From a9f8fd2444ee94755793b2c748d5efa7adcb8ef1 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 15 Nov 2024 16:39:06 +0530
Subject: [PATCH 1/6] Repackage - Claroty

---
 .../Analytic Rules/ClarotyAssetDown.yaml      |   8 +-
 .../ClarotyCriticalBaselineDeviation.yaml     |   8 +-
 .../ClarotyLoginToUncommonSite.yaml           |   8 +-
 .../ClarotyMultipleFailedLogin.yaml           |   8 +-
 .../ClarotyMultipleFailedLoginsSameDst.yaml   |   8 +-
 .../Analytic Rules/ClarotyNewAsset.yaml       |   6 -
 .../ClarotyPolicyViolation.yaml               |   6 -
 .../ClarotySuspiciousActivity.yaml            |   8 +-
 .../ClarotySuspiciousFileTransfer.yaml        |   8 +-
 .../Claroty/Analytic Rules/ClarotyTreat.yaml  |   2 +-
 Solutions/Claroty/Data/Solution_Claroty.json  |   6 +-
 .../ClarotyBaselineDeviation.yaml             |   6 -
 .../ClarotyConflictAssets.yaml                |   6 -
 .../ClarotyCriticalEvents.yaml                |   6 -
 .../Hunting Queries/ClarotyPLCLogins.yaml     |   6 -
 .../ClarotySRAFailedLogins.yaml               |   6 -
 .../Hunting Queries/ClarotyScanSources.yaml   |   6 -
 .../Hunting Queries/ClarotyScantargets.yaml   |   6 -
 .../ClarotyUnapprovedAccess.yaml              |   6 -
 .../ClarotyUnresolvedAlerts.yaml              |   6 -
 .../ClarotyWriteExecuteOperations.yaml        |   6 -
 Solutions/Claroty/Package/3.0.3.zip           | Bin 0 -> 14404 bytes
 .../Claroty/Package/createUiDefinition.json   |  53 +-
 Solutions/Claroty/Package/mainTemplate.json   | 982 ++----------------
 Solutions/Claroty/ReleaseNotes.md             |   1 +
 25 files changed, 113 insertions(+), 1059 deletions(-)
 create mode 100644 Solutions/Claroty/Package/3.0.3.zip

diff --git a/Solutions/Claroty/Analytic Rules/ClarotyAssetDown.yaml b/Solutions/Claroty/Analytic Rules/ClarotyAssetDown.yaml
index d920baaefc4..87fdda85c60 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyAssetDown.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyAssetDown.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Analytic Rules/ClarotyCriticalBaselineDeviation.yaml b/Solutions/Claroty/Analytic Rules/ClarotyCriticalBaselineDeviation.yaml
index a4bc4368c46..f53c057c588 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyCriticalBaselineDeviation.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyCriticalBaselineDeviation.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -33,5 +27,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml b/Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml
index 33ba1bb2606..8f5df920c3a 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyLoginToUncommonSite.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -46,5 +40,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: SrcIpAddr
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLogin.yaml b/Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLogin.yaml
index 096e773f9b2..e2d89cb9f23 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLogin.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLogin.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -37,5 +31,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLoginsSameDst.yaml b/Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLoginsSameDst.yaml
index 0ffb499ffd0..40c6e6e3127 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLoginsSameDst.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyMultipleFailedLoginsSameDst.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -39,5 +33,5 @@ entityMappings:
     fieldMappings:
       - identifier: DistinguishedName
         columnName: SGCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml b/Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml
index db6d372edaf..22679c6bfd9 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml b/Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml
index 0d572c165bd..a557347a63d 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Analytic Rules/ClarotySuspiciousActivity.yaml b/Solutions/Claroty/Analytic Rules/ClarotySuspiciousActivity.yaml
index f4c64bb1412..98f834ea080 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotySuspiciousActivity.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotySuspiciousActivity.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Analytic Rules/ClarotySuspiciousFileTransfer.yaml b/Solutions/Claroty/Analytic Rules/ClarotySuspiciousFileTransfer.yaml
index 6da2925c08b..76b660ccc4e 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotySuspiciousFileTransfer.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotySuspiciousFileTransfer.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -32,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Analytic Rules/ClarotyTreat.yaml b/Solutions/Claroty/Analytic Rules/ClarotyTreat.yaml
index c4eecaf4002..c8b45d02f4e 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyTreat.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyTreat.yaml	
@@ -32,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Data/Solution_Claroty.json b/Solutions/Claroty/Data/Solution_Claroty.json
index 48057d71190..17292bc28df 100644
--- a/Solutions/Claroty/Data/Solution_Claroty.json
+++ b/Solutions/Claroty/Data/Solution_Claroty.json
@@ -21,10 +21,6 @@
     "Hunting Queries/ClarotyUnresolvedAlerts.yaml",
     "Hunting Queries/ClarotyWriteExecuteOperations.yaml"
   ],
-  "Data Connectors": [
-    "Data Connectors/Connector_Claroty_CEF.json",
-	"Data Connectors/template_ClarotyAMA.json"
-  ],
   "Analytic Rules": [
     "Analytic Rules/ClarotyAssetDown.yaml",
     "Analytic Rules/ClarotyCriticalBaselineDeviation.yaml",
@@ -42,7 +38,7 @@
    ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Claroty",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "TemplateSpec": true,
   "Is1PConnector": false
 }
diff --git a/Solutions/Claroty/Hunting Queries/ClarotyBaselineDeviation.yaml b/Solutions/Claroty/Hunting Queries/ClarotyBaselineDeviation.yaml
index 4e77850826a..3ac409e8bd6 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotyBaselineDeviation.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotyBaselineDeviation.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for baseline deviation events.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Hunting Queries/ClarotyConflictAssets.yaml b/Solutions/Claroty/Hunting Queries/ClarotyConflictAssets.yaml
index e4aa657600c..4259414cb96 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotyConflictAssets.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotyConflictAssets.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for conflicting assets.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Hunting Queries/ClarotyCriticalEvents.yaml b/Solutions/Claroty/Hunting Queries/ClarotyCriticalEvents.yaml
index cc40bd5c9e8..86ac250a3f5 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotyCriticalEvents.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotyCriticalEvents.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for critical severity events.'
 severity: High
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Hunting Queries/ClarotyPLCLogins.yaml b/Solutions/Claroty/Hunting Queries/ClarotyPLCLogins.yaml
index a5d205d83ec..7585c5fcbfb 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotyPLCLogins.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotyPLCLogins.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for PLC login security alerts.'
 severity: High
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Hunting Queries/ClarotySRAFailedLogins.yaml b/Solutions/Claroty/Hunting Queries/ClarotySRAFailedLogins.yaml
index 6d0f6815d75..2aa4490137b 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotySRAFailedLogins.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotySRAFailedLogins.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for login failure events.'
 severity: High
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Hunting Queries/ClarotyScanSources.yaml b/Solutions/Claroty/Hunting Queries/ClarotyScanSources.yaml
index 6b38fca0703..10102c41777 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotyScanSources.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotyScanSources.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for sources of network scans.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Hunting Queries/ClarotyScantargets.yaml b/Solutions/Claroty/Hunting Queries/ClarotyScantargets.yaml
index 2fd4377e5e9..d7a884f5639 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotyScantargets.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotyScantargets.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for targets of network scans.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Hunting Queries/ClarotyUnapprovedAccess.yaml b/Solutions/Claroty/Hunting Queries/ClarotyUnapprovedAccess.yaml
index 86ec7e0652a..def9786ac7c 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotyUnapprovedAccess.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotyUnapprovedAccess.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for unapproved access events.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Hunting Queries/ClarotyUnresolvedAlerts.yaml b/Solutions/Claroty/Hunting Queries/ClarotyUnresolvedAlerts.yaml
index 456ff9b7138..6b3dd4a04b1 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotyUnresolvedAlerts.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotyUnresolvedAlerts.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for alerts with unresolved status.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Hunting Queries/ClarotyWriteExecuteOperations.yaml b/Solutions/Claroty/Hunting Queries/ClarotyWriteExecuteOperations.yaml
index a0636b80323..b6f37a50886 100755
--- a/Solutions/Claroty/Hunting Queries/ClarotyWriteExecuteOperations.yaml	
+++ b/Solutions/Claroty/Hunting Queries/ClarotyWriteExecuteOperations.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for operations with Write and Execute accesses.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: Claroty
-    dataTypes:
-      - ClarotyEvent
-  - connectorId: ClarotyAma
-    dataTypes:
-      - ClarotyEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/Claroty/Package/3.0.3.zip b/Solutions/Claroty/Package/3.0.3.zip
new file mode 100644
index 0000000000000000000000000000000000000000..8f4fa4b0ccfe6c3b077f4e20d1b12c88e2f6aa9f
GIT binary patch
literal 14404
zcmZ|018^@r+y&f!Z5y|?ZQH%IZQHult!>-3ZQFKlZMR>aci#Cp-|kK_*<j8lzmt<>
z69s7yP*flwAV{Eu06UEleA$y4XdoaOVIUxkpSMPiCI-$XDi$IprWUpq&K7pIbe2wb
zwp&`~wi_JiUp>9uAbUCluDjCnUJ;kDJQl~mh0JSYSzi+20m<eWD3Xh@%G&ZRy*v}$
zz1<5uW4?de)$5NMEvg0~6;K%^@v<k};1LkU5d6MzjH>*w?WlydJ%=@wtc>oh86>pc
z2xDGEf{5yUzQprIca#j4&A`1rKfk(kD~F0u8~XmBZ-%e%cOe>KNm8pU`lW%YeqlfP
zF;l&XSDYWG-;E*!6}Rb1$x{~$H}g9;N~6~Ir3m35=JzFy)nBDr{eq4V#Jv5JK6_eb
zPD366&LVj)_SM%EGt7t(d5X?UY+I=Iw$A$2@2)w_mhq~`l*v%gb#fBy%98U)J};N>
z+c0Q2GMPoB-66j4`&n+5f*1)lmxh6pLlMPfzT3@1Z%12hTFaWuhkFP#27mba)`{xS
z*fL^gCsX`n?&@l0Jlw3K<AMWm6S8<n-P{zdL8)(;3UX0K422EZs0b_}u8s$?H25tF
z8X5T%i&)d|^HuL@+@gMdY+5%gkxkZQyV=P@Nn-`Zya}-_ksOPWnFF#_)s=5Flq>yn
z_8Ji)Qk^3U+8+CkGu6}#BQ9N320J0K<QPLB4=dHWJX7UBtR#?|27TQzH#&&aM`FN{
zt(`_!MXj~Gh|d8mWL0DMDFBS##(v)oeH<8|Dv)~Au1~aIAb=U04S4`weyivAh2RW8
z!6Kz%M9j>c)&=VL1y`0M4O4)83B`QVc4SHw#0pZAJKqp3H8WG@jOiVbl?90~{KrR_
zA`^}mk>L?#bW}caDIS8?jxPXbE(IB#Io&O_HAsR4!nv8sYzJ_bsH|fS>i15B9v8z1
z+XJNqK?QqzLWpFvLyaeNwGV<!)`Ano`;o09H623#cM(mH<`i?mOMu<CRq#)GDxcs8
z9KFPpF(P6lQv`I5!vG>d?<j}pV8E0!q#GlZQ<a_^!dMf!qa^^2@aDCcDZ4ajjc0UC
zMg#ep)EeFa`U&oU0UW;!^n!XHkqX#BgexcN*g92a_4AXiqs8r7aCnmOFKHv8?`&Pi
zyVzMooFYa<vcX_rThcGDBp}ObkC=5onNbdur)v@OG&jV#2I4-KK_Qi!ddoSq9491x
zw@&zX1g#=Pj`t;e4Bd0;ngsA`n&ot3W%%YIhREqnKy*`kqA&LG%s8>S2huCp@7}f1
zP8!uJK}IK!Wf%Or-I7s-L)JhnXIn$LX^fKw1P*k%b7fz!CTJ+LW@>OF$=GZhPO%rZ
zs=MBn2z>krDj3vWr4l-t;7p<+M~JHS`M*l@mQMu_P=uUubQw@=NXe2D!<xZu5rm0_
zh|HA=qQM<Z(v6DJ#7IwfXs&SQZGwKYRAFi_e`Ctl42}g)o46=Z#=j@OMxp4JZ-B9n
zhIoWR1RRBj3-&UE5}DLoe{~STG@#aAA-Hfvk_OvW1^iQ!0xO9xG;gEeNCub?9WKD!
z2xNu2(NPgZavXJ!JNITHr}pii5~3@c6MMeU1rz-<LrK9nb0x?R%W9^UvUYnTF(~O+
z@z5g78@g7<w!xDq4rj_+M)+HzVoa1%uf$G#48gN*axy3~e|?qMx#xs;s`YC^H+hU#
zJayyzlK1TL^4foo>)f@be*c0QF14EL6GL-|K9*cr48ofP7+W_cghOCL87wvqJd5L<
zLDw;`LSffPEawih<rkQ-8yXm?L?WU=H53%hk~&RQnH%oj_c%!ECKkh?12>p4w@b{E
z+!DZ*>r)zg+hna3-s?-Y`&UM@ig<2m1D|^Lf{BL~?H3p3Y_e)lH2ks-@j6zxD_>>_
z7rz}Zx80>PlBLLL_rLnAd)4R8BaX7`&sLCmG-I>XWNc{7FeH;GS|LRb1@Oiej|YKi
zY(FOV#gIFySk;a_Uh%ci^0wNK0cGSouKOF17L&ZfsM%W6E%TxA)qigE%F6KLXlLSp
z=b^GjIe--h=(Ks9wuWkoS_~TNL#4Z&T5?m9t$X;~j=@ly`m0FWYJI?IBJNb&`;y~b
zGM)6G49+V*azz=WA)6Xh22d}{cyJzz7ipCydF9eQPnyVE@E@13OMBSKnhgOLtn@e)
zGP3J2EQdqw<GS7CX7$hUb`5Bk3AT6Kp}?GoVzley(lZKS-#93`1lNPwC<--{*e8P%
zHG6R{gcN-AjrKpXvD6D<pw`kKYk`z5GbYRvhy1oOS?@VDl0O~R3ay_41<3|$HLUuH
z5$ng&z52P8p81n}TKB#i`KoPkHL-ACD1FP3OITjql6KQF6E$2>Wb^#<(>?k(5ouLS
z|7)>1^Y2#I`kKi8M_gTYXpBr7Vbtp7Y{%u)VKOK}b`d5~(H!|;<r$OKYVWvY`SL`W
zz&w|{DQ<kt1)<-nY)rfeP55ZO@5hb!p4WxnAL@Cb=nv46J4H$3jw-JAc^qnfAbF{e
ztFxHaHYsjEdT1#yA$GKMIhLGhvvLXCXXXn4K#I=Z+wF_yQ~OG27rcT`;xBPR1T?J|
zXtW6hi;B+=D>(P-W!ThYpSV6bFsa<O(cnT0yy98^JB376cI)l;sMM5loz+{aWD#ZU
z;8IaqtA*t*zw_my1j6#ds<@XBxVK!Sz;+P6%$nR&^0LFLK^Ibnc;5ptANzALxD{w?
z3VyOOyVY6*yZKt6`UDj6!cp3J!}sB;4|}aDZSqezt@q!=%U@V0y>u$;t+e=CzR8EG
z8q-9hsbn%rxUkWntot&9ddi_9&Xi5zn<jrVn*JS#ReDwepH0=tE1u0A4M)AdEaS22
zBHtEo-AWRNa7)V2@JeEUaqzVdhJ6g%JRdIGn4v314<-(TaPi{wg_sf%Wm14~u=k;X
z8ILFcBkwU*hl4WXmh99f<*?b9WY*_u=6e|1i<%r1`?kv#SBGl$zK6iI_pF49%5N2A
zH;yavc5TQE8C);JdBpz8GJe*dhtW!t-&ZFcv=P)!$)n0n`IUM=p|mh|y|VGVKD2M)
ziFW+_Kqlie<bKvJW94)7R35idwWG?p(M@DKj6Z?-VSKAfeuavoc9GoeJmP5XI0CM*
z<X}UZ;^RZ<CRyj!l${Z_CcxNS*z3UzwsxIfajufu(<C7Y03HHL#Z4)U68^HJW$w_F
zR0H3OF{w#2!=QlE$>BjfFc`(c3rMaOZdUT$qLrt~DlMyf=qC_9p~TB}wl!s?rS8mg
zWRN?I-Q93LXl|1d4!*Yu2v32!n4Zs^bb};*&fsOTXOGP28~v>6m!PW^L?t}m?lPa3
zse5}lC8#)L1&)W<0F4(?WhqHExw^a45t3w1x?UksDZ1K#)cj?OqN!LIJL~*@G##8!
z9Dba9WzKlu;I8qeP=Zv-vrblO95DaHPer*)*LUP_Z{G)}s6Ao}P8ZVxMVFTAhDA4(
z3FwS=myxGE#mn&OTY*%~wnkBnH;KF6mRg*Y>^~39HU^b*pc}ISrIv4jqAts{Cc8v!
zr5qFwo+opIVt~t1?)(#U=CU#H9E;&sv43mK4A$0VBQztliYi#~PXZ)%)sSKdFO-JY
zMlmcZ;h$685J<c38J5MlHBD39CA~K*_|TkI4ZRQN@{ko>C)QMty?oEz8I0>0mikdx
znipB}gn|c=sxQF?*MwgqwJ>_jtGUdS_3MU6iPFbkzi$YI|Hl~Do|S$hg$4*{lL;6I
z>1T{<V_;#cY+_??{WH@2pV955&z9>!bNtn3CF`}nyD9C4kBnB~R{{sh$d#OD(YI?y
zgVWsAk!)P-)E07CY$6`{Lc{U#W|nwrTN*~H+q%3XG=HH0GKrw%a!#3X6Dcx<G8%O7
z{$Jpi6aH@$A+K+2^%i&QE1#$*+W~uIZy(40YTOvvmCin+i;$6Hd?kE*t?kqu7`e!h
z?G<d=s=S<4cc!~v5^V_XJXmRjd|zI>ZQu27A~>}?>_J|BL%zH2bQa?Lwz1zYpN#Ob
z8?aCie(^B&W0@f>+4AAtt~5I^od%&Ss50azGYCES;wzBCk&rf~GU|{LRnm4WaCwZV
zjv=$N_j9kK4_!9~G0HFf>)EN@P?sQ9Lg&OYOp=#tq^+2IG7N-xLEQ)2B2~ywc+Y6A
zcKuqd6*F`j?&fmhdwNrIiOcV&2fZ0@=wEZs#R-7}2c=2!L{*Vg996w{Sx_ey*HIYx
z7XFvSEU6)*L#xAV(7Y^+fk0_r>M#Q{1RjX_Jze`z<|!@P&c;>>D(?U*{<Llz4~0v+
z5y;Q*xC3xPHX9+d;1<l!%k6u92$Y3>&B5cH+0QDYEh2IOwx=v^bH`IJBh8N`tZ-_D
z%lH|Lr(jC#pwW2c1v|~Sq@_nBSVU}|RlgX!Qd##<4H{@7=CC(10qj&PGF3tAkWmaq
zm=y6<qMfH0Q&p#0{H+~+o)2X@FQG%=vAZf+$wR$@r&yRs#RI>itz706T;8B)Gyy$B
z{DQUJ_Mo_fR(Fwh_TD{bMT+s>d%kmQLS8)#F_1cEM9S#D5@LoCNPbv=px=IGZ_%8X
z1`e}<N={;l??UuWcq#9gN}Q`D7|(q``-X8ANZTYtGtiK>bx?A3SSg{<osDC>|NKF=
zr6=*M=HzLq$~8Qy7>I}_8n}se;+{CvJTI!4NvG4){4CA`+<U~v<x`G_49Q>S`Br19
zu3w69IM`bZ?2*wBo?>Eqt(s-I*5{){8fK0_wM4GlIo^gCaS%p62MRtDu<%n>)8FJ?
z5bqoOlvTAl@Xg=Fl~!JD!qc|!AtUvqIWas^5+$A!BgGWm$EV)ao3LbOWL_^p1FZtH
zS;gyO>lz3&XONVK8FN;4UbA_d42RqLh3=W<%!L|T3S0wAZNJUGeQV`=2#Wipiv{I~
zTezyQ*RY8dik+9kMJnQoO5VU85cR(=cdvKvAA?dlOk1chG3`f3M((+H#ZSAi+V%lN
z=gqBAyCe(-T-}4k2z45Q<iGNO`7m*;u!K<fd4rI>Ew3r83Ipq5Pq@lkgBE{>1wAV=
zZ(b(0E@kw{)O`~$1Ks-mzF#pEr0x?n({BusT?jf|`(;kMacb_<u`s(nm2LAp<yx|~
z0wzV2*Yq%ZX_xj(5$TVMMww?6(<Ao3e?_8RQKmEh9@5uqO|&#CN{p&@>bcfycTQKk
zbd6?vlk+{JSj*HzK}8?gCKfl8)#zz0pPWx$(RtpR-g>nP?5w&3drIKic^6pL@irPm
z!vEP+OLkEaQIxl+6mKWDduq(Nb}ZmGu4_(MHaDu4>@0#0`0AZEId5LVt~ak)P?xtf
zkv*1&=9X@|rg?7shv(h1Wz7PvJ$;THGSEhgIjXwIMbopviVb4xNkFCR@_*5|jxTQf
z{z0=|rzzX8)tmlj!^d8m?d)+|;2i7Hpkt1`J@8Mt(`luZr4pjx@2)MTN7tn#>4+!$
z7K4p}?q!zB;$<dUt#hrw?&YhNjwsWLCF|z8e9w;a^mSAb1!cP$nJ!+J$N79VTUgo#
z3-higM0cwV;i?tZT5#Wr9jo2utw2fz*{-hth4b`NIch&}xL7WuSx?V2cdY#nn5qEI
zK3=(LIu%B#!XWwCKXv(TrC1XV8UAkxr)UN(3K{{u(Yj%UIb@(u;T%&;-patIG%fH~
zs{hty2KXRr)SkfOSbiNDTE!@VO5ND))bj#TGH+Yh^MbtXer-283|Y=*h${rUmL~+T
zxbR=br8DzlxM}HY7yFJawvH$<`CJlYD&N7G(<|$s&)CI?w_u*N>x#x4?^+BE^@)Lk
zG@nkj1fthY`t!u#TJnV)9Ix;{&iyb2`D7?o_Bq&@`A|3}WY(n_47BU)UV*A8?t{ZX
z#lfmMB5Yz9JeaQwmS-RXldJ|t4k)S?dRswJtZB9BsAw{)>OD}@V=RB6*e7IK%WV4_
zDX!K*tbpbY1pa#DEm<@-0X%^I{p0Q0X-?1jQkY@gJKiU&obPUjVqY=tw^USS*gJlc
zRhKO0lxbBl?Wc7?DHhcVeA1uA)l6SHV{crp-3kb;m%gLq3fXSt_UV;(lx=Nlg{o+*
zvF)$=UkI&DzCS{40gqyvl4h^96{PWd!u%f`&*B3g=sE2KZofJX3rmB^qt}%00%rQ9
zHi|91Z9mmzMTWhXELkO)C>V-u%}!8~ar!_Iw+R_;L6TS*lvCsUDFRn}wMHw50zNDw
zxU$hi5LhK)h}n!c$`#H3W;gra>{pflWk;4-Rbbh(O@ne<l1)XofrlMv)YO4vhgBc9
z1c@Q51UA3Cs@<{JP``$^uZD8NU^hs5T9R$;AVX12$Pa*WTe0hxVwy7O?_xr^DuY07
zH1Dxn|1?;bPme-pfQHdbUjr=GSp3^Eu$#TY^5iRB)&eHVoBgTA=jC7t3d!GnL0&li
z5~ZUo;skT_%zHl(3;8xytJVlITIbFkB>Rl%nh2`Uta!zUn|SctwM?;A{hvd!>P0>-
zC|5OOK}&_D`u(4e8MW~;PO0{mj}pzzbEUPdf)lP8T($#=c`ko387>4t;@jV7@#5Pf
z^Zo#OLm(DDmZFCDO)L8af{&tx(=XIzBdN}Dq8@ST;}wcRaM_d59pC|hbDO|o+(Gqg
z18Mb!%l2G0Ic9J$UNHMrBm^_!WKOPsgB(q-2cNHSan`x^{)LN2aDb9U*GBZ3`~S_u
zX&|UW-{E}Gr5Jy<mbjl_E+FTe4btKE!Y?Wy++IznG(UiHz1*$hUV!ZSLi&bBMrt-I
zJBPSG<i{wi3Zz7by&46TJ#X+3K0Cw;sBJk(h}FOF>Qz4t#gR0|QFfod-Qd1R_!9X2
zkE`9Se`D<zYpZPIALMrdimtk|*5A)08Jd0I-K}{SV%;&pP>%sf3@)T>8$OcTG8bc#
zTM3b6rwIz8)0h*s^pZ@fTug=B^g-?S@KLF~W+O#k^sTHu*3!_%A+6P{p0h6T`FFfZ
z9>pGE1O8VT&{=i0T9MPDe^3Th@qOZXl{lbHWw`*DOTvw4R0Vl!u1saF{zCqF@?z8Y
ztKItXm!BR@BY!8BwpY}QrAf$)<@ER4*16l)o%EH#?9Yi&Nzeg$F0GTYn7(~3h6jyL
z4Q6)RzV2TaYb&P%v}-$%HUt!BLWyAQyI(MUqby+s0MprC*jm}@4<0xngs#+fXDb5F
zCz(zCn+vQpYY7n%Q~#UmU3Fn={DK(z&biSJalugXTpxt3T|_QGx?KFbGa{V%J#*yo
zF3I-o5WA;EWY$1M7d-*)96=H}=u9}vB5{h@-Sfg-1oX#i%UnmPmTth6q3ASMgw;Zw
z1=z$@lctVD6fVmfp1S!tTT{2eGt0oD!_4V<v27zIph(qlncp9)n|%vMhTdsf>qezk
zOS5*+USq*{fG}YxyB_M06{%q3(iQvRKA0VNQR0_!FLXmy_8`<OZA9E56t<5pzfafN
zSlirrqvMq`c9rflZNU~hksM6ni^vg>sDk_>_qCqKy&j+78i6+^W3YVYT&Tr4dphVa
z%eMbc+{#f(^^@twXy=;uh4INjBI`5_q_yHog4h}j<9JY#0{j`CL!yq(tD4$XPXQxn
z6!tADhX8)(Ebd$ffGfBT*1{IzZ|JpfFf|;LYgpB1s1A`-W5(;u>Q^_s&;mkF>>Q;w
zsQ67Vyw>f06vD!NiXBA+fP=ESXBMh0nv>Z0t0ZbZKAHW_+w*;R1QV3*vOjTcdb}HG
z`M`k`OHBGggQ+}IUn-N4cK8FX(X?+7ZT>wsdd$XA;C34PfH(jJpZ#m8Za_=3Bf$}n
zsAWh6zCgjaMABCG`d;aYvpJa}&P3TPyAGwDsym!;v**7}YRMfL4!UrQNfg3wZ*39?
zfr=3!^||GwEn@0X%L_q<j*n-&Axw$$)VHo`(gjuBW?z^TNy4y!@*v23Et?nOn|LUW
z3o~`0E>KtzaLM-in?_)rr>vI8)L2cwQhwyhin%d$YPwO1qPLTkO_=Pj+#&9sfx3E5
z`k+g5J(8Zgw3*cO>>w^6P{!5?+jCP;egx#ACwEAL(>;=G=YekXQ3RM_H}lrn`)spy
zdbUo6z0=+{Gj`fd{Pq%~TXG=zCHpoQ{>8r+tNDx{bzEeMmsqh!JAZ632l2qrX3O)L
z-<^+#X`m~Q6S{WsgvH5QPI&Anb{#537%k`ADStOH`vb`<8|RLiP28HBWp@-#7r!fb
z#5n^)@Ws*5bfbIFW__{;O4QK@B5P?5%pZHM*O~WD;07B4z;im!6lL>7m3-DfD3B^S
zROm3s=KovbFCDu_8d5_jL$@$3;Ho#WU9&-_{r8--ozD$Ju6jQ>*C#@weBa@x_C|h-
z->rC2u_%n~W9P#vdLcg)j3Fr$4QKnnlZHUV$Nt+#zb_YNKv@Kjzamj#kGuu(j82Bw
zyCEzE%=>P^bf!Ajkp2VnZ>AwbWwL=I!my|OKk<toyM(E!FHM)Qe<9wRUu*qH<~hTU
z_(XQ%b{FN<+Q4vXG|etr7ZBB|h76<nHKA<-l1JUpk#5)ZD5f}ajFD2a!+Z0geTpDu
z>~17vVV{Nkr1HC#f>=_zlW^uC<pUh*N|jG#W48%ff(ZD`q|$SxL%i(nBUv1XtOc+`
z*^mCXGw;B9+eha^$;xbmyx$fjr3w62rcM>mrkMd%sDtwc3Ikkh!r|oJ_ZXEB{Y>Tj
z+(U0nX0K*aT>^m)81V%ATD%)^CTnOE)s`@o4DOBA7dd6j*t5UwP5-b34j8u`%08fl
zkw5LY(@n-3Kd~F+F`=dP4k!YJ7xOw`<Lo0nQ<v1aaY@b5WdQtwU6f(<JEF3`;Va5-
zcy;r)EQOEqN*6gaIT?<KasEnmN|_1lE5s9MkE0{A$C&PJA-OR^fj~{!V`mBp!Hg9V
z<f-V^LKQ#9e82VNh7KlufBD&qhNg}wdgJOG10U5$m<pHvQne|4mB`Ax-s*82M%A}U
zX#P7*fjWQ=#ju^MrEQ0XE>3%io=p3!=b`UeS2kA&hw~|<Dkwij5B!Gb?dRgsBwpRO
zQ?cv+;q~eVe}>?A0tpbn_2l6VpFc^R+Oxg_{mx`G0O|sPNy22ZX_+h*6M=4D^?d!Z
zK9IG-I$p4*Z>$y~6K+<QSVqquj7_nAWY-Oq!~2k=ybnUvWYFvd7kP2z%7vnEFdQCR
zGiCy2N&BUPO=@9|RJLo(a0gBvTMq1aSDC~S7<gO)<fo5W&0^#q1IPxVl&3<BnUFE@
zDU@5BoRF@4DU@_#Z<VU2L>YrQgN06lML(jc<9HP&3?3w)G_0qovzD7wWTH4g;g*!!
zf^2^Tnit9x$<Maers3vfcAzjT%1kg$pLq5YD<tIMk;S@XALMkW*T?%?Sels~r(AY^
zDsp(Rdv%OM63b0H#^c{V3ou@Vz+iC#?Lfcr@O%Xd;o&nK>%ix)Gd%g7EGen6Elxi|
zB2T-otQei~Ny*D}j3d&ePeS)`82G{);+Mt!F%4@cuQX=iZ0rLf&jg~H);Lv3P4#-D
zu3T-c?w>X5T-NDb-YHV95v|c&{h+MI8AXvn<%8{z9ax$;G+e<vL%`1WCzxVNSxgvH
zKMkag)J9S{o@anli#?-~G`s5Cj8OVEblO156P}G5uLGF*qt?d7cDC(A7%tgXtzTnL
za=T1wS1SG*XOt3x`RPQYnAGZkV=W~Ap_$>>Nu@U*?1?R?fgOX>yU!i8=OT3tcI=e6
zC>zh|WZV6sEe_-Fs{FQo|2Tc?K*DGixffb=IJkI7%xVE26|-5aT?f|3?jEv7oX!^s
z<8eKr_y^@8hDoqwfT_;6_AX@s6DQWln(>Ex{kp?;StV6lno`Z;Ubu^UiS|4Lt4pyT
z(TBEiNW{M{ZHB(79GedEtvEs>h6Zj@*)fe=+u$(H6FfAW?j0hB#*eQ(hv~8N$L$D{
zt1f*Dvq2~#*MIMFmtC<L$}Gyu4G6+R4?}L0-iltPOE`Bn2uXiE_luxn>dFcpu+aP%
z>>wY_=E)-y@lRB#J4eFPohfMuJw_1xF8@>>$6oVr;Bb=pB&b?wp{m4#M>7k=nOJ|K
z8S3n2`;TP)>jt8jN6#mEC4K4qtxUoQkzl=MM67d|S=rG?tJB(-%2PtHj+2g8uyCj~
z$^uK{-8+v~lSTNo1tsLq@vO_?ZY*ty)arBym_CyeC+_Vc6@`yc_XPhmzQ%E4wN7NW
zPGs54tk^U47?=_nm=QeS!%D^&x)f|n!3cU;+Fsh;n}ZdIJ_qsUITu830T_Er_25b@
zevRYq&c#)hfE^FUR941G50wfOrAZf+i3DG|BuNflE9Vj=gzl6Hh>{`oDE*P5PLZkr
zPI9G7as{Kx(x$>Ar9!mP*Fcy%A4fIr60TuhAot3Y0Agmat1h8y@@9iSwc+Zq%(+Ia
z{Ksic=l$!l9d5L^5rq159=zMs=p3>SY|o3{r-9u2y2S1&_}Y`$N6l{1H<j?)cNCaW
zfBm+`hKI-s*Pr#u4}{?Mg!^{<%-6LRMPAY*dNB9n<R4r7Utem9A<%*yXekG%wUzko
z-7eBeL7r=PP{=NdFgSD#TG%@3DHRl6veSxH6{d6j1e}~tvuG4cW-Ezf;BXYG96I@e
zvh*qfQ{$70;gkhHpO@Spds{4ru{UL7gxqhSO;0)-*g6go#1cdyksT+PdzHZj3J`5Y
zc=V<nfY3<hd08xiVD+)Ge#NfgUdpv&xbCI~e_y8vDpfN1io|KMQUr}gx1>r~wPeNS
ztq5GT<Xuvs#b^XHY+OH>cPCp_V`0tAG)!qvA7PkZa1u8|?kq?kPgM74xnO?SEELT<
ziTt;NA~Zd@8gF8Fs@YKZYw_~kJYQBYJg120BV&I<wG6zz<*FGX-Og_qS(~VM&Q0Tl
zSVSZ>IbDoSfwyE#sfp`b0Bw&3;)6tl0)(0_9UA%JU)iH0#Xce53uR?FY>*=eg`*>A
zFw}z5JI7$)@H}OYHf4!KeEFml=^@cqL6x7NeImX_(S)c|>!Ifpa>gj>N<+%3HC<bF
z*I<eBT2!V;;At4=G+bWH6sdG{$c3x<wuFCD|B^qZF{MVF$<)X-Rx(<w{x{ZP&$RJw
z8Z4~f*o@I=UmMURos{J$Ck1);_wTaci}iC@R+W)rWa*c4Ps*}h`K$6U+_y~HJk%0M
zQ~?7wX@AY7c(BEKAXFvjf5w0CB+yG&)bI^_n&L|&=$lOOhH!yCw~?niGba5?@%>^P
z-v&FFx*)~hSQY=GPbYh}XoYh6eBQ0(IH4DzqW7a~*kycM_iU=DpRF%z3m5;>On$>w
z?Q&JA(OI%mdt6uPauwzKAMgKsv#<1j#We|AsX<$*a$2d(vzDWlR@IXwHK3F3X6O83
zZsG5cZtlNYeeH{v)eRc=lNKHlB~L>AgwxR0L|4x2No@=gEzBG$h(F5RXD#{{Arh9Q
zb%$4I!Y#h!7D<LZu|}wAVrE_>nq5DXH6FpG*X)!sf0;;7$?ivZ_Q@=aR<q2V{Oi$%
zkv|o1*xjCLJfoo1`ejk<?a0UR9cFHJvFKXtxS@5uOx6U@YVIrTKQ2yWkD=L1|F^HX
z^RXqJ=}?$AS{aA8*2J?Ttp0=qmvy7m2`9<3OtJkZkw^KI+j!d@LhSsh_B55&^X2!X
zEf4JTSXn_CaXd*8^fYxk9wf&Eh0kmB(FiZZZ$bGI!@MXtGNWzsT~oQ0JMc6*vDEAV
zH<}q9?)1N7v6-xPU`Mds&V&dnxOGmK$zwpxwrkSg;~p=$=bvI(t}Ul1F$@5{!fda_
z9HRLc_@eviCU=jg{>h?jdDPdD!%RAdi+g@vTG^{`D9@x&472mFPd!pIyDRsAgervh
zvY+SvdD(|={3DtqYcl0T{5VQ8C2qy-ePff-A)g~{uvJRaD@eJAHkR5$l_d3`nt)9V
z%Ft-hY?2104&d$1;aGV?18I-RW70}y<KCHXZYPgX&Dac89cGQ4wphxJUEvXUZT2xQ
zNHJhZQk2c0YUCgr%V(sc9mtX<-^K1&Ac#%Oe#5K^G>>ToViA6*i&;oX&`lL9#u&b9
zY!zD!ZebZ~dM|*jB3{oSp@djriy@?xTVEw+ew=J&hLmm!CA3h9lwL%{g4n>N`k>ib
z5;<E47o&!Hd3i>}GF2sH-YUzSX_SDNe)_=Y>>2*F@!k=hEAoaw<Zy1B!nJ0C<B(`-
z>%OcFh@RKRiB=?e?&pvK+^XzRggfz)YaLLqMk^jrWc)2C<%%cWrFca;a^0f<quQ{<
zHL-1TMHjb7+NG$%7S|w)zPnoD^r3!82vL}48=(#_esU&ETxJub(4YSJ+|5Ye5z<X}
zW&>V(p3q(Ra#qsV*A1GuD8o(@F>w)-R*iEJn-C*rtl9*sX#yrGZek-TmbeOzO9kGq
z5Hds+2A69VGqfZr7Bgf+2>b0q5<$#(*X!INkP2*L!wSjVqRkD{-zY7R>I&CSgA&x{
z?f2C0EVf#mm)dyb(18wjbtc4kX%k>LDvdZ7oBnt#$V6ES7W^wfkRsT)JAWvk%*4Rj
zNK3}I?SYnv)CcT@vh6fO)&1s^ug%>B4HuXHy+!zCA`$35G~0WH)PyQEdPKk4Pv1CB
zO#>e{zb{Zi-TZ1YUsRDpKL4VbkQerd5E^)~MXsf6!KRsMt2hfspji#*u5ktY4t1=H
zVN^-LTZJITkfDEUnLr-yZjoT-_zzEcw6Q~M3CH0UU2Tbgl@{F7B<;#{0B;s@ZHZDK
zuQZq!&4Niyf!{nQyG6wTny8UiyMVk|hJQ9Y2MJ9s5G;-;*UsjGNww@V0PjLvJ7G_v
z^Xu=u+wHR+-OKa9WEpdkB}U;5kfl;~KQZb$oBrPoz+K2F+C{<i?%2P&>D@JR`;r74
z23J*}E9YhKtN(De{)cln+7Rdm=dK*w)#C2-@gMI0aN3v9Om5M+mk8Kt!Cn7{v!8nl
z*}X(-fO{guO=zLVWB&xaq$*ksHR|&0C#ovgt<_}ZMh>d8;hej%6>srI?o+pv_ODxe
z8^Fj7>_*Pb=0+}V6J~%LY)}pCngX04(;DvjCl%ba^{>u?e-g>C*Ao4kmjQ0j56w$A
z)0>W$G@T37f80D-I~!!&PcT+8W21-Jyx=aChTZ3je{2u^*_knWo6UfSxk8N0tK*I=
zoA(1hRttrh>SD<ec!fBS#+!rVgr>gFqqX34f@MqRak|X&WKlJrzH8IHx&`>5sD<sJ
z=*Ix(QvNeQJyc<k9|P30d?*srV?*%yF+k~6P8C#tTZ{+A+{UU9-T%0lm*NZcFkh3G
zawJ4gf{BB48vG0VEio^p@$5D{e~4G-w5UgCR@!*!BXYxrtM$c)g#aXaTBQEsA9cPu
z2IC1+)}uCJ`d;JqMxu&oSBpi#UW%`+%!(f1V_pyE<3C>BNdNG%k3M`4K&~}F&-$S_
zK%W88^TSJ%UV1RWQ`bIvFsTj8m;d3V?;H;4OT>05Ak_qzp+{&lJm(u8U>#}{;XcnG
zGYsl66?DX_Lm*~nje;yZg_Gv5ZjU3bYkimj7)K><uVos;IjvA?{Qi}}4Kq5~9@>^}
zO<w;<qFunOF|~X;DOSMj>>4-X?P&z|5;^Hp1DQ*S?qd*I9Q#o&fPJ+42c_B|9lN;9
zAbl#(VliuMUm(gdvRx-tHV?c7yGcW!9<R@47vS@N$hG`_2I-XLFEv<!wOTA@lN`35
z**75XzPHt}Vy1m|99qgNFn0|Ux5Ev#l&GbHYHb6pkl=Bb+lIdX5-Z61kN8TnlgCM@
zz64?|l)aFc4+SqFZ7Br&q6vt<3~&ROSF_CpGma+&I)$n?z{FJ(4nDmRH2#n{H%Kwh
z8s%dV2V{dh#r;x*En{=&cux}!MRCJ_N5vlhg25lqTgi9qe9!$()O)}K($CgWr`y$P
zH-`mXrlV&Gj?@>h&1I%9wnnEW<D&lV>{Jpm#jy@}@D_R%#}8cpKxiq}M(P~@t7U$)
zjDvIsM@h_r6{^6~!JLI;ASxA8x_DdXV-RxOcG5okCtD9oq9H$>W|(_qfZ4vsLm?f`
z28nvyCM22bdDv(sif5ksnk+jcK1aShHy)R@adb0bWORFiu{FqEJ_)<o)`B5L{w8pn
z?XCPlzwys$4IwoiaLafWlk?3eU4^!QKk}bZ*i<0JMXoW(skKzBm0ALAypA{o>F9?{
zy2K~7Y*o-HL}J4z38<A(Loj2;=z-D2%m8%iAr^)lesHSPaFj<!<yxv0G(eXqF)pFL
z<Y_l_HoIHU*x0hUZq)IT`F8tU=PR!y_QZq>i3&dL;p~<+&j^V#rFpY*y0m>l2e3UB
zDNxF95bX)j)@i~@qTFQ!Q-AU32>RTWQdu6GUTT}*AI<dUhH=MgljEWNk^|^s2<#AT
zB-qwP?1HoU7>geO;C$>N!M#%nW&+?Lsrn7(^fThZ#%j><BgDAF|8~HVCnS#Z>OwLV
zt+S>Na~Fv%Sh7_8=g4Bq4DgsDlW5SoVII%*mpLoVHaho$_Vq*0vKR@n$o4<>n`<`R
zoH@+04BfD%SDTYiT|+Wz9;gT4iprZcoFs-L|B{Xkx85@Tm@G?MxJj<&|I`>&w0`51
zSu)p*Dz+g=Fa9T)>|adDmo^EgIf6n;U??B3Qn8@xv%7-sT&DT6lFr)MEaMKB{0;cJ
z^L3z2MgxK>mB&$+-oUS+NZ*<UwwluR%SQJj|I=jQ@54d_0v!Cy7@>jiPyR5Kp+$`&
z6fJB~l)ixl_R9(&av3PTbI}d=A1${J>>{jO1ZTImU&#MR7de6#(G_6bD2-xe8u9xI
z)WF`pNt~mNOw6^(&AG{~iF{{SqCBF+Rqt(?KG#VRp|oEV-!TBbdxspOraB<-!0g)<
z(l1Zi)<1^05T7wwPq-ZR1ybsNWNzU{=Ay+`at(7?LPQ+Yy}2Q~{7L;5LJ;P51+5kJ
z51Ezcd)gdf7{+PU5-2EMKiv?F2?}l(|G+Zm6pa@Iu9m|iVP2eIdBr*Q5YYi}y##_~
zm|oSxLOjp&S>|q7o3qYZ<yb3~;FwMC=7Yr{oCcd^=vfb9ai#qd-D=jnh1NoEPis(+
z+z_~A{|+L;R|9d$^2kgAvZPvdF}bSH3Hafi%U}F|6l&HYD^#7F$o7|W`A?ewWtH=W
zPXEa~9z#qpR~475nAZ;2*hD*QR0+szwmfuB8$CNeqi`l8{^)lGYRL<{upln6c>mGW
zh7FCw#-#J<h5c(1N3LTdK&><rCT1u$Vka#@E*e0UI=`gGi4xgRT2NuYyn<Zc@Y18V
z$48^A#+;FprZnV$F-&?-ZX%<7PY`>NM+jtuSK<=YHU=y=Zn*=Tha*`}A4ve&k-I63
z1CYMF5qfSjn9&f`I{ZXs=(V_14&sIU_eKH{->z)izLPDJ9<NvMrXD!6rioyhe9zM$
zvqqESnS&$8kYj3WnL{t?eu-n}c+a~$+Zc)?=Z$y)S6wd~moZG$rLu-<inMiFr|)f@
zR9&xQ`0W?gISifP)X&mwBV$h^-d%Y9>m|+c%CyU+#cdAqF~lt9&_}N7Y3s$s`jNgL
z)3`JQ@Z+#lY;O|@<TQXrNEn7FJcYlwPb8gPy&#k|TmsxMipbU^WEbp(I+x7_I5mw*
zC|ok;M#9{X<@Wp3Ye6!KvKmfF1|k#@w+cwfnm&~BzxGn9M5p6}FD}KbcB*GBRyPV~
zEpGKl%`YeS;E}1j_-zgE&nRD-D$>E#tDba>{Bc?h6q$wWU#A2TIRT2fv+L!ld%7To
zvLN;&@XgH)=7!`eWhFy9Q!VbZN^r7=`(9r{2m#q}3~lBho*}pxWLY=p#24F~-6x8~
zRUy><1V$xy)lW17tr}}cAq^R#cDL?>Q%#RrJpWqUW974aTk^E5&M|y0-sXbNY9We0
z(DaS7z!;gJR$z>bmjZG}`bJR$737+SM=c{Ohez2Eh?O2mq<cpTW6+!k^gU=sNVt}e
zYRg$tc1hj90O!dB`diolEi&MzX&lbw0X;kf=a0jktGH%f+qL|$OB%%GsmD!=TQ{aE
zTcHs^djz=9(qWrh*;~a>yZiYqL$aW58q*`UZQA&Gi{r&Iw=JRM_#HvMr~1D<C%CTX
zAo%2pxf&hup7}cX$$M&no_3ggJ>+T(v7T~KzL-E?O0n!r>nPu)Q?)2xn_q85|MgP7
zXuNilfPf>1UkRtG5Pju8jA+<IL#$K-4tTUgv`!;fJz`1aNIsAaWOi?C4U{;yAP*{<
z`k6>n*_t`j>Q*DjNAx6cs3RhPjRJSD8u;E4eonx~q2%JUBRQ~m`d2dGgn+}MMRpQm
zXB2pa?otz(HVFQe;rpiwlMV$dGN2ohF&4fwi>2fZm$fvj@t?D{5HLNzhZF=(?LX}a
zBV_jT0U^`nVA3%lS(M-vbCD`N3+Tu-%mPqgi&UNZDKa0~_~USznB}(uA}84htd1*U
zqSG9=*CV$SAtO1NQiOW@6kbW!qYnJ!zZ%tXM#k7k=1b^{=tz8_Cp7g)fR<*!=w+hE
z4|xiPB+z?uLK@sJDaMmkN!i)ax&CWQ|7odTJjVhvcd0Rw59I}B|MlZ~SJ0lz^nx>Q
zte#ICr)w|}iI*9+41-?_VzcvPqtxNaEe(*G{3}U6cIX0X19<=l_7)gSnEK$*2-sfl
zWnvot%`z#C*kHVd&1R&dFks4Rt@@wy)TrO!ECYJm3$5Sq6;PWNbRKNbV2Lz;&}$lw
zWXWQ*RI34(u~fS@+-Lg3?zUQuE2mN1RgG*=#xP%(i^?B%b4=;<O+Sc1xfiorK3J!n
zu0h~u$bWp)MNZwOLn&=&v_?wNKks3IU6AOzUPTF*Iwp}M__%g?u}e`3A5N_mTMbA>
zSq&htKXf5M*UE<oh~h@UvluUknLxYCJVZ9r29B>rVPhDLS2-~D)uV5PQ?8m7>7<IQ
zuu=ENIvenK@WDK~7f7#4w4-00)7CzsuX@5<BmhX59mvC4Re>b`g^hf2GDuP$z!b!*
zfXt2bktX4TbL?TKRmP2Br)}~WD{f`b0DhKPnlnJ+CXaZE<In}b5-R0fDCwNQS`WER
z9i95)@B86jIWlrvXoQ~HC?M2)2u5ic(=@s9B1gU2KO&6RG^8F#ISYn{3W$}{$!NvU
z`Gbwp$v!U+JM2J!L^d<7x7`W9-ZoIaV7hP&n0rS@NG?NjcKAROhdSIgaaekVV>(x7
z;e?z(J?7XSd=G#5PabwqV}yPm@P9*em24$Z_;<6;(Z=$1g&Pdw_>-4_gkxtTeZ+oN
zh~8xd@ePyvlM0Pwi-aS{wa&|J8;#S&5pw+6Q1jZkr4H47dm8+p>sx>bZ;YIRh!yFN
ze8mEq+9lbI61RpxRd);k%67<w0%xwvDFhR-hMH9>htFpu7eJ~IH;-32<)|1rNR`$9
z-JdoDTI>mo-ult_sNN=^SQ{b{7)q!FU;zh-5;pmMnfa!*AQ9u0m$-p%4mF@aA$HrO
ztUNG39Evk7W$b|xfl|8FnPq+~$C%R@r|8=Y#|Z|ofeAZL#+mZM>LcEcev;hCn)`#_
zVZvI$W<^ZX>_)o)k<Gk`2+i85g5=xgSsD8Dxd{~2Nl$YN-DId!aR-MB+MEWT#0ZAB
z0weMNGgEweg>gPfJ-v9u3f}{oA3_%<waANeL%~JqC>SzQe4aKJv5wUOYDN<9-0k;|
zBW%dU%BY0ITVejazxVz$;AHSJUHEJej|s934^%4gXBGpCKL*oGW_~3d8DR7Wh#xE~
z1H=v**dxeH0UMFr4vmx^mp5ZOx7atRSE;4`qKi2X<x^l6F<gw@4~(7nrgMg~rC=<R
z@0Dbn#WdJAJzlO`&<|k0B$<@%kib5F7B9-O+1IaYumAzN7C}0#iNf0ICvHh%gkb2E
z9O->AXPRA3(Mg%^;aHH!;VF$FGvc_WAksyJntLD4+%5RW4$AU&>fPx0aE$wsGtb*^
zM(30IdKhN4>)ag|!i`<ci^2Kg1|9pfnY?FUMoXqY^5xmhQqW9LBIB7xM?v(9Km(Hj
zQauE<@rXrwZFG&zSZ+XTX2w2oO)JS#`SlOOoceThH5GRo)#WbLMw^Pqh^kP!xm+!Y
z`qVE_Mg8pPvU+q(7r(<}l2V0kpY408liP$C?;{%W`IvI?J#SY(UF@srlbqKZs!e%w
zxUV1p0_MfDOd@o^sHCXj6g_GV`)K2>f@q^w-gab#)ond%Or~S|{*r9`+Gx_6`p+Lb
zx`sL^CUz$iTRIXaB|0Z36l2??@l8#M<7DmQWwO!D>7=%<*h!nV$xGSTwghS?Gr}}(
z$29H?0w;F0<0~O1w<9JucEMxa>dCHP<Et@~E1Q7HPwljKn6b^2iOn6*G%Q0J1S#wY
zQPQZ)+Cs*jO;Tz9q-6LzHF&B}+7jx(F?JzyVzpDMxzx;R5pyHrAlqYT9a7wcg(S$W
zO~^d0HX*gJkwa%vp%ykF^QDv$`tPJ&E7bP=iQtqM^io!6om){RX`V;7C?Pc-R_Cz4
zO_je-!y$NS98#vRgR3*EdlpST$^#~TpI1(Xfgv<QiA4BXBB@u!4N=S#!MF&wS0*1z
zA2C$s9YE}HH*@&*J(b160(2H|(&Mx%W0c_LC2U|@X6VB04A+QZwAi!hLHulDtmEU1
z@vpl;eO~A~f$>yV^y84Wy93~LJ@Mfe+BYH`kqB=OX=xCEy*wPn^~|8vRqu$$wPZsX
z4c9pq#(&W$$rclCVBXJsgMNSeDM$l=QGx#d&+7ebW&Xci|34@9{@;cCzc)kwUnLy=
c90UCSY>ifs1_S>u3GmMy^y8Pa{}=i{02^*|r2qf`

literal 0
HcmV?d00001

diff --git a/Solutions/Claroty/Package/createUiDefinition.json b/Solutions/Claroty/Package/createUiDefinition.json
index e680d7d0720..357c5e30e0c 100644
--- a/Solutions/Claroty/Package/createUiDefinition.json
+++ b/Solutions/Claroty/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Claroty/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Claroty/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.\n\n**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,37 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Claroty. You can get Claroty CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
@@ -323,7 +292,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for baseline deviation events. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for baseline deviation events. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -337,7 +306,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for conflicting assets. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for conflicting assets. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -351,7 +320,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for critical severity events. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for critical severity events. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -365,7 +334,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for PLC login security alerts. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for PLC login security alerts. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -379,7 +348,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for login failure events. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for login failure events. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -393,7 +362,7 @@
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for sources of network scans. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for sources of network scans. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -407,7 +376,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for targets of network scans. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for targets of network scans. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -421,7 +390,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for unapproved access events. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for unapproved access events. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -435,7 +404,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for alerts with unresolved status. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for alerts with unresolved status. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -449,7 +418,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for operations with Write and Execute accesses. This hunting query depends on Claroty ClarotyAma CefAma data connector (ClarotyEvent ClarotyEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for operations with Write and Execute accesses. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/Claroty/Package/mainTemplate.json b/Solutions/Claroty/Package/mainTemplate.json
index e5ff003865c..a61d4f7df98 100644
--- a/Solutions/Claroty/Package/mainTemplate.json
+++ b/Solutions/Claroty/Package/mainTemplate.json
@@ -41,7 +41,7 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "Claroty",
-    "_solutionVersion": "3.0.2",
+    "_solutionVersion": "3.0.3",
     "solutionId": "azuresentinel.azure-sentinel-solution-claroty",
     "_solutionId": "[variables('solutionId')]",
     "workbookVersion1": "1.0.0",
@@ -52,8 +52,8 @@
     "workspaceResourceId": "[resourceId('microsoft.OperationalInsights/Workspaces', parameters('workspace'))]",
     "_workbookcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','wb','-', uniqueString(concat(variables('_solutionId'),'-','Workbook','-',variables('_workbookContentId1'),'-', variables('workbookVersion1'))))]",
     "parserObject1": {
-      "_parserName1": "[concat(parameters('workspace'),'/','Claroty Data Parser')]",
-      "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Claroty Data Parser')]",
+      "_parserName1": "[concat(parameters('workspace'),'/','ClarotyEvent')]",
+      "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ClarotyEvent')]",
       "parserTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-pr-',uniquestring('ClarotyEvent-Parser')))]",
       "parserVersion1": "1.0.0",
       "parserContentId1": "ClarotyEvent-Parser"
@@ -108,58 +108,40 @@
       "_huntingQuerycontentId10": "3882ffbf-6228-4e1f-ab8f-8d79a26da0fb",
       "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('3882ffbf-6228-4e1f-ab8f-8d79a26da0fb')))]"
     },
-    "uiConfigId1": "Claroty",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "Claroty",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "uiConfigId2": "ClarotyAma",
-    "_uiConfigId2": "[variables('uiConfigId2')]",
-    "dataConnectorContentId2": "ClarotyAma",
-    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
-    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-    "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
-    "dataConnectorVersion2": "1.0.0",
-    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.2",
+      "analyticRuleVersion1": "1.0.3",
       "_analyticRulecontentId1": "fd6e3416-0421-4166-adb9-186e555a7008",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'fd6e3416-0421-4166-adb9-186e555a7008')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('fd6e3416-0421-4166-adb9-186e555a7008')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','fd6e3416-0421-4166-adb9-186e555a7008','-', '1.0.2')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','fd6e3416-0421-4166-adb9-186e555a7008','-', '1.0.3')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.2",
+      "analyticRuleVersion2": "1.0.3",
       "_analyticRulecontentId2": "9a8b4321-e2be-449b-8227-a78227441b2a",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '9a8b4321-e2be-449b-8227-a78227441b2a')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('9a8b4321-e2be-449b-8227-a78227441b2a')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9a8b4321-e2be-449b-8227-a78227441b2a','-', '1.0.2')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9a8b4321-e2be-449b-8227-a78227441b2a','-', '1.0.3')))]"
     },
     "analyticRuleObject3": {
-      "analyticRuleVersion3": "1.0.2",
+      "analyticRuleVersion3": "1.0.3",
       "_analyticRulecontentId3": "e7dbcbc3-b18f-4635-b27c-718195c369f1",
       "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e7dbcbc3-b18f-4635-b27c-718195c369f1')]",
       "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e7dbcbc3-b18f-4635-b27c-718195c369f1')))]",
-      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e7dbcbc3-b18f-4635-b27c-718195c369f1','-', '1.0.2')))]"
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e7dbcbc3-b18f-4635-b27c-718195c369f1','-', '1.0.3')))]"
     },
     "analyticRuleObject4": {
-      "analyticRuleVersion4": "1.0.2",
+      "analyticRuleVersion4": "1.0.3",
       "_analyticRulecontentId4": "4b5bb3fc-c690-4f54-9a74-016213d699b4",
       "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '4b5bb3fc-c690-4f54-9a74-016213d699b4')]",
       "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('4b5bb3fc-c690-4f54-9a74-016213d699b4')))]",
-      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','4b5bb3fc-c690-4f54-9a74-016213d699b4','-', '1.0.2')))]"
+      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','4b5bb3fc-c690-4f54-9a74-016213d699b4','-', '1.0.3')))]"
     },
     "analyticRuleObject5": {
-      "analyticRuleVersion5": "1.0.2",
+      "analyticRuleVersion5": "1.0.3",
       "_analyticRulecontentId5": "1c2310ef-19bf-4caf-b2b0-a4c983932fa5",
       "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '1c2310ef-19bf-4caf-b2b0-a4c983932fa5')]",
       "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('1c2310ef-19bf-4caf-b2b0-a4c983932fa5')))]",
-      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1c2310ef-19bf-4caf-b2b0-a4c983932fa5','-', '1.0.2')))]"
+      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1c2310ef-19bf-4caf-b2b0-a4c983932fa5','-', '1.0.3')))]"
     },
     "analyticRuleObject6": {
       "analyticRuleVersion6": "1.0.2",
@@ -176,25 +158,25 @@
       "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','3b22ac47-e02c-4599-a37a-57f965de17be','-', '1.0.2')))]"
     },
     "analyticRuleObject8": {
-      "analyticRuleVersion8": "1.0.2",
+      "analyticRuleVersion8": "1.0.3",
       "_analyticRulecontentId8": "99ad9f3c-304c-44c5-a61f-3a17f8b58218",
       "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '99ad9f3c-304c-44c5-a61f-3a17f8b58218')]",
       "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('99ad9f3c-304c-44c5-a61f-3a17f8b58218')))]",
-      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','99ad9f3c-304c-44c5-a61f-3a17f8b58218','-', '1.0.2')))]"
+      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','99ad9f3c-304c-44c5-a61f-3a17f8b58218','-', '1.0.3')))]"
     },
     "analyticRuleObject9": {
-      "analyticRuleVersion9": "1.0.2",
+      "analyticRuleVersion9": "1.0.3",
       "_analyticRulecontentId9": "5cf35bad-677f-4c23-8927-1611e7ff6f28",
       "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '5cf35bad-677f-4c23-8927-1611e7ff6f28')]",
       "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('5cf35bad-677f-4c23-8927-1611e7ff6f28')))]",
-      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','5cf35bad-677f-4c23-8927-1611e7ff6f28','-', '1.0.2')))]"
+      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','5cf35bad-677f-4c23-8927-1611e7ff6f28','-', '1.0.3')))]"
     },
     "analyticRuleObject10": {
-      "analyticRuleVersion10": "1.0.2",
+      "analyticRuleVersion10": "1.0.3",
       "_analyticRulecontentId10": "731e5ac4-7fe1-4b06-9941-532f2e008bb3",
       "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '731e5ac4-7fe1-4b06-9941-532f2e008bb3')]",
       "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('731e5ac4-7fe1-4b06-9941-532f2e008bb3')))]",
-      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','731e5ac4-7fe1-4b06-9941-532f2e008bb3','-', '1.0.2')))]"
+      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','731e5ac4-7fe1-4b06-9941-532f2e008bb3','-', '1.0.3')))]"
     },
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
@@ -208,7 +190,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyOverview Workbook with template version 3.0.2",
+        "description": "ClarotyOverview Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -271,6 +253,10 @@
                     {
                       "contentId": "ClarotyAma",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "CefAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
@@ -300,7 +286,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyEvent Data Parser with template version 3.0.2",
+        "description": "ClarotyEvent Data Parser with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -314,7 +300,7 @@
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "Claroty Data Parser",
+                "displayName": "Parser for ClarotyEvent",
                 "category": "Microsoft Sentinel Parser",
                 "functionAlias": "ClarotyEvent",
                 "query": "CommonSecurityLog\n| where DeviceVendor =~ 'Claroty'\n| extend EventVendor = 'Claroty'\n| extend EventProduct = 'Claroty'\n| extend EventSchemaVersion = 0.2\n| extend EventCount = 1\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\n         DeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3),\n         ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\n| extend packed = pack(DeviceCustomNumber1Label, DeviceCustomNumber1\n                     , DeviceCustomNumber2Label, DeviceCustomNumber2\n                     , DeviceCustomNumber3Label, DeviceCustomNumber3\n                     , DeviceCustomString1Label, DeviceCustomString1\n                     , DeviceCustomString2Label, DeviceCustomString2\n                     , DeviceCustomString3Label, DeviceCustomString3\n                     , DeviceCustomString4Label, DeviceCustomString4\n                     , DeviceCustomString5Label, DeviceCustomString5\n                     , DeviceCustomString6Label, DeviceCustomString6\n                     , DeviceCustomDate1Label, DeviceCustomDate1\n                     , DeviceCustomDate2Label, DeviceCustomDate2)\n| evaluate bag_unpack(packed)\n| parse-kv AdditionalExtensions as (cs7Label:string, cs7:string, cs8Label:string, cs8:string, cs9Label:string, cs9:string, cs10Label:string, cs10:string, cat:string) with (pair_delimiter=';', kv_delimiter='=')\n| extend packed2 = pack(cs7Label, cs7\n                     , cs8Label, cs8\n                     , cs9Label, cs9\n                     , cs10Label, cs10)\n| evaluate bag_unpack(packed2)\n| extend EventEndTime = todatetime(ReceiptTime),\n         cat = coalesce(column_ifexists(\"DeviceEventCategory\", \"\"),cat)\n| project-rename EventProductVersion=DeviceVersion\n                , EventSubType=cat\n                , EventOriginalType=DeviceEventClassID\n                , EventSeverity=LogSeverity\n                , EventMessage=Message\n                , DstPortNumber=DestinationPort\n                , DstIpAddr=DestinationIP\n                , DstDvcHostname=DestinationHostName\n                , DstUserName=DestinationUserName\n                , DvcIpAddr=DeviceAddress\n                , DvcHostname=DeviceName\n                , DstMacAddr=DestinationMACAddress\n                , NetworkApplicationProtocol=Protocol\n                , SrcPortNumber=SourcePort\n                , SrcIpAddr=SourceIP\n                , SrcMacAddr=SourceMACAddress\n                , EventId=ExternalID\n                , SrcDvcHostname=SourceHostName\n| extend EventType=Activity\n| project-away AdditionalExtensions\n            , Activity\n            , ReceiptTime\n            , DeviceVendor\n            , DeviceProduct\n            , DeviceCustomNumber1\n            , DeviceCustomNumber1Label\n            , DeviceCustomNumber2\n            , DeviceCustomNumber2Label\n            , DeviceCustomNumber3\n            , DeviceCustomNumber3Label\n            , DeviceCustomString1\n            , DeviceCustomString1Label\n            , DeviceCustomString2\n            , DeviceCustomString2Label\n            , DeviceCustomString3\n            , DeviceCustomString3Label\n            , DeviceCustomString4\n            , DeviceCustomString4Label\n            , DeviceCustomString5\n            , DeviceCustomString5Label\n            , DeviceCustomString6\n            , DeviceCustomString6Label\n            , cs7Label\n            , cs7\n            , cs8Label\n            , cs8\n            , cs9Label\n            , cs9\n            , cs10Label\n            , cs10\n",
@@ -336,7 +322,7 @@
                 "[variables('parserObject1')._parserId1]"
               ],
               "properties": {
-                "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Claroty Data Parser')]",
+                "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ClarotyEvent')]",
                 "contentId": "[variables('parserObject1').parserContentId1]",
                 "kind": "Parser",
                 "version": "[variables('parserObject1').parserVersion1]",
@@ -366,7 +352,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('parserObject1').parserContentId1]",
         "contentKind": "Parser",
-        "displayName": "Claroty Data Parser",
+        "displayName": "Parser for ClarotyEvent",
         "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
         "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
         "version": "[variables('parserObject1').parserVersion1]"
@@ -379,7 +365,7 @@
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
-        "displayName": "Claroty Data Parser",
+        "displayName": "Parser for ClarotyEvent",
         "category": "Microsoft Sentinel Parser",
         "functionAlias": "ClarotyEvent",
         "query": "CommonSecurityLog\n| where DeviceVendor =~ 'Claroty'\n| extend EventVendor = 'Claroty'\n| extend EventProduct = 'Claroty'\n| extend EventSchemaVersion = 0.2\n| extend EventCount = 1\n| extend DeviceCustomNumber1 = coalesce(column_ifexists(\"FieldDeviceCustomNumber1\", long(null)),DeviceCustomNumber1),\n         DeviceCustomNumber2 = coalesce(column_ifexists(\"FieldDeviceCustomNumber2\", long(null)),DeviceCustomNumber2),\n         DeviceCustomNumber3 = coalesce(column_ifexists(\"FieldDeviceCustomNumber3\", long(null)),DeviceCustomNumber3),\n         ExternalID = coalesce(column_ifexists(\"ExtID\", \"\"),tostring(ExternalID))\n| extend packed = pack(DeviceCustomNumber1Label, DeviceCustomNumber1\n                     , DeviceCustomNumber2Label, DeviceCustomNumber2\n                     , DeviceCustomNumber3Label, DeviceCustomNumber3\n                     , DeviceCustomString1Label, DeviceCustomString1\n                     , DeviceCustomString2Label, DeviceCustomString2\n                     , DeviceCustomString3Label, DeviceCustomString3\n                     , DeviceCustomString4Label, DeviceCustomString4\n                     , DeviceCustomString5Label, DeviceCustomString5\n                     , DeviceCustomString6Label, DeviceCustomString6\n                     , DeviceCustomDate1Label, DeviceCustomDate1\n                     , DeviceCustomDate2Label, DeviceCustomDate2)\n| evaluate bag_unpack(packed)\n| parse-kv AdditionalExtensions as (cs7Label:string, cs7:string, cs8Label:string, cs8:string, cs9Label:string, cs9:string, cs10Label:string, cs10:string, cat:string) with (pair_delimiter=';', kv_delimiter='=')\n| extend packed2 = pack(cs7Label, cs7\n                     , cs8Label, cs8\n                     , cs9Label, cs9\n                     , cs10Label, cs10)\n| evaluate bag_unpack(packed2)\n| extend EventEndTime = todatetime(ReceiptTime),\n         cat = coalesce(column_ifexists(\"DeviceEventCategory\", \"\"),cat)\n| project-rename EventProductVersion=DeviceVersion\n                , EventSubType=cat\n                , EventOriginalType=DeviceEventClassID\n                , EventSeverity=LogSeverity\n                , EventMessage=Message\n                , DstPortNumber=DestinationPort\n                , DstIpAddr=DestinationIP\n                , DstDvcHostname=DestinationHostName\n                , DstUserName=DestinationUserName\n                , DvcIpAddr=DeviceAddress\n                , DvcHostname=DeviceName\n                , DstMacAddr=DestinationMACAddress\n                , NetworkApplicationProtocol=Protocol\n                , SrcPortNumber=SourcePort\n                , SrcIpAddr=SourceIP\n                , SrcMacAddr=SourceMACAddress\n                , EventId=ExternalID\n                , SrcDvcHostname=SourceHostName\n| extend EventType=Activity\n| project-away AdditionalExtensions\n            , Activity\n            , ReceiptTime\n            , DeviceVendor\n            , DeviceProduct\n            , DeviceCustomNumber1\n            , DeviceCustomNumber1Label\n            , DeviceCustomNumber2\n            , DeviceCustomNumber2Label\n            , DeviceCustomNumber3\n            , DeviceCustomNumber3Label\n            , DeviceCustomString1\n            , DeviceCustomString1Label\n            , DeviceCustomString2\n            , DeviceCustomString2Label\n            , DeviceCustomString3\n            , DeviceCustomString3Label\n            , DeviceCustomString4\n            , DeviceCustomString4Label\n            , DeviceCustomString5\n            , DeviceCustomString5Label\n            , DeviceCustomString6\n            , DeviceCustomString6Label\n            , cs7Label\n            , cs7\n            , cs8Label\n            , cs8\n            , cs9Label\n            , cs9\n            , cs10Label\n            , cs10\n",
@@ -402,7 +388,7 @@
         "[variables('parserObject1')._parserId1]"
       ],
       "properties": {
-        "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'Claroty Data Parser')]",
+        "parentId": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ClarotyEvent')]",
         "contentId": "[variables('parserObject1').parserContentId1]",
         "kind": "Parser",
         "version": "[variables('parserObject1').parserVersion1]",
@@ -432,7 +418,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyBaselineDeviation_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotyBaselineDeviation_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -517,7 +503,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyConflictAssets_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotyConflictAssets_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -602,7 +588,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyCriticalEvents_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotyCriticalEvents_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@@ -687,7 +673,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyPLCLogins_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotyPLCLogins_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@@ -772,7 +758,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotySRAFailedLogins_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotySRAFailedLogins_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -857,7 +843,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyScanSources_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotyScanSources_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -942,7 +928,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyScantargets_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotyScantargets_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -1027,7 +1013,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyUnapprovedAccess_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotyUnapprovedAccess_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -1112,7 +1098,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyUnresolvedAlerts_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotyUnresolvedAlerts_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
@@ -1197,7 +1183,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyWriteExecuteOperations_HuntingQueries Hunting Query with template version 3.0.2",
+        "description": "ClarotyWriteExecuteOperations_HuntingQueries Hunting Query with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
@@ -1273,672 +1259,6 @@
         "version": "1.0.0"
       }
     },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Claroty data connector with template version 3.0.2",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Claroty via Legacy Agent",
-                  "publisher": "Claroty",
-                  "descriptionMarkdown": "The [Claroty](https://claroty.com/) data connector provides the capability to ingest [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel.",
-                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**ClarotyEvent**](https://aka.ms/sentinel-claroty-parser) which is deployed with the Microsoft Sentinel Solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "Claroty",
-                      "baseQuery": "ClarotyEvent"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 10 Destinations",
-                      "query": "ClarotyEvent\n | where isnotempty(DstIpAddr)\n    | summarize count() by DstIpAddr\n | top 10 by count_"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (Claroty)",
-                      "lastDataReceivedQuery": "ClarotyEvent\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "ClarotyEvent\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "read": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**ClarotyEvent**](https://aka.ms/sentinel-claroty-parser) which is deployed with the Microsoft Sentinel Solution."
-                    },
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "innerSteps": [
-                        {
-                          "title": "1.1 Select or create a Linux machine",
-                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                        },
-                        {
-                          "title": "1.2 Install the CEF collector on the Linux machine",
-                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                          "instructions": [
-                            {
-                              "parameters": {
-                                "fillWith": [
-                                  "WorkspaceId",
-                                  "PrimaryKey"
-                                ],
-                                "label": "Run the following command to install and apply the CEF collector:",
-                                "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                              },
-                              "type": "CopyableLabel"
-                            }
-                          ]
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "Configure log forwarding using CEF:\n\n1. Navigate to the **Syslog** section of the Configuration menu.\n\n2. Select **+Add**.\n\n3. In the **Add New Syslog Dialog** specify Remote Server **IP**, **Port**, **Protocol** and select **Message Format** - **CEF**.\n\n4. Choose **Save** to exit the **Add Syslog dialog**.",
-                      "title": "2.  Configure Claroty to send logs using CEF"
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "4. Secure your machine "
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Claroty",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Claroty via Legacy Agent",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Claroty",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Claroty via Legacy Agent",
-          "publisher": "Claroty",
-          "descriptionMarkdown": "The [Claroty](https://claroty.com/) data connector provides the capability to ingest [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "Claroty",
-              "baseQuery": "ClarotyEvent"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (Claroty)",
-              "lastDataReceivedQuery": "ClarotyEvent\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "ClarotyEvent\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 10 Destinations",
-              "query": "ClarotyEvent\n | where isnotempty(DstIpAddr)\n    | summarize count() by DstIpAddr\n | top 10 by count_"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "read": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**ClarotyEvent**](https://aka.ms/sentinel-claroty-parser) which is deployed with the Microsoft Sentinel Solution."
-            },
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "Configure log forwarding using CEF:\n\n1. Navigate to the **Syslog** section of the Configuration menu.\n\n2. Select **+Add**.\n\n3. In the **Add New Syslog Dialog** specify Remote Server **IP**, **Port**, **Protocol** and select **Message Format** - **CEF**.\n\n4. Choose **Save** to exit the **Add Syslog dialog**.",
-              "title": "2.  Configure Claroty to send logs using CEF"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**ClarotyEvent**](https://aka.ms/sentinel-claroty-parser) which is deployed with the Microsoft Sentinel Solution."
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Claroty data connector with template version 3.0.2",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId2')]",
-                  "title": "[Deprecated] Claroty via AMA",
-                  "publisher": "Claroty",
-                  "descriptionMarkdown": "The [Claroty](https://claroty.com/) data connector provides the capability to ingest [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel.",
-                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**ClarotyEvent**](https://aka.ms/sentinel-claroty-parser) which is deployed with the Microsoft Sentinel Solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "Claroty",
-                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Claroty'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 10 Destinations",
-                      "query": "ClarotyEvent\n | where isnotempty(DstIpAddr)\n    | summarize count() by DstIpAddr\n | top 10 by count_"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (Claroty)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Claroty'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n |where DeviceVendor =~ 'Claroty'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "read": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                      },
-                      {
-                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**ClarotyEvent**](https://aka.ms/sentinel-claroty-parser) which is deployed with the Microsoft Sentinel Solution.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "1. Kindly follow the steps to configure the data connector",
-                            "instructionSteps": [
-                              {
-                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                              },
-                              {
-                                "title": "Step B. Configure Claroty to send logs using CEF",
-                                "description": "Configure log forwarding using CEF:\n\n1. Navigate to the **Syslog** section of the Configuration menu.\n\n2. Select **+Add**.\n\n3. In the **Add New Syslog Dialog** specify Remote Server **IP**, **Port**, **Protocol** and select **Message Format** - **CEF**.\n\n4. Choose **Save** to exit the **Add Syslog dialog**."
-                              },
-                              {
-                                "title": "Step C. Validate connection",
-                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "label": "Run the following command to validate your connectivity:",
-                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                                    },
-                                    "type": "CopyableLabel"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "2. Secure your machine "
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-                "contentId": "[variables('_dataConnectorContentId2')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Claroty",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Claroty via AMA",
-        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
-        "id": "[variables('_dataConnectorcontentProductId2')]",
-        "version": "[variables('dataConnectorVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId2')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion2')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Claroty",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Claroty via AMA",
-          "publisher": "Claroty",
-          "descriptionMarkdown": "The [Claroty](https://claroty.com/) data connector provides the capability to ingest [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "Claroty",
-              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Claroty'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (Claroty)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Claroty'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n |where DeviceVendor =~ 'Claroty'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 10 Destinations",
-              "query": "ClarotyEvent\n | where isnotempty(DstIpAddr)\n    | summarize count() by DstIpAddr\n | top 10 by count_"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "read": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-              },
-              {
-                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**ClarotyEvent**](https://aka.ms/sentinel-claroty-parser) which is deployed with the Microsoft Sentinel Solution.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "1. Kindly follow the steps to configure the data connector",
-                    "instructionSteps": [
-                      {
-                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                      },
-                      {
-                        "title": "Step B. Configure Claroty to send logs using CEF",
-                        "description": "Configure log forwarding using CEF:\n\n1. Navigate to the **Syslog** section of the Configuration menu.\n\n2. Select **+Add**.\n\n3. In the **Add New Syslog Dialog** specify Remote Server **IP**, **Port**, **Protocol** and select **Message Format** - **CEF**.\n\n4. Choose **Save** to exit the **Add Syslog dialog**."
-                      },
-                      {
-                        "title": "Step C. Validate connection",
-                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "label": "Run the following command to validate your connectivity:",
-                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                            },
-                            "type": "CopyableLabel"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "2. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId2')]",
-          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**ClarotyEvent**](https://aka.ms/sentinel-claroty-parser) which is deployed with the Microsoft Sentinel Solution."
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -1948,7 +1268,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyAssetDown_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotyAssetDown_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -1975,18 +1295,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "Claroty",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "ClarotyAma",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2002,13 +1310,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -2064,7 +1372,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyCriticalBaselineDeviation_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotyCriticalBaselineDeviation_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -2091,18 +1399,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "Claroty",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "ClarotyAma",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2118,13 +1414,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -2180,7 +1476,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyLoginToUncommonSite_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotyLoginToUncommonSite_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -2207,18 +1503,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "Claroty",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "ClarotyAma",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2235,13 +1519,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "SrcIpAddr",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "SrcIpAddr"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -2297,7 +1581,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyMultipleFailedLogin_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotyMultipleFailedLogin_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -2324,18 +1608,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "Claroty",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "ClarotyAma",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2352,13 +1624,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "columnName": "AccountCustomEntity",
-                        "identifier": "Name"
+                        "identifier": "Name",
+                        "columnName": "AccountCustomEntity"
                       }
-                    ]
+                    ],
+                    "entityType": "Account"
                   }
                 ]
               }
@@ -2414,7 +1686,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyMultipleFailedLoginsSameDst_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotyMultipleFailedLoginsSameDst_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -2441,18 +1713,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "Claroty",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "ClarotyAma",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2469,13 +1729,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "SecurityGroup",
                     "fieldMappings": [
                       {
-                        "columnName": "SGCustomEntity",
-                        "identifier": "DistinguishedName"
+                        "identifier": "DistinguishedName",
+                        "columnName": "SGCustomEntity"
                       }
-                    ]
+                    ],
+                    "entityType": "SecurityGroup"
                   }
                 ]
               }
@@ -2531,7 +1791,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyNewAsset_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotyNewAsset_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -2558,18 +1818,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "Claroty",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "ClarotyAma",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2586,13 +1834,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -2648,7 +1896,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyPolicyViolation_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotyPolicyViolation_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -2675,18 +1923,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "Claroty",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "ClarotyAma",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2702,13 +1938,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -2764,7 +2000,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotySuspiciousActivity_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotySuspiciousActivity_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@@ -2791,18 +2027,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "Claroty",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "ClarotyAma",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2818,13 +2042,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -2880,7 +2104,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotySuspiciousFileTransfer_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotySuspiciousFileTransfer_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@@ -2907,18 +2131,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "Claroty",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "ClarotyAma",
-                    "dataTypes": [
-                      "ClarotyEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2934,13 +2146,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -2996,7 +2208,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ClarotyTreat_AnalyticalRules Analytics Rule with template version 3.0.2",
+        "description": "ClarotyTreat_AnalyticalRules Analytics Rule with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@@ -3050,13 +2262,13 @@
                 ],
                 "entityMappings": [
                   {
-                    "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "columnName": "IPCustomEntity",
-                        "identifier": "Address"
+                        "identifier": "Address",
+                        "columnName": "IPCustomEntity"
                       }
-                    ]
+                    ],
+                    "entityType": "IP"
                   }
                 ]
               }
@@ -3108,12 +2320,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.2",
+        "version": "3.0.3",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Claroty",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Claroty/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://claroty.com/\">Claroty</a> solution for Microsoft Sentinel enables ingestion of  <a href=\"https://claroty.com/resources/datasheets/continuous-threat-detection\">Continuous Threat Detection</a> and <a href=\"https://claroty.com/industrial-cybersecurity/sra\">Secure Remote Access</a> events into Microsoft Sentinel.</p>\n</li>\n</ol>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 10, <strong>Hunting Queries:</strong> 10</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Claroty/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://claroty.com/\">Claroty</a> solution for Microsoft Sentinel enables ingestion of  <a href=\"https://claroty.com/resources/datasheets/continuous-threat-detection\">Continuous Threat Detection</a> and <a href=\"https://claroty.com/industrial-cybersecurity/sra\">Secure Remote Access</a> events into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.</p>\n<p><strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 10, <strong>Hunting Queries:</strong> 10</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -3197,16 +2409,6 @@
               "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
               "version": "[variables('huntingQueryObject10').huntingQueryVersion10]"
             },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId2')]",
-              "version": "[variables('dataConnectorVersion2')]"
-            },
             {
               "kind": "AnalyticsRule",
               "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
diff --git a/Solutions/Claroty/ReleaseNotes.md b/Solutions/Claroty/ReleaseNotes.md
index 13166bae4d9..df94769f6d3 100644
--- a/Solutions/Claroty/ReleaseNotes.md
+++ b/Solutions/Claroty/ReleaseNotes.md
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                             |
 |-------------|--------------------------------|------------------------------------------------|
+| 3.0.3       | 18-11-2024                     | Removed Deprecated **Data Connectors**         |  
 | 3.0.2 	  | 10-07-2024 					   | Deprecated **Data Connector** 					|
 | 3.0.1       | 11-09-2023                     | Addition of new Claroty AMA **Data Connector** |
 | 3.0.0       | 27-07-2023                     | Corrected the links in the solution.           | 

From 73c6cf7a604cbd9d29685261e65f41f2a4d80c2d Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 15 Nov 2024 16:55:58 +0530
Subject: [PATCH 2/6] Updated Analytical Rule Version

---
 .../Analytic Rules/ClarotyNewAsset.yaml       |   2 +-
 .../ClarotyPolicyViolation.yaml               |   2 +-
 Solutions/Claroty/Package/3.0.3.zip           | Bin 14404 -> 14778 bytes
 Solutions/Claroty/Package/mainTemplate.json   |  96 +++++++++---------
 4 files changed, 50 insertions(+), 50 deletions(-)

diff --git a/Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml b/Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml
index 22679c6bfd9..e9a203e9a81 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyNewAsset.yaml	
@@ -26,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml b/Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml
index a557347a63d..58b7773a369 100755
--- a/Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml	
+++ b/Solutions/Claroty/Analytic Rules/ClarotyPolicyViolation.yaml	
@@ -26,5 +26,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IPCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/Claroty/Package/3.0.3.zip b/Solutions/Claroty/Package/3.0.3.zip
index 8f4fa4b0ccfe6c3b077f4e20d1b12c88e2f6aa9f..9c264a2ca4603b8d7246eb618588b136bd9f370a 100644
GIT binary patch
literal 14778
zcmZ{L18^rz_ipryZ5tcgwv7!ow(VqNY;4<hvaxO3w#}RO`@i3<y7$(dshX~tIo<V~
z=kz&!dZt@J8Wao_2nYxgC@t7lV~9ZZs1q6ph(;I)2;=*yp@Xr$ld-C~h_Q*ejk%M#
ztqq-pqpi&b&V|hy$L$yJ6MW#M@3J3%+;1z_@H4u0$wyELSI5Y<k617O?F<`xTuEGl
zwrzDc-&jX?#~k0tL<};ShQlh0A};9<=x|)PBhO&r)4r`QvCt>^gDDM>j-&o`%gmCa
zzFa&k5tbrm^jdX<V}ep6P+gIg4D3s|M~LXxKSnT<NqwLrB_`EAd`8OnjuWChZmGd(
zU+8eZe-eL&EHPV7nBxY@>}t}t&<7za^I~GHlfhzL`%3~s5u5AO*)kO*Ns53W3Hi1W
zVPA=}ZZ#NzgnxDH_$Xj?ZzlwYJ*<xhQeBoaF~EY$yu?v(X}#$3q#==gU>wPD#nC}9
zR~?;@s><|+VUq>cF=i}(y%jSI8=}JtstfF2tB(iPIojT}_-T$$^49J9W%YqfWszU)
z*iSxNRc+k;J-TskZ+i=$K7YBS<AlOejgVk7jx!Uy&xkFB6t3OBiI7=Vkq~pMV1X0H
z?QtjTMaA-vLtN7J`AlwSimQ-`tN%H^J6Jd`N^!Jw+nOp!i#685GZ9m|BPdZgU9KNI
zzl|#*h(Spx(d#zpI~!W%Yv$mB6>coktYq$P?g6D%5=^B<MWKpi2D45E6`$t6Kve$&
zp-MtdESl8WUeuWqE{2LQG{e{kgY?;@yJm|v5C9p<tRFY#Uy~vyR0Q-8K?(Y!$mipQ
zzndD77_Ag!aAtmlXt^qyaKciuNQBC}C>VG_Wddu?;+UJp+q&jH09QKM*EY6Z`7ppi
zpbH5yBf?7{Ck<oUK8A{x6YlNP0>mcJ)?qp&u0eVkL|uqaz{Hskq8}Po<bo8W3pA;Q
z0|*mj%1jG_IBfd}iI{{R5({|i5@1BWgwu=vA%LC{H#3GLH_)BLKy}yCy3+#`WKaZd
z#s$8ft9i>H!aT|{3L=E&2Lv1_Qz?pSq={%@pmM0$6%{?*2+c<Z3MIG=qXNLMO&sAF
z9%&%0eZqBuKj*kb%gur1LMj!L^A$owA`Fqhh#3isn8k8$-y(^A#OECe<;=~2DviNU
zS>Es_**_2o9WyXOowF-!k=H5IvoLW(81j)atbgrNCU@ualbDLaN@V;Km|s{mlQxwa
zn$4|~{2nr2%VFB}YJAk_cipB_jcTdNMG3K{gc&@t4lGxoe%&4XQqKfNNfE0{1dWMT
znoMU2w=sI4%HAQ-mu(mn`x7pi&@oZLsgqRKTY|{moaC0eMpXf`Q5zVR((eu20eVNv
z-MBk^cgIk}DEHbtznKtCDFXEjCB@ktNbb+dIR$=B(7uF+(a3Owc`s|K6w(15cy51M
z3b7n2+9{t}$}RdYdq_|B;0*zfs%e5kiFoV}ROMyGLqUdeV@<Jyukqjeq2aifGWi+f
zh9!tGw%a#u_k*=cMN-wsYL(&{8VF)c*kriEe^K=xXo-3m#p!rZ0L480QefV#4ETr?
z{oE*Mgb|oKouftq5s0A%m@DcEJ#aH5+wLFsY|PHF=Ycd?C+@|>{c^6pxGtWa8!**W
zr>-&B&hfG105ze_Xz{%=V<FzcBNI_|g7JK17diD%h>pxScCRW>Z*i2(DXJC>#KXr|
zPu-`dM_1o%@(ZrGw1(z)8Ng}<Ge-h3XCPND2;M9d3{v|Fb{wMEAu+5~tcS(D@Q;<6
z`!qDL8UtVFh!Jt3Q|*5J5mG7i+$wYAm@*;_3)Q(&dtCH)F=2%kMLm)DDAwU9=jchf
z1z?xf0D%9K1o#peedoko?WvhPET%CVMB3G(1mB{Wk2cV;-2`y}MGx%aNQK!^UrXXk
z%hUV%+6fXEv+cw1WXlrw6D-+8J%KCG!$4YQp0(qMzemIm=?X|m<DBtny4z!5R?FLw
z?HSC`@?e#0@GH(q!m?BUdxWxGLHvOZ(0b#ZJh)1I;mvF0T&IT)VWi{$hoCn}2~f7f
zRY*P1AU)F*QcH7ZUeEdd>810Is=~%d8xHW}E26z$i#kYuWG5RVf{yJX*Q*!9*$?{X
z{ay*6%Q<0C>X0c@{eVdlpoE(|L`yCDDw4|EQvz>cfYPDYW>Bqu&w-bT>tU9SsvIzL
z5`kxy@<3bIhqGRnRe00ztIZu30}$@#3*E;2*)3UQ5@b6|z?KwoIF`lS3T;3Vyld_p
z=XW;y=0j|>*ykzdN1Ks=>p0)f1E`F*RG80>`PCq72q!<LlJ`qD3>I|kKt^05S$$>s
zf_-F>t7evuEy3?!E!eBIb3MY@?%I@>Z8Vp5kVqtwS8mgK73@{#q-B{K{laez%_k#u
zGvBo(S8;>HBj<FngK#j~^ige!u3HtC6<rAO>>8gE;>Ad<;t2P}6lC=0j+BWO*wL!Y
zb(bF{(c&!_8_;LHu5%aI!s?o0Pv1&siC-@#+z?-E-LH2=B&OxI>|YmMsK&Hc<e#75
z`nQCBkb5&JK{qv>aRY&V6xy#KwKq2NBzdv*Ws<Y5?-YSz{&EGpx9RY7CUxRB=2e42
zwdrIBgR#-VdI8dnVdQXhyGlU_tY!V0E@05kGX@Y}nUe5|n-KO$3BC9ePooyzn$aE%
z{!$Mb@J4#Cp}TZctSw&dRa#=m2iL?m`R#G59mlJoTEIUeODrjm)*jd_v(hr`e=a7z
z8l6c+vN2WE@QGDjsn^P1Db?x?2TuXXHyNy1bve`WcT{WI?0!ZyeyCEfeg@H6mpYxb
zzFSzfI;qBu)Ft$H=hLPfqT(j)=pm+%D=ZQj-1ti)rH{e8mM@rAnmvdFuIu*jNd{i*
zFPmy9+gz56V28V2MCty`Yo1dfTR(DB^zD^~`5kUeCjPSMTntS|VI?ORGMg3I9c(ga
zKyHp%)y)kW1(@^S8Sxb9BTGDwYJ8Vn)68->Pm;hcH-}N3V}FudKvT<f->MaQdeWRZ
zUjB7jtDSUulIgxz<gvcB)=G?UJ_GglN$)(Ua-0I{()Nc=at~dWEy6g|e4pE`r{f1Y
zg3bG>$<4Y>kh`gEZ$b;b%3l}lA`q2}bsd2F#;0{+-P=<C#4!n$U$)ie=zN9&b<<}N
zXHo!>qg9ME9=nUf$b?plrN4K{$9lvBdRi?RaMh~$@b4`h-D;utMPf4WP_#f^DsMX|
z!<Ppg6PHHhYFK~%qz;or?Hm<1?^|D4aU?P~NX=IGmD>9(6Ia&gfrw?805I|)H@Ddi
z`-YCD#)f%#^cz%YFKc$2zf0yN3cs^u2Bt9COwEIjAdE;Z?h`g*{aW<bqav-UQ`e11
zIQyXUAT6GDMB`o37AS@wG$^XkNLF+lTYDsMt4X`&<i`&VLX5~RoH}($ekOL>QZLqZ
zkh=yns!IzN-8_y3z))DTPOxsy5RVpb8$SwXs>v98^4^0hk6;d5`20fd7G_FzX}v*n
zoKcxvr84`wlxWM495EAOMR$<_+#Y4_pRKv=YIO+Hsb*#DSquc%6jxRMe$AxFO#xMH
z_)bc~;?FFqL)}!@VHgOmRqGW;w&YlYGt@b&Qj9R7r^!|728z3S)+B!Ar~6F1J``Vx
zIfXt&hh0&ux2UP0jmrj9>uDu55P&l^xLzzvydbIh@vGw5w@UXlVxBwQq15RJrVAUi
z$JyrkKs~xc+PvhJ-L58?zKcdp=dFL-i#+L0;YDP;+%AdViHdMw$P03=M)T7;FP8Eh
z;_DMZ;r~c^F{L3}K52n~)|o(nkiJu1YkhMY6=Q2VtMA13KgsU7_J+e+b6n?EnKwk0
zOSzG$X!;j%{B7yY{!xVGt?TaiKCz3t0CECHt_YkY=gq#`)#QeI;70Nq#R|B95+NWg
zCSy5X!?KJVdD_g0osUJpDd6+H`YZ28z}Ij9WmayFurUK|nCR#Abxb1e_%yEUHSAP4
z==~d0AA}$m_1Uek@Eosdy^1V9><zJGHROgCj}~c3H$>Or$@>-r$*N$?BuvR0mZ^Kj
zq$K~VpV%k$nQ5~C5mhKywj?lWt}&x5v(PIsd>xB?zK~*~SBrXq#?3|r6$uC<c|$rD
z5)nnE+?<hyfT@%sbb*L@5s#cg68cZj+3mE44goCxPeGQdCsH_t9ueB`oSJ4$y<RT*
zIyb&j53=2%yCXL~$|8mG>M&v4Tw|s8h&VFqC%!)S)^U*cB^qtI$47)Rok@2c%c39d
z2ZHGIQmNqdb3z)29JrL9bqa@=Asi}UDjGRFKNZ-N!*@Z=vM@&Jr^e*w=geDWgwWE;
zwhSL25`qMwCw_A(B)F>oIdb<?lxU_JK&9^TlBq{{0RgC2_P>k1a6|@_A|FYG);}Y+
zM$|cpjbsy0I|m4oJ+ZzyXh%+QNprq6!L>BDY=Q#i_I2#w@Z_dQparXwRqH85%2t&C
zG0P|jG6>(72L|neLF}*DH3&^?)|3%kUS&U>Z7R42m~5EEE4^qhWHUhsQa)!Fqa3(J
z#g!AoJ77v@=o_=P$mt*UJ7&b}OxV}{vQin4pF?PsQomvgTo5_W6meMXtZ*V#uh`d8
z_Dz3C{t+IVt@nF2Ksg+R>O+j)QE{%Ly5$_se8=v~OH@tpjEq@H>i`Y-2wm1L%tTfZ
zDI>5Tifg+am+UZV;j~yYwoLFReFPN!ZCP+~Tb&MNB40`S1NMO7;exzSrt+1x@jIKd
zq#Acmyq&Fj{?)co)=<28EP>koi(P?TUDcDMsa9LO#RI4Iw(qj`ktsjF>DdX#IsqKQ
zPlt?Mz0`pLRoW@L`6bPd<MO^42mG(5e%L3^jBN~|5%(1U>P0N_jTx1Ep}TUr%fu}8
zk1oyah*s)^d8x%ofAtPw#n}FX)=w_!K4S$K9qbAL0=qtBo=vePF&TDTIR01RS5bX*
z9%FPGcPF-DS?UT#aBnfw4#)~kq7GI%y%1c}>UZ6qqcb>q*PgN_AWRAM$>`!_LIidX
zYL|41P_yMzzS}<B9tW>5MR3o0xBw0%w&9-s=6K46;Z@}lqT<)IFt+`nV)W)Y#RXI$
z@d0N12DRpsxaNhCtt5^%WMJRwt@#gtJSIzlomXF&OrYKq?rRwucGPK5RMBb?PB4BQ
z-rO9g98W$sR_=+dB?)Oh2u_{O9k%x&>;8nar1pdp=n(6|Ff{0bgL8$4+IC57F=y_X
zMQ1Rm<Q=xFkq#Cb>4fED>QVwbJ(*|~Jc(^jefEK$RT@TF)m2LwzY7wR6@`c(skzQw
z)Hrp%e}Q`?-<{^|p>aXeg<Gd_xtgA4*@0Wpsd!d#Yf{uulx@gxE!l+SMy$KBN(@W&
zhN+I$W_!Z?+)$C>i{ZjGEO8EA*)S$Vnc>MHX6oniqw$30*1xiIraI#P$U@PetYE9b
zS$S?Z3o)HmRksG?t)!Voc<U~5a{LRJ`;z%e{U6x@Lt0o8dDh5o6<XB5GK}Xe3(rS&
zX4)|pYZ~*-8@$w?VgSjzR_{aSgKsW`D@1{r;1(K5VkY287VvP?0bK_z*iFLhEMyaB
zoByI%GS!j)Zka_W7v;IC%0r@lWcrQazNtFTejD=#lire{WZF_2$=zrPp}CIsSv`GW
z3=2a(tM*bTF~1UCpPeeqS!|dW1|eb;uTgiWSh$xY40Euno&gqKAi3DV%VD~)zo@*8
zm-pL9WcDHkkN({VEi|5$W-BO;xNr#P0S6UykNZhgfc2V~p{(OSW}S$Bwrt{-vr~(4
zS!j--c*~Xfnt<@s3FLNn6FG~1a?oVSei99E$gihJxbS*ZAt*r6z{KFpR1Xn`=8%NM
z@kV6ZCz6rm-G5DjVlwCpG48n?o*cvsfFSu&PrAe@LFpZwAflP;;t8}p0M-W5=cH}&
zt+9VXOqw-^fK30ceehlThT|TTz$Lm9{>=X%rRg*tBB%E9Gz%{!3gaXbk<AufKlSr~
z$cs9J5Cn3}ycQ5R(H2sZAjd7Rd>T+ghM+HH@zQjau9yQJRa~lOq*arT8}9`@G(9nW
z!?Sf7SmW#nId)Hvu%pFkhAf~i7fwrPwZR)$=(Gyl>p~D{?GDL2+s)t%Cth~hW3mCQ
z0OmNcq+$ffvh*lIB5FhFef;0}8RY-P@BJ@+Zf``FeWG7kYS>v<$F10UL&~%%2Io20
z5W|cekbU*0?17o-!s<mn?vPufex*RY4w_cL`bU>UG=+2Ui1<%}ZZ!XZe+~8nv8*td
zfK(X+$BN|?E8~sg8G^6nd$gwr9AXctk@>ns>`W9k2M#=FSO)3c`>*mB0X5X$^-tY@
z+!He^$WDL=R(7k!=8Kp8xwqecZL&Px2(h^Q-{7}(orsAF2hb5+uJC)6xGsS7s}Xv$
zcmgR)@kEL)@)ev14eRz8WfmSHYRmeN{f89yMa0+xJN}Db%1-oO<z4?({%@W*2yAtp
z_y?g$gQ4;e8x7VeM{ldeOIp51R$)2Y`7&IEIUP@mOI~vX#s=gd6UcDivkS302<}*E
zEg&jAZ5=MAFyR#7u%V$ffQLFBpNYmpD~%Zt*$`IJlwn}J$S_mcuBD($2JF4boVjEx
zAz}JRS9i|@pIhBG`|H7Kr?{K=&;|(;+YQr$QCi#RnQ4%KbM|&Jn4!zd`jLeK+tt$a
zT89H?enA_vQ$G~L4gawEkUD(&_UReLOr&3@u<Gg}?u+MKP7C6PP0BhNnBq0CtlcK#
zJQyTv6xxATAyx!Dq}ul|8mDwH2uNf)d0rr!9CrJ0B^6FhuxHTPn(s0KuE>~<kMlgC
zz*8MuypnkPK!3e}mw32aL+(FAmHXMg@S9aaB;?G*ctTQvB1L)O$nmb&E{c^<xH_2y
zkUzmT5i#^Y)l!6N-F7x#g5?!@H2-y=oUo%HP{TIhtm>$L3|7FrlUdr@3Ybv-wST{<
zf;82<X5d6Sy5}{0XxFi+zeH04)yn~)pso5dcaf%{RgSy?-foyNLK68as*ggZzUQc3
zkW+gS9ARoWQ9@=Jx3|}k4KowYAVrl^r2|69AM&|O*d9v%8E^o$*YFSkL9g54{kq*F
zd~lJlZX3vlnv>B-2V<r9N)Iq0CyoLSRP;*Ni%EEI9uHS>Z_1b}_Ztm>cn1VPAPgG|
z=jHi30DM4(G`Ft>+`njK<L>k0Fx+BM;-KjC5OdDR+wM9ngz^y>((n3S2Y<THNE`2-
zXTwzqavBJh$pdGpDxxK$R^LCZzTSbq-~8QoW~HIfYg>&e@1d&13TY5TY)xW?=UrIh
z5pT?>E%gvPE(4#fwRGc}g-d6OIW0v0pzXefOOt1yr6c>hO&y{owG8@ek+sEc*a<G#
z3fNt69y59<N{oNWn4&v!U+^FzMf-tN&R0jHg2ndwdi3$aVeX{F4zE0aaE9h@{%8%a
z@L9=T14prkFHuSHs|uu3Ra+My#A<u9R7wwqeH?@3hgf`f$^h%Lw);liu@yr(uSKh7
z^xnfmbI>4~KTv$@CRpJL=qR{UNnk^8wy~+{%F4?7)hH}mB-ITn$Is0ofRvea6>iTj
zoyqVH@51&FXfo{7HZV({0mnQk=kyoH$gU7~zq;MDak(l)+#c4<Ca)dRfP<G;Bs4|{
z3f0x>(D2#8LPDdD;!LGcLfP2}HF>6pBiJjPkQ%@m+66OWN7he&^Lv1J(s&t%F0yIF
zX^Vsil->!I8E=XqqqSU#Lk+N(i2d%K$<=O6%Iu=t7(l@sN(I(L5oCe94ePbR!X_ZS
z<x?ugV5wlwD=SV`)4oyM^3Td6b(|MxdQa4j>#zLrE+vb)u+t@$ENY`fi1UG(8l%xo
z4<9L*KCGhqzy6!S^Mwut$*i(^jTFTQRIj1U=&vP|2>cl14=p({xuady!xW7m)^1A1
z1b2{uEu9$?x;extRT14H!0<IT6AC@|(|@v{qQW9CC`suSad4b_s9TkiKxh>}K$tpa
z>LjEgIx=23JjF(^@OZ@HZC^1hl(T?kn%$Z*G6&<`aR-3YFywb7f9)R}CoN1diTtH?
z&a{`M@REyS7D~{zp8wP9ElXCdn?Jy$g=kmXS#&aVHAhnrNs_Rye(X37pPet+f;-!~
z<5050?Jd{HS!nxN!aEiCUbYk3mtw=g#a^x35mJ4^mc2hPvdaO>?6(G+>a!=o<qe^|
zkVx^&R7HNsLxuoGZ<m!1l|R#IT#cL)Aqz|_V=1qBwd|D=<aC-8gW;EQ0eOZU23EqD
zmR@a(sM2t(3XTsBE8VXU^(l=t+qbVz(PZ`@uQ3ZlEA=c}Ev<_q`1%C{#wg`Lllp7-
znxmMMf1<ulZ+R28XI2znfD(miQ@kO*_%7!1@r5_XYz>0IeaG!I$=5b*mvJ;H6m23c
z;mzppPuYYbJfY<oq)^>Jd(;a!VJBAH8!xfO&9_nA;X@Wn_EeC;zt+s*M`IwiYhf3x
zY)x@?C<%FM8Y<&gAEMP=3}tDL@G`a+-DTie^YAiDqnX%U8`O1VosASdb2P{6vv%_S
ztQw-K1u&vZ5@>(_T&c&Qk5Y0!eI_9_g_hR??})8i_2vjAtiT1pW{@D{0-%LUs>5yI
zK+;_raltI==pcWjGhU;!3~n_gYv}8Vn0Vke@yMp3ZK3qd-5J+hMn9LSbny)uvVrve
zJg{O<(QT2`(qL$6n$Sg2j@IW)FIZWy2U;9|N_U!&I@lWiZSc&LX^8CL6QIaZfs-)C
z$3t_VXU2sr&Wb2rsLNT_F;_CsW()92_A5nWK}amlwgWnAPzo{YGS5lUQY7M_VdUuC
z^lLg#y1s(e2L2;Vw5W;K+gLMQf?ElHB~}=24pbm8z{Ecq9<i?!Q>nUSf|B#p_4R?k
zAd<iD^9e<^9+eund$vIaQGO`+;wYl4Mb%OH8qh0#ykB>}cjqRCuxvH!ib?_KvPQy<
zSTpEv`Rm6K)<8L$xO0b^^HVsI+&XYno)p?c<aexaSI5=l<Ro|j>?iNo)9{!4mt*!P
zAuEX}K~LS!B5}pfgVc#niwm%?c5wZmz>frc!nxmX42g)eW;GA@6E_6-nz|r-CJ<hv
zdsIe@Mm<8vS|!NBazdIK5P4ekp9L9Xfv8gIfEo&WM(tM?;6k}^4jvtvxRe9Y64kh1
z&Dv3f57Gw&(;pDLV-<;90eij!m({?Sj{1Y$2UJ=@N4i-(u_}MW@+uIxP|F(%s@el{
zezBNeikZhfB>XWE<PH!b4-n;&u8{kTksxA}2uu0?mTRMQ)DNah98mY$kYc1%T2KAS
z0rOKVPlvVrfSMa&?7mgoK`zalZp*t$z3=h51h6XJ&si|F3l@)>m~R+I<*e9&^g`H`
z!K1|CBF>u%5pDJfnfmyGlE&$O1U&5S<N*-K!mHWecshzWw@);l71oNH8Hw00RgHr_
zmRcr=eV4w773$C{yv*mCJBJJY8cKd<r7BXjPRtN9T_kafyU{S5Wf%S_>h9f*^OJ=Z
zh{8=L)KrbP9gjJT*67SS$krL{uB5KC?B>D|QOmeCaU#_eF(4WxSBe?!W}AF@6{Z$P
zMLVi2HrK85&{bqavmZg_Y7s+P=a0(NF??>|RZnM$ZXhkC%uAiMyLrNpIXLY!c>ZX|
zNZSJBFG=!zwu)r}aIYe=v%Q>^kb*}d_9JfDZWoyIY9ib&uUVp>0{FvvxZsvpaSP(Z
znO<p*m-bxgg?FRjeVg*@MAquL?~*6iU>@<&60WzgiDq;AIs5Injp83=y|`0g(pDS0
zYzI9v7zv^(UUWc?Z6zH8J3bB<?%MjXIT}m+HrEMgvf_g`9!#GtCC-_yR2EWH+^Y{<
zzdB_(e-t~VkB(TfZEd*Jqg7eF?F9pDo~+iwJnzJUCA!&m(lTz~R&8n-epYJw<nJQ<
z-ZJRv()``*Q-j#${_%M!`VP3#scB%|1xs9_33{7ydJ=*ywJ2Mk;DyCHzVne5yicKU
zGg)B0X$+|>_SlOihs3<(I<f%om@0XuO+&my5E*k_i%u>%_>4jeYN(;~p{ZTvT=Llq
zsYPyz7)^&5l8m^0yhm!vDV9p8>#+ZY_oFVNGP?)G?|%Qfd7o<^9@QKHO_E)-#m0)*
zyrPFx>#^G`o`>9?y=1lpntb2TBlIy&tj#&iD;%f=c+>DC48uN<f51KVDibbifCCCp
zIc#qlH%Z}nXB_8?gBo)lt?mK-QL%)>?QC`LYIW~qbva+VvQ@is{7k9NLo#<ea`@?c
zxeulPn~ekKJX#H6*!k_l+Xif;6D~f&{MJ}r@9}7OXhec#HpA{+T*T7Jfw5`Zz{P>F
zu(_tKia2sKjkY<Ih03yNn|QXQV#PmvVPs&{KYU|kVADT*Ze$>K7o-i22AfEeZbFcS
zt06-$d)=NG2a`aSF3B;>iw(hyRa<ufA$imubI^*`OY`F0!GY46et4)MAjHZh67|P+
zXWNBT^4n!2HSc9xRimY|^#dr{!IO6r5@_z;IdMPKAN%cdvu8+`Kmxj#xcr@0BlfZt
zol?Prs|M>rgpVe_(el!EIF-WSbIU0+%(n~HlJPcBKv;v6!J20PD6HqtwDLhunVKb&
zpCi*f=zkp^bUEeBI_M>S?qke5wD1^sjq0AYCM)jE70OR~M)}%Pz!B8(?G8vQWCdtl
z?MLd<!*hp{EDNb@asL_nv8$K}Oqb&shfzIOp*Q&uIu=4$hzF;RnnA(mz9IO!&-4tu
zNM@jrm6Z@%sU=>XJ*rK=RX~Np)&gsh8cH_uGp>k;`~Zx&A7|gq&%ddNK8nD0`x6<%
z=xa>$5=cN4+Lx!SGc+yJ1ehI?=B;4t(^*MMl7fv_LA95;Zo)yiAtO+{yiyoKdDAQ6
z#^OghN(#suX46<QYHnq@B5}ytxkEt(Hv1SS{d85?A;k(s_}M5FZPj|s2~wN_#FD(J
zM2tio6PbjE2Go<l22RQE)=22vw*M)#N`G@n`-{XS(h3rfjK&fo)s-#U3BGv5t_hx2
zVYuTJY<eiR6ogZ8A;XnX94@`*jtWS$a;>n4ECA9V;nkLlNw5_N>h491C@+jZT!Tfy
z{Oi9O<G<cyf|=s|GIN}c7@aa4GXr0X3WB5hR$Fy;N#Q)czY=FvyDoULEkN#EIWWAF
zeg2@NkT;zd@w#t;&b5+5TDC)7L<(6xEon4bh^HY;1`wty*=5sQQ%Im6JGQ@1y*-y1
zc{x+d&%ifUafji-9}gfc>Xo~0(z^JR62#kGM7nyr?C6{n!>vjGL_7UxN?e{<`ia~5
z>%E2K2N@D%n`FE7k@`<pR5i@CRr66RoUyoQ{f(ij#b_`O63(aE^0(y$?{kYjjqrZK
z2{F3=JV+dF`tOUfqV{O*O6HF5%SFoT$)(}X?>AKwicgbevQM-FRip-Lc(qje5oOMp
z)F|<%p`!LjX%D4`$=q5is9LMUMGbHIBLtj~3*O2CVS6r=ui^Y+b|=z!Xs!_PF1+gd
z8leH=ygNA)jD;5gB9X)X96#nUVB-)#Sh>z1U#(EiSEz>PFxFSNN|d=9t9M2^H)#t`
z;xcOFKE<LWehM5&U)j=lFW^XT<>P`bGOYM1SkwJh$I5OeXn!xA?s-<$Ha#8M+|aR(
zORw?9h<G*RVl^L2|0&U&)6|UExa|D70PDdl($w0a0$o)i1+XNmu%oq_3h{Q!86sAu
z^7;|tQ>lnIVBV>6Ob?w_;2F%i@zwP>>C9=fA<_Ny*J2A;+=sN7M%r<X%#w3P>XEam
zP99Zy^F3Bd)Sd%*30H}Tb5@ZmakPFP@R)f^3gb%{0)_+TwqOTdp*)m^<%9yqmbO74
z=&(XO<ee8nK(--Uw8Q3pYNjLtqg5DodcLU~L#~?W(-~?J5xuO!BS&!}meW&SmqHW9
z2khwRL3>5#8X7A)NbLqu%>(*GbY>)x#cJz6DX>O{_kO;bYt1p^c#(GQYs@D?{}KPR
zW5K|&xiofps>V}_vJLa|sl*h->x7W^YQ3mSPAXV1e~Kb(&+st=9?V6h#lvF!G7jcm
zijrQZGMVo)E~jJ~5ai`wx`6PeNV~BsTfIg7Dpb8yUiZ7&gK!7q?$55oLPg^rXKw_b
z%63vZYdIVJU!{tc`lY%E=Te!hX5r|I4;}EeSW=-A3Me>jf(DL<EzCn~eRG60y?XKX
za93_Jc5Zzq8xp^m!AQ&GIz{{%wo5`S4YI|+oh>*Xbdl8V${*U#=`#Zn%Yikm8Oj+~
zBw`HF@eJV19nynYsNu|md;4vdfeV0pIZwf7QCGBaW>J4!LC^j$L6WHqX2G5{ljs|h
z^k$)*gDy~nBYhx}6|7pN7gA<0>L6!HywKDVVva*hizR1qi4O$7T4#fM)NGa|XKCMK
z?3sZpb|rzDfQ%{OdO-%vTI5sZ>hs~*N2wCC+~6r3?}J&(H!UUR^zRY$AD#}-rRCqp
z=0^mctdxL8fq-ex!--SYwXum)Dr};OEAlKcH>TyAMdfiq(^EXmG{{inin7MAbSw5_
z8Fz6=^~5}+<*PJVT62!7_bLvi<uAiIB!ttO-d9fJL@Kyt8~X3z$X$sMComE!I&YFe
z7X*ok2KsNLb`aoBKI#T#87=;eftbqVT7I;yT5!;Y@sxc#q%)R`BL3upjvgiyE|Qe#
zj3j5ImNgjc1+!fT{sU~lej42WO;>vVH(g=<KZ;;wD#;ns`puC4OV^)&=#qrZNO^?m
zMU7CaCXz93TSV`bAw@LFBZ}A{3~YIKd4<Xjswfp>Y(HY`8Tp4U#c{B2y57F&lFBCz
zdy&(H6xi^1h=GOBQaC2!ff6LWL$OAuv3s$Vtu*(z87s6!rXCR#rr4L>V(81{w~42(
zt`5j_?Rx9OdADVO<OqeWn}R9Ighs#PbXn@s7$&U-U3L$+)R_%aZsTS(M~S*KT9pb*
zBf7t{jLQnWjREe>6{G(<6H}ZVV@fPTNP#DSzg^+m>c=DMvJ}h%7;W?C2^)b_E+>i(
z=E1(bc2FXa9cut_R{@pu9#+n{eS~>LjnJ&tm;Xo8M_dWLDZgM|m-w0?mh~}6K`W-?
zosK9d{B=7IcI10pAY@fjojd_eYZWlwb7P(#-BFRdj3F%T@TWW3bdHwI^k$~qm#nE#
zq^G)>+N3@{{H8u#BfQQ<2~Iu8S^Ez{qS9_kk)%Q6h_5fKJ@9v+`x7zgw+L{qx7IA{
z8s^Q8gff^2T)y1hsX)%4u3_g@aIVk^t^ik56vQI6K0G*Ami3*30=~2)bHHT@c-*U<
zc+%k`%oS>cR`reCKlrb3rLHG)2f1DP+$dPy-{5>~7_OXUuCIgV+G5>~5WmfI_iZMR
ze5m$59vrzZ*3Fd^?uHZsv-bQOxv87UTn2rfbD%3AQ;>PM&3}6G=081oQ&C1BMKjWs
zWpl<YBsu=oOtT2BJs(>FdyrcoZH>NNnZc%GkozCMYIh{<;TFffT87)rysEm9fNx-p
z9F3GU;b}i(?8*P9H#23C2;`mKOQTAJM}<Y0o-7Q9mYGSsI|EJKuJnBgtc^t#T`tst
zE|J93c&%_6YDbVCrLz{&!+hGEa2K<9pOATTA|E=6<4t1_isjoJOUG_Bo=E%MRvm{M
zSai=@yyl&R7tyz8%!|)4RZe3p2q<NDqLSx)2+;!q7A^0UR;n6B>4%W-9V%wRH-2~!
zEpmc&Oo#Z{FnR1~M?>Ln{bS`0Tu@}yV%={m+pCDt*Z!<GUGH7_D$l_<2?*~RKw;8z
zB5yL*)<r_Y%lpwxlO#?D8EKb$Bi$J}NKYN98x_R4VGr>P2%Rgzc~>%WwSHI1X{UbA
zOTlMo#O^YC&%1&7HyAws6Ab)xq2s21?<D&Rp0WNewOU%;P44Lo?1Ft{^{vGLWAN$W
z{>%3n?1`lLM-(Sg-+^wJlsQYB)s{3A>l~C=^+^94rI!jR<9tW#jvUgR{XUr-{1TY9
zaO!Rlonrbq!f`Q5!^Z^EBKj~5f+DKLEd*n0mXSGEylwu;xYQh$hl`(MXU}g4FL3Cs
z5*z_#D-UZC<&sWniTn&6h5_t3GnsrwxPRfMi1DV(L$H={T6Cqz?m#}Kt<Kk2$u`5$
zO=n_c(D-O^pyQzMke=8&E{iFD2Yn02u<-2bbx#*t`IQ_Tc&taDfoxC_zG}3xSWoQ?
zt4ipSkrpUz%h)Ue#4^Qf`@bjE$%2q&_&HeoG*yjp`zQocl$$-MX3EY~6wsq;tUo)w
zeWIUyVVM9icsZ0=;8)%Inr?%Ia}cpFpraaeSk4A-<8~l07Q{V#+sancj}BdHEyeRj
zzpdXWSsLE5y<oo1(&nSW%X{c|i!hRGJ?DB|fZGbg4+WOjcEmU)1{}khcV2qsdBiK6
zRzCCJa{^;+MToK%$+h_3(DB*6PJ4VI{Qvyo-R|IVgIDZAa0#RXC&re~w$l)31vw=V
zws>2-Ux$ojo^rkczJH%3jJ!tP#Sju)JsnS<;$@Fw)NS{Sfhd$`UWp7`D+y4fayOZf
zvrh=Y7FK}5l^dJ}+t_^N86qMAa{;#00%45pE$=aMt0<ewo7*eDc@9PSI}1S;*J&X5
zc?bBlvJ=d_=1^4E5hGheQMZGea&9{~D#?@xaJ3^xCYNJ6w81^EBNE)k+V&&Uio%SO
zjUPZZVjSrkE=?5<pS|;V)$-!A4S;rVC$__bv{$LIs+I=nXvKopB&SKOh0ua_%UY)s
z3?7-cNGmqaDsulHUxJ%%KaCAEb?+5WYHIME(JthpplYsKqdm4Flo?!og>Mc<?q;3$
z9kW5S%iPICDS6lu)7v?=$lS{pt6a6(9`GbW!QHg;SVD4x3lhv=&!*DG*mjP3NZ)@f
zfEW`cPe(Vyo`PVx>)>oPoC9+w=K~Uy#6_2HDohjMEh%B;L!WX<kZ}!-2d)f^#^4fM
zLy?`ky<nBy(=tyhGS`$6nrkRr#Ghl~)9)P-f?%<R6k~Qy1HW%&lci4P%T+T=Gk6{S
z)~Dzn>Ho$CmIaAfAX()K8LDm8SfoGDljvyeYHFsS_RNcmuI+4b+l{e<mM#HqaLMdV
zo(JBp6D6m$!j|<t*jGL>c20dK+Tt~A$b*iXUS&=j-K)ekUi&dnenJSe%LxKElTvjJ
z^g^OJSxi4BYK7J{zSz3!Sp_I0KBD@1+(!AqE&j~K;p_h97VYU}p|wo&UPggJaPv`=
z^s=0)*g7YKb*cI*A#d|1UfZ^#W3zSB-`0|J_oUcG_w~?~=THRRazOVr80+%gKHbaR
z8}GdRZG&KQ+vkR;W$42#9Nada&S!v?I|@lfwI*e%R{m>3D0pvumuN8Ua1epIrZ;mM
zCU0QNX~=eZL)s&`H0r%uDB!Er1qRc2DumMd$IE*cev{w$Aj;YR9WrgAIQO5Q9fHgH
zJ~V9@2$%Atq}$#23MBQJRxpw9gGYL8EZ83wvKIh#TQiQd4K{=*sms~QNr{onzd4!v
ze`h3|b<_Lh;~8>i%x$MBvyu0lYCxU1KnydvxBwp7IGIV(F^bg3DzyUo7OY$g$13^C
zI&!D^=BaAar52>-K$&G|d1%9>!@(i|(=cdG+VXn88Z65*ZcaSu;S=?E<u*ZwSLdC;
z$9zNYUd8paS;?lA{e&lea*ocO`zjJnJeWRCTRzoRn|-IrLy)wY5k$dx-|Hq{0csF6
z>Djqzp-2&|l5!eBIKxkWx#<Gv_dN`pSvCF{69#mZJ-65arFC-;820s@+(RuV(>Ct)
z)xi-S0Cwp*?Q2Z~|H6QB{O35W=eU5f-MQs7Z^yM_J#U?PQ}P-|(-1kuI_*64cD|oR
z4gV^S^po#(E~l<72SIlC&VC{2Bs=(C7S|D|hj#j1qV$mhb%s1+rilgX(OibSBj3La
zaAbco;Cok^EQ6+=JskDTKos;D^*004|1fZtE}_09QqR|>y@>H^*Crcc$Ap=G6Crhb
z|9hm58n-2ey=Z??Ir;v3HyxfrkOXa=eEIiWd)OZZs{l*o7X%pmBR7#>b)7&Bh<ZPF
znItN`&!IlCHajFfhb&S(aT@Wbj<QH#T4Cr-?90j%dbHg)NSd2<a{IU6`Vh}nYREJu
z`JpCZ9r|Hj{-N>t@F}}s5&ow#NXO3BMe20gB9#oH15TNx3o?q#q7$g@oTbr4#+v$J
zWw8akML(zqsDQ*`6~A4M4Xs=KAD3hKcDZghLf{ApY=%`hkU`x_)7SRtiK0L4bBsL!
z-)RHaY(J>J!qG&r)KU;Rx$RAkJS$6#C2u{32cn0IX)JxQve#j)w%05a0gX|MeA89S
zykt*<svA>ZJdFnx{SUQZ>?DsQ{W`5<q~I}v@GS1--HAr*40Ag%Hn>R#ttp$zg=q3~
zN|L=fe6P_f-&j0fVEN2g;Et+^;ZZWd5;U=*lt8A&v{-YoA}p+bhr<XN);N~#;qJOT
z5MUH%PQ{*wUqQZ!3o8N%5seR-zIalQ%emxwE&*WYy^dCQ2R>F)xlLAVkbB<WX~usd
zVIUqf3Hv|Yla7!^N9{@C2-qWxLTF{c5hH`=#|HM9fv0>CV_>_3b?Bn_hZ?->&|*YX
z=9=FLZ>)JinL<#+1wxd{gZXRX8p}tRs9MnPn-+M!DOZ6m_#WRPxh`Lwr6Sz}CW3kB
z52bOQR883~mXF!{@PD(n*FtPb>>ORu2QdI7`Kf!JKeGV9{~z!*-{A55@gxbCV}rlJ
zBc3}T@vIhI(E2O?(&X96vSNeS+xS*s<2#hc2H-&%a{R}?aA_opKw9hZVZDCeC_d{2
z4#Q9L0z{(j{A&PgD{t{Z?O16zlgyLb(#Z7(1;XIz&N=>zIT~f4Hw_`pSo1RZ^}jqL
zC!f`@GiS)LGs%##Gie(iF*9#YkmTUF1Wd*C1eC>11*$Fc>m5drEdZI6<mEDzVy4)c
z=1znEPV=~wBT3<Mm?d`<{j&aWWtVJQDdd_OJF_9u8(Mo8n+_p+xKx~^Zb0+C8SV8v
z!m+1le43!JYywiZZ@y<Rcu=dg3<-CK%7vCP(<W|wIWe-K`$o!{@y7RlnytRZMoIZ@
zY0{w@O_hTtEsxmgH<c`G`LZl*(xfbGS{4_KY<rHx83<0k6H(vXM@@WlKWK8mL^==6
zraZ2Ysu?-K!Zx=Y@h|sQMc9&Q117y(1t8og8Zjl?u!{Qsfy(j?)zmb=8;S?#+|t8@
zU1F+Ag7WW54b73G4AY*4${p7(lLaqspChQiLKO}J_Z_Yk^Ggy9`P+`iludg9Y%IGe
z4u>4!JHN=_z!NU2I$tUX87Fq8nVFO;G#rpcY}Smoa0$(;pkwVX&xwI&HS>`2@P73V
zKx6P}(!yD5%yHw4Cmg9H3LGg46dY-?rY9_^qdUb&GnYUd=rvY2Sqka$&8kYB6>*s6
zPTc4KkaERH0eO6y%<ccosD#KD@+Cp7lzy$L62|prQE<6|s-zgXS4IYotLujUVj?#l
zn@sMBQ>_h1spmE3<&Yi@n}i@E2RZ+<lG@ztIL!U`{myF57_5WTz1Wh|HkPHVh&f!h
zmou{Lih#czL1@eIivRsIXz^<6s#gBEw>F|%sFStct3PXt?+$m!bI_fswcZ5Zy*4+z
z{MQiCR?ODkweJGY?`D_UTc58x-D4cyU#Z~79e#EnJlrjE23H+;d^DFoSb50a8D76^
zthRKHwH7yVO^uVfFc7?IhQO__(nZ^(tspliikGwqmf1spKm4A0jyah_BcpZP189Lb
z4L<9)r$cxGueq;Z`1+G^L)t|KxFYEn9h0np5_cLc)8WB08MyfFR&|O-zW`?*4c%zZ
z%C3v%n3@<d;8CmtO!zlEnVQwfMm-_JhE;rBUF0`EgcMi0zFvIdGD+thqe-upF=)U4
z9lGw&`fK0rN|3Ba?vkrXaV5ToRUKC!^L!?{B-l0YX6`}-j}hTkWoX|Wz{?XSwOj!@
z{agi5++nyEaS48*^7dv}G(qA)=3&6^ixcuTJx`PF1${-)k!`y``jBT~qn#sJ2xs&7
zL{&<Fg}&U_lUwuu7LsrBlk3XLE0CiIS&k?nwcdAo>fzpXZE(*!U2(zP4HyTlpkxAZ
zm?0v?Wgd57wh%gcm`yNx{X97}w0Nbfe4+&r7zv7t0MFy!xB=r8%`B*9B?Bi12ZVO3
z>`iI~_BV0gLKESJ$@XH7z=+FZJeje$h1(V2AGNvaZwDMhl;ZCe-9-EJ=)X?h{f7J<
zC4bm(JJPVC%l2x#GyD1JuK&WeWU+!XBU7AAvwIT7dme85Oqb^QXTaSy5B|y3{(87X
zhIn|Mndm`ML`$qJ@4o1GoMc=n?mW_V_{iZ!MMQf(V$$X6;)NI5i<y<C^X8on`gT9_
zQ6`pSvtHqApzX>3`0tt#K7{<!l9t=4OdmvhK;Ouo?ekuM=xoIP9YkY6Jz*i*!YqK;
zj);<yFdSy+7GPL3>I);Hp<kkdXyQWt185BOcOf*NM()qn?lE<gY!n&a1*;tq=(b|n
zsz9k~z+ebJyyJ^SLpOhR>a>Q^OZU%7u+-l)_{DcG4m$83yPx8W?J`#crC{X@c790S
zI%!J1i0Z0VYR>t~?t4@BX}_T6@Rc0KbT*2**vglo&SZVsq}ULG*bppNcml2QtNbTO
zawqaN*`oE*#mn{X)XnailO_z84{xZJd5~6NJDh%Q970*$8KGJ6A+Ex9j>@eZf-WBh
zsMfqFm@z-kI~b=U=%*w6>^b~yW*em}!J5zCnokpu9v#Fc470dk%@=IVrvpeQF@VK}
zqlZ;)O0xhTmjm51Q~s;v097+z2zrwkfNav|K_t_OEQSyymOL`3*Wo+ET2~7mi4PS?
z7a!H*0i17HU<ilJi;k^LP7v?_BDOR<gw3M)aBw11UpI66(_eh89JBJ3jiyLr#q32Z
zC+|WvLd_eJX|BSm;k~qL=8;OQoUb$3T#ZfhvnI*R6D?oWmd_w9F*0e(7{$8Upy9O@
zyhv-sDsk+2rpTt*ZAE$Ua2ybQOdhlGyk`Sj?kek{AE{H4J~L+F)ip~XYH4cHL=cEE
zGjMZv%!gJdq*ueeyoF~%zephs*TkU&Q=unEFT6pF(R9g6;NPVjy-o^BgTC<^G1TWu
z>+x`T3S2x0y!vvk-LW%dL#-1Y>N1nv3o*+ZyK$2}25e?=lmA{s+InZE($p^c+zgqI
zWB7T;f9>=2y;vL=1QqE2zeDnS#W)Z!5aB<?_woPPFZq8r@_(;6|EKEzG;;U7`SSl+
WfvzA80RKk><ogW#E(tmRx%*%Fqd!3a

literal 14404
zcmZ|018^@r+y&f!Z5y|?ZQH%IZQHult!>-3ZQFKlZMR>aci#Cp-|kK_*<j8lzmt<>
z69s7yP*flwAV{Eu06UEleA$y4XdoaOVIUxkpSMPiCI-$XDi$IprWUpq&K7pIbe2wb
zwp&`~wi_JiUp>9uAbUCluDjCnUJ;kDJQl~mh0JSYSzi+20m<eWD3Xh@%G&ZRy*v}$
zz1<5uW4?de)$5NMEvg0~6;K%^@v<k};1LkU5d6MzjH>*w?WlydJ%=@wtc>oh86>pc
z2xDGEf{5yUzQprIca#j4&A`1rKfk(kD~F0u8~XmBZ-%e%cOe>KNm8pU`lW%YeqlfP
zF;l&XSDYWG-;E*!6}Rb1$x{~$H}g9;N~6~Ir3m35=JzFy)nBDr{eq4V#Jv5JK6_eb
zPD366&LVj)_SM%EGt7t(d5X?UY+I=Iw$A$2@2)w_mhq~`l*v%gb#fBy%98U)J};N>
z+c0Q2GMPoB-66j4`&n+5f*1)lmxh6pLlMPfzT3@1Z%12hTFaWuhkFP#27mba)`{xS
z*fL^gCsX`n?&@l0Jlw3K<AMWm6S8<n-P{zdL8)(;3UX0K422EZs0b_}u8s$?H25tF
z8X5T%i&)d|^HuL@+@gMdY+5%gkxkZQyV=P@Nn-`Zya}-_ksOPWnFF#_)s=5Flq>yn
z_8Ji)Qk^3U+8+CkGu6}#BQ9N320J0K<QPLB4=dHWJX7UBtR#?|27TQzH#&&aM`FN{
zt(`_!MXj~Gh|d8mWL0DMDFBS##(v)oeH<8|Dv)~Au1~aIAb=U04S4`weyivAh2RW8
z!6Kz%M9j>c)&=VL1y`0M4O4)83B`QVc4SHw#0pZAJKqp3H8WG@jOiVbl?90~{KrR_
zA`^}mk>L?#bW}caDIS8?jxPXbE(IB#Io&O_HAsR4!nv8sYzJ_bsH|fS>i15B9v8z1
z+XJNqK?QqzLWpFvLyaeNwGV<!)`Ano`;o09H623#cM(mH<`i?mOMu<CRq#)GDxcs8
z9KFPpF(P6lQv`I5!vG>d?<j}pV8E0!q#GlZQ<a_^!dMf!qa^^2@aDCcDZ4ajjc0UC
zMg#ep)EeFa`U&oU0UW;!^n!XHkqX#BgexcN*g92a_4AXiqs8r7aCnmOFKHv8?`&Pi
zyVzMooFYa<vcX_rThcGDBp}ObkC=5onNbdur)v@OG&jV#2I4-KK_Qi!ddoSq9491x
zw@&zX1g#=Pj`t;e4Bd0;ngsA`n&ot3W%%YIhREqnKy*`kqA&LG%s8>S2huCp@7}f1
zP8!uJK}IK!Wf%Or-I7s-L)JhnXIn$LX^fKw1P*k%b7fz!CTJ+LW@>OF$=GZhPO%rZ
zs=MBn2z>krDj3vWr4l-t;7p<+M~JHS`M*l@mQMu_P=uUubQw@=NXe2D!<xZu5rm0_
zh|HA=qQM<Z(v6DJ#7IwfXs&SQZGwKYRAFi_e`Ctl42}g)o46=Z#=j@OMxp4JZ-B9n
zhIoWR1RRBj3-&UE5}DLoe{~STG@#aAA-Hfvk_OvW1^iQ!0xO9xG;gEeNCub?9WKD!
z2xNu2(NPgZavXJ!JNITHr}pii5~3@c6MMeU1rz-<LrK9nb0x?R%W9^UvUYnTF(~O+
z@z5g78@g7<w!xDq4rj_+M)+HzVoa1%uf$G#48gN*axy3~e|?qMx#xs;s`YC^H+hU#
zJayyzlK1TL^4foo>)f@be*c0QF14EL6GL-|K9*cr48ofP7+W_cghOCL87wvqJd5L<
zLDw;`LSffPEawih<rkQ-8yXm?L?WU=H53%hk~&RQnH%oj_c%!ECKkh?12>p4w@b{E
z+!DZ*>r)zg+hna3-s?-Y`&UM@ig<2m1D|^Lf{BL~?H3p3Y_e)lH2ks-@j6zxD_>>_
z7rz}Zx80>PlBLLL_rLnAd)4R8BaX7`&sLCmG-I>XWNc{7FeH;GS|LRb1@Oiej|YKi
zY(FOV#gIFySk;a_Uh%ci^0wNK0cGSouKOF17L&ZfsM%W6E%TxA)qigE%F6KLXlLSp
z=b^GjIe--h=(Ks9wuWkoS_~TNL#4Z&T5?m9t$X;~j=@ly`m0FWYJI?IBJNb&`;y~b
zGM)6G49+V*azz=WA)6Xh22d}{cyJzz7ipCydF9eQPnyVE@E@13OMBSKnhgOLtn@e)
zGP3J2EQdqw<GS7CX7$hUb`5Bk3AT6Kp}?GoVzley(lZKS-#93`1lNPwC<--{*e8P%
zHG6R{gcN-AjrKpXvD6D<pw`kKYk`z5GbYRvhy1oOS?@VDl0O~R3ay_41<3|$HLUuH
z5$ng&z52P8p81n}TKB#i`KoPkHL-ACD1FP3OITjql6KQF6E$2>Wb^#<(>?k(5ouLS
z|7)>1^Y2#I`kKi8M_gTYXpBr7Vbtp7Y{%u)VKOK}b`d5~(H!|;<r$OKYVWvY`SL`W
zz&w|{DQ<kt1)<-nY)rfeP55ZO@5hb!p4WxnAL@Cb=nv46J4H$3jw-JAc^qnfAbF{e
ztFxHaHYsjEdT1#yA$GKMIhLGhvvLXCXXXn4K#I=Z+wF_yQ~OG27rcT`;xBPR1T?J|
zXtW6hi;B+=D>(P-W!ThYpSV6bFsa<O(cnT0yy98^JB376cI)l;sMM5loz+{aWD#ZU
z;8IaqtA*t*zw_my1j6#ds<@XBxVK!Sz;+P6%$nR&^0LFLK^Ibnc;5ptANzALxD{w?
z3VyOOyVY6*yZKt6`UDj6!cp3J!}sB;4|}aDZSqezt@q!=%U@V0y>u$;t+e=CzR8EG
z8q-9hsbn%rxUkWntot&9ddi_9&Xi5zn<jrVn*JS#ReDwepH0=tE1u0A4M)AdEaS22
zBHtEo-AWRNa7)V2@JeEUaqzVdhJ6g%JRdIGn4v314<-(TaPi{wg_sf%Wm14~u=k;X
z8ILFcBkwU*hl4WXmh99f<*?b9WY*_u=6e|1i<%r1`?kv#SBGl$zK6iI_pF49%5N2A
zH;yavc5TQE8C);JdBpz8GJe*dhtW!t-&ZFcv=P)!$)n0n`IUM=p|mh|y|VGVKD2M)
ziFW+_Kqlie<bKvJW94)7R35idwWG?p(M@DKj6Z?-VSKAfeuavoc9GoeJmP5XI0CM*
z<X}UZ;^RZ<CRyj!l${Z_CcxNS*z3UzwsxIfajufu(<C7Y03HHL#Z4)U68^HJW$w_F
zR0H3OF{w#2!=QlE$>BjfFc`(c3rMaOZdUT$qLrt~DlMyf=qC_9p~TB}wl!s?rS8mg
zWRN?I-Q93LXl|1d4!*Yu2v32!n4Zs^bb};*&fsOTXOGP28~v>6m!PW^L?t}m?lPa3
zse5}lC8#)L1&)W<0F4(?WhqHExw^a45t3w1x?UksDZ1K#)cj?OqN!LIJL~*@G##8!
z9Dba9WzKlu;I8qeP=Zv-vrblO95DaHPer*)*LUP_Z{G)}s6Ao}P8ZVxMVFTAhDA4(
z3FwS=myxGE#mn&OTY*%~wnkBnH;KF6mRg*Y>^~39HU^b*pc}ISrIv4jqAts{Cc8v!
zr5qFwo+opIVt~t1?)(#U=CU#H9E;&sv43mK4A$0VBQztliYi#~PXZ)%)sSKdFO-JY
zMlmcZ;h$685J<c38J5MlHBD39CA~K*_|TkI4ZRQN@{ko>C)QMty?oEz8I0>0mikdx
znipB}gn|c=sxQF?*MwgqwJ>_jtGUdS_3MU6iPFbkzi$YI|Hl~Do|S$hg$4*{lL;6I
z>1T{<V_;#cY+_??{WH@2pV955&z9>!bNtn3CF`}nyD9C4kBnB~R{{sh$d#OD(YI?y
zgVWsAk!)P-)E07CY$6`{Lc{U#W|nwrTN*~H+q%3XG=HH0GKrw%a!#3X6Dcx<G8%O7
z{$Jpi6aH@$A+K+2^%i&QE1#$*+W~uIZy(40YTOvvmCin+i;$6Hd?kE*t?kqu7`e!h
z?G<d=s=S<4cc!~v5^V_XJXmRjd|zI>ZQu27A~>}?>_J|BL%zH2bQa?Lwz1zYpN#Ob
z8?aCie(^B&W0@f>+4AAtt~5I^od%&Ss50azGYCES;wzBCk&rf~GU|{LRnm4WaCwZV
zjv=$N_j9kK4_!9~G0HFf>)EN@P?sQ9Lg&OYOp=#tq^+2IG7N-xLEQ)2B2~ywc+Y6A
zcKuqd6*F`j?&fmhdwNrIiOcV&2fZ0@=wEZs#R-7}2c=2!L{*Vg996w{Sx_ey*HIYx
z7XFvSEU6)*L#xAV(7Y^+fk0_r>M#Q{1RjX_Jze`z<|!@P&c;>>D(?U*{<Llz4~0v+
z5y;Q*xC3xPHX9+d;1<l!%k6u92$Y3>&B5cH+0QDYEh2IOwx=v^bH`IJBh8N`tZ-_D
z%lH|Lr(jC#pwW2c1v|~Sq@_nBSVU}|RlgX!Qd##<4H{@7=CC(10qj&PGF3tAkWmaq
zm=y6<qMfH0Q&p#0{H+~+o)2X@FQG%=vAZf+$wR$@r&yRs#RI>itz706T;8B)Gyy$B
z{DQUJ_Mo_fR(Fwh_TD{bMT+s>d%kmQLS8)#F_1cEM9S#D5@LoCNPbv=px=IGZ_%8X
z1`e}<N={;l??UuWcq#9gN}Q`D7|(q``-X8ANZTYtGtiK>bx?A3SSg{<osDC>|NKF=
zr6=*M=HzLq$~8Qy7>I}_8n}se;+{CvJTI!4NvG4){4CA`+<U~v<x`G_49Q>S`Br19
zu3w69IM`bZ?2*wBo?>Eqt(s-I*5{){8fK0_wM4GlIo^gCaS%p62MRtDu<%n>)8FJ?
z5bqoOlvTAl@Xg=Fl~!JD!qc|!AtUvqIWas^5+$A!BgGWm$EV)ao3LbOWL_^p1FZtH
zS;gyO>lz3&XONVK8FN;4UbA_d42RqLh3=W<%!L|T3S0wAZNJUGeQV`=2#Wipiv{I~
zTezyQ*RY8dik+9kMJnQoO5VU85cR(=cdvKvAA?dlOk1chG3`f3M((+H#ZSAi+V%lN
z=gqBAyCe(-T-}4k2z45Q<iGNO`7m*;u!K<fd4rI>Ew3r83Ipq5Pq@lkgBE{>1wAV=
zZ(b(0E@kw{)O`~$1Ks-mzF#pEr0x?n({BusT?jf|`(;kMacb_<u`s(nm2LAp<yx|~
z0wzV2*Yq%ZX_xj(5$TVMMww?6(<Ao3e?_8RQKmEh9@5uqO|&#CN{p&@>bcfycTQKk
zbd6?vlk+{JSj*HzK}8?gCKfl8)#zz0pPWx$(RtpR-g>nP?5w&3drIKic^6pL@irPm
z!vEP+OLkEaQIxl+6mKWDduq(Nb}ZmGu4_(MHaDu4>@0#0`0AZEId5LVt~ak)P?xtf
zkv*1&=9X@|rg?7shv(h1Wz7PvJ$;THGSEhgIjXwIMbopviVb4xNkFCR@_*5|jxTQf
z{z0=|rzzX8)tmlj!^d8m?d)+|;2i7Hpkt1`J@8Mt(`luZr4pjx@2)MTN7tn#>4+!$
z7K4p}?q!zB;$<dUt#hrw?&YhNjwsWLCF|z8e9w;a^mSAb1!cP$nJ!+J$N79VTUgo#
z3-higM0cwV;i?tZT5#Wr9jo2utw2fz*{-hth4b`NIch&}xL7WuSx?V2cdY#nn5qEI
zK3=(LIu%B#!XWwCKXv(TrC1XV8UAkxr)UN(3K{{u(Yj%UIb@(u;T%&;-patIG%fH~
zs{hty2KXRr)SkfOSbiNDTE!@VO5ND))bj#TGH+Yh^MbtXer-283|Y=*h${rUmL~+T
zxbR=br8DzlxM}HY7yFJawvH$<`CJlYD&N7G(<|$s&)CI?w_u*N>x#x4?^+BE^@)Lk
zG@nkj1fthY`t!u#TJnV)9Ix;{&iyb2`D7?o_Bq&@`A|3}WY(n_47BU)UV*A8?t{ZX
z#lfmMB5Yz9JeaQwmS-RXldJ|t4k)S?dRswJtZB9BsAw{)>OD}@V=RB6*e7IK%WV4_
zDX!K*tbpbY1pa#DEm<@-0X%^I{p0Q0X-?1jQkY@gJKiU&obPUjVqY=tw^USS*gJlc
zRhKO0lxbBl?Wc7?DHhcVeA1uA)l6SHV{crp-3kb;m%gLq3fXSt_UV;(lx=Nlg{o+*
zvF)$=UkI&DzCS{40gqyvl4h^96{PWd!u%f`&*B3g=sE2KZofJX3rmB^qt}%00%rQ9
zHi|91Z9mmzMTWhXELkO)C>V-u%}!8~ar!_Iw+R_;L6TS*lvCsUDFRn}wMHw50zNDw
zxU$hi5LhK)h}n!c$`#H3W;gra>{pflWk;4-Rbbh(O@ne<l1)XofrlMv)YO4vhgBc9
z1c@Q51UA3Cs@<{JP``$^uZD8NU^hs5T9R$;AVX12$Pa*WTe0hxVwy7O?_xr^DuY07
zH1Dxn|1?;bPme-pfQHdbUjr=GSp3^Eu$#TY^5iRB)&eHVoBgTA=jC7t3d!GnL0&li
z5~ZUo;skT_%zHl(3;8xytJVlITIbFkB>Rl%nh2`Uta!zUn|SctwM?;A{hvd!>P0>-
zC|5OOK}&_D`u(4e8MW~;PO0{mj}pzzbEUPdf)lP8T($#=c`ko387>4t;@jV7@#5Pf
z^Zo#OLm(DDmZFCDO)L8af{&tx(=XIzBdN}Dq8@ST;}wcRaM_d59pC|hbDO|o+(Gqg
z18Mb!%l2G0Ic9J$UNHMrBm^_!WKOPsgB(q-2cNHSan`x^{)LN2aDb9U*GBZ3`~S_u
zX&|UW-{E}Gr5Jy<mbjl_E+FTe4btKE!Y?Wy++IznG(UiHz1*$hUV!ZSLi&bBMrt-I
zJBPSG<i{wi3Zz7by&46TJ#X+3K0Cw;sBJk(h}FOF>Qz4t#gR0|QFfod-Qd1R_!9X2
zkE`9Se`D<zYpZPIALMrdimtk|*5A)08Jd0I-K}{SV%;&pP>%sf3@)T>8$OcTG8bc#
zTM3b6rwIz8)0h*s^pZ@fTug=B^g-?S@KLF~W+O#k^sTHu*3!_%A+6P{p0h6T`FFfZ
z9>pGE1O8VT&{=i0T9MPDe^3Th@qOZXl{lbHWw`*DOTvw4R0Vl!u1saF{zCqF@?z8Y
ztKItXm!BR@BY!8BwpY}QrAf$)<@ER4*16l)o%EH#?9Yi&Nzeg$F0GTYn7(~3h6jyL
z4Q6)RzV2TaYb&P%v}-$%HUt!BLWyAQyI(MUqby+s0MprC*jm}@4<0xngs#+fXDb5F
zCz(zCn+vQpYY7n%Q~#UmU3Fn={DK(z&biSJalugXTpxt3T|_QGx?KFbGa{V%J#*yo
zF3I-o5WA;EWY$1M7d-*)96=H}=u9}vB5{h@-Sfg-1oX#i%UnmPmTth6q3ASMgw;Zw
z1=z$@lctVD6fVmfp1S!tTT{2eGt0oD!_4V<v27zIph(qlncp9)n|%vMhTdsf>qezk
zOS5*+USq*{fG}YxyB_M06{%q3(iQvRKA0VNQR0_!FLXmy_8`<OZA9E56t<5pzfafN
zSlirrqvMq`c9rflZNU~hksM6ni^vg>sDk_>_qCqKy&j+78i6+^W3YVYT&Tr4dphVa
z%eMbc+{#f(^^@twXy=;uh4INjBI`5_q_yHog4h}j<9JY#0{j`CL!yq(tD4$XPXQxn
z6!tADhX8)(Ebd$ffGfBT*1{IzZ|JpfFf|;LYgpB1s1A`-W5(;u>Q^_s&;mkF>>Q;w
zsQ67Vyw>f06vD!NiXBA+fP=ESXBMh0nv>Z0t0ZbZKAHW_+w*;R1QV3*vOjTcdb}HG
z`M`k`OHBGggQ+}IUn-N4cK8FX(X?+7ZT>wsdd$XA;C34PfH(jJpZ#m8Za_=3Bf$}n
zsAWh6zCgjaMABCG`d;aYvpJa}&P3TPyAGwDsym!;v**7}YRMfL4!UrQNfg3wZ*39?
zfr=3!^||GwEn@0X%L_q<j*n-&Axw$$)VHo`(gjuBW?z^TNy4y!@*v23Et?nOn|LUW
z3o~`0E>KtzaLM-in?_)rr>vI8)L2cwQhwyhin%d$YPwO1qPLTkO_=Pj+#&9sfx3E5
z`k+g5J(8Zgw3*cO>>w^6P{!5?+jCP;egx#ACwEAL(>;=G=YekXQ3RM_H}lrn`)spy
zdbUo6z0=+{Gj`fd{Pq%~TXG=zCHpoQ{>8r+tNDx{bzEeMmsqh!JAZ632l2qrX3O)L
z-<^+#X`m~Q6S{WsgvH5QPI&Anb{#537%k`ADStOH`vb`<8|RLiP28HBWp@-#7r!fb
z#5n^)@Ws*5bfbIFW__{;O4QK@B5P?5%pZHM*O~WD;07B4z;im!6lL>7m3-DfD3B^S
zROm3s=KovbFCDu_8d5_jL$@$3;Ho#WU9&-_{r8--ozD$Ju6jQ>*C#@weBa@x_C|h-
z->rC2u_%n~W9P#vdLcg)j3Fr$4QKnnlZHUV$Nt+#zb_YNKv@Kjzamj#kGuu(j82Bw
zyCEzE%=>P^bf!Ajkp2VnZ>AwbWwL=I!my|OKk<toyM(E!FHM)Qe<9wRUu*qH<~hTU
z_(XQ%b{FN<+Q4vXG|etr7ZBB|h76<nHKA<-l1JUpk#5)ZD5f}ajFD2a!+Z0geTpDu
z>~17vVV{Nkr1HC#f>=_zlW^uC<pUh*N|jG#W48%ff(ZD`q|$SxL%i(nBUv1XtOc+`
z*^mCXGw;B9+eha^$;xbmyx$fjr3w62rcM>mrkMd%sDtwc3Ikkh!r|oJ_ZXEB{Y>Tj
z+(U0nX0K*aT>^m)81V%ATD%)^CTnOE)s`@o4DOBA7dd6j*t5UwP5-b34j8u`%08fl
zkw5LY(@n-3Kd~F+F`=dP4k!YJ7xOw`<Lo0nQ<v1aaY@b5WdQtwU6f(<JEF3`;Va5-
zcy;r)EQOEqN*6gaIT?<KasEnmN|_1lE5s9MkE0{A$C&PJA-OR^fj~{!V`mBp!Hg9V
z<f-V^LKQ#9e82VNh7KlufBD&qhNg}wdgJOG10U5$m<pHvQne|4mB`Ax-s*82M%A}U
zX#P7*fjWQ=#ju^MrEQ0XE>3%io=p3!=b`UeS2kA&hw~|<Dkwij5B!Gb?dRgsBwpRO
zQ?cv+;q~eVe}>?A0tpbn_2l6VpFc^R+Oxg_{mx`G0O|sPNy22ZX_+h*6M=4D^?d!Z
zK9IG-I$p4*Z>$y~6K+<QSVqquj7_nAWY-Oq!~2k=ybnUvWYFvd7kP2z%7vnEFdQCR
zGiCy2N&BUPO=@9|RJLo(a0gBvTMq1aSDC~S7<gO)<fo5W&0^#q1IPxVl&3<BnUFE@
zDU@5BoRF@4DU@_#Z<VU2L>YrQgN06lML(jc<9HP&3?3w)G_0qovzD7wWTH4g;g*!!
zf^2^Tnit9x$<Maers3vfcAzjT%1kg$pLq5YD<tIMk;S@XALMkW*T?%?Sels~r(AY^
zDsp(Rdv%OM63b0H#^c{V3ou@Vz+iC#?Lfcr@O%Xd;o&nK>%ix)Gd%g7EGen6Elxi|
zB2T-otQei~Ny*D}j3d&ePeS)`82G{);+Mt!F%4@cuQX=iZ0rLf&jg~H);Lv3P4#-D
zu3T-c?w>X5T-NDb-YHV95v|c&{h+MI8AXvn<%8{z9ax$;G+e<vL%`1WCzxVNSxgvH
zKMkag)J9S{o@anli#?-~G`s5Cj8OVEblO156P}G5uLGF*qt?d7cDC(A7%tgXtzTnL
za=T1wS1SG*XOt3x`RPQYnAGZkV=W~Ap_$>>Nu@U*?1?R?fgOX>yU!i8=OT3tcI=e6
zC>zh|WZV6sEe_-Fs{FQo|2Tc?K*DGixffb=IJkI7%xVE26|-5aT?f|3?jEv7oX!^s
z<8eKr_y^@8hDoqwfT_;6_AX@s6DQWln(>Ex{kp?;StV6lno`Z;Ubu^UiS|4Lt4pyT
z(TBEiNW{M{ZHB(79GedEtvEs>h6Zj@*)fe=+u$(H6FfAW?j0hB#*eQ(hv~8N$L$D{
zt1f*Dvq2~#*MIMFmtC<L$}Gyu4G6+R4?}L0-iltPOE`Bn2uXiE_luxn>dFcpu+aP%
z>>wY_=E)-y@lRB#J4eFPohfMuJw_1xF8@>>$6oVr;Bb=pB&b?wp{m4#M>7k=nOJ|K
z8S3n2`;TP)>jt8jN6#mEC4K4qtxUoQkzl=MM67d|S=rG?tJB(-%2PtHj+2g8uyCj~
z$^uK{-8+v~lSTNo1tsLq@vO_?ZY*ty)arBym_CyeC+_Vc6@`yc_XPhmzQ%E4wN7NW
zPGs54tk^U47?=_nm=QeS!%D^&x)f|n!3cU;+Fsh;n}ZdIJ_qsUITu830T_Er_25b@
zevRYq&c#)hfE^FUR941G50wfOrAZf+i3DG|BuNflE9Vj=gzl6Hh>{`oDE*P5PLZkr
zPI9G7as{Kx(x$>Ar9!mP*Fcy%A4fIr60TuhAot3Y0Agmat1h8y@@9iSwc+Zq%(+Ia
z{Ksic=l$!l9d5L^5rq159=zMs=p3>SY|o3{r-9u2y2S1&_}Y`$N6l{1H<j?)cNCaW
zfBm+`hKI-s*Pr#u4}{?Mg!^{<%-6LRMPAY*dNB9n<R4r7Utem9A<%*yXekG%wUzko
z-7eBeL7r=PP{=NdFgSD#TG%@3DHRl6veSxH6{d6j1e}~tvuG4cW-Ezf;BXYG96I@e
zvh*qfQ{$70;gkhHpO@Spds{4ru{UL7gxqhSO;0)-*g6go#1cdyksT+PdzHZj3J`5Y
zc=V<nfY3<hd08xiVD+)Ge#NfgUdpv&xbCI~e_y8vDpfN1io|KMQUr}gx1>r~wPeNS
ztq5GT<Xuvs#b^XHY+OH>cPCp_V`0tAG)!qvA7PkZa1u8|?kq?kPgM74xnO?SEELT<
ziTt;NA~Zd@8gF8Fs@YKZYw_~kJYQBYJg120BV&I<wG6zz<*FGX-Og_qS(~VM&Q0Tl
zSVSZ>IbDoSfwyE#sfp`b0Bw&3;)6tl0)(0_9UA%JU)iH0#Xce53uR?FY>*=eg`*>A
zFw}z5JI7$)@H}OYHf4!KeEFml=^@cqL6x7NeImX_(S)c|>!Ifpa>gj>N<+%3HC<bF
z*I<eBT2!V;;At4=G+bWH6sdG{$c3x<wuFCD|B^qZF{MVF$<)X-Rx(<w{x{ZP&$RJw
z8Z4~f*o@I=UmMURos{J$Ck1);_wTaci}iC@R+W)rWa*c4Ps*}h`K$6U+_y~HJk%0M
zQ~?7wX@AY7c(BEKAXFvjf5w0CB+yG&)bI^_n&L|&=$lOOhH!yCw~?niGba5?@%>^P
z-v&FFx*)~hSQY=GPbYh}XoYh6eBQ0(IH4DzqW7a~*kycM_iU=DpRF%z3m5;>On$>w
z?Q&JA(OI%mdt6uPauwzKAMgKsv#<1j#We|AsX<$*a$2d(vzDWlR@IXwHK3F3X6O83
zZsG5cZtlNYeeH{v)eRc=lNKHlB~L>AgwxR0L|4x2No@=gEzBG$h(F5RXD#{{Arh9Q
zb%$4I!Y#h!7D<LZu|}wAVrE_>nq5DXH6FpG*X)!sf0;;7$?ivZ_Q@=aR<q2V{Oi$%
zkv|o1*xjCLJfoo1`ejk<?a0UR9cFHJvFKXtxS@5uOx6U@YVIrTKQ2yWkD=L1|F^HX
z^RXqJ=}?$AS{aA8*2J?Ttp0=qmvy7m2`9<3OtJkZkw^KI+j!d@LhSsh_B55&^X2!X
zEf4JTSXn_CaXd*8^fYxk9wf&Eh0kmB(FiZZZ$bGI!@MXtGNWzsT~oQ0JMc6*vDEAV
zH<}q9?)1N7v6-xPU`Mds&V&dnxOGmK$zwpxwrkSg;~p=$=bvI(t}Ul1F$@5{!fda_
z9HRLc_@eviCU=jg{>h?jdDPdD!%RAdi+g@vTG^{`D9@x&472mFPd!pIyDRsAgervh
zvY+SvdD(|={3DtqYcl0T{5VQ8C2qy-ePff-A)g~{uvJRaD@eJAHkR5$l_d3`nt)9V
z%Ft-hY?2104&d$1;aGV?18I-RW70}y<KCHXZYPgX&Dac89cGQ4wphxJUEvXUZT2xQ
zNHJhZQk2c0YUCgr%V(sc9mtX<-^K1&Ac#%Oe#5K^G>>ToViA6*i&;oX&`lL9#u&b9
zY!zD!ZebZ~dM|*jB3{oSp@djriy@?xTVEw+ew=J&hLmm!CA3h9lwL%{g4n>N`k>ib
z5;<E47o&!Hd3i>}GF2sH-YUzSX_SDNe)_=Y>>2*F@!k=hEAoaw<Zy1B!nJ0C<B(`-
z>%OcFh@RKRiB=?e?&pvK+^XzRggfz)YaLLqMk^jrWc)2C<%%cWrFca;a^0f<quQ{<
zHL-1TMHjb7+NG$%7S|w)zPnoD^r3!82vL}48=(#_esU&ETxJub(4YSJ+|5Ye5z<X}
zW&>V(p3q(Ra#qsV*A1GuD8o(@F>w)-R*iEJn-C*rtl9*sX#yrGZek-TmbeOzO9kGq
z5Hds+2A69VGqfZr7Bgf+2>b0q5<$#(*X!INkP2*L!wSjVqRkD{-zY7R>I&CSgA&x{
z?f2C0EVf#mm)dyb(18wjbtc4kX%k>LDvdZ7oBnt#$V6ES7W^wfkRsT)JAWvk%*4Rj
zNK3}I?SYnv)CcT@vh6fO)&1s^ug%>B4HuXHy+!zCA`$35G~0WH)PyQEdPKk4Pv1CB
zO#>e{zb{Zi-TZ1YUsRDpKL4VbkQerd5E^)~MXsf6!KRsMt2hfspji#*u5ktY4t1=H
zVN^-LTZJITkfDEUnLr-yZjoT-_zzEcw6Q~M3CH0UU2Tbgl@{F7B<;#{0B;s@ZHZDK
zuQZq!&4Niyf!{nQyG6wTny8UiyMVk|hJQ9Y2MJ9s5G;-;*UsjGNww@V0PjLvJ7G_v
z^Xu=u+wHR+-OKa9WEpdkB}U;5kfl;~KQZb$oBrPoz+K2F+C{<i?%2P&>D@JR`;r74
z23J*}E9YhKtN(De{)cln+7Rdm=dK*w)#C2-@gMI0aN3v9Om5M+mk8Kt!Cn7{v!8nl
z*}X(-fO{guO=zLVWB&xaq$*ksHR|&0C#ovgt<_}ZMh>d8;hej%6>srI?o+pv_ODxe
z8^Fj7>_*Pb=0+}V6J~%LY)}pCngX04(;DvjCl%ba^{>u?e-g>C*Ao4kmjQ0j56w$A
z)0>W$G@T37f80D-I~!!&PcT+8W21-Jyx=aChTZ3je{2u^*_knWo6UfSxk8N0tK*I=
zoA(1hRttrh>SD<ec!fBS#+!rVgr>gFqqX34f@MqRak|X&WKlJrzH8IHx&`>5sD<sJ
z=*Ix(QvNeQJyc<k9|P30d?*srV?*%yF+k~6P8C#tTZ{+A+{UU9-T%0lm*NZcFkh3G
zawJ4gf{BB48vG0VEio^p@$5D{e~4G-w5UgCR@!*!BXYxrtM$c)g#aXaTBQEsA9cPu
z2IC1+)}uCJ`d;JqMxu&oSBpi#UW%`+%!(f1V_pyE<3C>BNdNG%k3M`4K&~}F&-$S_
zK%W88^TSJ%UV1RWQ`bIvFsTj8m;d3V?;H;4OT>05Ak_qzp+{&lJm(u8U>#}{;XcnG
zGYsl66?DX_Lm*~nje;yZg_Gv5ZjU3bYkimj7)K><uVos;IjvA?{Qi}}4Kq5~9@>^}
zO<w;<qFunOF|~X;DOSMj>>4-X?P&z|5;^Hp1DQ*S?qd*I9Q#o&fPJ+42c_B|9lN;9
zAbl#(VliuMUm(gdvRx-tHV?c7yGcW!9<R@47vS@N$hG`_2I-XLFEv<!wOTA@lN`35
z**75XzPHt}Vy1m|99qgNFn0|Ux5Ev#l&GbHYHb6pkl=Bb+lIdX5-Z61kN8TnlgCM@
zz64?|l)aFc4+SqFZ7Br&q6vt<3~&ROSF_CpGma+&I)$n?z{FJ(4nDmRH2#n{H%Kwh
z8s%dV2V{dh#r;x*En{=&cux}!MRCJ_N5vlhg25lqTgi9qe9!$()O)}K($CgWr`y$P
zH-`mXrlV&Gj?@>h&1I%9wnnEW<D&lV>{Jpm#jy@}@D_R%#}8cpKxiq}M(P~@t7U$)
zjDvIsM@h_r6{^6~!JLI;ASxA8x_DdXV-RxOcG5okCtD9oq9H$>W|(_qfZ4vsLm?f`
z28nvyCM22bdDv(sif5ksnk+jcK1aShHy)R@adb0bWORFiu{FqEJ_)<o)`B5L{w8pn
z?XCPlzwys$4IwoiaLafWlk?3eU4^!QKk}bZ*i<0JMXoW(skKzBm0ALAypA{o>F9?{
zy2K~7Y*o-HL}J4z38<A(Loj2;=z-D2%m8%iAr^)lesHSPaFj<!<yxv0G(eXqF)pFL
z<Y_l_HoIHU*x0hUZq)IT`F8tU=PR!y_QZq>i3&dL;p~<+&j^V#rFpY*y0m>l2e3UB
zDNxF95bX)j)@i~@qTFQ!Q-AU32>RTWQdu6GUTT}*AI<dUhH=MgljEWNk^|^s2<#AT
zB-qwP?1HoU7>geO;C$>N!M#%nW&+?Lsrn7(^fThZ#%j><BgDAF|8~HVCnS#Z>OwLV
zt+S>Na~Fv%Sh7_8=g4Bq4DgsDlW5SoVII%*mpLoVHaho$_Vq*0vKR@n$o4<>n`<`R
zoH@+04BfD%SDTYiT|+Wz9;gT4iprZcoFs-L|B{Xkx85@Tm@G?MxJj<&|I`>&w0`51
zSu)p*Dz+g=Fa9T)>|adDmo^EgIf6n;U??B3Qn8@xv%7-sT&DT6lFr)MEaMKB{0;cJ
z^L3z2MgxK>mB&$+-oUS+NZ*<UwwluR%SQJj|I=jQ@54d_0v!Cy7@>jiPyR5Kp+$`&
z6fJB~l)ixl_R9(&av3PTbI}d=A1${J>>{jO1ZTImU&#MR7de6#(G_6bD2-xe8u9xI
z)WF`pNt~mNOw6^(&AG{~iF{{SqCBF+Rqt(?KG#VRp|oEV-!TBbdxspOraB<-!0g)<
z(l1Zi)<1^05T7wwPq-ZR1ybsNWNzU{=Ay+`at(7?LPQ+Yy}2Q~{7L;5LJ;P51+5kJ
z51Ezcd)gdf7{+PU5-2EMKiv?F2?}l(|G+Zm6pa@Iu9m|iVP2eIdBr*Q5YYi}y##_~
zm|oSxLOjp&S>|q7o3qYZ<yb3~;FwMC=7Yr{oCcd^=vfb9ai#qd-D=jnh1NoEPis(+
z+z_~A{|+L;R|9d$^2kgAvZPvdF}bSH3Hafi%U}F|6l&HYD^#7F$o7|W`A?ewWtH=W
zPXEa~9z#qpR~475nAZ;2*hD*QR0+szwmfuB8$CNeqi`l8{^)lGYRL<{upln6c>mGW
zh7FCw#-#J<h5c(1N3LTdK&><rCT1u$Vka#@E*e0UI=`gGi4xgRT2NuYyn<Zc@Y18V
z$48^A#+;FprZnV$F-&?-ZX%<7PY`>NM+jtuSK<=YHU=y=Zn*=Tha*`}A4ve&k-I63
z1CYMF5qfSjn9&f`I{ZXs=(V_14&sIU_eKH{->z)izLPDJ9<NvMrXD!6rioyhe9zM$
zvqqESnS&$8kYj3WnL{t?eu-n}c+a~$+Zc)?=Z$y)S6wd~moZG$rLu-<inMiFr|)f@
zR9&xQ`0W?gISifP)X&mwBV$h^-d%Y9>m|+c%CyU+#cdAqF~lt9&_}N7Y3s$s`jNgL
z)3`JQ@Z+#lY;O|@<TQXrNEn7FJcYlwPb8gPy&#k|TmsxMipbU^WEbp(I+x7_I5mw*
zC|ok;M#9{X<@Wp3Ye6!KvKmfF1|k#@w+cwfnm&~BzxGn9M5p6}FD}KbcB*GBRyPV~
zEpGKl%`YeS;E}1j_-zgE&nRD-D$>E#tDba>{Bc?h6q$wWU#A2TIRT2fv+L!ld%7To
zvLN;&@XgH)=7!`eWhFy9Q!VbZN^r7=`(9r{2m#q}3~lBho*}pxWLY=p#24F~-6x8~
zRUy><1V$xy)lW17tr}}cAq^R#cDL?>Q%#RrJpWqUW974aTk^E5&M|y0-sXbNY9We0
z(DaS7z!;gJR$z>bmjZG}`bJR$737+SM=c{Ohez2Eh?O2mq<cpTW6+!k^gU=sNVt}e
zYRg$tc1hj90O!dB`diolEi&MzX&lbw0X;kf=a0jktGH%f+qL|$OB%%GsmD!=TQ{aE
zTcHs^djz=9(qWrh*;~a>yZiYqL$aW58q*`UZQA&Gi{r&Iw=JRM_#HvMr~1D<C%CTX
zAo%2pxf&hup7}cX$$M&no_3ggJ>+T(v7T~KzL-E?O0n!r>nPu)Q?)2xn_q85|MgP7
zXuNilfPf>1UkRtG5Pju8jA+<IL#$K-4tTUgv`!;fJz`1aNIsAaWOi?C4U{;yAP*{<
z`k6>n*_t`j>Q*DjNAx6cs3RhPjRJSD8u;E4eonx~q2%JUBRQ~m`d2dGgn+}MMRpQm
zXB2pa?otz(HVFQe;rpiwlMV$dGN2ohF&4fwi>2fZm$fvj@t?D{5HLNzhZF=(?LX}a
zBV_jT0U^`nVA3%lS(M-vbCD`N3+Tu-%mPqgi&UNZDKa0~_~USznB}(uA}84htd1*U
zqSG9=*CV$SAtO1NQiOW@6kbW!qYnJ!zZ%tXM#k7k=1b^{=tz8_Cp7g)fR<*!=w+hE
z4|xiPB+z?uLK@sJDaMmkN!i)ax&CWQ|7odTJjVhvcd0Rw59I}B|MlZ~SJ0lz^nx>Q
zte#ICr)w|}iI*9+41-?_VzcvPqtxNaEe(*G{3}U6cIX0X19<=l_7)gSnEK$*2-sfl
zWnvot%`z#C*kHVd&1R&dFks4Rt@@wy)TrO!ECYJm3$5Sq6;PWNbRKNbV2Lz;&}$lw
zWXWQ*RI34(u~fS@+-Lg3?zUQuE2mN1RgG*=#xP%(i^?B%b4=;<O+Sc1xfiorK3J!n
zu0h~u$bWp)MNZwOLn&=&v_?wNKks3IU6AOzUPTF*Iwp}M__%g?u}e`3A5N_mTMbA>
zSq&htKXf5M*UE<oh~h@UvluUknLxYCJVZ9r29B>rVPhDLS2-~D)uV5PQ?8m7>7<IQ
zuu=ENIvenK@WDK~7f7#4w4-00)7CzsuX@5<BmhX59mvC4Re>b`g^hf2GDuP$z!b!*
zfXt2bktX4TbL?TKRmP2Br)}~WD{f`b0DhKPnlnJ+CXaZE<In}b5-R0fDCwNQS`WER
z9i95)@B86jIWlrvXoQ~HC?M2)2u5ic(=@s9B1gU2KO&6RG^8F#ISYn{3W$}{$!NvU
z`Gbwp$v!U+JM2J!L^d<7x7`W9-ZoIaV7hP&n0rS@NG?NjcKAROhdSIgaaekVV>(x7
z;e?z(J?7XSd=G#5PabwqV}yPm@P9*em24$Z_;<6;(Z=$1g&Pdw_>-4_gkxtTeZ+oN
zh~8xd@ePyvlM0Pwi-aS{wa&|J8;#S&5pw+6Q1jZkr4H47dm8+p>sx>bZ;YIRh!yFN
ze8mEq+9lbI61RpxRd);k%67<w0%xwvDFhR-hMH9>htFpu7eJ~IH;-32<)|1rNR`$9
z-JdoDTI>mo-ult_sNN=^SQ{b{7)q!FU;zh-5;pmMnfa!*AQ9u0m$-p%4mF@aA$HrO
ztUNG39Evk7W$b|xfl|8FnPq+~$C%R@r|8=Y#|Z|ofeAZL#+mZM>LcEcev;hCn)`#_
zVZvI$W<^ZX>_)o)k<Gk`2+i85g5=xgSsD8Dxd{~2Nl$YN-DId!aR-MB+MEWT#0ZAB
z0weMNGgEweg>gPfJ-v9u3f}{oA3_%<waANeL%~JqC>SzQe4aKJv5wUOYDN<9-0k;|
zBW%dU%BY0ITVejazxVz$;AHSJUHEJej|s934^%4gXBGpCKL*oGW_~3d8DR7Wh#xE~
z1H=v**dxeH0UMFr4vmx^mp5ZOx7atRSE;4`qKi2X<x^l6F<gw@4~(7nrgMg~rC=<R
z@0Dbn#WdJAJzlO`&<|k0B$<@%kib5F7B9-O+1IaYumAzN7C}0#iNf0ICvHh%gkb2E
z9O->AXPRA3(Mg%^;aHH!;VF$FGvc_WAksyJntLD4+%5RW4$AU&>fPx0aE$wsGtb*^
zM(30IdKhN4>)ag|!i`<ci^2Kg1|9pfnY?FUMoXqY^5xmhQqW9LBIB7xM?v(9Km(Hj
zQauE<@rXrwZFG&zSZ+XTX2w2oO)JS#`SlOOoceThH5GRo)#WbLMw^Pqh^kP!xm+!Y
z`qVE_Mg8pPvU+q(7r(<}l2V0kpY408liP$C?;{%W`IvI?J#SY(UF@srlbqKZs!e%w
zxUV1p0_MfDOd@o^sHCXj6g_GV`)K2>f@q^w-gab#)ond%Or~S|{*r9`+Gx_6`p+Lb
zx`sL^CUz$iTRIXaB|0Z36l2??@l8#M<7DmQWwO!D>7=%<*h!nV$xGSTwghS?Gr}}(
z$29H?0w;F0<0~O1w<9JucEMxa>dCHP<Et@~E1Q7HPwljKn6b^2iOn6*G%Q0J1S#wY
zQPQZ)+Cs*jO;Tz9q-6LzHF&B}+7jx(F?JzyVzpDMxzx;R5pyHrAlqYT9a7wcg(S$W
zO~^d0HX*gJkwa%vp%ykF^QDv$`tPJ&E7bP=iQtqM^io!6om){RX`V;7C?Pc-R_Cz4
zO_je-!y$NS98#vRgR3*EdlpST$^#~TpI1(Xfgv<QiA4BXBB@u!4N=S#!MF&wS0*1z
zA2C$s9YE}HH*@&*J(b160(2H|(&Mx%W0c_LC2U|@X6VB04A+QZwAi!hLHulDtmEU1
z@vpl;eO~A~f$>yV^y84Wy93~LJ@Mfe+BYH`kqB=OX=xCEy*wPn^~|8vRqu$$wPZsX
z4c9pq#(&W$$rclCVBXJsgMNSeDM$l=QGx#d&+7ebW&Xci|34@9{@;cCzc)kwUnLy=
c90UCSY>ifs1_S>u3GmMy^y8Pa{}=i{02^*|r2qf`

diff --git a/Solutions/Claroty/Package/mainTemplate.json b/Solutions/Claroty/Package/mainTemplate.json
index a61d4f7df98..20e77100a01 100644
--- a/Solutions/Claroty/Package/mainTemplate.json
+++ b/Solutions/Claroty/Package/mainTemplate.json
@@ -144,18 +144,18 @@
       "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','1c2310ef-19bf-4caf-b2b0-a4c983932fa5','-', '1.0.3')))]"
     },
     "analyticRuleObject6": {
-      "analyticRuleVersion6": "1.0.2",
+      "analyticRuleVersion6": "1.0.3",
       "_analyticRulecontentId6": "6c29b611-ce69-4016-bf99-eca639fee1f5",
       "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6c29b611-ce69-4016-bf99-eca639fee1f5')]",
       "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6c29b611-ce69-4016-bf99-eca639fee1f5')))]",
-      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6c29b611-ce69-4016-bf99-eca639fee1f5','-', '1.0.2')))]"
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6c29b611-ce69-4016-bf99-eca639fee1f5','-', '1.0.3')))]"
     },
     "analyticRuleObject7": {
-      "analyticRuleVersion7": "1.0.2",
+      "analyticRuleVersion7": "1.0.3",
       "_analyticRulecontentId7": "3b22ac47-e02c-4599-a37a-57f965de17be",
       "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '3b22ac47-e02c-4599-a37a-57f965de17be')]",
       "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('3b22ac47-e02c-4599-a37a-57f965de17be')))]",
-      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','3b22ac47-e02c-4599-a37a-57f965de17be','-', '1.0.2')))]"
+      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','3b22ac47-e02c-4599-a37a-57f965de17be','-', '1.0.3')))]"
     },
     "analyticRuleObject8": {
       "analyticRuleVersion8": "1.0.3",
@@ -1296,10 +1296,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -1310,13 +1310,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "IPCustomEntity"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ]
               }
@@ -1400,10 +1400,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -1414,13 +1414,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "IPCustomEntity"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ]
               }
@@ -1504,10 +1504,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -1519,13 +1519,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "SrcIpAddr"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ]
               }
@@ -1609,10 +1609,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -1624,13 +1624,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "Account",
                     "fieldMappings": [
                       {
                         "identifier": "Name",
                         "columnName": "AccountCustomEntity"
                       }
-                    ],
-                    "entityType": "Account"
+                    ]
                   }
                 ]
               }
@@ -1714,10 +1714,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -1729,13 +1729,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "SecurityGroup",
                     "fieldMappings": [
                       {
                         "identifier": "DistinguishedName",
                         "columnName": "SGCustomEntity"
                       }
-                    ],
-                    "entityType": "SecurityGroup"
+                    ]
                   }
                 ]
               }
@@ -1819,10 +1819,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -1834,13 +1834,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "IPCustomEntity"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ]
               }
@@ -1924,10 +1924,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -1938,13 +1938,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "IPCustomEntity"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ]
               }
@@ -2028,10 +2028,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -2042,13 +2042,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "IPCustomEntity"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ]
               }
@@ -2132,10 +2132,10 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -2146,13 +2146,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "IPCustomEntity"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ]
               }
@@ -2236,22 +2236,22 @@
                 "status": "Available",
                 "requiredDataConnectors": [
                   {
-                    "connectorId": "Claroty",
                     "dataTypes": [
                       "ClarotyEvent"
-                    ]
+                    ],
+                    "connectorId": "Claroty"
                   },
                   {
-                    "connectorId": "ClarotyAma",
                     "dataTypes": [
                       "ClarotyEvent"
-                    ]
+                    ],
+                    "connectorId": "ClarotyAma"
                   },
                   {
-                    "connectorId": "CefAma",
                     "dataTypes": [
                       "CommonSecurityLog"
-                    ]
+                    ],
+                    "connectorId": "CefAma"
                   }
                 ],
                 "tactics": [
@@ -2262,13 +2262,13 @@
                 ],
                 "entityMappings": [
                   {
+                    "entityType": "IP",
                     "fieldMappings": [
                       {
                         "identifier": "Address",
                         "columnName": "IPCustomEntity"
                       }
-                    ],
-                    "entityType": "IP"
+                    ]
                   }
                 ]
               }

From e43ec0cc1bba540afe0f2d20128ab2ef6f4a7335 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Tue, 19 Nov 2024 12:29:26 +0530
Subject: [PATCH 3/6] Repackage - Forcepoint CSG

---
 .../Data/Solution_ForcepointCSG.json          |   6 +-
 Solutions/Forcepoint CSG/Package/3.0.3.zip    | Bin 0 -> 5519 bytes
 .../Package/createUiDefinition.json           |  26 +-
 .../Forcepoint CSG/Package/mainTemplate.json  | 758 +-----------------
 Solutions/Forcepoint CSG/ReleaseNotes.md      |   7 +-
 5 files changed, 14 insertions(+), 783 deletions(-)
 create mode 100644 Solutions/Forcepoint CSG/Package/3.0.3.zip

diff --git a/Solutions/Forcepoint CSG/Data/Solution_ForcepointCSG.json b/Solutions/Forcepoint CSG/Data/Solution_ForcepointCSG.json
index b0c17a53e20..32913d85777 100644
--- a/Solutions/Forcepoint CSG/Data/Solution_ForcepointCSG.json	
+++ b/Solutions/Forcepoint CSG/Data/Solution_ForcepointCSG.json	
@@ -3,10 +3,6 @@
   "Author": "Forcepoint",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
   "Description": "[Forcepoint Cloud Security Gateway](https://www.forcepoint.com/product/cloud-security-gateway) (CSG) Solution for Microsoft Sentinel exports web and/or email logs so that custom dashboards can be created using Workbooks to visualize events and insights on activities of Forcepoint Cloud Security Gateway.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/csg_and_sentinel/).\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.",
-  "Data Connectors": [
-    "Solutions/Forcepoint CSG/Data Connectors/ForcepointCloudSecurityGateway.json",
-    "Solutions/Forcepoint CSG/Data Connectors/template_ForcepointCloudSecurityGatewayAMA.json"
-  ],
   "Workbooks": [
     "Solutions/Forcepoint CSG/Workbooks/ForcepointCloudSecuirtyGateway.json"
   ],
@@ -14,7 +10,7 @@
     "azuresentinel.azure-sentinel-solution-commoneventformat"
   ],
   "BasePath": "C:\\Github\\Azure-Sentinel",
-  "Version": "3.0.2",
+  "Version": "3.0.3",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false
diff --git a/Solutions/Forcepoint CSG/Package/3.0.3.zip b/Solutions/Forcepoint CSG/Package/3.0.3.zip
new file mode 100644
index 0000000000000000000000000000000000000000..90eed2397a63b6d1144e69940272988e10d05133
GIT binary patch
literal 5519
zcmZ`-XEYp+vt0zMN3W{{(R=TGiMog`SS>{FL?mkTx}x{qqg&nTM33mb_vnHj`|^A5
z)BC^kW<Jb0_sq<hZ+Gs6sG+?e0RR9%fD+Wh$TKOghZYk62>lC@|3$6bZJ?eudiIJo
zw)W2Up7t)z+#ft#oU09;T$Y7jK1*95gQkQHg&o;OgdKr%_(n;#=t)f~Gq(yfB#nwc
zOj)%V*(99FExK)FoVu-jW~pr!?b~Zuv7;qvf9Lq0g#{pY$wPh3kL?gTM<5~>sCo@S
zU#%&YPR4X-F{c1ZfB`F+B7gO*C!G8Q6BA}y$NawX+>r0XLghY-<Ai`Sd@MLxp5j>?
z@AEwW<0$oVJDFfKx~}g$dVKP%yK^vO<?=KHizj_14;Utqs<$krCuoBaD!V1cjj&{D
z5Yt*hH{5!_`=YFe8|}d^NG&2EP~lhf4r&;a9!D~%;dP}YsS%++4YLo4E2yO3wACKN
z9w%9`d&$s0_)+IsqBU44hmR1|(8Ai6o4EW(XUmOQUh2p!BL{6Jy6Jh}-M!Q&ZVD~3
zlKao%<0XrB*O`JRu7a<4&<isN2lmtn86%B&`BUYGNhgW;tvt#pHq(XQ0!<MCTuMRs
zAfnluN%Jo-wP@@2uocsK9TBr)m#3xmnfX<GssY2(UA<!U@X4YmLvBCYF0loPE^!==
zQ+>aLK?T9EJg#{hjMt@}cyqAKcJ&(m-X?BS>I2Y}c6eJ`L$i^|p^mSLdkHT3L;gGv
zcfP3kz51oJvpro6pt{Z8iDgKhjIY&FJ0ETY6WBP2sxj%)uhipp>E}{uO>!el=j|;d
zeh12C+MQ;&K#7G~QNGYhd`+nm%MQJ3eG7(>W)co(yey*s4X2lXO%;rR4^b$Pr%q2w
zI~q_&9TAGO`zi_+&bHLC3*C-=>m$JSTkvDoPFr4Zw^b<Drf}>LA*yxuYYW0yTyuFM
zfj=2Af?y~g8e7t<6uuA&AVeG%#uhTgTZMweXslDzZm0TD*7M4$+t?cPmIK3`GPnw#
zF}njjbA8Sc7(VxcKFOc*pE#q5dWxbcj-7`(b=^OHQJ)K~*kl)IdemzUL+VQ>0qm-A
z+;OfPR*8voe}MIP(p4`p7-ca`F2KK{aDueUBGBFPGGr0_Ks$1nYQH$$+w$kF2NK;*
zn=ngR&K}^_@o1s&{Mh!=*bI~RWRsi^)fEHh%K~;mBCZz^vaQ9VjvC;?!dDFIXYnJ5
zHH1&0whcsquJOZq$*@=<I|rj##j!3twX->LR*pJJ=8d_Ut_-cr%8txA^dL6-vN}55
zq&s^QKQm93tfwMXmD|tMJC52Q7#?tlK1+<#&}ByjU069;YdfYVovducHUQ*L*!K(0
zg<sw#$nyxMhFQehAD7i?`zlhj;l@|((1-`$nj)5Ow-I6L!x7G5IBguU<@uS^3&Vc6
zeqnf*2DFR=ADFFJ4Vj={T^07QRdv5HL#)dTsSjF;f(oow6^7UdqDXSF^hHiVCG#j!
zy7j~Ux4I`$rFuj?HQHg7WzR-WWuz@uate4p(!&-9vfYTGt3r`jjv77N?1r<5pHt$Z
zI)~a54BD|t1^%k4ZsXH9lVtT`<f1DU#?3oym0cQ+WiQB9eqf_n%F$;)-7MXdMMwhE
z<{8H|Ed4_+(SHy%oJ-I@^Z}%3;_kk-n2{gJ<c(xFF&U}Q)O0lbJmwaFDhlBEGp-O^
zpRewOM*B+AiY}hlVO<N1-xpEg=gMX;Wu82VE-uprB9;r5(;B&=D&ui27Da=JnXib`
zM8#)<C(>juP92BQt2m1yeze|=4u(VOw~z41`dzJJh!dUIP`9}SHX*&x&}T(eyTZJ6
z%GKy{4H~lU5>$C-w6vKO9<0OE!%c!VEM5u>H4-|Qs<TRtWVK1fZLB0_Y{gQ@Fu_of
z+45*N1MtsE?d(y|TzR^Ao!$9oV@v59{L(cGb;wu_6$~*;ttI6!a=RLiQr5M)!RDUH
zL3Za58f|EjWSSpk*Wz^($R~=lxL7bAZC5;UQMk=AAX;^m!wiR9z-zYF>H^T^x*HuA
zrbRkTKm3&Pc_q-o>eG>nMb+To%n6X-e31i%oizO#KbsDLS}t@RHZ^72`{K=X%MP_3
zgA)A~v;09gzcxW$W=<34Z9ya9sV~OBIIrF7Q_$Z8_MH0S-s^O=#(2$@c}WrQ(-gGC
z$f1a3pzZr~jtss?f%0-<dWo3nXJ<<qJ6!xC^L;l@yE5ra{lt52p+z@<r1bS4O2JFL
zJY|BHFO4EX`aGUPP;*h_mJGwcb4$<(6ZB7!@SeG|zqSw#&m{&HXDry;>OLv>Yzl0w
zAbpuO32hpjuVm4NF>~LI7uJ+o8BlHII>{Zh)(L^C4@w34X#GP$#Y^l$=Jxv1@g#lo
zJbTc@O;?NaSZp+4Q6@XT@8HG_)s=2jwW|Q%`DEYT%wTWz<Kc<Wapn!kjLmQQH2su>
z&&}5Ux9tSN6)DrK>AHZ7xfT1Gf)U~o(0kkc@Sx{^1<q~itiR3w$<i73{w92#(4K`V
zdC}cOD$huLlkU$W59EJQsyrh4&;t(ucq0V>5dNi9C#b#iTN@`=$G^n--(-49?clL2
zeChxGfzI`4bvTER`G@_I1JV15CfF?TK40SUr&>uYMR_8JBny<OsLYRhpMN|xJ~FrX
zVl(9{X9)`UkT+dK^q*O-8*=8|nSTj`?0=WcfzkM!<xiMKB&}29UT1!e!;xeZV^gF<
zn(@uV+dB{bvH0ThN1^e~sZoT6sc7t=DO7^dFC8lP(Cu#g>E~fNmZdR};xUXjXGVTP
z;N<rRa?Drrg=TF6O-Cxv25C)y7C+WQT76owAXn&D{cCqI^3*=Y3_aAcS5RB9?&uT|
z7AQ8ylW8qBr?MZn?^92dhzZz=Q_x|Lw1Z@xIZ?nBF=J`Vl6q1yz{X~4iC@^admO6n
z_AS!fRiCZH11wq{7|#-;zdPZ)KH<Lk^FySw-9=h)@n-o|7WP}Wr0c07qB43W1}q|y
zZ)qN(MzmONSlAn=ol-(D#X_;_dM4D_17)J8P$ME;S^s6_10gwk1Ue$JD5^gzuLWn6
z+b`0J$Vhm-U_df<pLLg&fwME1tu$s2`=9HVVxe)nkKiw@b+#X1E1KOJN}p@nCJ>tz
zz1e3R{JJ%AiMNpc>K4OgR}!TN;zQCIucA*WM!wmJhM$jbQ_LEEHf^u2u11g7&nucS
zE`D%XR^6HRmVOH;WXI4v#08Owwv*Y9AyPsKuQ_8WcRkssfT*loDzC?XM3#*<6{xdz
z(twk$Pt^~GtiY8oO5!<Eq8zSYTzB=%A2g-gcw{-1ChY6u&Ah7ya#42nyM`G>u~1%I
z^->@6Og8OggUt?wHakdsFo{+`m{1f=BC!+`0aq*Z^yv!J>-;N6>vd%^o{YBi!nDaH
z0f*jw&8X}%_oDV=ow$aQP0xdRH=He%_opyx!&Fnssin!Z@Agv4{TA(}zDXyZ*~GV6
z*f|q>!33P5zi$&*<TFW0J;&di6bP`t;p7s!h6U2KakIC#cb-{{gnt{n_<8Eo8%G8!
zTSm)#(kDE9mZ05s3C?=#z@*Q>z@09``40EneY-r<c-8P6oy7aC$#pN(Q%vDQKv*6_
z+_?L5(sWT2Xd4VgHBZWT{Ym6xbrn`|eA^cN#vnk>IE1lUPQi+~O}?qC1j|vUEr&Tz
zj~bxSzJQgfvnH>SvudnjGS?X9h$xsUOPm1i7mKx=2TAT5?|DmqX`XY*@;{dwIncxY
zg+fQ+wFucUqaCt2+8uc6e3EE$j8O&G=+vLfj$;$!hUh2zPX~SwGToOv7@v0Ey(P>S
zq*v-SCsB(nyW8IZsW2^?ffqDI<E!UqG7gUN&oVfz-@P14g?zmtElG*n(0fI$Hqs;B
zlcw?{G#+7U!hzN*Wy9UlUQEfQ!)HFXXs}dL);z^_DW-|zQ2j7=FuCpok6dbxOEBR2
z*`tKk-K7gJCzz`U8#JWvKiLm>;-hdsRjQjvlQ$t}McnlEbvhM^qNdvC&oJa#fs+8T
z99!YjYwHM4lqpxC{jbzH4-HE-vLmBC=IIIF0`!LeVRTKTAFey0s;dapNSuAGJZ}-P
zt698mKjHe*)=qCqG>~a`!*jlw$<f}`hy$|;lSI_9)HUT<Gs%j}Z~qBy)oZ`fDw6Uj
z^=bq+kDuD-<F+QY_7L=d22ecIGtbZ=%#E*gZZ;U$`@Bc(30CtYzx5-AB(p;-uDsQ4
zOx-~Pl#ckKL1H#|`1GQ%wtw(XB^los@3wEd5h_i?J<u9dv`L^Sl!Qul=3Qp|?xiCU
zJR?8X>xnm3u?p0Sz;Ssy#bM)qwMIc~NZ#e-20<1r6$ThPZyYTRy=0+;e-syv2d;y%
z`sbioJf&v@3RV12?4@a!Jww{fie+FFl||3UFgr$ImxH!w1w60SZ0v5@To9xjYT$>@
za4#XJ+{oT9$B8^UDH!nrzRL&NZ~`C{N2H81mD=e^6qf3&zuf3Q%vLx0mi+3*oD|+p
zGuYn6DAY<-(_J#lAla-;HkbjCrpbRF=a`9!i3ofej&VS{5_|WL3Z*M>Qa8)3phpoL
z_emxK8Z;XH-mu?8>E@gFK(2W<ds}VcNZre*VaS6KxWtkRr8<}FtjqsGo*BE(CQ@L-
z_!!L~nCgAaB^ETE6#f<V$o*!|pQ2bgh^AZZik+^w;Z=4CA9uf-xEi_$n71#UQeOjA
zr1=XP9Yrpm>BMmqu^KFBT1M4~&w|LC+ABbxc?Vuq3D8f0S*ntTlp1EuSnhQ!hg`R&
zDug#sGBy;4$5oid+E`=cU&hFa4&Vt&HDYVq&N60blQmAk1y~FLSJ=WSu9ZMiL58TQ
z?PTjWA(#rg#rsjRVX{hC3C0TC?MJ^VznLLpB#~%K_gFfJB~IiMQa1&;sg{CF+I9K1
z(Pe$Vmdg1hlal}$XXh7CX-%+9Z%g#)4nn8R3G=^Go_c0}(}wI8>X;q*rhfX`g*sL+
z56qsa`YwmYM8$9B>vz|T5vd#D!!;K7Xi1rqr+dH8!RhHD2a!I~3+T$mIm(dt)(5<A
z0->6sAFG>;w`gK5vCVUNfw%z4%xzS>yPkkK-<=ku0&Te<@rzk6#CD8jdYqYRfx`7m
zyl>9Uo`Q>h!1ks6+bRk{vBHF8Hw?{N`(q&2?~xxodi{g!1)EgJrf-V8Qmg1DrYboU
z<4)aoir;(Al05^^mW6kd?Mj}i&Yk}LIcWyOzns0D77$P)+wxX5s7ZaIQ`i-PsSqX?
z2OSzvk6*fRcoer<i&=yNZ;>@0$f3Pl@<^5M)7ws257kHf85<q?*~W$C-e`@_1&ai$
zCFY$sgozF}&eObWsrw4~jIYAC#5XQVMfbf*qb_B+&>GHMdB2<{Ph`x~aNr+dhSR>!
zlo-A#xs_Qnnb8`#L3m@H-tA80NPo5FP*_v=sGBfAEjG7r(C|2%d9=Zpxi5<w!;*^s
zxhif<g)k%rv(Nz;+<~;b<cJ)&55ovi)a_xkp|*$(&~o?du^GVXNly@i7?7SZHhuEd
zacR?YUk90VzB(7_e8p3j7Vdevi$^+i2i3?qIAm&BN|ox*>~a~0&;(m0$%iT|-v5kx
z*~}uQv9h7<llE1rs;*)oIZ^r`VJz?XEy=BSJi31ws9;mcvvbWDrGs5=E>4NZ_@3Ky
zC#2)}D->lZ%SkQGpg5)}HaY$TJ&$xtUKqOEBX{AwcoC=HS$qn~DL?8??0gbZ5&KTB
z<;143HE^k#=*e8p<3cMfV}@W2jY$}?$eyDte|k~=LraR&nDmRUe3%{RVu7hXaOILX
z>D}k%o#7wsl`94e_bc#E_mqa>V`yr%eUCAwpu|I#9p>wYR~rlC2IEA-U#`ysj2KEQ
zIViQ}nS^l~ww~o4OD2?n%h~+lkldEZG_JM5{)26b!kD*|%kW+}d2q*gu(exmjZwVw
zmuBbk`R@*46ppCPf7E4A@6hJ7qkqAjAK7@U7NZr^$Ygf7=bXMrR&{xM>iJYZ6z6*>
z^<w(k^@Zrq6J^(DShM94dz&g_ao2qwe})YUVExJa^d}Gp9KERE2i;x^3G$QY5eUv-
zu(eiA<80Uk?XZpWw*@{)Wh9iJ#Eo$L5&f}4E#}-uJe*80g#HqFCxZ+#W2>A6Orgc>
z$v)7-gYarDg9$A~D)qZR)y|Hu-`>eepq0fkuj^2(O+w?JraI(~eubcXHnciZ7ixAd
zYhYpOA?@ma$|5*f`*}IZgVV<9xrw4%#!^JLi>va0uZdGkULnGnvQNvtoH4$PeJUZm
zY|2Fz{XF}o##8^um$u)X_@$e!s-i$A9)MQFS&(E~BCqe=P-WXETDXhW+DLFhA$mIf
zf)5@bstnBTxFkwJso0A;P@x4hVUx~<j1k3InyLs5Rg|)SfisZqJP_)TH_Ir$Yz<z7
zGsQa!5TGa<whS=v5@r{~%5yaV^H@{aH7#&*ZDsxBIr5#hS7sKAsy(#U2laHtRqSxn
zqbAn?nJ!f@T-jv+*j9X+0Z_4{A#=mj)M0&8CEWh-EviN{ELjg6!;Lr1SdLfJZlLxe
zU8gGZ&4O~gTo46FS|VAYZ8l-1|7FX0USLt=!^|luoUuuzL49dZl->~2!*5qtMQHw;
zwQRCzPU@22<<?1JDmZ1WFXDNe_)n0Q+{_)Nk5H0rQiodW2`e{xQa9PFxsPuzaaGZ_
zMvGt15A(Ylj!$Jn2@t3k)!U`x-#ujF4>vOw1SsWJ&l<@vLvo46uum;An!Fdv0FPE)
zN#%*2=@=a>ifhF^HeeHj@+y-={dww?$k!WWyMuFOb!O;vMfbRFWd0wZzEJt<tx!t&
zN^)R>aL-w!yVUJq+=%oH98EeWLQMVqY4s8$IT1O=es;f^qPKNK<*Aoyji(AfuFYSr
z)l1#%YsYC?m4j#2c11%NYYQA|%S~#_)y^+ggQ!xE+fW>C?@n_r_sD(?IZEP&nI!K$
zG_<mGwRY?6cc)b8KW}m9SEd?|-uS7*c#v+tz+M^r+-66rcZTLeBBwX))3s(|?WYPq
zt)bza=WeHR7CnSS0ifzrOpt+#Vk~OW>oT77r#6xcT@ae%vrSlrDb8w;Qc+cC*CX=A
z;2ik{08v9hB?0{Zw&!1&20#JO|6BgX|6_vw=aT;vdjF38&l26gj_UuBeGoNtjDK5D
O|7Pgldh_o&fd2wq`f(Hh

literal 0
HcmV?d00001

diff --git a/Solutions/Forcepoint CSG/Package/createUiDefinition.json b/Solutions/Forcepoint CSG/Package/createUiDefinition.json
index 6b2d3203f75..576d6c7e87d 100644
--- a/Solutions/Forcepoint CSG/Package/createUiDefinition.json	
+++ b/Solutions/Forcepoint CSG/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20CSG/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Forcepoint Cloud Security Gateway](https://www.forcepoint.com/product/cloud-security-gateway) (CSG) Solution for Microsoft Sentinel exports web and/or email logs so that custom dashboards can be created using Workbooks to visualize events and insights on activities of Forcepoint Cloud Security Gateway.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/csg_and_sentinel/).\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connectors:** 2, **Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20CSG/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Forcepoint Cloud Security Gateway](https://www.forcepoint.com/product/cloud-security-gateway) (CSG) Solution for Microsoft Sentinel exports web and/or email logs so that custom dashboards can be created using Workbooks to visualize events and insights on activities of Forcepoint Cloud Security Gateway.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/csg_and_sentinel/).\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Forcepoint CSG. You can get Forcepoint CSG CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
diff --git a/Solutions/Forcepoint CSG/Package/mainTemplate.json b/Solutions/Forcepoint CSG/Package/mainTemplate.json
index a8d9c59bb3e..3c6caab542a 100644
--- a/Solutions/Forcepoint CSG/Package/mainTemplate.json	
+++ b/Solutions/Forcepoint CSG/Package/mainTemplate.json	
@@ -39,27 +39,9 @@
   },
   "variables": {
     "_solutionName": "Forcepoint CSG",
-    "_solutionVersion": "3.0.2",
+    "_solutionVersion": "3.0.3",
     "solutionId": "microsoftsentinelcommunity.azure-sentinel-solution-forcepoint-csg",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "ForcepointCSG",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "ForcepointCSG",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "uiConfigId2": "ForcepointCSGAma",
-    "_uiConfigId2": "[variables('uiConfigId2')]",
-    "dataConnectorContentId2": "ForcepointCSGAma",
-    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
-    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-    "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
-    "dataConnectorVersion2": "1.0.0",
-    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "ForcepointCloudSecurityGatewayWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
@@ -70,724 +52,6 @@
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Forcepoint CSG data connector with template version 3.0.2",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Forcepoint CSG via Legacy Agent",
-                  "publisher": "Forcepoint",
-                  "descriptionMarkdown": "Forcepoint Cloud Security Gateway is a converged cloud security service that provides visibility, control, and threat protection for users and data, wherever they are. For more information visit: https://www.forcepoint.com/product/cloud-security-gateway",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "Forcepoint CSG",
-                      "baseQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 5 Web requested Domains with log severity equal to 6 (Medium)",
-                      "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Web\"\n| where LogSeverity == 6\n| where DeviceCustomString2 != \"\"\n| summarize Count=count() by DeviceCustomString2\n| top 5 by Count\n| render piechart"
-                    },
-                    {
-                      "description": "Top 5 Web Users with 'Action' equal to 'Blocked'",
-                      "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Web\"\n| where Activity == \"Blocked\"\n| where SourceUserID != \"Not available\"\n| summarize Count=count() by SourceUserID\n| top 5 by Count\n| render piechart"
-                    },
-                    {
-                      "description": "Top 5 Sender Email Addresses Where Spam Score Greater Than 10.0",
-                      "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Email\"\n| where DeviceCustomFloatingPoint1 > 10.0\n| summarize Count=count() by SourceUserName\n| top 5 by Count\n| render barchart"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (Forcepoint CSG)",
-                      "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n| where  DeviceProduct == \"Web\"\n  | summarize Time = max(TimeGenerated)\n  | where isnotempty(Time)"
-                    },
-                    {
-                      "name": "CommonSecurityLog (Forcepoint CSG)",
-                      "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n| where  DeviceProduct == \"Email\"\n  | summarize Time = max(TimeGenerated)\n  | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n| where  DeviceProduct == \"Web\"\n  | summarize LastLogReceived = max(TimeGenerated)\n  | project IsConnected = LastLogReceived > ago(30d)",
-                        "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n| where  DeviceProduct == \"Email\"\n  | summarize LastLogReceived = max(TimeGenerated)\n  | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "This integration requires the Linux Syslog agent to collect your Forcepoint Cloud Security Gateway Web/Email logs on port 514 TCP as Common Event Format (CEF) and forward them to Microsoft Sentinel.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId",
-                              "PrimaryKey"
-                            ],
-                            "label": "Your Data Connector Syslog Agent Installation Command is:",
-                            "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "The integration is made available with two implementations options.",
-                      "innerSteps": [
-                        {
-                          "title": "2.1  Docker Implementation",
-                          "description": "Leverages docker images where the integration component is already installed with all necessary dependencies.\n\nFollow the instructions provided in the Integration Guide linked below.\n\n[Integration Guide >](https://frcpnt.com/csg-sentinel)"
-                        },
-                        {
-                          "title": "2.2  Traditional Implementation",
-                          "description": "Requires the manual deployment of the integration component inside a clean Linux machine.\n\nFollow the instructions provided in the Integration Guide  linked below.\n\n[Integration Guide >](https://frcpnt.com/csg-sentinel)"
-                        }
-                      ],
-                      "title": "2. Implementation options"
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version \n \n>2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF).",
-                      "title": "4. Secure your machine "
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Forcepoint CSG",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Forcepoint"
-                },
-                "support": {
-                  "name": "Community",
-                  "tier": "Community",
-                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Forcepoint CSG via Legacy Agent",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Forcepoint CSG",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Forcepoint"
-        },
-        "support": {
-          "name": "Community",
-          "tier": "Community",
-          "link": "https://github.com/Azure/Azure-Sentinel/issues"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Forcepoint CSG via Legacy Agent",
-          "publisher": "Forcepoint",
-          "descriptionMarkdown": "Forcepoint Cloud Security Gateway is a converged cloud security service that provides visibility, control, and threat protection for users and data, wherever they are. For more information visit: https://www.forcepoint.com/product/cloud-security-gateway",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "Forcepoint CSG",
-              "baseQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (Forcepoint CSG)",
-              "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n| where  DeviceProduct == \"Web\"\n  | summarize Time = max(TimeGenerated)\n  | where isnotempty(Time)"
-            },
-            {
-              "name": "CommonSecurityLog (Forcepoint CSG)",
-              "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n| where  DeviceProduct == \"Email\"\n  | summarize Time = max(TimeGenerated)\n  | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n| where  DeviceProduct == \"Web\"\n  | summarize LastLogReceived = max(TimeGenerated)\n  | project IsConnected = LastLogReceived > ago(30d)",
-                "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint CSG\"\n| where  DeviceProduct == \"Email\"\n  | summarize LastLogReceived = max(TimeGenerated)\n  | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 5 Web requested Domains with log severity equal to 6 (Medium)",
-              "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Web\"\n| where LogSeverity == 6\n| where DeviceCustomString2 != \"\"\n| summarize Count=count() by DeviceCustomString2\n| top 5 by Count\n| render piechart"
-            },
-            {
-              "description": "Top 5 Web Users with 'Action' equal to 'Blocked'",
-              "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Web\"\n| where Activity == \"Blocked\"\n| where SourceUserID != \"Not available\"\n| summarize Count=count() by SourceUserID\n| top 5 by Count\n| render piechart"
-            },
-            {
-              "description": "Top 5 Sender Email Addresses Where Spam Score Greater Than 10.0",
-              "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Email\"\n| where DeviceCustomFloatingPoint1 > 10.0\n| summarize Count=count() by SourceUserName\n| top 5 by Count\n| render barchart"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "This integration requires the Linux Syslog agent to collect your Forcepoint Cloud Security Gateway Web/Email logs on port 514 TCP as Common Event Format (CEF) and forward them to Microsoft Sentinel.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId",
-                      "PrimaryKey"
-                    ],
-                    "label": "Your Data Connector Syslog Agent Installation Command is:",
-                    "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "The integration is made available with two implementations options.",
-              "innerSteps": [
-                {
-                  "title": "2.1  Docker Implementation",
-                  "description": "Leverages docker images where the integration component is already installed with all necessary dependencies.\n\nFollow the instructions provided in the Integration Guide linked below.\n\n[Integration Guide >](https://frcpnt.com/csg-sentinel)"
-                },
-                {
-                  "title": "2.2  Traditional Implementation",
-                  "description": "Requires the manual deployment of the integration component inside a clean Linux machine.\n\nFollow the instructions provided in the Integration Guide  linked below.\n\n[Integration Guide >](https://frcpnt.com/csg-sentinel)"
-                }
-              ],
-              "title": "2. Implementation options"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version \n \n>2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF).",
-              "title": "4. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]"
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Forcepoint CSG data connector with template version 3.0.2",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId2')]",
-                  "title": "[Deprecated] Forcepoint CSG via AMA",
-                  "publisher": "Forcepoint",
-                  "descriptionMarkdown": "Forcepoint Cloud Security Gateway is a converged cloud security service that provides visibility, control, and threat protection for users and data, wherever they are. For more information visit: https://www.forcepoint.com/product/cloud-security-gateway",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "Forcepoint CSG",
-                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 5 Web requested Domains with log severity equal to 6 (Medium)",
-                      "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Web\"\n| where LogSeverity == 6\n| where DeviceCustomString2 != \"\"\n| summarize Count=count() by DeviceCustomString2\n| top 5 by Count\n| render piechart"
-                    },
-                    {
-                      "description": "Top 5 Web Users with 'Action' equal to 'Blocked'",
-                      "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Web\"\n| where Activity == \"Blocked\"\n| where SourceUserID != \"Not available\"\n| summarize Count=count() by SourceUserID\n| top 5 by Count\n| render piechart"
-                    },
-                    {
-                      "description": "Top 5 Sender Email Addresses Where Spam Score Greater Than 10.0",
-                      "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Email\"\n| where DeviceCustomFloatingPoint1 > 10.0\n| summarize Count=count() by SourceUserName\n| top 5 by Count\n| render barchart"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (Forcepoint CSG)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |where DeviceProduct =~ 'Web'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    },
-                    {
-                      "name": "CommonSecurityLog (Forcepoint CSG)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |where DeviceProduct =~ 'Email'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |where DeviceProduct =~ 'Web'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)",
-                        "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |where DeviceProduct =~ 'Email'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                      },
-                      {
-                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "1. Kindly follow the steps to configure the data connector",
-                            "instructionSteps": [
-                              {
-                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine."
-                              },
-                              {
-                                "title": "Step B. Implementation options",
-                                "description": "The integration is made available with two implementations options.",
-                                "innerSteps": [
-                                  {
-                                    "title": "1.  Docker Implementation",
-                                    "description": "Leverages docker images where the integration component is already installed with all necessary dependencies.\n\nFollow the instructions provided in the Integration Guide linked below.\n\n[Integration Guide >](https://frcpnt.com/csg-sentinel)"
-                                  },
-                                  {
-                                    "title": "2.  Traditional Implementation",
-                                    "description": "Requires the manual deployment of the integration component inside a clean Linux machine.\n\nFollow the instructions provided in the Integration Guide  linked below.\n\n[Integration Guide >](https://frcpnt.com/csg-sentinel)"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Step C. Validate connection",
-                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "label": "Run the following command to validate your connectivity:",
-                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                                    },
-                                    "type": "CopyableLabel"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF).",
-                      "title": "2. Secure your machine "
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-                "contentId": "[variables('_dataConnectorContentId2')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Forcepoint CSG",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Forcepoint"
-                },
-                "support": {
-                  "name": "Community",
-                  "tier": "Community",
-                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Forcepoint CSG via AMA",
-        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
-        "id": "[variables('_dataConnectorcontentProductId2')]",
-        "version": "[variables('dataConnectorVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId2')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion2')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Forcepoint CSG",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Forcepoint"
-        },
-        "support": {
-          "name": "Community",
-          "tier": "Community",
-          "link": "https://github.com/Azure/Azure-Sentinel/issues"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Forcepoint CSG via AMA",
-          "publisher": "Forcepoint",
-          "descriptionMarkdown": "Forcepoint Cloud Security Gateway is a converged cloud security service that provides visibility, control, and threat protection for users and data, wherever they are. For more information visit: https://www.forcepoint.com/product/cloud-security-gateway",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "Forcepoint CSG",
-              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (Forcepoint CSG)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |where DeviceProduct =~ 'Web'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            },
-            {
-              "name": "CommonSecurityLog (Forcepoint CSG)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |where DeviceProduct =~ 'Email'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |where DeviceProduct =~ 'Web'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)",
-                "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint CSG'\n  |where DeviceProduct =~ 'Email'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 5 Web requested Domains with log severity equal to 6 (Medium)",
-              "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Web\"\n| where LogSeverity == 6\n| where DeviceCustomString2 != \"\"\n| summarize Count=count() by DeviceCustomString2\n| top 5 by Count\n| render piechart"
-            },
-            {
-              "description": "Top 5 Web Users with 'Action' equal to 'Blocked'",
-              "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Web\"\n| where Activity == \"Blocked\"\n| where SourceUserID != \"Not available\"\n| summarize Count=count() by SourceUserID\n| top 5 by Count\n| render piechart"
-            },
-            {
-              "description": "Top 5 Sender Email Addresses Where Spam Score Greater Than 10.0",
-              "query": "CommonSecurityLog\n| where TimeGenerated <= ago(0m)\n| where DeviceVendor == \"Forcepoint CSG\"\n| where DeviceProduct == \"Email\"\n| where DeviceCustomFloatingPoint1 > 10.0\n| summarize Count=count() by SourceUserName\n| top 5 by Count\n| render barchart"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-              },
-              {
-                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "1. Kindly follow the steps to configure the data connector",
-                    "instructionSteps": [
-                      {
-                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine."
-                      },
-                      {
-                        "title": "Step B. Implementation options",
-                        "description": "The integration is made available with two implementations options.",
-                        "innerSteps": [
-                          {
-                            "title": "1.  Docker Implementation",
-                            "description": "Leverages docker images where the integration component is already installed with all necessary dependencies.\n\nFollow the instructions provided in the Integration Guide linked below.\n\n[Integration Guide >](https://frcpnt.com/csg-sentinel)"
-                          },
-                          {
-                            "title": "2.  Traditional Implementation",
-                            "description": "Requires the manual deployment of the integration component inside a clean Linux machine.\n\nFollow the instructions provided in the Integration Guide  linked below.\n\n[Integration Guide >](https://frcpnt.com/csg-sentinel)"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Step C. Validate connection",
-                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "label": "Run the following command to validate your connectivity:",
-                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                            },
-                            "type": "CopyableLabel"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF).",
-              "title": "2. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId2')]"
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -797,7 +61,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ForcepointCloudSecuirtyGateway Workbook with template version 3.0.2",
+        "description": "ForcepointCloudSecuirtyGateway Workbook with template version 3.0.3",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -858,6 +122,10 @@
                     {
                       "contentId": "ForcepointCSGAma",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "CefAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
@@ -883,12 +151,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.2",
+        "version": "3.0.3",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Forcepoint CSG",
         "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20CSG/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://www.forcepoint.com/product/cloud-security-gateway\">Forcepoint Cloud Security Gateway</a> (CSG) Solution for Microsoft Sentinel exports web and/or email logs so that custom dashboards can be created using Workbooks to visualize events and insights on activities of Forcepoint Cloud Security Gateway.</p>\n<p>For more details about this solution refer to <a href=\"https://forcepoint.github.io/docs/csg_and_sentinel/\">integration documentation</a>.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by <strong>Aug 31, 2024</strong>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20CSG/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p><a href=\"https://www.forcepoint.com/product/cloud-security-gateway\">Forcepoint Cloud Security Gateway</a> (CSG) Solution for Microsoft Sentinel exports web and/or email logs so that custom dashboards can be created using Workbooks to visualize events and insights on activities of Forcepoint Cloud Security Gateway.</p>\n<p>For more details about this solution refer to <a href=\"https://forcepoint.github.io/docs/csg_and_sentinel/\">integration documentation</a>.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by <strong>Aug 31, 2024</strong>.</p>\n<p><strong>Workbooks:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -910,16 +178,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId2')]",
-              "version": "[variables('dataConnectorVersion2')]"
-            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",
diff --git a/Solutions/Forcepoint CSG/ReleaseNotes.md b/Solutions/Forcepoint CSG/ReleaseNotes.md
index 82e91952fa0..74ded5530f2 100644
--- a/Solutions/Forcepoint CSG/ReleaseNotes.md	
+++ b/Solutions/Forcepoint CSG/ReleaseNotes.md	
@@ -1,6 +1,7 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
-| 3.0.2       | 15-07-2024                     |	Deprecating data connectors           |
-| 3.0.1       | 19-12-2023                     |	Workbook moved from standalone to solution and repackage           |
-| 3.0.0       | 11-09-2023                     |	Addition of new Forcepoint CSG AMA **Data Connector**           | 	                                                            |  
+| 3.0.3       | 19-11-2024                     |    Removed Deprecated **Data Connectors**                          |
+| 3.0.2       | 15-07-2024                     |	Deprecating data connectors                                     |
+| 3.0.1       | 19-12-2023                     |	Workbook moved from standalone to solution and repackage        |
+| 3.0.0       | 11-09-2023                     |	Addition of new Forcepoint CSG AMA **Data Connector**           | 
 

From ddffcc59c24d55fcdce1bb24a4a9e3864e7ca7bb Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Tue, 19 Nov 2024 13:05:05 +0530
Subject: [PATCH 4/6] Repackage - NGFW

---
 .../Data/Solution_ForcepointNGFW.json         |   6 +-
 Solutions/Forcepoint NGFW/Package/3.0.2.zip   | Bin 0 -> 14657 bytes
 .../Package/createUiDefinition.json           |  26 +-
 .../Forcepoint NGFW/Package/mainTemplate.json | 790 +-----------------
 Solutions/Forcepoint NGFW/ReleaseNotes.md     |   7 +-
 5 files changed, 18 insertions(+), 811 deletions(-)
 create mode 100644 Solutions/Forcepoint NGFW/Package/3.0.2.zip

diff --git a/Solutions/Forcepoint NGFW/Data/Solution_ForcepointNGFW.json b/Solutions/Forcepoint NGFW/Data/Solution_ForcepointNGFW.json
index 4573578595d..1605df4a580 100644
--- a/Solutions/Forcepoint NGFW/Data/Solution_ForcepointNGFW.json	
+++ b/Solutions/Forcepoint NGFW/Data/Solution_ForcepointNGFW.json	
@@ -3,10 +3,6 @@
   "Author": "Forcepoint",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
   "Description": "The [Forcepoint NGFW (Next Generation Firewall)](https://www.forcepoint.com/product/ngfw-next-generation-firewall) Solution for Microsoft Sentinel allows you to automatically export user defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/ngfw_and_azure_sentinel/) \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.",
-  "Data Connectors": [
-    "Solutions/Forcepoint NGFW/Data Connectors/FORCEPOINT_NGFW.json",
-    "Solutions/Forcepoint NGFW/Data Connectors/template_FORCEPOINT_NGFWAMA.json"
-  ],
   "Workbooks": [
     "Solutions/Forcepoint NGFW/Workbooks/ForcepointNGFW.json",
     "Solutions/Forcepoint NGFW/Workbooks/ForcepointNGFWAdvanced.json"
@@ -15,7 +11,7 @@
     "azuresentinel.azure-sentinel-solution-commoneventformat"
   ],
   "BasePath": "C:\\Github\\Azure-Sentinel",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false
diff --git a/Solutions/Forcepoint NGFW/Package/3.0.2.zip b/Solutions/Forcepoint NGFW/Package/3.0.2.zip
new file mode 100644
index 0000000000000000000000000000000000000000..300d93b79234aff897485489a8327003f3f84f9c
GIT binary patch
literal 14657
zcmZ{LQ?Mv7kma>)+qUidu5H`4ZQHi}u5H`4ZS9+xs@>Vy+N3M#R66-RUESx%O96wR
z0000$0BD;!X`rQ{kPm<Z05qWk0Q@rmBS#YhXA>0*5ff7jTMK6kJ6k$SCp+6=^-J5$
zG1MQu{96WjEp;Y}iThS_0~W3Fh(n#e89F4lM`5NwM9$(;JjcJx!jwBK0(m8It#XaK
zn7Sf=l2>Kg)CnM_GMG<4a<ce-Uf82!eC>)_#@@~XV^(HRUkur*WCx;8c~CRPbjJKB
zVjzffmfc)k(fFWe%R&&bDO;P+#q7y{?w_R+#<aOA9`8z(Wqs2^ew(>|w<+!#S9s!5
z7)UO~#Kg36{@UMoxN$5EVH?n3AUepY`{>vYGVcq3M8-J>4@#UyNV|b^B);T)1!Q4_
zL8_^OTu(=8VY=vk4yvz>jSVa({!%q1YasLLweB!_W0x+}OsZIf1c->^5$(E5RsNRQ
zIZ!winA)QyXX{)lZ(iK^IH7OIbl^19L~mmO{d|=j0Q0R1m0GR(`n6A`y`P_3T@MYP
zQ+}#K+JZ6@A%=2JZ)w(xP?xkZ$*un(*?=H(y8Nr?EcB{cl?c<JKXf_j_Z!xIpL?a#
zIE<}uPp0r<yS1jZ?ztsk7HnSat;O8bq_!baILGAX$HDLA^L(*gZF<`trols~gF)%k
zi8jZ12rr*Ud*jqSozdKSMb&>BAkN*?GACwnSwVdONgeEf^G4h>&b-hlR^X2s7CQ;|
zjhd(`A5QBE#-NxNqZb7qs}rG(ar6EB2diPYYFu{m+7+AZn)|kK;OuYo7L8oeH4Au@
z#YST~8EllQ+|WWj8@u|UF&I&I%aveSF*kkAOdrv}Juosplno9sOJh2c{E)StSBVld
z^S!Ho`_w*KZK<p&kqE~gdjfWZbelDCjkYA|w(#?o)P6z|b}{EoOn7qyp~LeYDX9B|
z8Wg*v#h%fiy<KpncPnVB`V_8N#60GsgrSzrP0C4w2?f0Lr+5TH1MFA8)ZQR0hACEw
zC^nSc5VWq<u|^MYRLaV$aZySGM*V^~nk^vqSTtySA%R1Ql$v0POfVV|v^vcK*H%O9
zpURLQEA$81zn3Bjo?x1n#6NgoU9ZEBKET`SLuUInawI>oqJ$3^A~3tj>GaNEQR~N{
zGx;1qJzfGPWdU6Cx;;Y099g?l=Tzv3IHF`C6tHi1BEf)AcA`6t8-GeD9xq4)DB4ZR
zYvoDSAEjjubP!ft&a*b9Dy6u?kcpVwq3*91klSiA>9JU;Q-;7Ta^P*8V)qE-UHn-r
zAkYIiH-g1C&(FK0*U@KzTzy@CMi&<~3(%m7mpOB2YeCsPP+udr3Ax~?V&FBAn;<{Y
zxsMjmI!E!_TA<3)m8Yw2SX;GSvSi9&_mN<nA+3F&?||ofrfEA+sy9V?1+O1%TiI<^
zb6XNS72|l1F06{-xZ-jYgf;@j2Nd5ci)T5o+PsvAn(+5mjP{G}AQ&|Zqj^k(hHaKe
zyEc8iFFK?xhWy5KFhDs_Q@^1zxs0Q`3T=N<q9F}oll*N!r9zArRG!Ockdkq0@#J-B
zt#sxWYpalCsFaCQ%*mpOE7<|NnL23To?bzJ8fAgDxRhKmS^ZZ0SfbsSrJ-YP7?O;H
zh&l}ppTBgh{-{yE%DX4(sB5Z+IVDX)M~JwHRsB%cEZ2}wi}l2lD$bLLS+oPgZ$%^?
zBWG#CaK6f11E1vd(TD{?oNpb*03m!LCjO;Y<VVkJK=Qa)Im|^KO^T<<1~E(O#Dga8
z85P(I6=+;xfsC!Cv-=zy;yGW@B{~AeJG6BaijNLTl4avz4fq*>=By!KKP^`>TWso;
zp3Th>*e^H(ixYMD90E{{A@;U#zDHVAh||1Jkr&~M4i(xru0gdXDQx58i*{SsV?-H>
z$5?zi(TXhmdx-=5=d&XS;!{s(fGf!N^veDq{EfR7!4bbN8vPI|{*a1yg!~(XBO@4_
z2wq)=-C(xYTC)<D+Xptbv`6@e9MEb8?4BL4U!5z#gU>uiHQEX#$6H&KPcN1(wI~Uo
zM9la{rB61sNT2f|6K2<!3-A)J(aPG$IvU<eWYwrMaf!4tz;#s_e(Gv?7A>w{aR+>1
zpSAI{qx38c8W*P^kz&~;wD*o0dpaOEl-S2e+5Gb3R`;SyE7@zM4kd25#(4)&oCRd2
zToSK&`TNFUFSKG1#cysUwsfDi{5Lk%$?s0&bHma9EE0Fz{K3-ir*Z>{l6hn$Xx*Gv
zdEYGv1>l94A*H}lpS+ICu9_KsnkO6*Di~OpDT}=Cs{xcrpW~%U%xRJ0VEujEsEoEI
z-Js6S_0P8NRPKTMnbYsDYgZbh{d~xmEz*|R_4yy-&fd~FCIr(O*JhND_j(;uGq}s_
z1ogfPShGm^%!)kImvz67;jQ<p^IUJ}A^DYSeskP~ZMHb;@wL1LTv<4G9H~J-<j`ph
z>Cst{k=cTxv`jS?4z>!hEH5JqGwzp3%H#1xKN)i+OMVxy0Y7{D*LQc0UzNMQll#z9
z#0v$b5<iFF>|ala0?VrvmVQNAG>Y=Kd+;LJ$0UfURwAM9zFUkZC2)GE5PX+R&0V3(
z^E1eG85Q9UyZVJ<<@)<Y*qB0dbnW)%-`KkC(d`CEU@u37m$KGv9PVptry|gY(T;mF
zIJ-N%80|dnK2VIx`VLn5FOZdRyX6v#YWDMYi<*W4_6nERrTM~lj8_R)X4ZKa2`g2Q
zTcxisKYl>@{|olzm5jgx7ytky%>e-r|G~bEfrYKIiH*JWKk)xgz`ypfa@%ZeJbP_g
zd515Tdu`pO)s*W^>?n)HCD&~+!k?5`-H1(N7ZpNsBT*ow<hIOgy0L5Lzy3+&4g!aa
z&lg#5Bra3bQX>lJ2S~@9g6=#0{el-#?SapsyWXUxAN#`|8M+_kn8Ck(wh7!R{OOEf
zv*s5K)Up5Ob5BRJO0}$0wNOvB+$a^s>lb}YXW_TjMBH(IJBR<Z`X_>Q?=1*or@Kt>
z>>b#;tV5ySZ|IXR#(FgtA!zmu0B^mh{1ROKX$&5R>#19CNQ&9r$C`R*Ri>9c5`Zc~
zWU}}goTNfzr<?P`29(-&KL+-?FBA+Ay`(+&b`65m0|dV4KHd=70L48h)*AQz8I0U{
zE~4YEHIv8HViWJV@YU6B=t2jS<w@LsEUOP6c6Ei_n0l3}T6!0>dJeLypwHqs2R}hU
zVjIaKhKMPDse~@Vo2hv)eob&UvM`PT$Ux-Bg$S!5Q^#+~iMHIbyKqH|+a4Fc^4lsX
zewX4N%s|8jy&$n%YP|R6YtM+I8P`&h<yZ8kBX^NhS3(=hy=~5z`|h*)ZJaNHx_*9m
z7X2p#p2e96x^eBT6x{J-zXK>T2y9iA-aKqRRE{GeQ9dy$J1brt4U$q3bOG)~jtDx=
zYpLI^swCKQMfLb|`T6<s+-J3er@-ueNws{kcl>1x0Kr7s{=jYQr|%|)cox!t&O%_k
z;uOU9tc`d91nvQ>IcyPo!JH*~EhY8VuUZr0!&j-CiR2q4f!$dEm~TQ{SK#(aH?Eqn
zs#fl_DUgOZ3~*e<)xZ+pN^U{C@pfke7#!n*Jz_2CMH4Zs&2?|R22Z7AKjsK2IQ0fI
za#67(pJ?NfV9m+_Qe$sz*v&`Mr+|Pj`KTxWJ?8zxaQrm2+N|ZUv_`PZC(R~PxF_<n
zp*6Eh0~AbVwqBqGi(WVb3EaD#%eBgLx8d^qJ(4<Np<#;Obyd~Kbdv)wShoy2#6*Kf
zn-&rD*m_a=Z!va4m6ekOZgy5B)s-?Ls#M<c^MWO3f01O40>B{dVUuR2>Sl+PMips#
z@veAsQ(tD_TMVKTs+(}cQ*eg<S&rG7_K<KE=6QNO+e~QS>6Px*xH{WG`Kj|#aKoI|
z4Dc>4C*y%(AJHfAvX~HQ=YlC{m~Bh5=c=ZO9t3_r8NMJOaT`|^l|>A2I@?(n>R|bw
zK)GqD3zr%I{-wq*0?>>Ae9On9Fik?=a#{lZrP2rBQO`fO(D7zA2IEa^IXujRB-qlg
z4|q8+UavRBEcA^zQ^_jaX}TDqr^zntEBpogYF)D$DTmI5>QUoNH1NQ`E5M|@G*SDB
z*@#q;A-qq?E*+{B%kA%`u)v;|^V}un@`2IH85+ST2TL*)Db&R1!z=!}h%C-r_Jd7=
zOhi}jsAq~OA6M{+p!(A^s$_8sAp3emRmj1CB!Zjo5GVG3lr4huF+f%&XZ2kH8pf1T
zXp$aEqgK?}N!)aoWUe-~_`*b#n*T<cdjWHDdrHaaACJPC)O=S(R3!=ldpENHe@Fc&
zDyb>m!qAZNZ^$3jtGmi9AZATqh&_u|c<IfA1A0G!Nq>dta7(0Wmk5LoR;ikRm(Iv9
zS<4<NoM2-WjQYpG18!JJd5wU5zO4u^peaL{ice?)WRZ_zX~xke$E4dFiRW!bSSJ%)
zhX|w^S+p3Ba4;Ii97df$y>VXUzJj~Jzpqt$|I`y<+zd`c!JmZ}K$OB%E`+5lgrUN}
zF$Jrs$s<@m^{DPQ=mWih&L&8yU;i4ian4bu#}J<9Ye87|t)yQ)8sH$q9Y6~RuxOM(
zh|dyjzHwL-=h})4Kcww?jryxalhAnfr+0G#1Wn>gK!&Y(zcIWiae%`aVA`K~#SiEU
z++6op!AD9D=ndihElgLBH{r}a|2tH&T4vZ&;KzTH5a8F=I-?0C{>@iEgP)A^RwURg
zj`Ov<(ZK~(tq)*6=ihwQ2k025&M#C>4#p8khB4@a^z9~|-68A1W|`I50`=*gu-$uf
zs2Z@VC?774kJRZrD5r`*-x<h2g25$&6;QAN>9Lvj!te3+Josk|lxCbv9fsREaTSgN
zW&-n0vTrL8sHFaKH)js+2@_AGKiqfT-2WLMJiipVpX84h`$e1n*B9GcQ#1>@A^~P-
zWyDr%kB=j;bEYFqsl2wyJcX^;0#`}?BbR!c&8v`R_8walvUaSwRby<@p_5@JT^IcH
zQ|sgPA~t@+;Ug&7KNvOBRbqa%*e8_-3W^ONRi(E8*ilX|S(bck?Gx7XBNMI*SLAzG
zp7;v&wsNwn>JP<<1geEddWJ^Xg4(ECu9>v_7B#vQEqRdRi;v@_hjsUbrDxD3i77Bj
zE}o-3A6Tj3Trn{SYH(bDxb)xPv1H7mZWW#Q95k3kcHpr{Q(wS?nXJj(r3!KZtE^#I
zGAs(oF!tXL+Z*gFKY&U^yy0s?tM1TH3YDEe&MK1tzG*%LH!`gaM;yO+`v_{D&>J$R
zzCw?<&H++Yf{mCsLLbizaJpw5sbzU0de+xm?Tfu<SxrVV)z^2iTbC9~v|a!H(g^$s
ziG7{wk4-BV`ViNRE3{~FbM}2C%XhYa?0_G8wxiqW3Y_17u;ZqW0P?w=j}bG6Gez;>
z;xV2f=CTJk({+N$p5NuL`o<n;Q(NuA7)t~EdJ3X687{_uonI#Yw5A|`Gmm?p(n}nR
z@?>BM5%!lC9*cp7@+0i<wH4o90%0)qh5REL6(oMeAxI6{YhA8nX(*O2dy+Qhq<!Q;
zgJdS#TFVG#5K6d>wys{LK{I_shqT<z!<5t&80dVOsZU{@gM7=<YJq{p3y@Kh^=wm)
zNuLK@sET6Gfd%(XkO}oJFk<M`0sV!ALJ2;3CcZpbPGkRhrhDW^o8c$_GJrrtDe84d
zHI=nV+Ee=YRq*W=#u*MY>p%2zRoyA?8$H+LoiJZF1#6k?PC=4Zu<PNI2S_X$O(FP5
zc{YUfKxw}LuJ$C9?;^12G&KD5wjr>ws7&}=rl@yK9qxh__hu4kon+#eeZS7I+*09s
zCC{odoW}WF8Y$Kio1RRjWTx~^l9~At&nmg{Z8DJP?8p8P$*5`}#E_&BA9}=_e*+_B
zA<MPI93xU`@L)pX=$kMm-MZ0+ldu$Vh8-bc%Kc0Lrx6@ZB9Dd<d-ecE%v{)=3qE6Q
z&%*7CkS_{)gas87?NN9&R8pu>G7LKl>v$2gQ&pB0WU>X=#?y>SfE`cQ;-&C<evr{Z
z9&TpZ^+OemEdR>dYlIQwHPB+$<_-WX0|dErXv?(epmjY`Yt_<*J8IdCU2CFbf4Y3$
zYGXHFGwq2@l)J_tO)J%4vP^fa3Uj{z$A!Z95pQq)^)O^RkLTqEwsufBkbvEiY-x6@
zgkdDJ?}+N&vANmV+|zE<qPe-L8pPIGgBFt4X|uUq+hV0P)5?p_qqlpI3no@o-zwg7
z_$mZE(~BoPoYAUPyS-+qwd@M*P`gsC^Jb+`rn<RNv%>C1&HdP~vB4t}Nd-JGeOLjZ
zhP%3L)1Ia362?{?de~gEUGvha;&j2SrS&WpbYndOzW<$YDGEmNN?)clFcYh@+1ysG
z+9^~cR&%5NlG<rxqvm><waNNt^XA4o9t64(xS^m;IvFFL*TYKeMe|XGxpY!&#kFh*
zVTRNYONqQt+{~y=(QdgdJ9OFh_C^!7O|ii>`+`lveYIvzb$O>C8IWS>Pc(PO8~v4F
z*eYr|yF5<_`qL|-gfV8T$edyIqC=2aj<{tH1cE0>irq~gXwr1bRT@|U-9=g6?Fmoa
z%~4mm-SM(Hi{lQ-TG{SZxOq6>hAS<65QlAwPm7Ah(Q@SqRi{V!D%P@gyk#=Yw{26$
z;+R)kclUHwRs9`Qb;r+kKSlIcPqd<34BBu}(SvQ#a_x$Fi%olH76Br5=aS{JRVP~X
zeXEuY_wtDCF`jXyDFQ{X<|N?~-_S@mSyAWF{w=Y3AZD`)*kB27U0f{XOEn8^@+%+^
zuLt4HFKLyy89I2~>}>3=PVGcu1p@2%Y{cI2w?Am*Xd%ai0V(aCSy(I$G!^W}D5Mdk
ze>F-F7scKlp|On7lCW1BR3KC!el;W>Ub40iX-|(k;L@GJ@y6Ixyyl)mmU3w6OnNCs
zCZPS!uG%om*PamS0}<T&2wny)Bk=Sz_fxsNea(ro)+XxYdV`=|WrvD-n5K(-CRWz-
zw5yTVqU)_-Kab{*cX(Rb(BDV15MSLV`B*=LeRIUzk@ulIZ+va(Dt(sf3fA6gbVF#?
z7JVW;b500k3}M=|eVFfK!}^g`qd+T}WlT@r0yKWrXnqA37)ZAk$&DnIQuP;=DJvRu
zDzV4`Yl4OoOs&U1_wL@I3ItAyIWWqHFkmTu><;?KKUX!7Kc5A<b=7HADVoIZgX^{Y
zI0faBkHjmcR}{N@Y>0|A<r?H1Q#7R$%QAivbba~YMmW+QwZ35x7Z}QO@dnWXt2<o>
zFy#ybh{payOe^`FGwjHBE70QRvrUG9_~jA=!bGm=wNF{6h1&pj>`Di^Cv`lEuBT08
z9npW$@m>@sv8ydSq)RN_e3%#^wSJb<an@tO+i{Er$h{RJ!uFS?vLy1MyA7>LRS4G=
z_SKJu`xF>2;AOAJ_C?BK@PM~pf_iZ8`BW2Ry_#`lg8Ru1$+X(h_$5>s%lVqU{5kQF
zA&NhRiknc*h*h)G2LG})CGFMJ0iA8;b^Vm@K5+rp!P*W8I-d#dWv<(nyge)US5W^D
z_^N#d=3!#kb-MG_<P$#L0F;xYJ-_OnwP3`IHz0t7_zF*h0_r-upO2Gu-96t5Af)w_
zD%;ns5nT&}w+M_Z$C2ruQ0qL1L}gDRjYpy;CQ_#iC!$H#J|rpa@xJhrTs5U*<FZux
z#)|Md2oE!p*oEt_$JJw%`iL~ug^a_+h3G+Lv>U;9evCn`7(QOZ<FjePDVOy7j9f~J
z7udl+Gx~E}+~;3E%5Ka@@ShEJ<tHmQjH-R+$O>>nCa{U`L7IpJX}P_%<|?!PP}LD-
zW`q0A!bdBCSezrsgC2!6hdO%rgY`fM!-K~1Y&a=#Kv0}Q(E_1x{S}B?NCUTH{qxca
zN%?!Se#P$jVz^shK&iH7Wy+~`-fqCR_!B4YNP{}(5dAUwoMgo>3G%6RCu*|Y<-j(4
z(RM5lkGEA=8UIAUP%z>u+2;td+<#}Jm1}yCjLAa%0jZ-W9XrYrl|dXR^>&FNpdIWM
z7X~6<J1Q#rMS`vUKCu-=*Ej0sg^Kt&8#}RF8{znO`nE|HSWgu(bKjy;61P%YY|O1I
znM;Jp)=>}_YFtmEP4li{NFh<Tb-{}sAk&@KKbxjwbhrBlL?mjxGK|z@m`kMh#y<h>
zN11JF{0Q3}BTQCzlGuD;fwCMWK3jdk^<&qH_LHkME`ixKFPAa5d+!tgHrS}ph!co$
zJ|`%f1ywnafZ-#(#q9%%IH>3ci_e`kRN68+l*N^;tqo$1F&W_GF29#9bto`eW3NpY
z<E%X|#u^KfKg5h|U;r=$1!Xb(j_SbfMyQM>HhV^#ejQg`e>iJY(F`MS{8G2|D`7RM
zLR+o_#1&|E8Mb}xD5XPtgG=^=#)yc03J=uT8z+cE0xpt)^ZWTckKA0=1~Z;}@f&|o
zfdS>hrj)eRM@w4E5kO3V|A#mu&QBp=TqT01HL@iV^50WDz4StqDP~XdNgnH<X2QCd
z>KxO-ap(#r3>O;_Qin9G*mBG$;e^`g0YOyZu}Gut#*2!@U5Gdx((8IDMG<ZD3OgqU
zZm9S3OL>0N$8{oCJweuutoV<o<g20sw9y7p1&KGjhr#(K)&utviqFg8@#z2#gn<pW
z^p^nS2Ob$hSDX^5d?l|pT;4vbD!`-3fQ4ZARW@IBJzACNlR>WWiBimA*;rWNxt9ns
zOnxyHc!rsBH%jkB<xIzRXscPU;);Fifv?1RZp*fS+fqu;fe08n&4!Rv=9{hO&bnG%
zUI7gQ$**CRl)9v)$7wJ2T#-565R~7MZW_gAk_QmYDC@dcn&AoO8(ryBlMUi<Qn>E9
z2H@9>37{f=y?7(j5@kb8k{p{%4Wvt<)={^{@b?*G_((ty*JeUh6uRs~JucVdavJ|r
zzdvM$Pb{!4^ig@W=4`HxNl1T^9x?w479Y1kbijOdB5%zFNYpop7{tO4HE>F9>7DbU
zaR_5P*w~O6QKtacCp*Md+(IOtMv6z4m2@Qd@Jufn^4uvWL}w*2mnA*L_~iBo3cKbd
z#7D$Yz@RfL{U#*Zrd9nIIR!6ODB%sLv!CcObSW;h94X(KWNO$gRFu3_8)IX)Slei6
z^^7W(6Q}PKgK+h5!g^Wo^KX&9Sjcq@1@m^bwZ81q*IHl3`CR6$`su3t%S}GJT^=7t
zc7FkPdp-dt8sJs+^PU%;^W;zM)K^+JK3C>j9$b9B@#koynZ_UMO%fts-aIP9^&*~c
zNWm2tIiHF2v@e5M>!?;KF#+YsM{P<@Z<5<@N<AK>f7(z$id+&VYyO5;IxGwS+Ri=N
zun)NdTlE0Ej+~<Mtcmsg(E9u2=QR1^e+s-9xo#4~vhYTs+%yv+-1_I??9WTSP=`39
z5xYLhxQqN+BIzu??Fnjb9>$ff^EE~MG*i9Kxe!=MlQ!b#L-Hoti#nDb>&M=d;PD@q
z_f7PNneAswfpMC5xSNo*iMMp1C_6!HlT;T!GW%tjp1)OORHY%^-IMBX2(s{xr~OT6
z{GiW}0TgpN3v3lEch-w3q==oQ^WV!T^gq^yXsNGYqZxWW+qAj^5S7tl!S8ybY28Sk
z3|88LCW@OICRV=h@|mUQ_7#}Kz3>{$JchNy&JOBpCAdSF6a)fCWkU9=?Jh!GID)RF
zOR2|*U5Ggyi9?W-$M4&{eWPRL8G)KGvIhe{#7<9k_V^K^?3S(d6)RB8Cq5SVZrKlR
zQ@{T(S?E8Z!10VdjT366M4VPRqX{%#6j*@)CBajJxH3cu&7DsEQ~K%)V|}Lg^$GhN
z6#MYQD*xvHt2)oYH)>jjf$%}~szVl@*}e5AIijwO=^fXl?4WszfYmsUg~Su6J6uil
zh?wUQ6a1$XT$vxM7SeJe_!E?~WX00uVm;F~9ZHxb_4b{|ioL%rqR?D!)3&4~%Q+Mn
z=eEKoHJlCOUvj=3ukPcBOIJUl4d#k{W$jDjx_~?1MVRz$HA;k};T(rj_5`p^z7DD1
zVdoPag3*|T*A=B*6y|kHJPUonmqBm(GW@td6MG!lsI8DnJ@K6yjybTE)qpLgT^79a
zA$a;;P4F6Js&?v>cBUvn8?tl=O<CKgHwX6(^5=`{(b=yy_2Nv$EH6d_zlJJ)JG^4H
z&ia&Cpw2Z#E%(;^7OU3XWBjI*L$$V(1B@F}Bn<zItJU}VLe6XG=FN&~&Bau?>xbou
z;}Ty;uv)}7F%7fq`4+irkUVnJC<M@Ut{o7StQ-CUyfk$*Bu+<ohefJMz(?+emf$q^
z5iw-XT;fX*{vr>zI+WyM1F?zzJqAB{Z`k4MLE_JiK;D9Z*FM12{SO0{l+(+bH?EGx
zMAWL!7&4j@KZ=LgIa6Vym>j1G32MzK@49$1Cz~-u37}CYIPXOeVH7S_JXJcMq4QdU
zFU>e)vt(Hmu|EprB!q7acfhMzC?e180^mKOw?r2kKAw4~K{KL}{kYYkdxIxK&A%2P
z;S{QnrYl5o0Ja^eFUJlJsNwDa!1};-A-4#9oL$$xRW{Jp?|#ds)d*r-4gWC0(r6=q
zHk`7@;JE7m%#aOfc8zMDRF>EUCE}uy(j^0D5yI(6(9knLs;~O0#8FaQG8`n$u+2iN
zK~KGcZw?ovAlcJbClV5mQ8b{5lK8N-poyTga)!*^BqXWORXLuMX8(jhE}uogyHAwU
zfa}Rv!+RUNcPRSjRRu)tw~01j-x2TwZ|E~S%f}k=E_gYP&DqNF&@;KMu2mU{J*A1~
zz=({llk&j<9xGcuUAv`;$%SzX%dW#cT0F2JSIoJ{dS-|hW%}lBenKYd0;R#==*;cF
z(4m@<2PdTc1-*0jZB6)Maz@Ft_6$7Oow`DI309-BaH{2)BCJLwVFXrS+UBu{%H6UE
zvjk(;N|VY-UQUTno>{qg2sQGmpg3x(;#lSW$5mV*hO;iGdW=Of7;Un#0ys>(ac?I>
z6ya_q$!;BXB_0d;8dT&=Zj(VXg#?_ON78=EU-&uoFI;D#lE?zu81G=mv0rvkVdXv9
z#z{XGj6Dq-wK}D(qm_;{Ri($)vkP!^OHC_ptC$M`1!d)$bL&xgVEks@u8tfw#{8;l
zhFn*F|2Y-C_j!P5!lJ?n-dH|vWf9vGqxpBqmd2D!qV|Fw`O`!`3jH*!x59fa1dc*>
z0b7jC%DvYC1)d^V?ToBHUua@C1JL{jcp1vp`1sv-cm7Nnvxuj-`mou^*8zr3l$-$C
zILd&c@lnKX7^5GTfFzOrmtN8@MG&e948Bh0aS6tWO;ZHqU`KNRFz;-p3WC5Uo$wh|
z7!bw>+baa&WNl{V4}LRr@P{vdnAw`Sg@wWQuEEm|eKsorulE9vNNm2L-ic%x@R;^9
zeZ*qv4#zs+por=pfm9~_xngc}WARzD?4*iOqx)6?t${2|3WN4~1yDu8)aill6JG>~
zQXo3_7)Xi&c!k<@hrBuHYIRNK=)^K~@7dVQ3dh~1G0QBerO-<0`qFpWfK|E_-93@f
zPr*r1!4$9z#*7X*^UI|Bz6EZv{$)2zIV51+USWfY@ET$2Stev5@G+Di4aQk1$Cp{6
zp{J}T0}Y=wa@T~_YNP|Tzu1A!u;%#9RCja}e@I|#ah<4@PG0+Ktj#_i&^%#g7{)@Q
z!!lvDCm)3aF@uUD%q)a;+aVJpZ+!@_r$Uh}@#3!*@*rv$bd~Z=&fSPu_V1a1H!Dw=
zggNs<vu<TEz3u{wVNxYBpM80Gz`aRivMSVBYGWsn*>tn$!0IWr9YT{fnSt1zF9iKB
zxs%9!2jX*ZZt~LL@9Gc@@eF3*8s^hQQA$f8fozpX^@<Wwyw~S>eL(+Q;0CLWi-!mO
zkvKxb8o;RPfG|?D4+shMErb(8k?rb-fH5UplXvnLMKVk`$qR1@lrgA`5o=(>m@-Ab
zV{7w|pVuSQT)<wZEpF`U2Em0&m3jF1a^`OtiXanYb*4y{nB&+Xx3n~#h`g&8YrW7K
z2HAqt)Nw=kO%$frPl{4=3iw7Hp{@e+H0zur&<Q>aC@O*#LkxZe@<M36ul<v<i~UR^
z@5)0lTI{`XPM$B9Rs7CRUavSpeXtv$$N}4)fO%69PZ)q%H2*bZHZ3hMc<Z~h^W@KX
zSdy4?upbn|uKJY5L)xHffim9~toV=WvV{|-&yZOlom{C@utdFVSRB%pxY1j+Nb;d8
zL<n0P8rKyN^uj^nc@cAkvY>-MC(_-jBG1p6@&olydfG;i?G13W_{dGtiMB+o(K<=q
z%D8~lGXetAf{fWwm9<h+JOEPJ$zcqr$1(%siaj*;sL2#n#@Px&!;d`sn~PNRoMGL|
zhvDb>E!M5t_3p$U&9yf^k->=j5Q~7M6#n|%37pSDHcoho*?gu}#0DW2s2Gs{CP#}M
z2kcT7kNSj7BAD;u1y`z%aBz_c*2D_Vp!Iycec<FMs3UiJZeuTqR_CW5l;*St=87fu
z+|N+i*$E%gpk=Xy2UFDXym!A=GtE?5=M`Un$Vm`-pA3mB@1yJQ>Q>qbnuL~Fc6`!L
zX&ewR3)hI@P$!JNHHkH5*<yM(n67P6)_l7r%YF^-L2<l-2czFflwC4BRKb7t7FNfC
z;Mj&Xk2~>TK!$5M0%1HqNZ9Cdf=BGVHD>BP0cjksiV?Zds^^`lOqHgfE(~_YaA(UH
z0uvZzUgwXU;8G4de(kA0fslhd?%>7qI|XeAQs1IHVTz`v;UqUK3E55x|4w6-RyveC
z$UhD7CPy+jaCWKC?rdQ1K3;eZkjqs379gMd<1feYk+T3XCZXHWg|#y2Gb)R*xSLrk
zj0l>%#Np}}!$=<6E%`R;&ZJLuk(iuo-$>PCszq(7^x~U0N*OPNPt@D!EoF@Y13$7u
z4bMMLv>irdrg^mbZW*SvXCSffUDw6>?07$`?6X!NIU!lm63O|pzGobDZ{m|4z)#RO
zGvT;^w^2LUHs3`4rI~Fq=8Vat6DplXxM(ug{1@2x|D68Y#Xnaix$r+@WwI|P<IkCl
zJ76;CgiHUMJIim(b$nNLiYkVR%})C{qnbqSv7k-nIYAB(RCX?t&Bhmb8yKQ@?D#=s
zp-K`1$s@gii0BTJADXa@KX5gal$m^xoCF1SLEcoRTN-CR+asI9pWCU|EC9oC+p$*X
z)3`HKlbeB?ic!dG)-Q~iH$8-V>U6T>IBQakN&BjOLK^vReSm2`&Yk>cByx`Jr~lm&
zD<CF$)BcB5Nca3#`2Sve2XZHexz{rhTs`)FhTnDjzw<xt-)8O9&h$)oPuTHkl+Qkw
z*G-T;d%EaMJ#?lXI?|6_81-&D(nq<=d^{3AoVX-;g@M`6m8MS}Ry?bR3V_n8DjS9w
z!79soNc5kp&WCrmoRfh0A<W}kN`~RF-I51K)={}2%f=Uj-f86pFO-1}Ay1&Zc}l76
z2kj2_9?nlg>}E;bOeR3Lv^Rl=CviCy5)DP(*L6HKTqB`Y>&fx+3(pU(Ku~{l@NysA
zM;p!Ct{_bf&_Y*>*vnjRXW+`8D^I!c+Z`yaFy$`fkHaAj8-*nt?GVgMm_Pm$cdYBp
zp62-MK}qG4&K#$OiA}|)gox^a7S(6*dIRgV+^LjgdZmj)5L1}DZ(!nuO}j<e+loWS
zg-6osPczJ%6f(|KFTGu@O;1sH_7Km>a*ZbN|2bxb>N9-)dOkQ>%<b|F8J4G)eOX!g
z`5aEM`EIcLe*BO-0epYF@VY!Xjp_Xb?(umIdWzKtebJ!T`Gs`(2{o~)>bAqxq1Ibn
z{RR9EI4565T6fclTO`ix6G*I&EV-2h!71!Um|8K1y{BgU(sM*W72fY2J9VShzdx&V
z?9S~;3g*NMrHN4PjbqhYlkP4EPOiUJ><P$eYm`IavG8czlR8`3THtqy(=4juoF;o)
zD*YfVRR?O))2_njVU4S@LPn8ETP3qYRe4{{FUv2o58TVlALS`NX8K`GQ}#Hiq|yMx
zbr?6(t(Ba=VyrIjGyD;NNh0^#CD^X=Wmz}r9+5+iZgb4AZwUK%o##A%7Z`QAkDal}
zagRiPM3b*BL(HPuXn_(xWfz$CK+?rk4B>SzY1fF#EJFdHZpE>qoUT~Z9PiDMN~2qB
zNJ%vPBYB9cYq51~$cdWjnP6S*-3|FQkFcCrU(8;l$Evk=Q`_~NaY()Ebj&IDC}*1s
z8kpebIILD}3Tq%x2pk^MhhXaZ>;@uz*aJ6|^K4j0zI78Y*~AP*-20n#D)yD!Dbq7&
zs(SrFT(dEJp#O#hU+ZTTww*3JV8>IepQvC6lkU+*2L`U%(B|(Y_ohTBVd{2AHVomz
zuhUhL1vb>*)YuS4+_fJ1jiiKzgl}h4Rt)X0XCH4B+8;YiIA8BiC(dU@9FlVdLi0%g
zPA)VBWUO8aP|KeLJy~|ni>XjyU6nQe`vq|^Vnl_FOu<!Ux8t@f<6)uHoI*2j&^}}J
zsu!GR52@;v%%+L&fNOebo-mw#m|Wfeg$>PIc75!Op_%-R`laWdWA+fm{hq88_Kcdx
z?jaa3KM=0524&pR^Ma7Ypnfp^w|EQe0&KAY*vH$qZ)Js}I00r%OI})uemPfg2a1a)
zW;v-xfL@7Io-wO>E1yC5fzol`+=#HPV5YE18GrSZBK+XH9NcN=p^pbJtwv&bk9pDf
zMEv_-2S(So<{s20tMWWi(oW2D5u?i~iCH{%;*&#Myn+!f9;+9L@$J1$UuFCl9Io#K
zp>K7xNMj<W>+x>7m)`@d_C2S}Y1-<krn7K2ub6lKYFtG8De)OE<GENh!LS<U(Sk{w
zwKu6GFS(TVJCbEy&25^QkMyCY$>k#QdYDfaFisZW8R{w(xOcTFjL--8$7Nrtx30|x
zJ^eG2Hk0qn1*iRAx%VD0QGB`Vc(r8PkV24&wChPIpbEX`2Y0Ub$wSXjaD_)U0*w+(
zAmivzAU(7K8q3wux3<^=98C!N3Rjgel^ypB6`q#_n0)XwKs%8=)-QzO5W;?Z1Uf_(
zlr9(oQLrf+bu?>|i2F;u3+xUvUboF1G}<Ukc-QW5{Cha-UR*-|Xr;*Qy#;0?%pqll
zZbHfMmLrk^LdaJI?ZG0`02Y!Y#*<c-Aj2)X=S8GV_vyTtwd4MI;MC7$fUPc|P>3=q
zqlP21EW{BunI|VWFPjOu(<&j6>qk*JqZZT%<k^(!7WN^^%H*@>vW1uT_4tQ|flwIH
zTMSq5<0zSxicVSZUQghRo~CL`O=U34C3Wk`#vv)_W|7>q6xjN)Zc1WVR42937{s#a
zP=M!rUeb8?TG*;fhSlV=P7LdAH-I09A00{(vUHRL#@td8bI?JEAnt~3y;u5td8#vE
zxe9$n;UP6}cq4F`3|Ry>R$trMvgbMoZKnWmj$xND+j!UDC4iX9pc!`<x%Lpj2tVkF
zpzFX=LcjQqv#)!YpxYVtM^YO;CxYi^ybt5yr;2GT+eLLu(?d4OnxOy283@Y2k557+
zrevo<3XieoAh7TdUtt8r`f7_)7XZ$Oioko>hVcv=g>1Y^0i{7KMC<On5FGUO$a|_;
z52NQrjht<rK_1S`x7#NE&HV;|W6i_We_XuPZ<CYb*JZZnx*C#$XEX#qbt)mL<v=Of
zgVZ(J@h7I~lOg_ZB8mDJR1z5(ieoAPb7?<C{n&?|4GjpSYzMOI$8+7i`_Ao-8sA08
ztq*7>ViCYQt~wmO_Nr}A2-sGeFUw;{{Z*+dSbs?@__`!a*_M~SR8n31@#+wk-4d!Z
z>aNyjINtc@!()(!Le-d45W%da8~bFXc4l5nmhdg{&@1Y#YuCyV4JMHmEqPTGsSE3p
zAyH)o`<i<v_}}Vt_$s>;%LZ?Wl#1@@@W`ctqx&;}grAr@ONJI{31zEdE%`s?H?MUR
zq+;<85aSL@A*j@|Lh&#(&v`6Om%`}=AGpl3Ra>x@fFU9zYPw0;wgu}nP%a%L3Y#4x
z{op2t%j(Xs%UyaDW=*$*tS_a|k(#@BJ7+#!`>xokyvUCEBPzS^g2L<mRKa|hTkMWt
zmktDlLHc%lKC%z&gn>*Qfx0G<1QIAK5kv*~JDR(m#oJqQBeU6$mF<@=-x)PrYNnGR
zs>wl$p(i&eaFIIvSk%L=_1Pe)&36VSZ7rQG>y|cJwZgbn4N4a3+<O;|t~Qo!Y}lPK
zs#VjX9to<3TXGoajb^;5>S-j}h(EE}8?xv~3LG^LwFO*9A?XAcpcD+pg-c=4G;yn{
zYE<<Vm|OqVTfCJ_Q?o#{NsI=}PJm!kykDkl80ptW@`~ge1Y`5af2Xb0r#s6jc`0oe
zE~EH%-~7TrnvsqpR5{j^PM<lpzI&G_fCohrV(B}aHbNIFC!z5st@pVf7(wA4sj227
z;Wt^ll{Z0b_h^9RPIBOzrR9WKRi77Mf65I6??>GD$#(l4l1{n1+X7P1Xq8`_RlmVE
zQ<GLK;?4a=N3NKn4|zTRYCW~MFKVB?iJoYAl`$2e%|7s0i1BNh_w(;S*WeEFxLiMc
zJ~et3R^ZCIt#|@~3()8Sto$LUK3|XiktF*fxx}CPq-U<&jzbaGnh4+=3%Dq*=44*Y
zW8T0a*;F6j=sAoQ*f+Q}Lj{hTzGRCx8MuTm-26}iv6J070kLZxqKXZR(_Q#MU`NAo
zis2YiF%j@WtM36W0JKBs_HugK?D4XK$7w)6{hT{r=$W2yD>BFEp-2m;=qy?R(^ut7
zDbiMDqtjrTUip9x#S9WOXkUKRI_68aVWDt}w}!hr9_iIM?dii}Rj2$u^&3;-KNe?t
znSgEt`m&}OApcz(W>RZo(8bV&T2(#tNYz|#=<M*d0SVZo<@RL|LvS=!T{!MJgYPK@
z@R3b38-OAl0d8?fjX!iq#hJ`!*z&9o4mQaL-)te~j=GNIecB-pQmk6CR4s}8g#!+6
zSl|{$C4ph%5(t@FZV?$)6ti&YZqA%K4~-@rb+1hoxmMw9TA`{uHE14z7m<MFP33U4
zg1Nfj@`e%a1>y}Q?6(o|*E0nv@XxwJ9K!qhM{@xya-Nm$q*sV~aInK<TH2ZC?CQ&Z
z5Od%3kVNtKvJ<cYN`Yy|Z0<5XWGh#`FK{fF!XK6Cauqt07d%Qj48Ub10%0Vyx)q2-
zBxG*5LrnK{(+8}!69~klsV5*v;VOSFXhn}4!&zJFF7E^!1A@#~hK4^!s3z`%eRW|S
z?fdf`(}V`LS6A!7*wEVtUz&`n?6?&+CQSi8E-%ZlgJ-`jc1&tOq>E{vxGH?c9o@&3
z&?HFG0suo8xCTdln>x@qH=Q9&hORrHxqJXiypzqI45i1We8F(fioj*xq`@-ultGO2
z*E6BUi<laE+8PLE%ROfK7(qJ8o(u)F?zFXEG%Ldk1tl||^8_}Dh)^*&TZv2VU?;c`
zmCmBcWsxcAUx}&t61<&v?7z4(hErZt#?rZhHE!99ItX%t36A-O-b0R|Esno&3IgwX
zRg`Gyjp(7o2;QLo=rh(io20e3_4C^6es1YO6n8KXezT#9YNbG-!&6h}8O_8_L0F`C
zP#LCYZo0c>edYs{IC{A3qDw9tZlLoK#~(^DtA=|eam&8Dx-iXf=3cRX)A97Mhx%D$
zl)o#M)IOo43LX(tzx2qe!5gCsb+Jl1-SadPjBS?49jgu|vptp4kpGiU(?o{ieOX?U
z{%6MwH_gQ_qdvOMzYRM%(_!nf*)|5%5{-_Pb52zC1O#Lel-b=AzMMPggU|}nGwBGm
zX+{_ZFM_-*gh7ze>UN11VmJLNCna~*#pzI_o{UyQ1UpolSp*lCq$ZQiImx*SlY&K5
z5LvlCWxss+QOKSf=fWjAGs2R)JLZFz=I!vV41bW~4m>B1LE~{a&g4ES`;{Vh2xX4V
z*7Yf)tmFFC^9NUxj1~${l*b6-0ZYF?Ada;w?F&*rl-~yf;O_U;?}y$P>!8^jbS#c7
zAf&YWwV>V+MNlZf8EXs>ZgPC@t46hdpE8IsAl%4qAcl{F&KF4z!t2Rs{YP@}Ch>jt
zlZ`}85m@s@+^YybwFFtfmEeox?iNhjAc$;@e!$NV+I<E2V=si7|H6|nK_YF8fxG$p
zD%^I+94HcO>gMK#ZNuSpy$_aCEe*V0L=%`{j7Gg5bWp>_ARe$|cv@)%GlFx9AB2IF
zzUkB6UK#@B=~f6vUEgjl4Q9qD8v1zzVMI73E4nWkRH+m8cstr9+Dxmk`#Q@%NE8lB
za#qM~4{Qo8ngkaFk6ZeR?IrvEq8inK2rX9xseT*8ec>y;MLDoiIyd2kLcmVPdd=u|
zZT-=l>v7Tp;~Oy<g?HCg*!1?ZS`k}ro$CJZ=aZrlKtE6Go<__F{+P@UjLFrT5j{W(
zwp;oHYXnSRaFC84*?*08%GV49#Ys+@Q=?LzLdZV(G)-q05>sIdV1}K|^-4_98S@O#
z2iIMjU?8-yh_B12m&LYy$=?5V0m#5CnaIoOIj?I30d<BcUQkgmxTLt6!`%nu(JbkE
z(Z>VWfA#}}F@}RBG&vw?CTcYQhUbpD+0ZlqvQ-%9f%o8a*uwmQsG5D8VwCCj>Y;_`
zF)>1L;(U;yud50Hp(oP4dftKLoE+`K)PQT>o6udkGhNt~1{($o;Pe$gIzq(QZ;9~P
zGNR9MCH#K;06Qr$(3zGpg}i$$dJ;11ov(n+eHSysVW|;i9OG9`5yqGXHNahZ&&VTZ
zZjq$ha^WMR4p)+70Th}-Jfunpu+`Gj$9@JhmWd|7ha3YgBpx8SH!~sxW;>qH&kcDJ
z$X-e)`VEfRI6vTen$UPH02(2s<n2`s)MdjvhI1B`tsru}g=M%zc`Aja6Iznlbc(KM
zyp{-7AlAw}Q_4J(`fQ($0CrN6E)P;R+nU6%gV+&`yTbBG6s?&={aAyT@^N_gN~$}K
zl!f}|T~{5~PiDimUQZRLAqmHDKk*ozqPB-;r`Hj_7oa@Cz<K5xibtFglFCN2MMfuB
z!irYL(KNJkMFcIbJ_BMM^cfLtn+BKM>{T7XHr$@58Lv_&(q?g}JWFW_T5(}&fwB~M
zh2!=bipCFt(<~==^zQZ-TwV$g2nFE(FI4;|TKI3{|07%cpP&3s*~9<&;q{*e^8XP*
W$V-8O{YMDUzZv{*FXQ-+)BgfrYgbMH

literal 0
HcmV?d00001

diff --git a/Solutions/Forcepoint NGFW/Package/createUiDefinition.json b/Solutions/Forcepoint NGFW/Package/createUiDefinition.json
index a1c72244435..e5805fbd1a9 100644
--- a/Solutions/Forcepoint NGFW/Package/createUiDefinition.json	
+++ b/Solutions/Forcepoint NGFW/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20NGFW/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Forcepoint NGFW (Next Generation Firewall)](https://www.forcepoint.com/product/ngfw-next-generation-firewall) Solution for Microsoft Sentinel allows you to automatically export user defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/ngfw_and_azure_sentinel/) \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connectors:** 2, **Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20NGFW/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Forcepoint NGFW (Next Generation Firewall)](https://www.forcepoint.com/product/ngfw-next-generation-firewall) Solution for Microsoft Sentinel allows you to automatically export user defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/ngfw_and_azure_sentinel/) \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Forcepoint NGFW. You can get Forcepoint NGFW CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
diff --git a/Solutions/Forcepoint NGFW/Package/mainTemplate.json b/Solutions/Forcepoint NGFW/Package/mainTemplate.json
index b48b92cc842..15e3b301adc 100644
--- a/Solutions/Forcepoint NGFW/Package/mainTemplate.json	
+++ b/Solutions/Forcepoint NGFW/Package/mainTemplate.json	
@@ -47,27 +47,9 @@
   },
   "variables": {
     "_solutionName": "Forcepoint NGFW",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "microsoftsentinelcommunity.azure-sentinel-solution-forcepoint-ngfw",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "ForcepointNgfw",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "ForcepointNgfw",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "uiConfigId2": "ForcepointNgfwAma",
-    "_uiConfigId2": "[variables('uiConfigId2')]",
-    "dataConnectorContentId2": "ForcepointNgfwAma",
-    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
-    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-    "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
-    "dataConnectorVersion2": "1.0.0",
-    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "workbookVersion1": "1.0.0",
     "workbookContentId1": "ForcepointNGFWWorkbook",
     "workbookId1": "[resourceId('Microsoft.Insights/workbooks', variables('workbookContentId1'))]",
@@ -84,750 +66,6 @@
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Forcepoint NGFW data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Forcepoint NGFW via Legacy Agent",
-                  "publisher": "Forcepoint",
-                  "descriptionMarkdown": "The Forcepoint NGFW (Next Generation Firewall) connector allows you to automatically export user-defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Forcepoint NGFW log results",
-                      "legend": "CommonSecurityLog",
-                      "baseQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Show all terminated actions from the Forcepoint NGFW",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| where DeviceAction == \"Terminate\"\n"
-                    },
-                    {
-                      "description": "Show all Forcepoint NGFW with suspected compromise behaviour",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| where Activity contains \"compromise\"\n"
-                    },
-                    {
-                      "description": "Show chart grouping all Forcepoint NGFW events by Activity type",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| summarize count=count() by Activity\n | render barchart\n"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (ForcePointNGFW)",
-                      "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "innerSteps": [
-                        {
-                          "title": "1.1 Select or create a Linux machine",
-                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                        },
-                        {
-                          "title": "1.2 Install the CEF collector on the Linux machine",
-                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                          "instructions": [
-                            {
-                              "parameters": {
-                                "fillWith": [
-                                  "WorkspaceId",
-                                  "PrimaryKey"
-                                ],
-                                "label": "Run the following command to install and apply the CEF collector:",
-                                "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                              },
-                              "type": "CopyableLabel"
-                            }
-                          ]
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address.",
-                      "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python - version \n\n>2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "4. Secure your machine "
-                    },
-                    {
-                      "description": "To complete the installation of this Forcepoint product integration, follow the guide linked below.\n\n[Installation Guide >](https://frcpnt.com/ngfw-sentinel)",
-                      "title": "5. Forcepoint integration installation guide "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "e002d400-e0b0-4673-959a-eec31378d17c",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Forcepoint"
-                    },
-                    "support": {
-                      "name": "Forcepoint",
-                      "link": "https://support.forcepoint.com/",
-                      "tier": "developer"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Forcepoint NGFW",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Forcepoint"
-                },
-                "support": {
-                  "name": "Community",
-                  "tier": "Community",
-                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Forcepoint NGFW via Legacy Agent",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Forcepoint NGFW",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Forcepoint"
-        },
-        "support": {
-          "name": "Community",
-          "tier": "Community",
-          "link": "https://github.com/Azure/Azure-Sentinel/issues"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Forcepoint NGFW via Legacy Agent",
-          "publisher": "Forcepoint",
-          "descriptionMarkdown": "The Forcepoint NGFW (Next Generation Firewall) connector allows you to automatically export user-defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.",
-          "graphQueries": [
-            {
-              "metricName": "Forcepoint NGFW log results",
-              "legend": "CommonSecurityLog",
-              "baseQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (ForcePointNGFW)",
-              "lastDataReceivedQuery": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Show all terminated actions from the Forcepoint NGFW",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| where DeviceAction == \"Terminate\"\n"
-            },
-            {
-              "description": "Show all Forcepoint NGFW with suspected compromise behaviour",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| where Activity contains \"compromise\"\n"
-            },
-            {
-              "description": "Show chart grouping all Forcepoint NGFW events by Activity type",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| summarize count=count() by Activity\n | render barchart\n"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address.",
-              "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python - version \n\n>2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
-            },
-            {
-              "description": "To complete the installation of this Forcepoint product integration, follow the guide linked below.\n\n[Installation Guide >](https://frcpnt.com/ngfw-sentinel)",
-              "title": "5. Forcepoint integration installation guide "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]"
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Forcepoint NGFW data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId2')]",
-                  "title": "[Deprecated] Forcepoint NGFW via AMA",
-                  "publisher": "Forcepoint",
-                  "descriptionMarkdown": "The Forcepoint NGFW (Next Generation Firewall) connector allows you to automatically export user-defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Forcepoint NGFW log results",
-                      "legend": "CommonSecurityLog",
-                      "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint'\n |where DeviceProduct =~ 'NGFW'\n |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Show all terminated actions from the Forcepoint NGFW",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| where DeviceAction == \"Terminate\"\n"
-                    },
-                    {
-                      "description": "Show all Forcepoint NGFW with suspected compromise behaviour",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| where Activity contains \"compromise\"\n"
-                    },
-                    {
-                      "description": "Show chart grouping all Forcepoint NGFW events by Activity type",
-                      "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| summarize count=count() by Activity\n | render barchart\n"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (ForcePointNGFW)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint'\n |where DeviceProduct =~ 'NGFW'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint'\n |where DeviceProduct =~ 'NGFW'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                      },
-                      {
-                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "customs": [
-                        {
-                          "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                        },
-                        {
-                          "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                        }
-                      ],
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "1. Kindly follow the steps to configure the data connector",
-                            "instructionSteps": [
-                              {
-                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine."
-                              },
-                              {
-                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
-                                "description": "Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address."
-                              },
-                              {
-                                "title": "Step C. Validate connection",
-                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "label": "Run the following command to validate your connectivity:",
-                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                                    },
-                                    "type": "CopyableLabel"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "2. Secure your machine "
-                    },
-                    {
-                      "description": "To complete the installation of this Forcepoint product integration, follow the guide linked below.\n\n[Installation Guide >](https://frcpnt.com/ngfw-sentinel)",
-                      "title": "3. Forcepoint integration installation guide "
-                    }
-                  ],
-                  "metadata": {
-                    "id": "e002d400-e0b0-4673-959a-eec31378d17c",
-                    "version": "1.0.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "community"
-                    },
-                    "author": {
-                      "name": "Forcepoint"
-                    },
-                    "support": {
-                      "name": "Forcepoint",
-                      "link": "https://support.forcepoint.com/",
-                      "tier": "developer"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-                "contentId": "[variables('_dataConnectorContentId2')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Forcepoint NGFW",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Forcepoint"
-                },
-                "support": {
-                  "name": "Community",
-                  "tier": "Community",
-                  "link": "https://github.com/Azure/Azure-Sentinel/issues"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Forcepoint NGFW via AMA",
-        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
-        "id": "[variables('_dataConnectorcontentProductId2')]",
-        "version": "[variables('dataConnectorVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId2')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion2')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Forcepoint NGFW",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Forcepoint"
-        },
-        "support": {
-          "name": "Community",
-          "tier": "Community",
-          "link": "https://github.com/Azure/Azure-Sentinel/issues"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Forcepoint NGFW via AMA",
-          "publisher": "Forcepoint",
-          "descriptionMarkdown": "The Forcepoint NGFW (Next Generation Firewall) connector allows you to automatically export user-defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.",
-          "graphQueries": [
-            {
-              "metricName": "Forcepoint NGFW log results",
-              "legend": "CommonSecurityLog",
-              "baseQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint'\n |where DeviceProduct =~ 'NGFW'\n |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (ForcePointNGFW)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint'\n |where DeviceProduct =~ 'NGFW'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n |where DeviceVendor =~ 'Forcepoint'\n |where DeviceProduct =~ 'NGFW'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Show all terminated actions from the Forcepoint NGFW",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| where DeviceAction == \"Terminate\"\n"
-            },
-            {
-              "description": "Show all Forcepoint NGFW with suspected compromise behaviour",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| where Activity contains \"compromise\"\n"
-            },
-            {
-              "description": "Show chart grouping all Forcepoint NGFW events by Activity type",
-              "query": "\nCommonSecurityLog\n| where DeviceVendor == \"Forcepoint\"\n| where DeviceProduct == \"NGFW\"\n| summarize count=count() by Activity\n | render barchart\n"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-              },
-              {
-                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "customs": [
-                {
-                  "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                },
-                {
-                  "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                }
-              ],
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "1. Kindly follow the steps to configure the data connector",
-                    "instructionSteps": [
-                      {
-                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine."
-                      },
-                      {
-                        "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
-                        "description": "Set your security solution to send Syslog messages in CEF format to the proxy machine. Make sure you to send the logs to port 514 TCP on the machine's IP address."
-                      },
-                      {
-                        "title": "Step C. Validate connection",
-                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "label": "Run the following command to validate your connectivity:",
-                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                            },
-                            "type": "CopyableLabel"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "2. Secure your machine "
-            },
-            {
-              "description": "To complete the installation of this Forcepoint product integration, follow the guide linked below.\n\n[Installation Guide >](https://frcpnt.com/ngfw-sentinel)",
-              "title": "3. Forcepoint integration installation guide "
-            }
-          ],
-          "id": "[variables('_uiConfigId2')]"
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -837,7 +75,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ForcepointNGFW Workbook with template version 3.0.1",
+        "description": "ForcepointNGFW Workbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -898,6 +136,10 @@
                     {
                       "contentId": "ForcepointNgfwAma",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "CefAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
@@ -927,7 +169,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ForcepointNGFWAdvanced Workbook with template version 3.0.1",
+        "description": "ForcepointNGFWAdvanced Workbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion2')]",
@@ -996,6 +238,10 @@
                     {
                       "contentId": "ForcepointNgfwAma",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "CefAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
@@ -1021,12 +267,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Forcepoint NGFW",
         "publisherDisplayName": "Community",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20NGFW/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.forcepoint.com/product/ngfw-next-generation-firewall\">Forcepoint NGFW (Next Generation Firewall)</a> Solution for Microsoft Sentinel allows you to automatically export user defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.</p>\n<p>For more details about this solution refer to <a href=\"https://forcepoint.github.io/docs/ngfw_and_azure_sentinel/\">integration documentation</a></p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by <strong>Aug 31, 2024</strong>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Workbooks:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20NGFW/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.forcepoint.com/product/ngfw-next-generation-firewall\">Forcepoint NGFW (Next Generation Firewall)</a> Solution for Microsoft Sentinel allows you to automatically export user defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.</p>\n<p>For more details about this solution refer to <a href=\"https://forcepoint.github.io/docs/ngfw_and_azure_sentinel/\">integration documentation</a></p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by <strong>Aug 31, 2024</strong>.</p>\n<p><strong>Workbooks:</strong> 2</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -1048,16 +294,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId2')]",
-              "version": "[variables('dataConnectorVersion2')]"
-            },
             {
               "kind": "Workbook",
               "contentId": "[variables('_workbookContentId1')]",
diff --git a/Solutions/Forcepoint NGFW/ReleaseNotes.md b/Solutions/Forcepoint NGFW/ReleaseNotes.md
index 1ca0fc4cd7d..a344cc1811f 100644
--- a/Solutions/Forcepoint NGFW/ReleaseNotes.md	
+++ b/Solutions/Forcepoint NGFW/ReleaseNotes.md	
@@ -1,6 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
-| 3.0.1       | 15-07-2024                     |	Deprecating data connectors          |
-| 3.0.0       | 29-08-2023                     |	Addition of new Forcepoint NGFW AMA **Data Connector**          | 	                                                            |  
-         
-                                                                                                                 
+| 3.0.2       | 19-11-2024                     |    Removed Deprecated **Data Connectors**                          |
+| 3.0.1       | 15-07-2024                     |	Deprecating data connectors                                     |
+| 3.0.0       | 29-08-2023                     |	Addition of new Forcepoint NGFW AMA **Data Connector**          |

From 240f766a7f41176836fe328d187345e0409eee57 Mon Sep 17 00:00:00 2001
From: v-shukore <v-shukore@microsoft.com>
Date: Thu, 21 Nov 2024 13:15:33 +0530
Subject: [PATCH 5/6] update workbookmetadata.json

---
 .../V2/WorkbookMetadata/WorkbooksMetadata.json            | 6 ++----
 Workbooks/WorkbooksMetadata.json                          | 8 --------
 2 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
index a4e765cff53..6210e7d3937 100644
--- a/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
+++ b/Tools/Create-Azure-Sentinel-Solution/V2/WorkbookMetadata/WorkbooksMetadata.json
@@ -1960,8 +1960,7 @@
             "CommonSecurityLog"
         ],
         "dataConnectorsDependencies": [
-            "ForcepointCSG",
-			"ForcepointCSGAma"
+            "CefAma"
         ],
         "previewImagesFileNames": [
             "ForcepointCloudSecurityGatewayWhite.png",
@@ -2988,8 +2987,7 @@
             "CommonSecurityLog"
         ],
         "dataConnectorsDependencies": [
-            "Claroty",
-			"ClarotyAma"
+            "CefAma"
         ],
         "previewImagesFileNames": [
             "ClarotyBlack.png",
diff --git a/Workbooks/WorkbooksMetadata.json b/Workbooks/WorkbooksMetadata.json
index 6bb23bf2bc5..7462d3749ab 100644
--- a/Workbooks/WorkbooksMetadata.json
+++ b/Workbooks/WorkbooksMetadata.json
@@ -78,9 +78,7 @@
 			"ThreatIntelligenceIndicator"
 		],
 		"dataConnectorsDependencies": [
-			"ForcepointNgfw",
 			"ThreatIntelligence",
-			"ForcepointNgfwAma",
 			"CefAma"
 		],
 		"previewImagesFileNames": [
@@ -1381,8 +1379,6 @@
 			"CommonSecurityLog"
 		],
 		"dataConnectorsDependencies": [
-			"ForcepointNgfw",
-			"ForcepointNgfwAma",
 			"CefAma"
 		],
 		"previewImagesFileNames": [
@@ -2451,8 +2447,6 @@
 			"CommonSecurityLog"
 		],
 		"dataConnectorsDependencies": [
-			"ForcepointCSG",
-			"ForcepointCSGAma",
 			"CefAma"
 		],
 		"previewImagesFileNames": [
@@ -3747,8 +3741,6 @@
 			"CommonSecurityLog"
 		],
 		"dataConnectorsDependencies": [
-			"Claroty",
-			"ClarotyAma",
 			"CefAma"
 		],
 		"previewImagesFileNames": [

From bb165f48c6fe3951506c6330f6ec2a026bd3470d Mon Sep 17 00:00:00 2001
From: v-shukore <v-shukore@microsoft.com>
Date: Thu, 21 Nov 2024 13:24:10 +0530
Subject: [PATCH 6/6] Updated deprecated comment in creaetui

---
 Solutions/Claroty/Data/Solution_Claroty.json  |   2 +-
 Solutions/Claroty/Package/3.0.3.zip           | Bin 14778 -> 14782 bytes
 .../Claroty/Package/createUiDefinition.json   |   2 +-
 .../Data/Solution_ForcepointCSG.json          |   2 +-
 Solutions/Forcepoint CSG/Package/3.0.3.zip    | Bin 5519 -> 5516 bytes
 .../Package/createUiDefinition.json           |   2 +-
 .../Data/Solution_ForcepointNGFW.json         |   2 +-
 Solutions/Forcepoint NGFW/Package/3.0.2.zip   | Bin 14657 -> 14654 bytes
 .../Package/createUiDefinition.json           |   2 +-
 9 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Solutions/Claroty/Data/Solution_Claroty.json b/Solutions/Claroty/Data/Solution_Claroty.json
index 17292bc28df..6ea0ba6439d 100644
--- a/Solutions/Claroty/Data/Solution_Claroty.json
+++ b/Solutions/Claroty/Data/Solution_Claroty.json
@@ -2,7 +2,7 @@
   "Name": "Claroty",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.",
+  "Description": "The [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.",
   "Workbooks": [
     "Workbooks/ClarotyOverview.json"
   ],
diff --git a/Solutions/Claroty/Package/3.0.3.zip b/Solutions/Claroty/Package/3.0.3.zip
index 9c264a2ca4603b8d7246eb618588b136bd9f370a..542a1874a2b5d57701767c534589c2164e4985b9 100644
GIT binary patch
delta 2854
zcmV+>3)%F#bG~yIP)h>@6aWAK2moPfby?**dsxB>001VD7axCH{chVh694~zdj~>y
zKy1SwN!o6Ai|a1DN%jLscXN%q`6CGmTB2=kBvB<PyWU=aeU^KHd#8Ppn<4dS$w|{h
zap0gREOJE7$8UziA@%9+e<Q^Cr*da3pw27e%(RZwtHHpw^aC2wDGOMr`}B`kvc4;V
zq)!cY`+NQUUL=3noU_H?Kr*V?yPpr)goj*n5%%B2zUIFL{oj=c|KW7aTr(PaK9e}t
z8}3S>#6<UpX6(WU3Gtjs1p^^*X|kj{qLKzo0})Vs!X{{RML6NpyaAfHI^%y(=|SU!
z`igb4o-tM2RYhWG^q6ubk90Egzj!buO1iHvGVMsZ=udySp2g!>F$ptj)DY^%NMir*
zokAlInLhw!0h5DcF%`=8y-)l4YCgSi$bx%%1{1t|5q*Tm8ROHL&Yr)$2rt4;=NF;b
zt4@cU_>3w>B%3fvv><xM$VB+QSnzO4#%v-aBRo`^`aZT`zY>0o0=*(Q)?a`Am%KHa
zEOnCex6FTzjZ>-1Rw}QRb-jREGL}ktnhd4}2R@ZTF9*q>X3T!zwUGmYER1FhI1T6$
zm?q~}p;&~3D-{=~rdNPMHBiY^DXYp*TjDl}nA8+dhr*&hxFRVVT@qE*6;!p<N3MV&
za-OiAv*6kWBYrzq77Rc#2$NJ7goSkMGX+CWnKFNbV)ECY|ATP_Qp6%wAUHyu90GP-
zB&nZEG9_Z^GBxn1rfSBRRs%O1rKim(Jue-lO~ALv`6+Y3IAGrZ6i$XN44~>K;Gq{Q
zEjjgj?s5!ngl}@Nn3A+j*c?PcIY4JsIs3#a3{;(I1b%xgVxb2#1fCIF2O<dI=MfG@
zeh_~$0J*alP?*$iNPF}HnR7~pZ-&?vf>^?s%msAAgCX+8RP_-$hCCZ;!F?ZLlvtE`
zgen370vMTCMC5E*5^7>p;#$9sj?lGoIVA%PLE!ULi5^EQvU!lQX<1?)IoKS;$=Fw9
zfglIHz=#muJXB1lGmNL?*<P3I@9sbEbgX|eJDn2>HjoNAfxb@XOvtOT5LbE2Fr@xc
zbC<l00c56m7u$b|Lo@HcV<vgpfrFkOGb%$8Alm6z#Ja|o6>l@KK6SY^`46d%lDYZK
zFK7Ph3AgQZ3sF|Z<6@XC1Yqb)p?@O9oO?FFpBE`earyWa{NGqdy~)<AK{j)7)^&d`
zQvc^rVa!#71?XHw6x}XLXCF{lvb0h84WpHYFlM`f7#0KW8p;U-ZsimSFY|}%qRM>X
z(pq)FB1kbttajjf%RO*MT*rRm9wH<iqzk|#Q>F>mWFke7Iu`^H3o$@$s)`bK*CnBx
zIaeG4Ub?ofVLdhIk5a@@g@1~R*HM4sJJ73TTpTF<nfyox&R6dY8pUNigxmn-1{sfs
zXPGEPuJkfu<xC`lb$=*>VZ<?LOW~K_62c#Gl)^FbZ^C`dLCAQSYfOPUA<~(600G1(
z_idsBVw6A>!<fdr(%29;Jf3DA=Tnmr$(GN;sh+h;N^G_JC}F$1+rD(ls{Vffi=wUr
z$xL7l<otLvDkBpzDLpeY!u$Y_R?#_OBJOo}3f}O!4)h(3crVG}UPGkY?d^Wu+uhp%
zhU=`Gu~cWp#b+AOt~dQdDWXHj5K7cO9Wx)v>(LPT&@vOgXVcSDV;@4vnyFV%;K7U@
zW-w+Y^3m=h^b3$EAVS>{60m<r!!oH=#iqt_nD-m?!Q{q(0gYM~kS*&Tt(~$1?6muH
zB=3@hu1#Klo36yFrNuFfD3d<0e7j51wp#qPfuO}T3(PnXu3)VMMLVA^tj;f-R~ODs
zmmryWt4nq+obH8VIH~Ww-hrVnS8$5h=8}2U7*W(%9+HYg3D7Rn=mCG(YIJMxs14<1
zAXU4;dyW%|vbi7!08?=<jpELM*{oo?hG<x`Za9%py8Pau2#Z0vB>mW@9vg9O6tIRv
zz!@%*m1T8x^{A+!r`bncS=QFN;RvX|hZX0l@`{M;;#^s=a5$VJ^{dsiO=W6oLFNz1
z;f(naS&EoU0l-LQ!jON>TT!dp2&?5XO(P)(1H!tLb~pjduiH9x2{c1K8LPA>WyB0;
zGLM{F++6jYvS`=E$MQ0IyW)YLsumwu@n(*ijw0mqOmKB*LkAlOr%*?Lv=8=t8F#qr
zF!^D&p&RHJvSi$X0NWgX_P~^~XR?{q;jhaL_fY5F=WFuRZmxeSFJuZy_KOvQbv}lF
zbsDblSnF$s^zLRiuiapJJ8a^2r?AnquEPUHkT0{@HHo3(s$!RlWhxDq#m7Ql)_(Ki
zpQWVrQFvI}{iRX3cCvd$;d&158ig~?o<bBZSDjMUh=ffNgxmm<DJ=Kg7E)c4;hMsQ
zEu54`QVoXIT$_JeA6jjRC@C1Jo*OGIg73~o{lI<Cz1Jr~f^~YCr0;EwvRIG3#lP>N
z{suxZ>5-vQu(e&?0T}8pjmsIs8;i>$$){7?X;LE{ZaP4~Rad~jyT#)>*=xTMdmTvF
z^}5t2uxVl7D_Aj`b6WfQeGRz3F$3CyFJ!PY7DDJtM9zOCwRM<G1HyG<sUF$9&l)i=
zR=Yw>*5lB%1>vlg_0ZORwsGs?nGjae)=2!w27TU$LCw)#1k3e=axAtRaZL#frGIdv
zKHs=egS7%H%#Ts(M>gz>$22Se*~sbPnO10v?GJ9{7f;p7b<#hwwZCe_+P|=cO_d(p
zmS1hmmRWz6WL8;9LXgoWOfw1&%dpY&Oc5xl5V3I1r3lS6hsU+*%SNnvB7E*HVV@-Y
zX4cr38#8X|sL_gukL`|MH)6QcSVi3BctwE1OLP8!Wu=VsjoVJ;QjXb-f(@lT8-WeY
zl!Z)E-(P}vdK?p`Im0vefcgt6*&|!|o2IQi;aGnyku+432C}Aao|36cqGs@ZWP|SQ
zHe%6{xz1y&EalTX^TvJcxVO7;Lmt?p6K-$7*sEHJPZHeUP`oIERXo=om=nl{@#OdZ
z_RSx%_M3~vGkX>0gS`n;ls-4z%5|9%QMqz^6Xjj&w`I<rUJ*Cpk0cD<TD+C9ImK3N
z^-X_sEC)^I*dVDouC3&f`<HT86uYhU+(gU<im?R+E}JRHe&1YOuf+VuA|(chC4@aH
zU2qA5{Aw*Txm1al1;HPSUb9TDPAa?~c)%vZfD$|eEnI|bS$<EGTbjpWO6-L}0-Yl~
zJZaxM+TIy04V8mMIDrIT+l|}9RT@g1KP7*txQW2#EX~NgMHp$Orkouan7hTzU}ST}
z<T{L`0xO6jXx;6LCe0M9PmT|gN?s!%*<5kD1|*rRB)!c~%;n{6LP;}~?{_FwsqWhd
zS~geYu0e}M3JQ(4U$!osG*vX$ct?vUmx7nsPjniA%I0e5HBd<e#qEDsP{209rI~+f
zd<ia^%4t&x?dGcTHE>A;-DbEna|ZA(q!E5<fnTthZ}%F(%H~c1YOoToioAU*Q8OnA
z??U_}!#9dENnRsZ+1xQg4OXn2WWn_eaFdCzG}ZAo0j8moiZhVVUbj8^2=c;jk$pVb
z2zWMlc2R?#Tv&^ssyb`{Vow-K`9oUPp0s73Hi=kAartwx`~$jP;WJX_e8Q#DtuOp)
z3>4S8$CqPW_93ReO5ec7ZaV!UpLyjIGxM2PDnscLF{dP1`p_zo<R9}PP0eiSw~0ol
z@E`p9KTt~p1e0qy8k3Vb5wju-3N8&{YIRxVJ9}8d3IG5mlQ}t70r!)TIV1)oIRF3v
E0GByrHUIzs

delta 2852
zcmV+<3)}R*bGmaIP)h>@6aWAK2mqRfZ&}A5P3OJ}001mQ000-0PdOTY-5c$0+c@(7
z0rw7s?ts{VKazfIcZ=&Tyh-*0NOyCMyZw;_1ufAwH<GB5lwEJHz&^{pz`fHx$<2@w
zC0TOXG*KKRC<==l4d;7?L+Zod|3--SPvy^9M7`(4n`@n@=fj~L8ALRuGZwK}59lAM
zWCLGB*_;~g4fY3*`iW$J3(l6q1IegnuYW#dQyz28MLc+!hMNBt4SrW5{)g8yYt3mK
zgiPXEFS##;5>q`G8Qdid8SsKh1&9#1vRF2qP)Q@E0SF*I;1CS@BA)VDF#tncz2SdQ
z8NlF_hKlvv%!DfLt1>VQ22A;qCpugCUp$%-CH)uYPCAk<2Q#jJ=jkL>Ou~v9C4{mu
zoY?>Sr!dH477jsJK;-aP%!IOYZ}Yi<TFlNpvgCoD!vfEqChy^K&iHJu-SfBS@p-(v
z`-{-*`R*<`2^m$4NH%4XXhHOxk*NqnvE=cLOxRRNMtH0=4MQBkc_qRW8G23-*I$4B
zm%K8PtW1)#SIpvn#--FnC+FAlx|u;O8Oymm&5)_#K}e<0t6_%J;2cCj7bze}!g$Vr
z(ul5rXmWNLi)Bo>QfYZ<dI?sjhALYsCsi3}3*03MlbV9nA+snCu1HQsk0f<*MRh3+
zkSZXEoMmJeB=~l~u-`3&1qg^UVUo*&u$WFlrU3PfDFY~frhonUKfo&xA{D6u#?jQt
zA=s{uAkAw@rbH@zriKC4RLvRFYUn#GeQmJxgB(kjfNznrQ|5zmK)(?PoQ!-xpqdxp
zagZu4ISu>%Y65PAZ*tI>lC(?M0$4&mKxTD52gC{tMC~L3zXO)AH~<&|&uCi*B8uSW
z5h5c$2pIu?-|huuCf6In9{oTToRZPY5l+RxmM|*w!MfqW0EJ?v25344+@V_XFhn!T
zG|B=(6@dT&giNhP6l7WuYGPF8TEC8u(6tIaB?AdT;0sg*9<i0lJjltkB(e7#bPnt|
z@)e<=3_201Moxf25D_4UNEeXFij2}3dA#2vkM<saJ;{hUp`Zz=kRF)W-F+kE<wS_f
zVq_H4aHY9VUZr4aW_S<Be@bJs`oB{qc|L(i&yE?DF^PnurLNJM&zXpyJ6@Okht#n+
zXTSPo=e2?GyI!vpYgIZa2isB@hRNIkPNZ1yz=rv=G6X3nkzXMS7#*pXE^7_l%H>rz
zy-34<pJRoQR}GgSbCpnZz9e6LNFi})Bl0V-RZtkUT>%U!f%^t>3gKIMWx$K#;bU23
zq3~&=xF8i$j1=n=n00voPKnv<Cmx`M<VbpC$;gap!Zn#n5#=rhp~RY)B2E+)>ONMO
z@)lfi2zz;k-9UP-&>y8plN$XLQ`k}FK`^U-Wm-m*|IB{mh>INVOrxC4W2g|2Z{YEG
z^v1DLrb@38R;@>zSr0}s8YLV<w-jOZEg`}&M=m@Q1*bg3N(6nnFdh&m#5)reAdDE{
zzRF}kj1Y)o7};1*!41(P;CcOVHZygR?1U_y>3OFj#7=jB9Cmwq-3zZO>UWSDb(4{Q
z%mr3L-j7G)s%1hwrRQcvSRc%zQ+7^RhzGr$k~e&=1ARvm-p?wz7ZB$5`g>pZ_x5*y
z;3n-llA5%*{7ePftTQ;2A~}RQp#mM!2@4Ut*&31%M&=?6Y>|3u^g}4wu=JW01h8U&
zb&SbJA?jVkVaX&)7NM?b5|FAPS!z{()2VSB7W_s-P`OcHM3as+$c}Z7&Q8?<cDjQF
zg7-)U*Cj8$&GWJ9XmJb}Wi|(z@AgPO)@XlS0O)YdB7-Nv4A#l4Xy?PZmHD~%{M_5=
z5d<@D^~lb-*E{zNCC#%RcL4Rpnw_F;bIF2wj3`U22uWq2%+N0K=m9lr^2y+T(HP3B
zhE$&h?>WvOs_KID531rp9>u)_vt_}e4Xt5A-tZEkboISM5toB<h5JcJ12*Q`2w($+
zU}u;lYiV^od(_0x*X+HnrL~Q2I0oqNA>&-uUJ;2+&b5q%=x~kPuhxq<<;2v1`X36b
zISUiA5-FL10V9+NL$-QFscOT2td^_1n1u2R0GkTi(G+Zc(*~+XU>K^(ROK@{AqJhP
zJPK-Yi#717tbHs$R@3OG1rPMprFhGNH)}LZluf><1lLg;IM_ybrEUV0eX#R$)ZyO4
z)Q4_cH`FQA%D52$vN`<hgDPd;R5R=7KUN2BAkO{Im*lD4V%1)70?BrNjWvKxK8Aly
z60XtM=xYY_`f4|?U7>o5HuJkv*lt?a;SnQ9m)Y`~!ccKl(@RY=wSkNBV`<KfU!DA2
zN!lERM~%~88igAdyI~Y=rtrE^*im*LqHwkMl#@mzY?2`4Mo>&))8|tm)i)KcX<yj(
zNfnc7F|-!aeDI;wHj1);wvp=lsnR0)?#*}*`EPmf;zUT$PTz6*)^;k(UD;3g_YK6~
zLMSGEGExe*w(C0p1O26O*%7?8xIC78Hp87JHQeE*0~lO)1^l~SJieB`9<`#c0|~oc
zpN0fBEew1Gn`H}58(+Vv0v~Nnfwt`n73`eF5c)Ef9jCSr<0K$|d_R@yj@A3P74>4b
zE5>3yjeXk|cD=0I*6!o2YZp(3u#>id<2zR9lU5XJ4)_vC*Hg-|<!;zDEimN%)|L8X
z>q?C_GOVyZMy~Hzu}|+(v0%uC&j3%hV%u!LbuB-=uUc;6{*JZ%RV&*5g)MEVbnCkO
zYHPZ5Rg%fFl*GV)qb-=`6dab}U=WxlP}U)0@q$Yco68P&tJP<%X!S&d++V>yNrdg>
z*k@Z)Ztkeb8jE-Bj$gN;xYJZ6+~;^vfWk`)ev54-NBP!urwT47Y)(Ok(w>dLhGxcM
zCTSS1z&itu1=E7z$$Lb@C6(-swfs%nTAp(3mPi__X$w_<(>M1?)fHBqdEc=@_xD=S
z=-6E9v0awx>79Awrh44p+qxnT?9mCg_h9UWt;{D0?r$hwm%%QcZx74~)Wdl4dvpC3
z4{rSGX7Su!g?VRh!j!o$RJV3rrUF#$++GEF-TrNrvisM>&FCW;fuC&N%G8`<E4Kco
zIhKPVb8L`*bsaZ$a>>nGxod)bsQuiG%@&%mB>}G5X~=%xUSF?5{MI5R28b1eJt}>0
z31j*7US@W+60Zz`KbE~_m0h4zczyDKO-B(WcnDg$4%xBvo@RG7kHw7G3xfnE$9Q<s
zy>Ya?wzag>4i@ng3VdxhZnxKIs8D{NOvTR_HfL#nhUW)lBklB*-I0O0Vcd?5Y_FNz
zWFtAl3Ze*V_u)m8cAC{E#|K#_uN5QNUURy^NF1*uztd05<>iNDCGB*+Un5tQzHckm
zvb`pEgSA*oL8kHc%YzFiZ8gm`-q9k;r{HDwL!DMkWqUpJ22;rx#qEDw62L<;mv*}G
z6?4&lRL<HeXt&puZ!njP(T8j<?VJI;j%k9QTHtqV<_o@7Y-M|=01dX1uCx5`GEqAx
z39n=PBqKC}Geur2wz9orga%u&e3B*CbFdr7zS2~u56NI!I;nUA9NO!)NAH1O_$}PW
zldTxf7SApktfyesT2NgaHUP1EY)Zw08_&j9+^0<<)k#|YT&(zju3!3$)H|DUsdVQH
zzZwI<b#CzGSdYC+X{hoyaIlvzzbsZ>`^3zACYJM1`9#dCaF#!GDj>zjd<fI9TK;XK
zktzHK|Nak9O9KRxZ#f#X6$=|K4Vs2;S;rqu=e`O604$R|IaUGllax6m1|T^A0002e
CnrD*$

diff --git a/Solutions/Claroty/Package/createUiDefinition.json b/Solutions/Claroty/Package/createUiDefinition.json
index 357c5e30e0c..19ba314e0e9 100644
--- a/Solutions/Claroty/Package/createUiDefinition.json
+++ b/Solutions/Claroty/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Claroty/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by Aug 31, 2024.\n\n**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Claroty/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Claroty](https://claroty.com/) solution for Microsoft Sentinel enables ingestion of  [Continuous Threat Detection](https://claroty.com/resources/datasheets/continuous-threat-detection) and [Secure Remote Access](https://claroty.com/industrial-cybersecurity/sra) events into Microsoft Sentinel. \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**. \n\n**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 10, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/Forcepoint CSG/Data/Solution_ForcepointCSG.json b/Solutions/Forcepoint CSG/Data/Solution_ForcepointCSG.json
index 32913d85777..32110310edf 100644
--- a/Solutions/Forcepoint CSG/Data/Solution_ForcepointCSG.json	
+++ b/Solutions/Forcepoint CSG/Data/Solution_ForcepointCSG.json	
@@ -2,7 +2,7 @@
   "Name": "Forcepoint CSG",
   "Author": "Forcepoint",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "[Forcepoint Cloud Security Gateway](https://www.forcepoint.com/product/cloud-security-gateway) (CSG) Solution for Microsoft Sentinel exports web and/or email logs so that custom dashboards can be created using Workbooks to visualize events and insights on activities of Forcepoint Cloud Security Gateway.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/csg_and_sentinel/).\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.",
+  "Description": "[Forcepoint Cloud Security Gateway](https://www.forcepoint.com/product/cloud-security-gateway) (CSG) Solution for Microsoft Sentinel exports web and/or email logs so that custom dashboards can be created using Workbooks to visualize events and insights on activities of Forcepoint Cloud Security Gateway.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/csg_and_sentinel/).\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.",
   "Workbooks": [
     "Solutions/Forcepoint CSG/Workbooks/ForcepointCloudSecuirtyGateway.json"
   ],
diff --git a/Solutions/Forcepoint CSG/Package/3.0.3.zip b/Solutions/Forcepoint CSG/Package/3.0.3.zip
index 90eed2397a63b6d1144e69940272988e10d05133..21550a1307be11e391acf6efd2443c2baa68f28e 100644
GIT binary patch
delta 1888
zcmV-m2cP(lD~u}}P)h>@6aWAK2mq66by<upj>#Jb004Rv000-0AQc)Atypbu+cpsX
zK4Aahpl$FAkwqwfizUlW+jT`zSmg0|_uO+Y?E5dj0Pwyx;hZPTI|OfTZDtOGpjhz}
zma>>9JheW1muv2aDk=9&u;=gl2jfihh2YEJSaW9itLG<tCQ@OAO8tvmTJbvZe>W=q
z${V@6<}8gQ*L2r~2(>b5X8j|lyP=^JUT|$t5ec_0E4MR$rdh%*3ZcY%TEfLpr85z)
z7jQ|KH{u=B5iZV{G<;O=Oqmg(X$s?F#7(G0X3Lv@5=jh3hfgLoI+`v0SlD?!%?;Oh
zqa}n08|O*!@AwKAMapG>V4;!0xr&u3_TE-|zFEW*50)abbG+b(@3VXSoO2P+ZT<ap
zl1|d$@Hb_D`QdN~FC}M&gXS}?!78wG4l^aCT8cD=DW56LL8QhqDQSiFjgmPzbO@yD
zpTGWwONV4@6K*bfp_{HUxBbfB!q?pnTFrUo<yEQ71kaQXd8R~azd6`DzB&s^?M}I$
zL<2Gf$d>ClN0Sq_LhIq?E>+7EgfV&326l&ZG=V99@2qS#PPz~tK*qIYNI&wLfDr~N
zdq$9TaZ9>z`DE42+IBdWDv#ibhq)GZ1!u_7C0nfxTP~OWtQL15Wm-jfXoHZBj!k)V
z92Z9i&_^@|wPhGQ4Rta=g(~p-OlfOi$)|u>6QC64osb|^Y%pl(0J9M0#;OD&X693c
zBsUO$vXpQPT{=aO8-nAF(sxs(?hJXp5GH3*yyL(Zc$*>h1Oc(m09wRCD;Ai<9KUAp
zK`<O<C<O^&8F7q(M5R-e+ad@x!)owvP#cdmbE}aGb1E|KYmICJ)slfi1t@ER(8O=i
z=C>6af`KyuiPXFde@8syX@pYb6><GoB?<n2JSD%$u>>Kk4^Spo^dZ^PX9yL8ql+Wj
zN_l9NGd{#@!w)A!!SIQ}PP|sN6jD+YN@8Igm;o$UmH=&IQi?d|{W8^GT%S^^uUVlv
z5(_cH_%`K9Thq+r%FMzfelLtAcWU#APA*1RN<+sFR5BbM<uQD_KZ1k3gYSkz9||*n
zYSNG``z|rgIn!wo=OVsc;&yV@wT>!O1NalVTI#Ct_~AP1kp%;9)F|2}pEj#@qn_g?
zDo{Cc>7`Z+5f%O7rYQl<ZuA1Hhy&ML)a@^*Z*JbY>mZZQ%VY|c2%*VX$PHD6;`V@H
z2eg;D<d11<sc=zvL>POE2%Y2%`+)I(nu53MkB25?QiW_QT-Z}t#4Ov~p!O{y%qD7!
zzlw;6RVf)EuOQ|YgoT;Lf>h=PmKG*g7P~CeP_(RjXgTF!X%bV(t5&_k^eUidTIE^C
zen!3Uw4^@nTAeo)RX@ugmE!d<P*bBh6{I+7kl*Oz`O%x&m8Mm8mGSmqQ`6diKhnuj
zCNMp%R<eCcDS0i(3(u9WnUFNnz;v}n%oMfWr8DNg1NXAT02~NlIF%$GwRB_JN1_^J
zZerIFbYJo`w)1`q#Qwl14+o>Y!L8SZ`VVZab{k3Nibg8$?DV?LOdQPY+}()xBR%@f
z<iv|aH0m|7;bRl%XO@X^ITAj9!9uk+-urR9x8Fm9w?(%$X<HPR9~r=+UHB(jWhXdi
zw4^1Qa!KOb*^o(GnJXC;)9#gv4=~tq^#%(fyfLCV$Tbp4aaXBqP@=&I^NEx&R%4g5
zrV~?_I6QjIB!=7tFkxB0AY{KtkAAP60KI{~An_5Dasznsv}&ZLZ`C<}YSiT(Mt(4Y
zYHch31}M-MmM2aRHcZ3&C5w9RCk5sc?{MPvMnGcj)ChVLZ#40oCEIr&dZ_w#gQvu8
zp?TD;5lzI_C8;S?679CC9yt7FA1oeQOL?0}-EGXC^HQQ6E^Of#DiKvx+&gw}AMBTo
z4LkaVmnmc0=T21GEXpl^@28SQ{90HCzzz$MXVfG+ZFRGIbYK`;es4Q%ZD$%@qx3J>
zaqc=tR8}<SPRAm3bVrp}n^TvmVd~@i0cX28ml>>74lxpVJrrZU6fZ67oV9vYO@W+7
z=PhH94@WcP{H~YS2yhw4!D2jb#>=U5lgHXxdaL<f+qH-0XS<Dmei(SPr;FnM47|Hz
z%SMy(>q&4^wUfhVhS&IS2^#+Wq_&RUT5dk9pM`<VamW=+j?rv^KgSqKJ$BQ~ruv8W
z!e_v_|M5uT)5&Gs=7AcJ4?ec)r(8$Jt~8`S+k((>V{1A((NAZFJN5`W3bkcwzB0Uc
z6lqRxUdqEfrQyJT(#sSF5KK3nr}(C%>kZ|nUbn){#GpS9n@bxDx6RMSUcJ6q-|>}_
z<?Wuio+8GLS=zgq2{gR_A6q9n-2aUBIl`8PgL8Gl^}p)+<@)B0KI?jA<wL7adM(eY
zkA6#JJ<*WNmfNZU&0&iF;NO1%P)h>@6aWAK2mnQ4b6G-@OBD~ZaR-nM4U=khS&S`?
a$r}d%0D6-S6;=UIlVueo2J#dD0001yO@vqg

delta 1884
zcmV-i2c!6mD~~H1P)h>@6aWAK2mnQ4b6Iqfpuipn004v(000-09Tgf7typbu+cpsX
zK4AZW&^A~$kwqwf8)eyPyRIk-i##6ho_p?vegEYbgm_=;Xu(qI9TIP0Os)^Zuv`gJ
zn$d)%EHeRpS11-lGOhM>xEJgP2a{Z}C1<PfSTSnYtLG<d&NFVf%z}$T82&m9e%CVl
z${X9e7Bq_mQ+U?}kCfDMZh|AL+tE-7FPYMy2!%VBRogj#RWxM=gh1jwF2Q0XvpG-N
z1z6(x4Sz>f42yFrG#fWNGpc!{U13;^nT{0CO?C56JWYsJ(UWO|j-sm|;bu|H3e6PU
zXb>U9#(GlzJGp{Io-q*uSYTv$E)%KCy|?vVpqI(iBP$-81zhmM_xU}1E*MW1rulw4
z&8FFC^qVw)>~J(9F9oBT5yj?A5hICNFfx}y$Q92LGGlY87~z>VR0v$beJw?S4jmHI
z_0L~_lS_+aXOrAqvQjr*rEmS(-_qCJ4jRQ+?d4UaOoz{;idZgrX1+PtJH9##EA3W!
zkj6tag`h3h3kD{qbPd*%o4ZV|GQzbkTpQ>e&{2nfy1KKrSzGB+ct~=l3<dh3*9Z*P
zq_$^F@;+{9AFcqcx@m1E$3hk{xnfbFxLK1k;OL63Tf<hXRWNVFEl9bNaS@p?!lM&i
z9i1fQ(IN2xjbURM1W%DB8Ay#PVfVRIMw1nr5y+Ylq#*COAVMY@f(8yyL!v?(nUa|5
z#Y_T!$u)^+hB!txonlgGgyW4=cQYyPG<v?|x}bu;V}vc?HjU~L0%V;gU=fWBUqTWy
z_?nXsf?+WODUu?VF@qQgP&$)^DTB~3tO5T9w6R1{yBf==z#?P6T4WtmD+Y2If~*cB
zoxBB`-_~phht>ojl6x8aj#<vK7^KiE<odCHOjG!IihiSGDL~j9z)Y^`gR-a304hq3
zE{<?3W08^8_z1EMKCBQ1BR~dQ@kZ5(3xQFnhy`(=nn1xa2xu3RO2j%JRH^>r`V>>W
zWrbouEWilj>&l}x*UaPE%+e%w&$U5!8uKA65TYtH5-kLXK)I#LY)wX^qaq>S?vKfT
z!QR1lqfup0Lm#wi-=@epqbe&SUaIR;xR<@QiPS+Gl0QjbOH)4{KiuR$@L}kUo${@V
znOnb|$_|^LKo-ENmr5>qTy~BdSAw{G=>^mi3$wmx8e!Pn?B2TTAQjK6v<g=Mq0VW<
zG}edm_K-p^G?#^7k7?_uuu*tK7`hC9kF4YzI)e6G!Q1xZ!G%o7h;D@ox+{&Tp_?1n
z$axHTg$?po9wWtSC1WU9Bw>bdL*@!fQ<Wu9WT;ph=(nVSqGR1d$0-kr6rTxJH|-s!
z*8x3KvdDY(Q|yYTRT99iQH86h{#pH~6}MwSLk)L6$YAI|zrn}zqc@E!u2p7#owM$U
z)6hCNQt467AyJKzqI*h8am~>S&la*d7dYHtTDIgVtG-Qas00?=%L)TxK_Hr8abj^t
zHxz)F*CWkMVta$~1<Mk%@H-&-!vH-Tj`xPQUKi>=pvjtTBw0utuDr9;>n<~4L^BI}
zBis-4@ZIEui+DU9IN9*A3G_36&H1Dn4xd1s+MDeCIN94DfWh0M+nBU1imQ(dVA(i=
z6D9K#m^eDpg3g#g@$GEL1*|Njh|9V6%EpIKvg7Iv7Q}F4j1!S<DFWjzGvQFeVTArf
zN@$~?-x=MDsZAUfzor60ZUdOo+%E~~m+9dTx(P5C21^tllS*z#o;<C8TdMYrJO_=c
z+Jnds$E04{%D*89_}sA6>Vej&nP0JJ@P1liKJ^Z#-e62n%$^#P!PFa1J!{GK-G>3F
zzTMy{a+@m__iKcUSX+`@p^9j?b@hNTIR9Yr*jmcFMCxxt_MBG|-Ect%hfwjjuHxRY
zeFZ_kv~1YXH@sYG(>-^8A~Uxrcf6ko8nbI|EC4$!1fF4&?6uX+?$Lu`V%WXuwY8mT
zcn#9OK*zc39g%t2oO>M$)!`j=UTw}_x`D}umjuj43np^1mIX<G!0mVp`BJ{QjCIzi
zbv+L<9HO_3K><0M1Lt?W$;JehVK6KQbvIsCot->dYw^_<cwN_j9^B7v8~rfwU{4>#
z{~36D$CeG3^6ezJsoKiHgTr(Fg94ucLE2b{uP!?uHV?$m6fo{`Dkfkyho2J&rJC4j
zW>ft`ci}VO-2Zqa;SpuCZu39`$OoTY&7-cTV^<pDpKU?txv@1Jt>~vS!ybEt9i`eT
zHD75~K93Z`*DvOOVUgi*VDOC!0|=y>Dl&M+;Po2wQ?;#dGcoYb!{*Y)!ma!1>^19~
z^&MU*dC~2e?G!O_W@+zc&cSg1KekSA*#C_7Ifj-7gL8et_P_f2ReSSBpS8WR_My`!
zy^d$~hu;xtCmNL5a$7y1Sxn&{`1>zVO9KQH0000807YT5TnC~J4MkydS#*-1z#azx
W0ECkZ6;=ULlVTMl2K5vG0001b0C{Hs

diff --git a/Solutions/Forcepoint CSG/Package/createUiDefinition.json b/Solutions/Forcepoint CSG/Package/createUiDefinition.json
index 576d6c7e87d..7f2a581656d 100644
--- a/Solutions/Forcepoint CSG/Package/createUiDefinition.json	
+++ b/Solutions/Forcepoint CSG/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20CSG/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Forcepoint Cloud Security Gateway](https://www.forcepoint.com/product/cloud-security-gateway) (CSG) Solution for Microsoft Sentinel exports web and/or email logs so that custom dashboards can be created using Workbooks to visualize events and insights on activities of Forcepoint Cloud Security Gateway.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/csg_and_sentinel/).\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20CSG/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\n[Forcepoint Cloud Security Gateway](https://www.forcepoint.com/product/cloud-security-gateway) (CSG) Solution for Microsoft Sentinel exports web and/or email logs so that custom dashboards can be created using Workbooks to visualize events and insights on activities of Forcepoint Cloud Security Gateway.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/csg_and_sentinel/).\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**. \n\n**Workbooks:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
diff --git a/Solutions/Forcepoint NGFW/Data/Solution_ForcepointNGFW.json b/Solutions/Forcepoint NGFW/Data/Solution_ForcepointNGFW.json
index 1605df4a580..1ae82336612 100644
--- a/Solutions/Forcepoint NGFW/Data/Solution_ForcepointNGFW.json	
+++ b/Solutions/Forcepoint NGFW/Data/Solution_ForcepointNGFW.json	
@@ -2,7 +2,7 @@
   "Name": "Forcepoint NGFW",
   "Author": "Forcepoint",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Forcepoint NGFW (Next Generation Firewall)](https://www.forcepoint.com/product/ngfw-next-generation-firewall) Solution for Microsoft Sentinel allows you to automatically export user defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/ngfw_and_azure_sentinel/) \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.",
+  "Description": "The [Forcepoint NGFW (Next Generation Firewall)](https://www.forcepoint.com/product/ngfw-next-generation-firewall) Solution for Microsoft Sentinel allows you to automatically export user defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/ngfw_and_azure_sentinel/) \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.",
   "Workbooks": [
     "Solutions/Forcepoint NGFW/Workbooks/ForcepointNGFW.json",
     "Solutions/Forcepoint NGFW/Workbooks/ForcepointNGFWAdvanced.json"
diff --git a/Solutions/Forcepoint NGFW/Package/3.0.2.zip b/Solutions/Forcepoint NGFW/Package/3.0.2.zip
index 300d93b79234aff897485489a8327003f3f84f9c..6590dd6c61af2ce3cc7741358324a8f7e3f65db0 100644
GIT binary patch
delta 2068
zcmV+v2<!L3a=vmGP)h>@6aWAK2msh>by=t1z*)Zs005|w7b<^XTUatE%5ht?Fq$pY
z#Bmp}vx~&t{IHB*M2@JbhaB$AP>MEdV4tOr)+gzAh8K~dly#Z~)(8S~=FGW%=jM;U
z{S9Nm?`^yi84oU4uyU@j7t?8V5@kH+smMg`BK|{ZL=@|+zO&P_=vj0=DU4W4v6;Rw
zf;;iAuV0F#%%y*mI*)Ej<>Yr+^lz*4-vyzUwc>fAgdtfsGB(=krHf{scZWkwycWiS
z5fS%<)z<|#JQEH?p!i5fIE;0^l<DpON7BBNKX8-aaLJVwVSBUSR>rnVjKf6O*vP`w
zlK&>Nlvxu$pSRvId=sV8t;$7dg@Hsz9wOg(ORE1TZ*hMpbD^ei7L=S`>r~t7?tOC?
z*>yS(*hVI91p$BgbMXP6D<RXBYrnsm=kxsZ^tE>4;`Ee#s|2@#8L<?GInCTku%%W?
zZ)Bdbg;;7Mn9Qx?O3?}3Tdhhm=z<Zi|NitJ_Qrd%cggPFh>ACfviGCL-pbbF209}|
zW98eLnVo;W(k2##mbv@G`Pu8MSMR1Zd(S<}k}>JRNSWJ}fX*4;LVb4kkn2s(q_t&N
z3H|^)+NrIDHcDGhT@jC2A&ld|ADK;_k(M<Ig{&AlE*ttQBCVhhyW1JSNPRYXEj~DQ
zC30c7_tz_F#0Ia%J1sYxO|)#^d6yMNCuQuWdAfhxOmeW8q%DidvSHEciC7xe<_2q=
z%s55ZvaK#jcV0T3fklktEfXIKZ5$&svV;;)By3-MrBe$t@%8|7nZqqyO`Oa`gmA!b
zA~zD5ZrNH|xsXb_ZS~ws;jxozq&e=5h_y)|ak2H1LOkUQg_~t*;A6vZZ-lCRwgHw{
z!X1BSOQSR9k;FFIJSfc*%TOMe_K%iABsTO1GJ_A-V3=u?7HufJF)w(nm1p@5EEZZn
zkd0O*;((PtvTzI7KxQI<6a|S3UAhV?Z6dS~xr4<bt;3z@xTIR>zjh(-gu6}@si&Z|
zKH~3Tz<Xaj-#5^mj#-7Vu1Nfzh(hEEh!}sqDKTH@3>LG?HJw3m1bp{^%1#4yqP={D
zNO3m1nbB1)VmOLSh*28w;fV+X6yA!wWwnt?QRdZ2fKYPFP+g(Oa?dk0iFZL%*QIZ6
zFR3o=98QSH;Hkv+=!sib%@>WDl}h4+w9bdNIk#*he56qKWAuiE9CLa)D^vEzXCZ$(
zKRf@^>1nM+8-G&eoX+m91vhyW>?+7ZNDRu0k5m(=G5e7XxwIAT(~sK%1t^Szu+v~{
zx#)J7PVd1b80Zp!`WA=>jD2sr>r$|8=lrIq3yHmHTlKV++?9IlAy;1`U(jysl(Ntk
zJQkK}RwaGP(XHK^66yR2Zao%03ZH)<Mjw>1r(9A+3%Z2&yN}1N%ao4!L3g45bE+o$
z7c^?f1j$4#{GT!*Ts2HWz>1~9G3lxzRHp`N4Od&#RLfdd^t5~I85Q`#s6;bX98tXq
z=#|lBG0@*v^~)OhxOJxNGHQOUe`y%+2A38Z-3cbgSVVTi#_QR;)|9SRZd-qd{t(u}
zI+~emR!C&0Gg|duX{~N0SrPc^wUmm+FRJ`I@W7p@Q$CxiuaI-!)IMO|3Cs$rNFwR+
zM%E{?8M^LLKMb0Y5_#%Yqn;B-<A^LAhiBvapzrGMF$K6oAX#Y||AMQ_+deWeM7oui
z2>F1=sGFP+B$M!@lMPQzpud0fLQd-O^*QR)+2ri6le1?hQ20=ETa^w)ar49gR^1|c
zX>{=tBT<i9@r6)Cei#jf!pTajq?*j%`uH%;j)>kvK>~>hjcmS;D2ltzRR<CsMA*-S
zgmnf@&e=gsed37ZJFXCNAHa+kqY99tDm_Lg{RB7}M{6PvSxq-)&%b|a`luZ_eGQJL
zzC+~4A#2VK;%^Lsk#r*Se9$kg7}Y2``8cn9J`XPD!AZ!7%)biR$vg<>f!E~l?c)hp
z-|yj+u#H(U8P<rd$95&DOH>2xzNsD<)Qg`j9tTT#A4tP%WY2X?(GM3oI6@_priuqI
z{GLX`AEDt$-v|nAUH^aGOPzO%a?kpO;)%GG&O6|UhQJv$$w6D)?;Zm;OdLk{L0dbT
zhPR;p2RhEf;E67(<~-<F#ExV%d9^=u+15=XtU4I&RzekiAxHsWKlf4@s-|@Es`JJ=
zvu%bzOi&;^Fd4Ji5|}@>HHHkwe!pmL8bv%iKY8r5rM)r=`lf$9c0c=V^yeK9eTH8A
zg&pr@9JuI0em4p3v-WhQkwNEAD6|1YS*smwf_^@1H`u8wX_vv)Rj)M@gwjm>G_%kC
zv48Ld?tJ!iPre0WDC_ngv<~U6m`7G)EX`O6#{(Y6(vW@*1z}*u!F2SbpN|ax>=Wpy
z*w(3eMT29LYP5f@H<or*V!x46o;>|e2yII3rw;u*?jP+P+;=}e4-e<R3Le-jS@S$b
zJ!-1-FOHD&Uk@SN&p0%}QY{uJsHuRl?cYIQwiPkzh1>eSZ}6f}vf530(0V$0B6d^N
zknS6-G$|EqD-4aIXct_$)tBRI_tBp3PZ-#fi?Tnp?dC$*NoSi2?vOv$jsDN!4c;4l
z!2lOxsKV;jyzmoPBYv}!yf^9jX|1uLH>m|Z%bJf-k7PGf6U_l>&5GcCivRHMf3x=o
yyf7QsYIRws-@sYF2LJ%57XSbk000000000103egjI7k8XlNUK82BbIu0002MOZ~0@

delta 2096
zcmV-02+#Mva=~&NP)h>@6aWAK2moAWb6FOb6eq$5006TW000-0&o~-?#aQcZ+sGCE
zU!d<WP+M3sD9Z7+Xkj#4sEOlUz|Jlbck@Fsf)P2SrXF&*GearfG(exFkG4;;-x*#+
zN|e`4w^$$u%$YOi`kk9T{`NPFjec*VwaEDBf{oVB74~8_t4_j<=R6ge$X&>PD2)gs
zoz-`Cb{0Mh&!>eE8!5Jbvlm8iC;svEOOeQ2I;r#Urc_RTmxcedI{)1$@UqrCkCiYa
z>qbUKTb;OY?s<1O)WjQMEEo}SPgs3jaKkg<Km>}9bcDl5=ZQ>r2RM@Uo&15D7>5a0
zRs`+Midz|VUi-sX*vQDj)sp`zvy@pAJzuuoF?<`Q(yhx?X@!A*L`NPX-*`)^|EF(p
zD087^a2AxDUF%fa>h67W7urp_9I>s8-5LV^{HNjrKG#B~YuA2%xy+aO>FI0j#Kq|;
z`&J2V1v4TMhB?jLTChYbrMEIq*-9kZ2qtsuxKeaN_g1Tt47y;%>&JiphrRKh>|L_O
z8&UBlQTA@!*jw3udfY%~glMdMTQjq>SK36P&@y*_I6r%R_3GWMX79O&Sv(<K7%6kR
z7SK844^W>i?sL7(nY6a-D#7o8M?15%&_-$NsVm|MD}-?z_#?B)Gt#m~p@0>Kj>``H
z6_Qp^h%I&oFjAk5UyBcpU5Q*6?)~*j8nMNz$xh4db{i&t?K|(X!sxh++$>L%?KB6A
zY1*=wCJl>LPsGx&HaA$~WCkL=wd_Hcq&qL2&cGtV@dFbd3T+%CG_sfyP{eFsd!<tg
zGx2tSxy<1fuBJ|AB1AagH<25OOt)+!tz1bZ-9z=<OW~1|8>Bhzjfk{~A#wHKB?WlO
zR|+>tY2agj!*Fkes(iKumRQUkXNl1n^GIS_ZSIxkv1KR^O#4TP5U~yXfz05;4H#w`
zr9~SGZ^R2;YvozK1B;c`_hh4$u^6z@M;2}Y8_0|WkfI=QrAt>qrA>quA`4h7(mLF+
zj!LS9{%aTVPPpqtk$MJN>m&Xi2E6yh^L+!|*~Djm;cZVO{*FZ<@)$%6-;|gybOwvr
z<%Z6nI0C+VKxL<aI?-OfLZmpG-^}SM7ZDsqCPXL=`0zx80Sa$L-m=<Cr6}|2BtR&+
zWvH%DB-!&!P2yb;)^+Kd+e@lTJBJe@GI$E{?9vmru9`0zH7k|G2Wg!TZF7#`AW(IH
zG-(Kb7lAq2gh$)y>AXzY7taEAes=!H)6-g^77C=*Ih`%81vhyW_ln&iIu0t04_Xtm
z3Huj2<kA+q#~-(~3aFS=&8zM;wp?|aO{Wdv5)5<+Y<&yx1JS<CExHt}+eE)X?elK7
zH*MFRwUWD1k3Hn-Yorc3kDXCM+JZ;IQu(TXq|Z1Sw|i3}vmfEsW8tIl2r*isj67vR
z#ck9jyxV<z>bgv6#DB<L7zH>Lmi-HwI%JHzqHg|`j0s{5lYngnONC?7RrRRO5|kaT
z9#CE_YhBUPuB#GFDpVttXeNv!sy6|>GP*1d^!Ek+vQ7frI#YHTHGkHBG>msMObd;F
z?l6;MLL$3i<MsSqYf4uu_fU9}U07OJhjWw73yDN^MyviSt<|k0D@MMMB~sBOMrpYN
z58R28<rAA)3_15r?E~hWz$`|B2<hD8jRFw+5t6tsQa=}(u@ZUe*5jTN$CHpOoCIf+
zyB-T8zQ;h|hCs5`GzpHbE^qtD#60PL)?Omy10LgUazc=dgOg4+JT-y-#tS*EC)wwy
zQ)kn&zf8}boj~EC=mw8Par?voR*fTkX>{=t(@~FF@s&_SK8%J!;bg59Y$T$$K0b_h
z(%>-^#E=-%^yXWNqPXiE14{e4g9!UyLc%(Oe&_6P;)wV=t`Kq`z>F8;3XtP}Dm}(0
z{RB9fgc~9cSWP!!&%bP1svSFh4UVS1L*yp`Yt9DoHvz#|I+1xkXq{G!YZRS)Tvk3`
zjxLs?lK`bgWd2paPL`u!Ir5qe-+np)>mIUeY-4PU4{Jo%W4n^nC8~jT*HjP8?8VO(
zkHJ#j2h!m+vgf*{=!Xj(9HEkbDAjd_zwj#?&4Gl5BYk63XzTj#Uh2GClzY~%6pzKN
zblw3+Gz8A5NglM-{qAw#hN;68f6&&Brr|B9|BjAxfAB>6+H!#CiXF*l@@jwns@f7M
zGsf0~*=Q|P;dg@+0QMs=m7!{2C$BnhtTPYIJctPjgabn|n<v2hu>~@JU^w=xMsw3B
z;@SDhW2Y^xm|?GPc1qoT%%0+S=yU)7cD$D{aM6YQZW7#Q?deJ*yT7K;G7x61cC-}w
z`LJDPXAbL}kyya$4QGl_nyH^=_St{>#oYPq>7ING#8B4lKWH7&-8PSG$=IK<9Zn8-
z981Fi6Nb$gOvlee#?PUDqnDajG&nY?Mw@$MX=gk3%PHl_(|=89Q))kT2Eu=EaQFFm
zIR91fz~=FW=Mm~rQ>A}#gq;6+2%&21)-=IVEfy%K`0)p$PV<up%(fyzy}<7n^iu~f
z3WXnanp)pN>*?qT*-ceLx^J-3q*So+(+!QHXct_$_5Y5q-N)Tku?Yiva#8lDw%r^%
z?QC<S1@gzb@n;Ti@E(m^pF6+>7^<+kH81=G)`)M_rD?1;>G^4`v7tAqb@$ZKqWKv2
zNOm(d(F{myRs`=;{D*%(0Z>Z=1e5PL8nY4zo-i9+W^-8<mlP+$2LJ%G7XSbk00000
a00000005KAI7k8alN3252B$ax0001**86|}

diff --git a/Solutions/Forcepoint NGFW/Package/createUiDefinition.json b/Solutions/Forcepoint NGFW/Package/createUiDefinition.json
index e5805fbd1a9..e965802c559 100644
--- a/Solutions/Forcepoint NGFW/Package/createUiDefinition.json	
+++ b/Solutions/Forcepoint NGFW/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20NGFW/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Forcepoint NGFW (Next Generation Firewall)](https://www.forcepoint.com/product/ngfw-next-generation-firewall) Solution for Microsoft Sentinel allows you to automatically export user defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/ngfw_and_azure_sentinel/) \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Forcepoint%20NGFW/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Forcepoint NGFW (Next Generation Firewall)](https://www.forcepoint.com/product/ngfw-next-generation-firewall) Solution for Microsoft Sentinel allows you to automatically export user defined Forcepoint NGFW logs into Microsoft Sentinel in real-time. This enriches visibility into user activities recorded by NGFW, enables further correlation with data from Azure workloads and other feeds, and improves monitoring capability with Workbooks inside Microsoft Sentinel.\n\nFor more details about this solution refer to [integration documentation](https://forcepoint.github.io/docs/ngfw_and_azure_sentinel/) \n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.\n\n**Workbooks:** 2\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",