Azure · v-atulyadav · Jan 3, 2025 · Jan 3, 2025 · Jan 3, 2025 · Jan 3, 2025
@@ -4,9 +4,6 @@ description: This query searches for devices with unexpectedly large number of a
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: AristaAwakeSecurity
-    dataTypes:
-      - CommonSecurityLog (AwakeSecurity)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -65,5 +62,5 @@ incidentConfiguration:
     groupByAlertDetails: []
     groupByCustomDetails:
       - Device
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -4,9 +4,6 @@ description: This query searches for devices with high severity event(s).
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: AristaAwakeSecurity
-    dataTypes:
-      - CommonSecurityLog (AwakeSecurity)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -63,5 +60,5 @@ incidentConfiguration:
     groupByAlertDetails: []
     groupByCustomDetails:
       - Device
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -4,9 +4,6 @@ description: This query searches for devices with multiple possibly malicious de
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: AristaAwakeSecurity
-    dataTypes:
-      - CommonSecurityLog (AwakeSecurity)
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -63,5 +60,5 @@ incidentConfiguration:
     groupByAlertDetails: []
     groupByCustomDetails:
       - Device
-version: 1.0.1
+version: 1.0.2
 kind: Scheduled
@@ -2,10 +2,7 @@
   "Name": "AristaAwakeSecurity",
   "Author": "Arista Networks - support-security@arista.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AristaAwakeSecurity.svg\"width=\"75px\"height=\"75px\">",
-  "Description": "The [Awake Security Arista Networks solution](https://awakesecurity.com/) for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024, and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
-  "Data Connectors": [
-    "Data Connectors/Connector_AristaAwakeSecurity_CEF.json"
-  ],
+  "Description": "The [Awake Security Arista Networks solution](https://awakesecurity.com/) for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Analytic Rules": [
     "Analytic Rules/HighMatchCountsByDevice.yaml",
     "Analytic Rules/HighSeverityMatchesByDevice.yaml",
@@ -19,7 +16,7 @@
    ],
   "Metadata": "SolutionMetadata.json",
   "BasePath": "C:\\Sentinel-Repos\\19.05.22\\Azure-Sentinel\\Solutions\\AristaAwakeSecurity",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
   "TemplateSpec": true,
   "Is1Pconnector": false
 }
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AristaAwakeSecurity.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AristaAwakeSecurity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Awake Security Arista Networks solution](https://awakesecurity.com/) for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by Aug 31, 2024, and thus should only be installed where AMA is not supported. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Workbooks:** 1, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/AristaAwakeSecurity.svg\"width=\"75px\"height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/AristaAwakeSecurity/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Awake Security Arista Networks solution](https://awakesecurity.com/) for Microsoft Sentinel enable users to send detection model matches from the Awake Security Platform to Microsoft Sentinel.\n\n This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Workbooks:** 1, **Analytic Rules:** 3\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,30 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This solution installs the Awake Security CEF connector which allows users to send detection model matches from the Awake Security Platform to Microsoft Sentinel. The connector also enables the creation of network security-focused custom alerts, incidents, workbooks, and notebooks that align with your existing security operations workflows. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
@@ -88,7 +64,7 @@
             "name": "workbooks-text",
             "type": "Microsoft.Common.TextBlock",
             "options": {
-              "text": "The workbook installed with the Awake Security Arista Networks help’s you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
+              "text": "This solution installs workbook(s) to help you gain insights into the telemetry collected in Microsoft Sentinel. After installing the solution, start using the workbook in Manage solution view."
             }
           },
           {