chore: Update Solutions Analyzer CSV files and documentation

Tools/Solutions Analyzer/connector-docs/connectors-index.md

@@ -12,7 +12,7 @@ Browse all data connectors available in Microsoft Sentinel Solutions.
 
 ## Overview
 
-This page lists **462 unique connectors** across all solutions.
+This page lists **470 unique connectors** across all solutions.
 
 **Jump to:** [#](##) | [A](#a) | [B](#b) | [C](#c) | [D](#d) | [E](#e) | [F](#f) | [G](#g) | [H](#h) | [I](#i) | [J](#j) | [K](#k) | [L](#l) | [M](#m) | [N](#n) | [O](#o) | [P](#p) | [Q](#q) | [R](#r) | [S](#s) | [T](#t) | [V](#v) | [W](#w) | [Z](#z)
 
@@ -1289,6 +1289,20 @@ Actionable alerts provide customized alerts based on configured assets
 
 ---
 
+### [Cyble Vision Alerts](connectors/cyblevisionalerts.md)
+
+**Publisher:** Cyble
+
+**Solution:** [Cyble Vision](solutions/cyble-vision.md)
+
+**Tables (1):** `CybleVisionAlerts_CL`
+
+The **Cyble Vision Alerts** CCF Data Connector enables Ingestion of Threat Alerts from Cyble Vision into Microsoft Sentinel using the Codeless Connector Framework Connector. It collects alert data via API, normalizes it, and stores it in a custom table for advanced detection, correlation, and response.
+
+[→ View full connector details](connectors/cyblevisionalerts.md)
+
+---
+
 ### [Cyborg Security HUNTER Hunt Packages](connectors/cyborgsecurity-hunter.md)
 
 **Publisher:** Cyborg Security
@@ -1391,6 +1405,20 @@ Dataminr Pulse Alerts Data Connector brings our AI-powered real-time intelligenc
 
 ---
 
+### [Datawiza DAP](connectors/datawizadapsolution.md)
+
+**Publisher:** Datawiza
+
+**Solution:** [Datawiza](solutions/datawiza.md)
+
+**Tables (1):** `datawizaserveraccess_CL`
+
+Connects the Datawiza DAP logs to Azure Log Analytics via the REST API interface
+
+[→ View full connector details](connectors/datawizadapsolution.md)
+
+---
+
 ### [Derdack SIGNL4](connectors/derdacksignl4.md)
 
 **Publisher:** Derdack
@@ -2163,6 +2191,20 @@ Through the API integration, you have the capability to retrieve all the issues
 
 ---
 
+### [Halcyon Connector](connectors/halcyonpush.md)
+
+**Publisher:** Halcyon
+
+**Solution:** [Halcyon](solutions/halcyon.md)
+
+**Tables (5):** `HalcyonAuthenticationEvents_CL`, `HalcyonDnsActivity_CL`, `HalcyonFileActivity_CL`, `HalcyonNetworkSession_CL`, `HalcyonProcessEvent_CL`
+
+The [Halcyon](https://www.halcyon.ai) connector provides the capability to send data from Halcyon to Microsoft Sentinel.
+
+[→ View full connector details](connectors/halcyonpush.md)
+
+---
+
 ### [Holm Security Asset Data](connectors/holmsecurityassets.md)
 
 **Publisher:** Holm Security
@@ -3051,6 +3093,71 @@ The Mimecast products included within the connector are:
 
 ---
 
+### [Miro Audit Logs (Enterprise Plan)](connectors/miroauditlogsdataconnector.md)
+
+**Publisher:** Miro
+
+**Solution:** [Miro](solutions/miro.md)
+
+**Tables (1):** `MiroAuditLogs_CL`
+
+The [Miro Audit Logs](https://help.miro.com/hc/en-us/articles/360017571434-Audit-logs) data connector enables you to ingest organization-wide audit events from Miro into Microsoft Sentinel. Monitor user activities, security events, content access, team changes, and administrative actions to enhance your security operations and compliance capabilities.
+
+**Key features:**
+- Track user authentication and access patterns.
+- Monitor content creation, sharing, and deletion.
+- Audit team and organization configuration changes.
+- Detect suspicious activities and policy violations.
+- Meet compliance and regulatory requirements.
+
+**Requirements:**
+- **Miro Plan**: [Enterprise Plan](https://miro.com/pricing/).
+- **OAuth scope**: `auditlogs:read`.
+- **Role**: Company Admin in your Miro organization.
+
+💡 **Not on Enterprise Plan yet?** Upgrade to [Miro Enterprise](https://miro.com/enterprise/) to unlock audit logs and gain comprehensive visibility into your team's activities in Microsoft Sentinel.
+
+For detailed instructions, refer to the [documentation](https://help.miro.com/hc/en-us/articles/31325908249362).
+
+[→ View full connector details](connectors/miroauditlogsdataconnector.md)
+
+---
+
+### [Miro Content Logs (Enterprise Plan + Enterprise Guard)](connectors/mirocontentlogsdataconnector.md)
+
+**Publisher:** Miro
+
+**Solution:** [Miro](solutions/miro.md)
+
+**Tables (1):** `MiroContentLogs_CL`
+
+The [Miro Content Logs](https://help.miro.com/hc/en-us/articles/17774729839378-Content-Logs-overview) data connector enables you to ingest content activity logs from Miro into Microsoft Sentinel. Part of Miro's Enterprise Guard eDiscovery capabilities, this connector provides content-level visibility for compliance, legal hold, and advanced threat detection.
+
+**Key features:**
+- Track all content item changes.
+- Monitor content modifications by user and timestamp.
+- Support compliance and eDiscovery requirements.
+- Detect data exfiltration and insider threats.
+- Meet regulatory and legal hold obligations.
+
+**Requirements:**
+- **Miro Plan**: [Enterprise Plan](https://miro.com/pricing/) + **Enterprise Guard** add-on.
+- **OAuth scope**: `contentlogs:export`.
+- **Role**: Company Admin in your Miro organization.
+- **Organization ID**: Your Miro organization identifier.
+
+💡 **Not on Enterprise Plan yet?** Upgrade to [Miro Enterprise](https://miro.com/enterprise/) to unlock advanced security and compliance features for your team's collaboration activities in Microsoft Sentinel.
+
+💡 **Need Content Logs?** Content activity logging is part of [Miro Enterprise Guard](https://miro.com/enterprise-guard/), which provides advanced security, compliance, and eDiscovery features. Contact your Miro account manager to add Enterprise Guard to your Enterprise Plan and unlock content-level monitoring in Microsoft Sentinel.
+
+**Note:** If you only have the base Enterprise Plan (without Enterprise Guard), please use the **Miro Audit Logs** connector instead for organization-level event monitoring.
+
+For detailed instructions, refer to the [documentation](https://help.miro.com/hc/en-us/articles/31325908249362).
+
+[→ View full connector details](connectors/mirocontentlogsdataconnector.md)
+
+---
+
 ### [MongoDB Atlas Logs](connectors/mongodbatlaslogsazurefunctions.md)
 
 **Publisher:** MongoDB
@@ -3833,7 +3940,7 @@ The SINEC Security Guard solution for Microsoft Sentinel allows you to ingest se
 
 **Tables (1):** `SOCPrimeAuditLogs_CL`
 
-The [SOC Prime Audit Logs](https://help.socprime.com/en/articles/6265791-api) data connector allows ingesting logs from the SOC Prime Platform API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the SOC Prime Platform API to fetch SOC Prime platform audit logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table, thus resulting in better performance.
+The [SOC Prime Audit Logs](https://tdm.socprime.com/login) data connector allows ingesting logs from the SOC Prime Platform API into Microsoft Sentinel. The data connector is built on Microsoft Sentinel Codeless Connector Platform. It uses the SOC Prime Platform API to fetch SOC Prime platform audit logs and it supports DCR-based [ingestion time transformations](https://docs.microsoft.com/azure/azure-monitor/logs/custom-logs-overview) that parses the received security data into a custom table, thus resulting in better performance.
 
 [→ View full connector details](connectors/socprimeauditlogsdataconnector.md)
 
@@ -4441,6 +4548,48 @@ The Trend Vision One connector is supported in Microsoft Sentinel in the followi
 
 ---
 
+### [Tropico Security - Alerts](connectors/tropicoalertsdefinition.md)
+
+**Publisher:** Tropico Security
+
+**Solution:** [Tropico](solutions/tropico.md)
+
+**Tables (1):** `{{graphQueriesTableName}}`
+
+Ingest security alerts from Tropico Security Platform in OCSF Security Finding format.
+
+[→ View full connector details](connectors/tropicoalertsdefinition.md)
+
+---
+
+### [Tropico Security - Events](connectors/tropicoeventsdefinition.md)
+
+**Publisher:** Tropico Security
+
+**Solution:** [Tropico](solutions/tropico.md)
+
+**Tables (1):** `{{graphQueriesTableName}}`
+
+Ingest security events from Tropico Security Platform in OCSF Security Finding format.
+
+[→ View full connector details](connectors/tropicoeventsdefinition.md)
+
+---
+
+### [Tropico Security - Incidents](connectors/tropicoincidentsdefinition.md)
+
+**Publisher:** Tropico Security
+
+**Solution:** [Tropico](solutions/tropico.md)
+
+**Tables (1):** `{{graphQueriesTableName}}`
+
+Ingest attacker session incidents from Tropico Security Platform.
+
+[→ View full connector details](connectors/tropicoincidentsdefinition.md)
+
+---
+
 ## V
 
 ### [VMRayThreatIntelligence](connectors/vmray.md)

Tools/Solutions Analyzer/connector-docs/connectors/armisalertsactivities.md

@@ -63,7 +63,16 @@ The [Armis](https://www.armis.com/) Alerts Activities connector gives the capabi
 
 > **Reference link:** [https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret](https://learn.microsoft.com/azure/active-directory/develop/quickstart-register-app#add-a-client-secret)
 
-**STEP 4 - Assign role of Contributor to application in Microsoft Entra ID**
+**STEP 4 - Get Object ID of your application in Microsoft Entra ID**
+
+ After creating your app registration, follow the steps in this section to get Object ID:
+ 1. Go to **Microsoft Entra ID**.
+ 2. Select **Enterprise applications** from the left menu.
+ 3. Find your newly created application in the list (you can search by the name you provided).
+ 4. Click on the application.
+ 5. On the overview page, copy the **Object ID**. This is the **AzureEntraObjectId** needed for your ARM template role assignment.
+
+**STEP 5 - Assign role of Contributor to application in Microsoft Entra ID**
 
  Follow the steps in this section to assign the role:
  1. In the Azure portal, Go to **Resource Group** and select your resource group.
@@ -76,15 +85,15 @@ The [Armis](https://www.armis.com/) Alerts Activities connector gives the capabi
 
 > **Reference link:** [https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal](https://learn.microsoft.com/azure/role-based-access-control/role-assignments-portal)
 
-**STEP 5 - Create a Keyvault**
+**STEP 6 - Create a Keyvault**
 
  Follow these instructions to create a new Keyvault.
  1. In the Azure portal, Go to **Key vaults**. Click create.
  2. Select Subsciption, Resource Group and provide unique name of keyvault.
 
 > **NOTE:** Create a separate key vault for each **API key** within one workspace.
 
-**STEP 6 - Create Access Policy in Keyvault**
+**STEP 7 - Create Access Policy in Keyvault**
 
  Follow these instructions to create access policy in Keyvault.
  1. Go to keyvaults, select your keyvault, go to Access policies on left side panel. Click create.
@@ -93,15 +102,11 @@ The [Armis](https://www.armis.com/) Alerts Activities connector gives the capabi
 
 > **NOTE:** Ensure the Permission model in the Access Configuration of Key Vault is set to **'Vault access policy'**
 
-**STEP 7 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**
+**STEP 8 - Choose ONE from the following two deployment options to deploy the connector and the associated Azure Function**
 
->**IMPORTANT:** Before deploying the Armis Alerts Activities data connector, have the Workspace ID and Workspace Primary Key (can be copied from the following) readily available.., as well as the Armis API Authorization Key(s)
-- **Workspace ID**: `WorkspaceId`
-  > *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
-- **Primary Key**: `PrimaryKey`
-  > *Note: The value above is dynamically provided when these instructions are presented within Microsoft Sentinel.*
+>**IMPORTANT:** Before deploying the Armis Device data connector, have the Armis API Authorization Key(s) readily available..
 
-**8. Option 1 - Azure Resource Manager (ARM) Template**
+**9. Option 1 - Azure Resource Manager (ARM) Template**
 
 Use this method for automated deployment of the Armis connector.
 
@@ -111,30 +116,30 @@ Use this method for automated deployment of the Armis connector.
 2. Select the preferred **Subscription**, **Resource Group** and **Location**. 
 3. Enter the below information : 
 		Function Name 
-		Workspace ID 
-		Workspace Key 
+		Workspace Name  
 		Armis Secret Key 
 		Armis URL (https://<armis-instance>.armis.com/api/v1/) 
-		Armis Alert Table Name  
+		Armis Alert Table Name 
 		Armis Activity Table Name 
 		Severity  (Default: Low) 
 		Armis Schedule 
 		KeyVault Name 
 		Azure Client Id 
 		Azure Client Secret 
+		Azure Entra ObjectID  
 		Tenant Id 
 4. Mark the checkbox labeled **I agree to the terms and conditions stated above**. 
 5. Click **Purchase** to deploy.
 
-**9. Option 2 - Manual Deployment of Azure Functions**
+**10. Option 2 - Manual Deployment of Azure Functions**
 
 Use the following step-by-step instructions to deploy the Armis Alerts Activities data connector manually with Azure Functions (Deployment via Visual Studio Code).
 
 **1. Deploy a Function App**
 
 > **NOTE:** You will need to [prepare VS code](https://docs.microsoft.com/azure/azure-functions/functions-create-first-function-python#prerequisites) for Azure function development.
 
-1. Download the [Azure Function App](https://aka.ms/sentinel-ArmisAlertsActivitiesAPI311-functionapp) file. Extract archive to your local development computer.
+1. Download the [Azure Function App](https://aka.ms/sentinel-ArmisAlertsActivities320-functionapp) file. Extract archive to your local development computer.
 2. Start VS Code. Choose File in the main menu and select Open Folder.
 3. Select the top level folder from extracted files.
 4. Choose the Azure icon in the Activity bar, then in the **Azure: Functions** area, choose the **Deploy to function app** button.
@@ -150,7 +155,7 @@ If you're already signed in, go to the next step.
 
 	d. **Enter a globally unique name for the function app:** Type a name that is valid in a URL path. The name you type is validated to make sure that it's unique in Azure Functions. (e.g. ARMISXXXXX).
 
-	e. **Select a runtime:** Choose Python 3.11
+	e. **Select a runtime:** Choose Python 3.12
 
 	f. Select a location for new resources. For better performance and lower costs choose the same [region](https://azure.microsoft.com/regions/) where Microsoft Sentinel is located.
 
@@ -162,8 +167,7 @@ If you're already signed in, go to the next step.
 1. In the Function App, select the Function App Name and select **Configuration**.
 2. In the **Application settings** tab, select **+ New application setting**.
 3. Add each of the following application settings individually, with their respective values (case-sensitive): 
-		Workspace ID 
-		Workspace Key 
+		Workspace Name  
 		Armis Secret Key 
 		Armis URL (https://<armis-instance>.armis.com/api/v1/) 
 		Armis Alert Table Name 
@@ -173,6 +177,7 @@ If you're already signed in, go to the next step.
 		KeyVault Name 
 		Azure Client Id 
 		Azure Client Secret 
+		Azure Entra ObjectID  
 		Tenant Id 
 		logAnalyticsUri (optional) 
  - Use logAnalyticsUri to override the log analytics API endpoint for dedicated cloud. For example, for public cloud, leave the value empty; for Azure GovUS cloud environment, specify the value in the following format: `https://<CustomerId>.ods.opinsights.azure.us`.