]"
     },
     "analyticRuleObject10": {
-      "analyticRuleVersion10": "1.0.1",
+      "analyticRuleVersion10": "1.0.2",
       "_analyticRulecontentId10": "010644fd-2830-4451-9e0e-606cc192f2e7",
       "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '010644fd-2830-4451-9e0e-606cc192f2e7')]",
       "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('010644fd-2830-4451-9e0e-606cc192f2e7')))]",
-      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','010644fd-2830-4451-9e0e-606cc192f2e7','-', '1.0.1')))]"
+      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','010644fd-2830-4451-9e0e-606cc192f2e7','-', '1.0.2')))]"
     },
     "analyticRuleObject11": {
-      "analyticRuleVersion11": "1.0.1",
+      "analyticRuleVersion11": "1.0.2",
       "_analyticRulecontentId11": "9b61a945-ebcb-4245-b6e4-51f3addb5248",
       "analyticRuleId11": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '9b61a945-ebcb-4245-b6e4-51f3addb5248')]",
       "analyticRuleTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('9b61a945-ebcb-4245-b6e4-51f3addb5248')))]",
-      "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9b61a945-ebcb-4245-b6e4-51f3addb5248','-', '1.0.1')))]"
+      "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9b61a945-ebcb-4245-b6e4-51f3addb5248','-', '1.0.2')))]"
     },
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
@@ -206,7 +197,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSA Workbook with template version 3.0.1",
+        "description": "CiscoWSA Workbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -265,6 +256,10 @@
                     {
                       "contentId": "CiscoWSA",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "SyslogAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
@@ -294,7 +289,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAEvent Data Parser with template version 3.0.1",
+        "description": "CiscoWSAEvent Data Parser with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -426,7 +421,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSABlockedFiles_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSABlockedFiles_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -511,7 +506,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSARareApplications_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSARareApplications_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -596,7 +591,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSATopApplications_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSATopApplications_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@@ -681,7 +676,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSATopResources_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSATopResources_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@@ -766,7 +761,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAUncategorizedResources_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSAUncategorizedResources_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -851,7 +846,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAUploadedFiles_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSAUploadedFiles_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -936,7 +931,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAUrlRareErrorUrl_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSAUrlRareErrorUrl_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -1021,7 +1016,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAUrlShortenerLinks_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSAUrlShortenerLinks_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -1106,7 +1101,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAUrlSuspiciousResources_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSAUrlSuspiciousResources_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
@@ -1191,7 +1186,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAUrlUsersWithErrors_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "CiscoWSAUrlUsersWithErrors_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
@@ -1267,415 +1262,6 @@
         "version": "1.0.0"
       }
     },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "CiscoWSA data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Cisco Web Security Appliance",
-                  "publisher": "Cisco",
-                  "descriptionMarkdown": "[Cisco Web Security Appliance (WSA)](https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html) data connector provides the capability to ingest [Cisco WSA Access Logs](https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html) into Microsoft Sentinel.",
-                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**CiscoWSAEvent**](https://aka.ms/sentinel-CiscoWSA-parser) which is deployed with the Microsoft Sentinel Solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "CiscoWSAEvent",
-                      "baseQuery": "CiscoWSAEvent"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 10 Clients (Source IP)",
-                      "query": "CiscoWSAEvent\n | where notempty(SrcIpAddr)\n | summarize count() by SrcIpAddr\n | top 10 by count_"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "Syslog (CiscoWSAEvent)",
-                      "lastDataReceivedQuery": "CiscoWSAEvent\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CiscoWSAEvent\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "write permission is required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**CiscoWSAEvent**](https://aka.ms/sentinel-CiscoWSA-parser) which is deployed with the Microsoft Sentinel Solution."
-                    },
-                    {
-                      "description": ">**NOTE:** This data connector has been developed using AsyncOS 14.0 for Cisco Web Security Appliance"
-                    },
-                    {
-                      "description": "[Follow these steps](https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_0100111.html#con_1134718) to configure Cisco Web Security Appliance to forward logs via Syslog\n\n>**NOTE:** Select **Syslog Push** as a Retrieval Method.",
-                      "title": "1. Configure Cisco Web Security Appliance to forward logs via Syslog to remote server where you will install the agent."
-                    },
-                    {
-                      "description": "Install the agent on the Server to which the logs will be forwarded.\n\n> Logs on Linux or Windows servers are collected by **Linux** or **Windows** agents.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the Linux agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Linux Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Linux Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ],
-                      "title": "2. Install and onboard the agent for Linux or Windows"
-                    },
-                    {
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the Windows agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Windows Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Windows Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Open Log Analytics to check if the logs are received using the Syslog schema.\n\n>**NOTE:** It may take up to 15 minutes before new logs will appear in Syslog table.",
-                      "title": "3. Check logs in Microsoft Sentinel"
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "CiscoWSA",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Cisco Web Security Appliance",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "CiscoWSA",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Cisco Web Security Appliance",
-          "publisher": "Cisco",
-          "descriptionMarkdown": "[Cisco Web Security Appliance (WSA)](https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html) data connector provides the capability to ingest [Cisco WSA Access Logs](https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html) into Microsoft Sentinel.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "CiscoWSAEvent",
-              "baseQuery": "CiscoWSAEvent"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Syslog (CiscoWSAEvent)",
-              "lastDataReceivedQuery": "CiscoWSAEvent\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CiscoWSAEvent\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(3d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 10 Clients (Source IP)",
-              "query": "CiscoWSAEvent\n | where notempty(SrcIpAddr)\n | summarize count() by SrcIpAddr\n | top 10 by count_"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "write permission is required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key)",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**CiscoWSAEvent**](https://aka.ms/sentinel-CiscoWSA-parser) which is deployed with the Microsoft Sentinel Solution."
-            },
-            {
-              "description": ">**NOTE:** This data connector has been developed using AsyncOS 14.0 for Cisco Web Security Appliance"
-            },
-            {
-              "description": "[Follow these steps](https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_chapter_0100111.html#con_1134718) to configure Cisco Web Security Appliance to forward logs via Syslog\n\n>**NOTE:** Select **Syslog Push** as a Retrieval Method.",
-              "title": "1. Configure Cisco Web Security Appliance to forward logs via Syslog to remote server where you will install the agent."
-            },
-            {
-              "description": "Install the agent on the Server to which the logs will be forwarded.\n\n> Logs on Linux or Windows servers are collected by **Linux** or **Windows** agents.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the Linux agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Linux Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Linux Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ],
-              "title": "2. Install and onboard the agent for Linux or Windows"
-            },
-            {
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the Windows agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Windows Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Windows Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "Open Log Analytics to check if the logs are received using the Syslog schema.\n\n>**NOTE:** It may take up to 15 minutes before new logs will appear in Syslog table.",
-              "title": "3. Check logs in Microsoft Sentinel"
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**CiscoWSAEvent**](https://aka.ms/sentinel-CiscoWSA-parser) which is deployed with the Microsoft Sentinel Solution."
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -1685,7 +1271,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAAccessToUnwantedSite_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAAccessToUnwantedSite_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -1713,16 +1299,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -1795,7 +1375,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSADataExfiltration_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSADataExfiltration_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -1823,16 +1403,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -1905,7 +1479,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAMultipleErrorsToUnwantedCategory_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAMultipleErrorsToUnwantedCategory_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -1933,16 +1507,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -2026,7 +1594,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAMultipleErrorsToUrl_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAMultipleErrorsToUrl_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -2054,16 +1622,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -2145,7 +1707,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAMultipleInfectedFiles_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAMultipleInfectedFiles_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -2173,16 +1735,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -2264,7 +1820,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAMultipleUnwantedFileTypes_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAMultipleUnwantedFileTypes_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -2292,16 +1848,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -2383,7 +1933,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAProtocolAbuse_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAProtocolAbuse_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -2411,16 +1961,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -2502,7 +2046,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAPublicIPSource_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAPublicIPSource_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@@ -2530,16 +2074,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -2612,7 +2150,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAUnexpectedFileType_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAUnexpectedFileType_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@@ -2640,16 +2178,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -2731,7 +2263,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAUnexpectedUrl_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAUnexpectedUrl_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@@ -2759,16 +2291,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -2850,7 +2376,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "CiscoWSAUnscannableFile_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "CiscoWSAUnscannableFile_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
@@ -2878,16 +2404,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CiscoWSA",
-                    "dataTypes": [
-                      "CiscoWSAEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "SyslogAma",
                     "datatypes": [
                       "Syslog"
-                    ]
+                    ],
+                    "connectorId": "SyslogAma"
                   }
                 ],
                 "tactics": [
@@ -2974,12 +2494,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "CiscoWSA",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CiscoWSA/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html\">Cisco Web Security Appliance (WSA)</a> solution provides the capability to ingest <a href=\"https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html\">Cisco WSA Access Logs</a> into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 11, <strong>Hunting Queries:</strong> 10</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/CiscoWSA/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html\">Cisco Web Security Appliance (WSA)</a> solution provides the capability to ingest <a href=\"https://www.cisco.com/c/en/us/td/docs/security/wsa/wsa_14-0/User-Guide/b_WSA_UserGuide_14_0/b_WSA_UserGuide_11_7_chapter_010101.html\">Cisco WSA Access Logs</a> into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024.</strong> Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 11, <strong>Hunting Queries:</strong> 10</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -3063,11 +2583,6 @@
               "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
               "version": "[variables('huntingQueryObject10').huntingQueryVersion10]"
             },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "AnalyticsRule",
               "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
diff --git a/Solutions/CiscoWSA/ReleaseNotes.md b/Solutions/CiscoWSA/ReleaseNotes.md
index 031f3983ec7..82c3acc614f 100644
--- a/Solutions/CiscoWSA/ReleaseNotes.md
+++ b/Solutions/CiscoWSA/ReleaseNotes.md
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
+| 3.0.2       | 19-12-2024                     | Removed Deprecated **Data connector**       |
 | 3.0.1       | 24-07-2024                     | Deprecating data connectors                 |
 | 3.0.0       | 16-08-2023                     | Optimize the **Parser** by replacing the legacy code that uses regex with a more efficient algorithm to reduce the time taken to parse data. |