From e1558fcecfccc92527ffe51815380d1b19ecc921 Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 22 Nov 2024 15:17:41 +0530
Subject: [PATCH] Repackage - PingFederate

---
 ...ederateAbnormalPasswordResetsAttempts.yaml |    8 +-
 .../PingFederateAuthFromNewSource.yaml        |    8 +-
 .../PingFederateForbiddenCountry.yaml         |    8 +-
 ...FederateMultiplePasswordResetsForUser.yaml |    8 +-
 .../PingFederateNewUserSSO.yaml               |    8 +-
 .../Analytic Rules/PingFederateOauthOld.yaml  |    8 +-
 ...ederatePasswordRstReqUnexpectedSource.yaml |    8 +-
 .../Analytic Rules/PingFederateSamlOld.yaml   |    8 +-
 .../PingFederateUnexpectedAuthUrl.yaml        |    8 +-
 .../PingFederateUnexpectedUserCountry.yaml    |    8 +-
 .../PingFederateUnusualMailDomain.yaml        |    8 +-
 .../Data/Solution_PingFederate.json           |    8 +-
 .../Hunting Queries/PingFederateAuthUrls.yaml |    6 -
 .../PingFederateFailedAuthentications.yaml    |    6 -
 .../Hunting Queries/PingFederateNewUsers.yaml |    6 -
 .../PingFederatePasswordResetRequests.yaml    |    6 -
 .../PingFederateRareSources.yaml              |    6 -
 .../PingFederateSAMLSubjects.yaml             |    6 -
 .../PingFederateTopSources.yaml               |    6 -
 .../PingFederateUnusualCountry.yaml           |    6 -
 .../PingFederateUnusualSources.yaml           |    6 -
 .../PingFederateUsersPaswordsReset.yaml       |    6 -
 Solutions/PingFederate/Package/3.0.2.zip      |  Bin 0 -> 14661 bytes
 .../Package/createUiDefinition.json           |   53 +-
 .../PingFederate/Package/mainTemplate.json    | 1002 ++---------------
 Solutions/PingFederate/ReleaseNotes.md        |    5 +-
 26 files changed, 116 insertions(+), 1100 deletions(-)
 create mode 100644 Solutions/PingFederate/Package/3.0.2.zip

diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml
index c91d4cb61eb..939d064ed1c 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -34,5 +28,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml
index 6102a5bbe4c..f0ba2743b8a 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateAuthFromNewSource.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Low
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -44,5 +38,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml
index 8bac495e69a..97def5e97a5 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateForbiddenCountry.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -38,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml
index 7d0ea52aeef..6e03f595919 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateMultiplePasswordResetsForUser.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: High
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -38,5 +32,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml
index a002c34374f..208fd57af9c 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateNewUserSSO.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Low
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -40,5 +34,5 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: AccountCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml
index 79e6c806d2e..92724f45c7b 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateOauthOld.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -40,5 +34,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml b/Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml
index b9eaf30fe4d..8e6c1cb740c 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederatePasswordRstReqUnexpectedSource.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -43,5 +37,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml
index 048fb7c4c9e..c2e4fe27128 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateSamlOld.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -40,5 +34,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml
index a416e9a962d..c4187fd045f 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedAuthUrl.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -46,5 +40,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml
index 1ac2829e2db..220aefabbbe 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateUnexpectedUserCountry.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -42,5 +36,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml b/Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml
index 8693a3799bf..08177cd0aed 100644
--- a/Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml	
+++ b/Solutions/PingFederate/Analytic Rules/PingFederateUnusualMailDomain.yaml	
@@ -5,12 +5,6 @@ description: |
 severity: Medium
 status: Available
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
@@ -46,5 +40,5 @@ entityMappings:
     fieldMappings:
       - identifier: Address
         columnName: IpCustomEntity
-version: 1.0.2
+version: 1.0.3
 kind: Scheduled
\ No newline at end of file
diff --git a/Solutions/PingFederate/Data/Solution_PingFederate.json b/Solutions/PingFederate/Data/Solution_PingFederate.json
index 40a04e6b935..1c69a04132e 100644
--- a/Solutions/PingFederate/Data/Solution_PingFederate.json
+++ b/Solutions/PingFederate/Data/Solution_PingFederate.json
@@ -2,7 +2,7 @@
   "Name": "PingFederate",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.",
+  "Description": "The [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.",
   "Workbooks": [ 
     "Workbooks/PingFederate.json" 
    ],
@@ -18,10 +18,6 @@
     "Hunting Queries/PingFederateUnusualSources.yaml",
     "Hunting Queries/PingFederateUsersPaswordsReset.yaml"
   ],
-  "Data Connectors": [
-    "Data Connectors/Connector_CEF_PingFederate.json",
-	 "Data Connectors/template_PingFederateAMA.json"
-	],
    "Analytic Rules": [
     "Analytic Rules/PingFederateAbnormalPasswordResetsAttempts.yaml",
     "Analytic Rules/PingFederateAuthFromNewSource.yaml",
@@ -43,7 +39,7 @@
    ],
 
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\PingFederate",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml
index 31ddb97bbf1..58e536412a5 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateAuthUrls.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for authentication URLs used.'
 severity: Low
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml
index 17f5237c2b8..7e1ad19a7db 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateFailedAuthentications.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for failed authentication events'
 severity: Low
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml
index 42be44b2a4c..5c1a737ae1d 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateNewUsers.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for new users.'
 severity: Low
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml b/Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml
index f7f4e189ed1..9126d32249e 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederatePasswordResetRequests.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for password reset requests events.'
 severity: Low
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml
index de5cf6dc8e7..dd9b09535ff 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateRareSources.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for rare source IP addresses of requests'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml
index 06ead7ba545..40342db87ff 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateSAMLSubjects.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for SAML subjects used in requests'
 severity: Low
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml
index a13dc0a66e6..9c7d7211273 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateTopSources.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for source IP addresses with the most requests'
 severity: Low
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml
index 0dff22a4025..a5812c75331 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateUnusualCountry.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for requests from unusual countries.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml
index a34d899384a..68851a41466 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateUnusualSources.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for unusual sources of authentication.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml b/Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml
index 0bd5b19e406..bb0f993a5a9 100644
--- a/Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml	
+++ b/Solutions/PingFederate/Hunting Queries/PingFederateUsersPaswordsReset.yaml	
@@ -4,12 +4,6 @@ description: |
   'Query searches for users who recently reseted their passwords.'
 severity: Medium
 requiredDataConnectors:
-  - connectorId: PingFederate
-    dataTypes:
-      - PingFederateEvent
-  - connectorId: PingFederateAma
-    dataTypes:
-      - PingFederateEvent
   - connectorId: CefAma
     dataTypes:
       - CommonSecurityLog
diff --git a/Solutions/PingFederate/Package/3.0.2.zip b/Solutions/PingFederate/Package/3.0.2.zip
new file mode 100644
index 0000000000000000000000000000000000000000..5e537dee20d16ff7b58a2596e15782503e99aeca
GIT binary patch
literal 14661
zcmZ|01CS;`(=|G_ZQHhO+qP}nwy|T+>|n>XZQI7q%$@z-_xmI6ANM{T@pNQIRcGa?
zbF#BLsuZMwK~Mky03ZMkJ=`>#IWP<lpa1|a#Q*@%f36xknHsv7s#=PenpxUex>(xV
z(OEg$+ihuI*llp2ef9Kq1Mh8#UiPNtvYf$gV0vV^{SsiBB0GB&M?z^9*~n2U3M<+7
z>HvM#e4cxje8xGq8<SknP)sbcpuJDvNx#vNkjnplM;GGqU%AeCYktUaIUWvqe{;ZS
z<=}%ojd`PCfcs=tnshA9e>~e8U2}8;FEmomp$(%)Ee`AQcJBSfvl}+i%NZ52*Yh@g
zqXp)F@pz@>jO7tTsdEwWN6Lzmb$WGLH-nI{+em6aL_$Z4<_xZ)h>uwS1SP)#5=$3T
z=8eWafUI`sfxqIuz)>pH?6cZjh}GRS5d(|&m+p{oa`j*N>zN3(>*#11?kKt(O!fy0
zB+Fk0qQO`~TN;x4{@`V^qrhZg1vCau9#o<s$>)2F@Md+HBPgTXJOyE2#_o?wV1UlC
zDqbEG=JWHNcMecZE{{u>MZ##C%+3Y}V}7rYcqcJ4$7J4LdqiyzzgzuN!+3YL$wq<{
zry`7$e?=q?PGV+C5gr1Oks-6CMj_%^2#5BfU9Lce&p=K;^?d(L&(ZKr=Nfy1j6NAI
zeKciXlB!O8vSNs8z;;QTv>|u%sSCG3I6SbK4$#e~3v_n+VoZn*aHuKXe}5zfP=j}E
z)Elq+y~yYoA0mSZ1t1!!NU4*YlFkQN#r05C>6Aci5RrrKIrFALgC+;T%hQ5q6#^=3
zlMLAOEuXA7z4=;{e!-@44>fFA<(MAk(hn*VIN3|_YpO$(_w4+<G8v+)rg`7MyqO!O
zuPR)K#{C)pCRXgvOkUhG{uNngJ#~h_fK$EMaS=&N5paS;v+{lj05BpLRFu<ZBt5al
z_{!JU0=YM&z5(d|NLoOCw=Ov&C<fyK!QW?%Q6QbTUS_KM(nsIdHz-o#x~p9ufDZd8
zh!WqYEFDLwVR7TjC|{%@*FMkPJ|sxa1-PL3By(ljHUx-S5b8-{732t|-cgoet!Xov
zBx%6BkLOENFS}ZoApy+-75Vg2$KOQRnx_$(M)_@Q6mrAeWY8}7v(S?e9nT7k8yg1}
zVt7}NW7ih$_TJok`x#UbmROj9wO3a!O1?P~Z;bYs;3_n*?qiZ98k;s7{*gd`E_;Z6
zdCW8ROU}S!stVfha3v;I^r;TT+ICC&wu^tsRyLUk9=`W!5&+OVbA1Yxtjv{QoI^_j
za2Wz&Ql{gM&{-x=dL{;;D6eiHD8^Lbm~uL2)adBAZV6CrgJ2PN;L!=3aFx(43^3^W
zN)Xy&Roz>gQOg=mxxq3XVqR;FQ<i{kQ6lLb!|O*;A<vh#oCk@>@Jg6g;buIvgKtN)
zKcZg~3e8Kt2S_s+hdBuUl6tSON6Zp{3CON28r(`xQplyQeG{o?>8Ug1Wj&pd5;F|-
zkE*y+-RGLMR#C~J_{{t(K|W0#0fRN9L=^B2as-A6KXSvY7^RbGIy%0j0A_7o{nv4{
zuPZjGh(}7waab`b4%T0pt{#pk*|e5Xh6v%*h9ltBFx5NhG(dwCVTz%Iv5tj31U9~G
zY36NG&9stQgMs<MPBL;UFBs|hy?EQStoodvU?YnwVUl#&FgIU6H#HG*DJOFS)zCLU
zy!AAv9^vI(8`S<)3;aDX%qL+nk)B{S7Oc1|cy1bvLC1V6rj(1Cu6sVfvBMEA1qQz0
zkwOvr2kx<pIRq$+OzFKL())@Q_(GGZd1{JV15tQs;_L{JbzQI`fJh*sM_R(d*dQ89
zm!V(Fju|i5s0L2f0{LNE7ztaeydB!6;H&4H>Jr=Jkh<}muY|IL9oC10ljTW#^*(j-
z^S`zJJ_Qs^z&>2@5SrE71r^oIpf^m@bIs6mY5NA5xT)mZ=(@b4<4#EW-lWrJygPxG
zMcCG6sK+9T#vTz?NTdK<F~#C3K!>w~#jh*qfho0Mcb+g5Qe;C*0WhGx%u{T8TC&R|
z(9>cqAI8d2v{1%#2Wb616&_k55AwQ<!LABm#Q~aTkW`yLw|XuwH#Ar!SC+K4-nxY;
z_YaDBXkZcvb9AaTp~-<;k@&P~v0BK?>ZmUbSa+Bfkw{}AVg_JPT4O+2nJrf}4rR5<
zR7+F{0yNb1<jn&*Ua_5g2gxeTiE&v^W-=;kN)?}`wcE;((`=?68gatv(!A@HSB=J2
z>(nj&RSfagiKLUeJ}(;O4rPw%2EA{-x%V}&9KI&!XhB4g#EA-QkUcO1n4tt~!`j64
zneH@zyV(Bll*I!&Sg=w9H;SUP8L3*n%!&0?q3j$wrxo5*(%RaE>lXWYV2OOfZA!Kc
ziG9r+<g=z*Py@%hf_k7bschLs!-w|X_<TVfP)%0@KXkBuZ4W!t61~NUvf}Kqp^)SF
z%p0<Q-={W?rC6^V)OH~(8X7LiKBT&m*3Pg=OjD51KEZqjc3@pQ1&*)JYetX)JBia$
z18!Fm`{?iEfBbq4e%-~9235^GO7dwSkHC)tA7+1h!(HybaF<~sZVb$n2jX!~Qoy!^
zwO=WI>j4Di9Sp&`B>Ubvd?}N$Z1fz++CcUQmS{^da^U<(!wWufutt-f$4edT(Q~f(
zdg8YCsdl_$JO39E1p7Ahb&;6w9AY)7lhcjO?rrOtRzHo66M9y(0rH6_Ah_Eco8M}7
zxUMv7)tQdst{6b-GgkXq@gj{j+o^+y(fq}BrVH$<oy_FK(fZ(d%X+JuPj59$;iG!+
zQsvN_?Zz+o_!D(MVT!M;%sw(s2fYXpkN4pm$Gzpk@4^js8OnPG&3CgvbjK)-RLO(H
z*VbSm%xANMun7PM9{`l8J#LUTPV#6Nh)PYYyd<#}<;CWR99HYC4JQ*RbP$pfYPF1k
zPe(eg89H_Nn7W3%W`M9-HS7z@c9WhUj}0PX;cm{bSns>pmD#^#MO(M|@NovK`R)(S
zICXZkJ9&7v`=xn}HcyA%t~cxD^r;_BwoP_cRh_$7%|;7OAunGpQ|JweDR%jiGGcLr
z;dqaIGP@_*GhKuW$Ol!vlOPY|H)yu|UhXq|Z&78A#Ug7Nv3sk-S3--ve<ox6&dNKn
zpKcX}vt4JZdxw<BQFiDBg}rx=!tv$D9}|gJV#r{2J-YJIZmYtza|v&E7}@2kWaYaS
zcG$yfby(^s-|`pO$P8E=G!&FJ8zzZ3YE6G<cMwucE$Czn@-&g)qb<**m&#JOw9d(a
z6|Fw%=<X&Nz5AtCvI}W8+>ex9U*EmdExSp&a=csPv~VY}eRpk0m%Kex{hMjVm*ou0
z`?Nh)60Gv#@mWg{)~hYX#R4;|=q{kVL)vF>;2g3#y7{JAGa(u86*N`@NqM0s;3!Jj
z?Vv^cR#xDY=WBkefW~VJ+Bj->2wqve#vFyA%J6trd<GjJzAN3P#a{86L>&1uCK_H0
z7*@|3;~5rLmN#7XrC5NnF6&&Z-IT$WCHiY{d_0q^PGYX)y)Mz*XSzVEUS)I#w9UyY
z#}N7!&j10dd%H7}BOzM8*$FsnY(N$76<JryOD|BK0;ck@i>i*5ZzbJfx(%3=^*<w(
zf%8$l8W5?im+%lWQ+k<u&#3&c;7gIFo&14Rgj@A2K_zH))8_>yto0cam1qD8JUgAf
zBY;%?qwC4PFAoGTGa0D-9WwocxF~!gwm9>hN@ZWLd;XLJu5=Bwru&W}s+_ujustsv
zp}&n&<6Ex7(<)<1;cL1{C6&T&AxVC5(#$Vbr}=GJyFz{U?tB9){J-jA(e&n46IuX(
zWKkdh#Gks@*3i;U#njfp=BGOTpNjZW*V=ibE$Opc^#i|tyC&&~)wUZyd3^hhV@&79
zgsHp1`GL^QQvj)vBT*!@B<Ie=*Z%`(SC{}aX?8%#WTHZ9$fS5~i^Bo{9N^(<=NmSl
z>pQB8539cmzgLf6a`+B@WaKQlm=LE=n?<Df5aNq9ayAhiuF3tbfr>hg<RYmW=fi>r
z;wEyF6e|v#K~UU(aPO4=1<n#wk3;JAkAD#bTt8xkIA_vW{^chE>1;S;!!EXG0Dhn3
zJUlVcyY;T9A<i=rL7)c{Uby1@0fWC7j8y8ZRoGxiMoI?+cru7OSkffHEHtqLUX0xi
z0lw&KA0FjX0v1CU;-Hwp2L>`&A$aoQ_9dcU#%4U?96mYXa;mzl4}_Tg+$r1HLF@Qq
zL%f#*lf)M!II`BYa>%{|lIQ6OMNZ7iA8}9GmFn6|50effdZ^({S?`;E5E-LGd?5Fv
z0K|U3Hv-5$jA6!rIR&Ytnbl7Yz@DBdszkc?J(FGOw(>{hq%Sz)9cagfop^xP2myvD
zWDwsXR1#khzi%wD`~$|vgp}+z?$>qrPCf{ufB}rnJt}WSj*@+Qc>zTO`qmG^&k^Bm
zi6*L{eQnso&As;!#R%%nn@;go6bwQML+E`RYR`>9fqo5P5L6J3!JbWxza9ZR_jS{I
zD6Aj3e|^g~y6j%M4xNI{pDd7_-i-C|F${$*;XSaogOU+(Hpv6g4}Oav0xjUV1^$s|
z5CWd>WRxO15L4e|_**R@@?<2daUNU4D>-@O-d+rn(4NSw$DsQSCkE&O9&z=?(FF>8
zE@a%@PI<_Os`bqMXjtaWi#l=lL>G&)a#MklOv;)=yd*?~&haqDofUsj-8FwnbJQc%
zUd}SC`eaol#o90|zf+HQ=r}2({Cp3?N9>qo_Rg$d!S&8)A8nN=^IIau{L8OQ;Ban@
z0?zJ3(kCZ+Bv-f>gGZb3DsV~a-tf#QhG!lIDjRXtPse3W?xo(Dr{w_1Gnqo-8rqvH
z+_to|u6B_#Cnks<IpsOjclZ{&_Ne*_C(_FK&Lt(cY`K$Oh#UEgve6$q*{y#H8a(tz
zKZJ^Pjw$AjY`gj5h5UC=15E*>x6D+cL7-cOgvqn6aNPP^aG&53#2$%a3=4|dIcQT2
zX;c=_URu!Pm7JT@SM&J^dTt-_kWttE&fmSoflA~4mmlkR!bL++UZreeS(hGZrP6Nl
z$|SmXEMuy)nvDuG&MaHvagdm@)kU!cUEifqk8u&uxz{euKIQOr>u7qaJe?|wsjelK
zapasG=h7X=0%K1q()YR{DkCa5OZOlHRdy7eM05~g>ekS8WO#a1P_Rp_v|H&u^6d4t
zZt_m7BMCT5>IGpsb>^8tdrNF6dWh&homxZH(c$S)mrz!gT-4K5n#?6TtgVq)WH%qf
zjEU9+YOSKlz<q`HP#pysI>od-VDD~~6gM7i%GVT}WYAw|wr)u`)KwrY!>lXfY^*D(
zG4zc8+t^IoL-y`A%knz3a_=pUWP?|Co^~x=N1yEbzOZsV>Jp2$?=}k?sxAULXs>0x
z-#RipJ<4lTQ5Kb)E&?X?k%pvQfteH*v-T!y)`?~A(7^UT(XH4)*U|n&SE<Ry#4?l4
zlT%2t^+-FWCZpMZP*Z*0xRH!Yf}!XA-$BS}d*J>X@!FFF@kG)IB^;icFNq*<M~QiR
z-d<)N<wVe)>;ED#YI|3T6a*+|D!b6&-B>9#OWqC*kBrppOChMsrgF*|cW@qrD2HlC
zFi6DbAPmF2fAMJ&;6cs)?CW~;s{zmql$x4-D<JLHUS@1~8GFasXq!9cuaK*!0&~l5
z!=^h^R90j{<_2!e0t&*TdpAPs$2f^k7;yzgL*i(0j43+2(9YAezq_pCN+2LHXk-LX
zVX3Q0R)`OjHTA-P<Pe4}u>F-BAr<9h*uTSkbnj881~4aE?p`;PNq3mM=o(d|RS&fw
zswRXrO8gul>P!Qt1M4%;odq<uctS#bv;g|GutQiKA<Bw6s;hXV(-Q~}3Rjd-$HE$k
z#&}m3aEAi;s%QGw?-9@{^l|#F2?aS2&>oE7Agr^)>l5Um1vKn~>*?SOsjR3v0=@XI
z&C;U6p;5DvjQ93{W@u46aprNfMOzS-)5Gf}KKBvypyvkv>wf3I?!~Y}U>zZp6?w2*
zRc91Qp!@SmKG4`u_C*uVyup6Yg>)1x3ax73^%Ffs3wzL-;DPrW=}iI}8b2VQ-CF`e
zWZNRJ4H3$S+7_FSMH%m@{<7Sa{A0GO`YT#JFV0+J^qR1|tp$PY|M)i?|BwIG&HwsW
z!w#YS=YL7vbZF!OXM*TL4nO-6gI88bcI8%PMZ9sLDzv_ZCq(odJ^WTn!V)fIs51k&
zfBBe@=5PTB;r9lCO|)=E)U(gdij8hs!AVt8ErGsMeS1=ob_ccaL{p(Aw4t{rMD!v(
z++GX9Hx5L!CnI>s)s(QtXc;KMWwYQaVmJe;E6ju#Zxy*G-I;Yn&dRN-@;r?^Bag7N
ztLTsSrvLTMrv6{_x&MoPTch`2->u6_Iqu-vbz+>1a3bv3f;XO_ybaHpVBBE`)FO{b
zX4v^k5yu9-7Su2iSj2z_FSiDdme6P{r-RP339|s2lNBOCtNr{`leD<0?~Id=$y<^Y
z2UA`@HdW?(o6?L}<GGcW{EH!Pf_l9?xlu2U!1kh8ZU*)Pz#I2!1+r5m>L^DXW0c3n
zB>PzvC!2<&?WLyIEfg6-jxw!jf=Oj|Ymz5<SM>Y-0me4rH&EZ`1$*wt@O1QAN>+1X
z&Cwl=k!H63j^U|f`;>0nlI%&Va^%ANvw!Y06$ccF+FcL8`$1p-Y0qe02^5wo;EgRB
z9@3v`V3Ss>sBD$heEEu*CiIXHM9#SWKLFsYeAE4^B}#1kalpstF;rDrUYv-*09&A^
z)Wli3n)`aC8GV+Rlar+_UGh4+k_%M^HiG!EbEEP8*s{bz`Tj!wM)47A3))y8(T^MN
zc~Tu#!u;ce5M493XhW>BvH=PtoB*|%eh8tf^&|#$3Z``FwPvY}LnAbsyVePhW$7$8
z^JpNY+43rD2w=sXw&PC$BRzduDk(!zfLQRt3(>?YsrL(LM0`9c`e<1kHypTB-*0MP
zsT+M#9)&CA<6(0~vRg)3$7VT2rs!Abp+Pf!5oA4W@WhACAZG8aL}P4rTyduf-m3K;
zx_w8WQbu0743J@yvXWfVk-;8ym3xN2`#b0qAYKJy1YPrY0CFN{AE`*$xio<BM1VLT
zzJ$K27Mr^4)x9;{+t)w#qIAH;M5Y+=%4(nC>Yjl%tBn4hBcqW-^nR<{9>Da!vj5F7
z$Vubl@Oarcx(E)&?=|I*h|W$Xkk$rxk%X8>gl}UI^Lsx`m&^&-oiY)r8%*MEDIp19
z6!6~%$uek{2M1>^-tX&s^4nJ2GvAcHs|HR?4znO==vUG*PVaJ&d8bs%K91#kdA8!K
z#?`&zHHeqgs7QvKZV>>Y^5lVyQig@XUefP|nSS`qH2_Fk#BJM0GZ-ij{Yay(20M{p
zvqWfa0)t-{<O4fHin`<Kv)W`Tf(o&ul;IcI@P-#>x6qh*#HA=~xA4pDBiY5{H8msT
zq_$GVAFmMz<K&RWJO`@mB}0<F?8VWUUWyBaTUo)kFq4(uM!C+@c-$+OZF%vWd!ljj
za*Nd!WF+voh#xs_LG%fJMT1T58r<@6xX%D#Vbr&fTyx=e?Dd7G&Mdz6IZSjKrfk5L
zfqPS}fHf2tEJFz_V;QJkDOwr$EIU)r*%eh+H}(r2=B`tL=nY_Kmq}(fpgXotdN(v#
zv2h1<P1gFa2-#;!z==6aQC8!}`wo=ACjvQx6rRM6Dc-)^H^4qf>{@s$B3=l-o&vXV
zPE;cXnPAcoCo{<)+`NqxX_o_n*yEFJ$m}U<3||?6osCrc{JMSpk|_S3OC%~A&6%no
z58+x`)ZD&@N)R4icGBdtU<?1#KplT*qI~Q{pI{7L1UQ~#!a#gr{$mB!0>z89)w7M9
z(jwX9VMU&waFM_??OTll`WxWYmaA}IrC_F?6hVYIVdf<1%SYY*p*cz(l8D&LmJUrG
zOt^>J9XeJ0`F3y;MKoPa2ptXZtw7WY`!$JedX4ZLhX7`T$8Nm|AID)CL>xROXn)}F
zp&3%L%sbL6rIgfu%PRrV9a>O-aAH2I(r$VaR9*y}VgDqP15+-Hcu)VJG~q*F?OWgC
zQxOQD6q}h5KJ{272IkhT8w+NK$lpSif+d5SxkN`qPxAxhop_Em4sLUXK8R(a{YxAK
zNR$zas=x*nXuf+Jlj}kL_Pcra(yuAB3fmbKB9Gx%$z#Zs&IaMC7+jV;^O_lYgIj0|
zZKhQi1)xzP{9*~5>_^&$>JOq+LM$`FpD%%vWp_BG6q(ZBh+xD58qhT8F}H_Um-4BJ
zq~4}Qc!X3PX_Q`LyVr{(I*LQ_>pj*V1gZcLVYZi{Ci{6Cy1D(z`0|=0YT_G~x2Jz?
z1H2@Qd4}dL>#Nb={fcQ+)V?u{WXLPB9g;#c;Sh8*PmPjCK)tg)(5<n0Grv?Kj+7)h
zz`#6(L+#E1Jt9Hrm6%+h0arVL%E^vk<Mv=59^`SQxJ%keu65FxNtM%VwMEJ3t3<Q2
zJsV4z-_JZ+dsFga^;um{uQCTpeRhFErBzw6KSW)~lTRl|V2rf-SlMAKSRv@h=$Mh=
zd`VaNV8aI-Qta)zVC^SX{X(yS;7vEGcaM5{msH#N6LubmSk{o5)5J|1?GvJBb-D37
z#TkZ!&!z9ZLAp%7N8p<N+};oEJU47t)qQXA@^GEv039V%iwB{|)jh=av}td^D}N4s
zIHDvSfSCS)D>LR|BXLdP<HYUd;PZCP&>VAXVX}Qeo1Y0OqJYZRbB6}2P?Tg5{L9%Q
zSRmOOzcuRqJ?%r)zm+=rLT4GfwoIHl-O6GYT*B{ore@s0?dZdV2Os1DE;HVGP@<#i
za|tK(;sJ5zLpT0R9^KVZ?2>*A7;G@Oh24>T9Zh+O2<r9`@d;pH>K{Ms*72d!3LI)H
z-fHL~?|#<UHfa}^im&oAF7iwj3J;93;RBQ%O2rA;%MGJ|Lg~ierJ5s2*)1p$C%5aD
zaXHfVCVj$qe>}w}<dKtGq+#OT&{_C)(5mx9fBHoV-%j64&<VS<i^+g#T0WX7pT*M7
zA9Z7=55N}Lav9%UP{q)J=OM}tJvTb=tGlypL<0}66uf{>x6FvcFy^+7V~S<MY|4d=
zgdE9<o6`yNUVpxclO90Uk~Cf)#T<H@_^-P|__X0XedO%*6Og?9W-~_xZ|LeoQ7L}h
zD#n8sco;Mm>0datW+&MZDe*sRjhi#7_pXN<C!Wx)N0IGuv?fCfAbleQ#zNg6;|qO{
z%wH@1(nYS4RW1}qUS!~RzfUFQM)@hH+4)<mEFQ3m+wecTD7)XOEo7ce4IQm}Eiv|x
z>IoZ-@@Z>P`YlP39I@d?@?TaTSS@kIkGMd(UNWckv4dQw68u2E4!5eX{y3D$jLt=L
zWjZsy!K-t>QMz|#4k7jkX)%PqSJ6B;{w3q**%_MwLW9IoK3o}TJvAA{^oTaHW;sWB
zQnP@*xnl)iUJ_r5g#Vyc&U-?Q$9x>!qKA!SPOso}Wb;OP$Wrg%a37?W(pyfkmhH01
ztX8BuJxpy-r_RsTwd<Xj_?l<fruAE=TG8W+n_#Y|;xIO^7g^&RKI>FD`uMx^W~e>g
zdd;;}JRCoD1-A!Q#TVioL@t6~B<S<-V!1n}Ci+ZW0DD&gcl!H)?nZlOqE8oZQwp8M
zY=n1vUp?`S+|)Dq4hN2%g@C=&DB7)8Nbn*FO}AgW=re%5RvnqA0S`rdf>a<tR;{T5
zba&vRHHRUPskkqQZ#NWmLb<;jt2RY~e)JEM=_^0LcGySd_RYPeo78fy5)^A!YoW`9
zyyO&AQx3s%W5KtSQ1}^PUrtGn;i>fIhw|Kt%T>H+eVSU5<WZO0E-m=}nf#PUt$_Z-
zde->%(YLisR_Z>?7bPm=#`dGX7}vhs{p-RM8#eN3qP5Z0bFNr~5~YK~{+=Dbw_na*
z8Vlh2_cPO9Zp?J3qKR*=GkiIjyVn+-F~i1T!yizo<b3?)+vV1{iB{daf0WYdU2w~I
z4xN?w${BR99sK0(ZRn1sO0b}V(l#j!f_hzumH!ZLMr_78WXC&LPaIv=ahnMxWNPqa
zt6)ZVm^2=iq{-`gIB$_$`)j_EF<vZ9+U~apjp$U@`4M2EG><1gRCR`Wlkj62iQ5vo
zE#fvHS7)ty28WX#rXvqGnR!+cOhQ$zpmxoqA1QJUp<Ts>1}&40DbdJB-H*48>JwLI
zo{X)cY5|?(juCi<uC(<L)bdjN_IJ5${mpFDa<V3^>LQ3y%K9C(kKxWGzy*EX!q~Qc
zVHjD}^~>91Xl$SYn;Z|d0zs5?Elo6W+`CJ%zdT*2tRI`ui_R(4Czit8g$=43xPO#k
z3fHjNHzZMu`$T0$6vI&rz8<f?eC(|hvKZ{>f+z;WoGx=6*HGlpEo3f^A&YV)O7Zt(
zF@jjpnu%(N;>BN&KNQ7bx3;XN&Gq{7X-xB46vVdTn4nd^VzvwG9<h;TGD$1<>8Q(f
z)gSrv(<Ba1w3~s^ptM#9r5i*rR?k?KzKjeM%_4k!cONMJa#8WAI<q2~MeC&ah+2R=
zLt2)M`Jv<B2Ko-&EaxB@(I2F>Vc!P^Vx;!O|Gf1Hug8(AQcc$?$>j%qL)4?o;B?4m
zvtu0@tdEWr-2{^+(Rz;{+2Tu=EXgsqxHgF7%mG)2lUh0XS*Dc>zIA92^<_%`avMQH
zY{!*uHjXqKZ!t=teW0L8v|!Ujl^)E+w?}7QL};ur3qyOp7-JIlf@Utc$tW~fnw;f~
zF}5lE&Z}nGA#RkB$YYgN0X0-p=&3#R?Pf`wru=PTPlM7-Cz4ha>68*2(Tnq)yPwm;
zrjf#;6_swtcmGH~%lZ9!e*Ae6y^{WV<L~3)>$pZa{i!3f3D)oiktOtOql1|3*JFR7
zk;B+i)AYcfUFHTiBYA0r;~xKQ8VMSknSRVU=+DjFXbwGw*X4FxUKf427XxU(Ya*Zg
zAf3z$JH8_N3^C2m)WY2uK6*8phr7nCT#H(4lPON<Ez&erIf@skdF`gi4-2?yb#89h
zlSlJp+^oPq9QO{XCi~er($o^266G-+B9H2&DR|IP^zw$p2UfOP<Xf*W+kv4ObxXJk
zX1Ut8#u@PDk36VPU=wn;_gx0%n%;^b6!y8xm)Zu%@SI1Hjl9G{0^z*?2`7IOL^Cdw
zGED`Wkv_bJ$gv^5i_!AHZ>$RfM_v~Eguo#?O)tC4LZOcyNX(Hxx_AwNL)1#_;07`+
z)2<fNXo?rwi#SDAMdTo2R<kj*%Oc`Xg_#rj>D34mx7NR#!3{>P!5ZxBcz>}G4GH_*
z^vj`gbpk5ue<aq=_)lUXKN33{RYHLSWPh{wrs#OP2x5I;!|ZYb3=gheN$q|WhUsp9
zy<Pb3=Iio#bJ9QL4?9Q_RDObWnN>NhpM>QVgewmLc|S8ph+!N5@?qBxWLv}qYz_rU
z(B$@ISrG+r6a%Tp1NtBF6#NrU0Ejv9k9Yuo!~-%L2k?KyBk)f=APQGG?te7$!|H8W
zFPi>|=cz$U1K)b&9i+<4mu}$hdUYD+zA<RoRrKcJ$cIL*LG+J7VSy`XBg#o|;nweO
z#d0n7kEX|pT=LP$Te#yA%d+@hhM45oMwUO!Ts6QuaYdF``mfHs*19OL<blCY3M~Hs
zp8E%|C^3iU55N>yM6JaZZYWd#3vkgtfQu|ZewA;CF0+6*RE=f*1K1>XOK5qOyOB(T
zRrA4+C6e61L25a~L-s2MGMnnXG3fc<5J_!p{teOaXNbIwD2B=Yj8Kn74iU~=px)yF
zi%5*n$m|PsOglxl4LxIjnW38Gw7*r&#LQZDOlwv2d@?=Xb3WOa<HXbx46;rx1Zbsc
zQeV81O;i?RhNk@A%u~TGDay;_1=m`bHN16EP|PKOE(!~>a`dx;tQ5NGprjnQQYy9-
z6-4aB1+OT|Go5NMOec7tKuNP?)kFoS7|*`GpQl~f?XaPHztLCScd;~9WpTZ0f0t#K
zuwIr>B9Pl%UVfFw3gso*7G@>7mo!`q6|I`DiEof=ZkH663r8-RGND5WUL=kZ<DK80
z-Xhaig%&wcIh87^SavO=iNZoDEcO;r)DfbXj=-5#$D8BmNIS8ki^2xjm}VOi71Zl1
zL5h~T_sjHPACv(`)&Po!E*KVbNU_dSh$%i?uo{&=%B~$9=0xPzKX<%V6ih4z()r7l
zkgUOLx=?ieJW8Z82ZTyX!=!*sX}B~{RDks8EEp9i<=@5?D8*lk3X;qW28OiCMdmfj
zO$wFB^b2F7Jh1|$I<`yb%1to%>d-XCD<)IHq)VT)wCfk`P!mesCW=Vw+?qvxWAM12
zo<HoF&y#PNbfz>2<}sUksoWm}{c?jIRsYRO1_Z@TnF@j2;>6+_zKZeJ{P#o<w-j4W
z&<DKfnG$JC@v3aK0XpNr)&Nuo74GT1dMM}P9q$(Sns|gTzJ0gzDiRE8V|K_{7b)$@
zm@i~sgW;bRig{p9&t{Cp<T`)T)nsZv#Wr#7+1()8Tf#G%+lF59<hoh0A)Z(OeBXE_
z^n1n#b9LyKL$xC*;C!g88p!)TUGHy9@x^@e?uiQ!^+*pkVIP{?yK^wU5%y#QF1Npn
z&v$!{A|r4iJ$Mfzd#{IqArxP@MEBk`xAG0V!-8v#z4<YKxF4@~(X`<G{O`7R>UWQu
zyn?#0qv$U8+-8yqQTZnjI{>|OrP!WCz0J@rQAf!wk+|D5hq9x%+YCr>ft`?0jttm@
zKKS$)iHW3%>~1f;ZC$4evVFROnb#paB1);ParhkyNg<+%iE?wiXkPfQ#E)3+7xyEW
zsJ3QxI`ope(tl2evoA{&R_M-u4+9-xHBQZJPfn--_ZCU@6g!WR35)Homz}4aJl-9V
zLhD}c-fmfzgkj_4K!6{Z5CYoBmo-@$b)KYOy@;Oepz%xK#BXl3D?fh~@|M@&m(kVE
zpB;4ps{_wCVXn|jF91O!an8jwC)FH?Z+a4n0v;toJ^i{qU5w00Hel+TBF(@m?lsIw
z1}z}JzPiHz;NxK}6dZ&~Z7r;j3%cXT7?iscb^xEJ1F%a34l*!sb%H9Vh?oxAuixaH
zRgUboY2BdJ^`x_<FrOX(w%Zzx4?pTYw8z;7N{v5RcK%eHs~Ih9!{w|OeQmlUd5#e%
zR^Q4yezqvxxyNHkEs}!ev2?P~4)qx?Qj8NzUQGyrM#83zVI6GZ7`A}1mI9=?or9Lt
zSZF>C6KS+M4Lwd&IR^}&L=|Y%pcg%z7}CO#oY%y$bTs)7>#cedkG3LVh*P&qruATA
zh^5bxBN7(xu@W?c@ncJCxSB6e1pdT@y6Iib!u8Z|%Ld<xzeLIcZQ96@XA{h<wx=D|
z5|>?2bp5I3L+x<Oq2pcU>~fkN^hHW@qY*z0=v$Pbp_xV*UShne-vTbfonFgje*@mT
zUQ3^N!T0Cw?)33?^ONMG*VXY^U(RII@XIo?6`jp*E*FHJkaqw{D2lo;%`mFNpz?zV
zcn+sgPKk>(juKrEnE)2`I4=W@ngSHP&GTw`UU(y-rn$m_JwMOrvb(6D>*Y97PU}%S
zs&o1qV>}{yw*qIP0rnS_!pro_3Qeh4?6t})JuJHAZ)!=?-=+H%nQkF$)CZP+eb+5X
z-@mGLGg?4hl`4`V5?E&i>dKj{ZL=EdmBlM|fL>QxkLOFVdOM&C*!Cg7+sNIBy<*Ag
zYe1gE*DWOOxMSApXDg;p6|=6yb(V`>*zC}bnQj!FR37eK$%nlUl`@ppN?hGLy{DM`
zM)qwF6VGEGR~JAL6%7UcC?Ph#1h@c;^D46IfGSmtM7h5ZHPtLNO}SiwPp2BCyiV0K
zOjEH3sE#6##kHf2Qgv^A3udSSi`30h%>*f|LR78XfZ8-Bs3f^2sA#Ju52>3K8Rdzq
zl~!^WhpC)Dyh$NSr2<7lO2Xj^SyDBF4`P0%x9}1bVLXpCMQ<zQ-sV_*JNV|8xywPA
zSbe|Qfz%p~=kWHws2ok@&({AZs)1DFZK^{_$UB~ErDi3@1w%e=926@ldh3k(8dk-P
z=@GFs@mltH5Y%-p^0+wqxpE1{Cp_MrF6W)F*Qv2;iPnG)8{}?g?ca*7HCtC_X#-4(
zs#ef%`!o|kZ-*SPBNWj=KD@JI=fZpir>TVbnx|n{fj(J<%;?sH_>$&?`Jq0UKA~(>
z$Ce=XXC2Aw1o?{W6(EnwlqnGjkMn_kznH8YN*bC~!~H&iPFGrIXR5H@eO>Y;UOx8s
z7tE0P)}B3vzy3u8sjvUP^W<X^!L6H!$PR=uZ4r+D)|bmpIrPj&H5526Q;3({$pc+x
z_{rR}K#XQgQ<gD7`-{Oa+T{GV%N2||qTS!qZOA#cIwrzc2XaRs_6pzu!^B<Wa)$jm
zx#`~lh_nz4=i9%j*lgV4U2aV03aDB{gB{aM1%sUe!h^F#3;Xy^@t)=g6duPdW@(Ov
zV+#bQGP0vvED}nZEM|-P{>#cBupd_1S}4?|s|G<<viz_T>Wo3~hm{`xSjpTM3`FK(
zkXfM4j{H|-TQ&dhoEfs<+P%kcu(jkh7g8T^DR=r(nb1ls1etP*Iics33=mV=v}m(j
z@!)K*_G2VXX5g)D5r8|b^qvq|5X^jZ7az%B2$GeY<gmQiX=6A2Mr}29KT9RDm#m*$
zu3_`Tz%v}}8T%@5i@TzrU9}X~&C=58Mo@Ki$lq@N0$VTcKp><{|GpD$+5z1t>s)Bv
zozVei_rs~)w$-A($A&!%1@&^cS8Mo7F$Rb0U%Pl7@?Ba@&V_w0X`yPSg-#aH10A9b
zv%vqzE%cAvg=TYfRw1EQ&ul;B7WyH#5H0l7f5}aw@{im?&VLd}5z7BdZXnkGB{vW+
zjX*&-TA-IJ@vI4)3x==T_nYbdR~$9BlQ_EDN=^*#eN6aD(xxj&ak$hDU6p)jEjC8#
zu|Qe6Qx0hjNW+P`D}1i=tsNG7@Qqo&0`|61*&MC&BDdYflv8)p=8}`Tsvy>3tsAVA
zs@;Sxt@{?rHI?`@hm{VBJ1@u%`1|I+d~<DuCQ~fdR%K@XlW#VE^36}b|C4WY|IO@X
zOWv0yq(Id?3nC$9HL!)O>GH0jv1JvUMLZP1RU&A!-d4bKKjsHEzlbUuPu|_BR??q1
zl4psttN$dLhIL^T`nVZB73@MO(&~NyRi)XXSb0+SrU7MIvX%@LIR(7r^}UM9O|)b!
znGVVf6*y~0iB<|3D7t9F0LdSShfB;7>8wDKt)5xhG@>OXxuPX$$^IAOjDHY^Nj|*C
zlkS#P{*8o?gvEWeq-p}|!Iai^edVMG$Onez@9Nk)@!_GueET##w`T)Ol}-4cl5Pbt
z7%pX7M=c*pmmP-6$BbAJ`|PD*qkul2Kcy&Ff08t-e&(%rUQs|xd!Wk0Ov6ljuz>lJ
z^L7DBw^113^FZB4iX5HVC#vwetF2>wqwxE4$n&l4BBPAVJ7?zR_X}SBhZy6oE8Vt%
z|I<E_zbUU~B4}d&u9h97TY#;emvmg<$J}BX&IaIb&URYP--jN`qYazLy^6O*qjvy4
z_@~LnKWS#HLGuKFRVa>?+gzubbc7_AbR-SO{2q0^JfjTJsro|Big@JR_YMh1vs9Ky
zNJ%Q3ID5RhFM4=hEtj}e8<e1ZtC3{QI*tUn-a&{9ZQ*3<*BGYoA*b@QIB6ZR{IB%^
zIX-1TmCFvqqsJ^T;+yAXQbL}Mb)Tpq(rkDl`=I_0f~@`D47lo{Q!-!9UEICQ-5m5@
zpvySL$KFq2iu@gbF9heb#UU*3F6_iyYv@*fdLWgN{nUXfw2CbvslR}$7Lb-)&cOf*
zNh=>`>lma}*u%=riVTs!>7purYbV%Z3aHjUrZ!Ys#>8L&R;_=c(5)7!CQTQqMyoNu
zLD{NIE<k84xl_vaE_HUBLpD~bkR=jclnkg%l`ii~8GBOCsBeh+wAj8?s`KmThBA-v
z57d69#NDqu{HDS-+?-usNjhvXsj_WJPNxot(q;e6Wn2T8C;@)wnDCnaXiHC4Pa0`;
zj3&)zkxnd*^;HU%HP2k<{;cQoJ$1be%{GeSUch^dxifst0?Iiu8?l6655p&sIvxUO
zm!sNeHzFGBl&%Et=4u1Jr6q!ckA^56E;`t2h{)*j^E?zC%npt?D##0If)*aMy-hU;
zh$x&_7at5O<g)@pyl`u6Gl-7(;d2Bn(e!^(26KeQM(JWi!~^$&>1w@HH0Mxi%AC=_
zu#)v%VMFJV(SVEHd5U#-s&Nl9$LhR6ogJ2pCM408ii;ezZ;b=Jjk=@r8&`n($k&?5
zRfWxCBn$zIeXBzapk(ZZ_bE?DG4x92zBy3fQ6nrpq5_8XpY&<m#4n&2h(L6adq0Fr
z47ha1qCWwMi=HXYf?VFnD>D<G+}SXZQX}0bAqK=iO{AS{!MX_y7AbP?CpVxjHz5|<
zDRgw(Qa6w8f7J!lqD?W^<T({-u3fb{i7;Eq1j#;W%er?x;L8T6275wO9&$VMilL7=
zXBN`O-hoRXNgzidBTe>A7<Xin0DF_s&R||98-)ALUiCAXX6#n+OmtYi?m=Ei2J+>O
zntApZ{TAabhd>UcNJCeR%43t8C<V_5dx>a{cbfITuRe0Cs><x2=9p=*{ivt@o}#?0
z@bb%yp>F;mT;TIX$p^2(m*bY8+Ej`Zm-6Rs%NktnqRuitb}@3eeH-jAnHW<}nNAi@
z<{Znf@!%U8RxUe{Cv`Q{1J%5X44k2dP~de%LLypq6mvUw`~{Vw3v?LleDDrxc~9@o
zBI5G%&nn{bK>xxb@_0}G!YcCkK#y+`!GS<8TqAKON$Mw?6J0onmf?bT?OrgEXgpnV
zFe?=E0<gw%ReUgGVT53<C1V*tskvHkoE&uu_X6;cP*Rkiq_Yx%e}~)XK=DCa!a*e6
zFu~+o<f2k>O?dT77@x5KI9M`efO>cLn}iVMZIYQBO~qv~mJ3@)1#p{XH!X`~abGr?
zea!Igm)?VF8+4|*S(j+09~BJ!n>Cq}pR>D4OT&i!-U_N8s4c%t>lwa<SWjw`gIV~5
zf?1hndwwZD3{}{c-5=RXFKxffp=y_wREo1ZW5}mI4bYr903p>jWy|AYu_S^6$`v!2
z%s9e{2AB~hoC$~ChqOJ7uqHMb@!&0r4A@bt621tyY()l4!W{Xaw|Al_o?)Y2wefI>
z2^ix={OA^vEZ<UJ4Zcw&b$dxz)$y?9A_$Bk6a+-r-$roKO1w50aVUa_z8FaznLvIS
z0`SDEiXfaZdt&=XSq`@IqftEYWq55$>jRY9odzFkcc`An*1g<L9V!(r@J-l13*hvR
zS#k+CO4mh0he^7Rw#ALDRO;}yJE4j#8QQ%c7$Y`s^sXNCPdD9jXGN7?mUD|J3jPdl
zgLUKc?DZF6zpxQ3SdtkYzVdMj*N)I4M0<KTv-b6WzvO=x%{*q7A{D5^b&M40>y!TS
zI1znm!sfa?%zzOz{PxAXXvLS+b@z|i!Mk?hul;n;uWtXGp`&G1B-zA{ul>D!%N+6Z
zc5u@viF%nN`|g<6z$Flwvy;=s_`K5z;<zTvML!BXkcqvoJ*yw_N#ZUrSczjVbP=MG
zjb7B&x%y^q?V3|F*;SI!79lW}mzVcEis8dX#OL*^<yh`{tleOL{(I+MYwgcSJXX4L
zHKo?{q2?_b<~%uz3tkTP47skN4o?oa`)B}COpsv)ZU2-F)BQrL|C*iaGrq&e_RHsq
z+jqf=l`EKdjbCdqO@?&QE5Z&oI)U}6_iCQU(UMa2sQZD@(}#FCZ@C7<L~f#@e6#GF
zP!i>>@$=$szOk2}kIicZIcm(e86k99z^%Q~42*U?9<-M@=_E6PI8ru(<i|6v*CURL
zkDCl#!<u*rP*@vpk{!v`9A_K!ON8XYVPrY^%uA%F^8pccNf-%8<Y?ZEVn+r|WQo*1
z9-nSE>gK@TJ{et|5o4r;QWAtWqdxilpeCV?9`BMee|B{W5&06%{j7c@N&gHLRiBrG
zHQe)kKXyO#$0Q*W=rN&81q$+MWc|P3e#Dy~efCikcc<!H`UI(B5|4gtg{5Df$4RaS
zgDN$imMXO&aW&DOkiQ$?IjC|Nn4Ro`G(j@BS%3Ribty}k>=)H{3GE~IaJq-iLesoF
z080!MGRVkLh&Qa=b-ZhaUk<&GWA79?aG_M1p7UHas6%QN1VJnHsNU;Skbr$#m!)Rd
zwS5z|L0e?y8-XM9ZR^_ZnXyG(J2Jw3!1o;FztBZ`C+*lj_P^xFQ^H4iQgLe90Cd9v
zdT{v}(<c%#kQqRWyR9biGIg{%G+WyMH;BuiCz1UWGsrV6H){RFQmDS89NwGOlYY{4
zcuh#@`Q8WlXRQFhxYwaRKtu@g<eq(n-B4Qw?fYw&<`ix|u({k)x!kEP*S%csX@V!U
zN+))txqs@Xw@hc-%NE<!B~S3Go$WDQuBlzG)#uycFE;hTa^X|B@KxsD0G8hjFkSdm
z&V4i_PlPp2225w)Br2Gjr#iZ)#p|cVCkh?}Djo`wrhzq1`j}29(HenM!_rq*mb0Y5
z7SUE3jKjOPK^Nv?e|COQlh<RF!%l>nS<r>f<Ce~o&0)}>D|864s1?ua{+N6JF*$xr
z-XHVsKPJzQ>HA{>V*XEKfgclG>Zdef(x5AF35}>0D}_&$$__E9*AX~_BGinP!lz7S
ziySj(512<aYQ#!i-a3huURLYyKxTIHK`nh!H#lx=Sz6ZA&A`<ccf4{HZL{$mVojSi
z2=Crs6Qtz{R5C8^W7f$K8Y*&RGEEK2<dscQqJC10s5!l5`g&vf^++H7h)nXiKF()2
zeuU&-X;!`IwZOn-K7b;(R)p*$u^!m`*r&#HZ!9geXv3TN8Xct&WzEQquLRd%-z`=~
zgRT!4^2;^yJBM0zWwmwRRp@joGfumY#w$bA1~;1j8}j>uUqKoW2nFE(f3xDxx@-VI
x0D^y~pWpw_*2Vw(Cja-!?tfkXa}x~c|BrRv3euop|C#{(93emFDvp2F{{sLtBBB5Q

literal 0
HcmV?d00001

diff --git a/Solutions/PingFederate/Package/createUiDefinition.json b/Solutions/PingFederate/Package/createUiDefinition.json
index 82cf18b5e42..e5f539d2287 100644
--- a/Solutions/PingFederate/Package/createUiDefinition.json
+++ b/Solutions/PingFederate/Package/createUiDefinition.json
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PingFederate/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by **Aug 31, 2024**.\n\n**Data Connectors:** 2, **Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 11, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Solutions/PingFederate/Data%20Connectors/Logo/PingIdentity.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PingFederate/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [PingFederate](https://www.pingidentity.com/en/pingone/pingfederate.html) solution provides the capability to ingest [PingFederate](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) events into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.\n\nThis solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.\n\n**NOTE:** Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on **Aug 31, 2024**.\n\n**Parsers:** 1, **Workbooks:** 1, **Analytic Rules:** 11, **Hunting Queries:** 10\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -51,37 +51,6 @@
       }
     ],
     "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for PingFederate. You can get PingFederate CommonSecurityLog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      },
       {
         "name": "workbooks",
         "label": "Workbooks",
@@ -337,7 +306,7 @@
                 "name": "huntingquery1-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for authentication URLs used. This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for authentication URLs used. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -351,7 +320,7 @@
                 "name": "huntingquery2-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for failed authentication events This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for failed authentication events This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -365,7 +334,7 @@
                 "name": "huntingquery3-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for new users. This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for new users. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -379,7 +348,7 @@
                 "name": "huntingquery4-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for password reset requests events. This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for password reset requests events. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -393,7 +362,7 @@
                 "name": "huntingquery5-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for rare source IP addresses of requests This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for rare source IP addresses of requests This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -407,7 +376,7 @@
                 "name": "huntingquery6-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for SAML subjects used in requests This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for SAML subjects used in requests This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -421,7 +390,7 @@
                 "name": "huntingquery7-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for source IP addresses with the most requests This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for source IP addresses with the most requests This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -435,7 +404,7 @@
                 "name": "huntingquery8-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for requests from unusual countries. This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for requests from unusual countries. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -449,7 +418,7 @@
                 "name": "huntingquery9-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for unusual sources of authentication. This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for unusual sources of authentication. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
@@ -463,7 +432,7 @@
                 "name": "huntingquery10-text",
                 "type": "Microsoft.Common.TextBlock",
                 "options": {
-                  "text": "Query searches for users who recently reseted their passwords. This hunting query depends on PingFederate PingFederateAma CefAma data connector (PingFederateEvent PingFederateEvent CommonSecurityLog Parser or Table)"
+                  "text": "Query searches for users who recently reseted their passwords. This hunting query depends on CefAma data connector (CommonSecurityLog Parser or Table)"
                 }
               }
             ]
diff --git a/Solutions/PingFederate/Package/mainTemplate.json b/Solutions/PingFederate/Package/mainTemplate.json
index 72df6acb137..54b60f04eec 100644
--- a/Solutions/PingFederate/Package/mainTemplate.json
+++ b/Solutions/PingFederate/Package/mainTemplate.json
@@ -41,7 +41,7 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "PingFederate",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "azuresentinel.azure-sentinel-solution-pingfederate",
     "_solutionId": "[variables('solutionId')]",
     "workbookVersion1": "1.0.0",
@@ -101,100 +101,82 @@
       "_huntingQuerycontentId10": "6698f022-adf4-48a3-a8da-a4052ac999b4",
       "huntingQueryTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-hq-',uniquestring('6698f022-adf4-48a3-a8da-a4052ac999b4')))]"
     },
-    "uiConfigId1": "PingFederate",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "PingFederate",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
-    "uiConfigId2": "PingFederateAma",
-    "_uiConfigId2": "[variables('uiConfigId2')]",
-    "dataConnectorContentId2": "PingFederateAma",
-    "_dataConnectorContentId2": "[variables('dataConnectorContentId2')]",
-    "dataConnectorId2": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-    "_dataConnectorId2": "[variables('dataConnectorId2')]",
-    "dataConnectorTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId2'))))]",
-    "dataConnectorVersion2": "1.0.0",
-    "_dataConnectorcontentProductId2": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId2'),'-', variables('dataConnectorVersion2'))))]",
     "analyticRuleObject1": {
-      "analyticRuleVersion1": "1.0.2",
+      "analyticRuleVersion1": "1.0.3",
       "_analyticRulecontentId1": "e45a7334-2cb4-4690-8156-f02cac73d584",
       "analyticRuleId1": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'e45a7334-2cb4-4690-8156-f02cac73d584')]",
       "analyticRuleTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('e45a7334-2cb4-4690-8156-f02cac73d584')))]",
-      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e45a7334-2cb4-4690-8156-f02cac73d584','-', '1.0.2')))]"
+      "_analyticRulecontentProductId1": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','e45a7334-2cb4-4690-8156-f02cac73d584','-', '1.0.3')))]"
     },
     "analyticRuleObject2": {
-      "analyticRuleVersion2": "1.0.2",
+      "analyticRuleVersion2": "1.0.3",
       "_analyticRulecontentId2": "30583ed4-d13c-43b8-baf2-d75fbe727210",
       "analyticRuleId2": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '30583ed4-d13c-43b8-baf2-d75fbe727210')]",
       "analyticRuleTemplateSpecName2": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('30583ed4-d13c-43b8-baf2-d75fbe727210')))]",
-      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','30583ed4-d13c-43b8-baf2-d75fbe727210','-', '1.0.2')))]"
+      "_analyticRulecontentProductId2": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','30583ed4-d13c-43b8-baf2-d75fbe727210','-', '1.0.3')))]"
     },
     "analyticRuleObject3": {
-      "analyticRuleVersion3": "1.0.2",
+      "analyticRuleVersion3": "1.0.3",
       "_analyticRulecontentId3": "14042f74-e50b-4c21-8a01-0faf4915ada4",
       "analyticRuleId3": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '14042f74-e50b-4c21-8a01-0faf4915ada4')]",
       "analyticRuleTemplateSpecName3": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('14042f74-e50b-4c21-8a01-0faf4915ada4')))]",
-      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','14042f74-e50b-4c21-8a01-0faf4915ada4','-', '1.0.2')))]"
+      "_analyticRulecontentProductId3": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','14042f74-e50b-4c21-8a01-0faf4915ada4','-', '1.0.3')))]"
     },
     "analyticRuleObject4": {
-      "analyticRuleVersion4": "1.0.2",
+      "analyticRuleVersion4": "1.0.3",
       "_analyticRulecontentId4": "6145efdc-4724-42a6-9756-5bd1ba33982e",
       "analyticRuleId4": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '6145efdc-4724-42a6-9756-5bd1ba33982e')]",
       "analyticRuleTemplateSpecName4": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('6145efdc-4724-42a6-9756-5bd1ba33982e')))]",
-      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6145efdc-4724-42a6-9756-5bd1ba33982e','-', '1.0.2')))]"
+      "_analyticRulecontentProductId4": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','6145efdc-4724-42a6-9756-5bd1ba33982e','-', '1.0.3')))]"
     },
     "analyticRuleObject5": {
-      "analyticRuleVersion5": "1.0.2",
+      "analyticRuleVersion5": "1.0.3",
       "_analyticRulecontentId5": "05282c91-7aaf-4d76-9a19-6dc582e6a411",
       "analyticRuleId5": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '05282c91-7aaf-4d76-9a19-6dc582e6a411')]",
       "analyticRuleTemplateSpecName5": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('05282c91-7aaf-4d76-9a19-6dc582e6a411')))]",
-      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','05282c91-7aaf-4d76-9a19-6dc582e6a411','-', '1.0.2')))]"
+      "_analyticRulecontentProductId5": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','05282c91-7aaf-4d76-9a19-6dc582e6a411','-', '1.0.3')))]"
     },
     "analyticRuleObject6": {
-      "analyticRuleVersion6": "1.0.2",
+      "analyticRuleVersion6": "1.0.3",
       "_analyticRulecontentId6": "85f70197-4865-4635-a4b2-a9c57e8fea1b",
       "analyticRuleId6": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '85f70197-4865-4635-a4b2-a9c57e8fea1b')]",
       "analyticRuleTemplateSpecName6": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('85f70197-4865-4635-a4b2-a9c57e8fea1b')))]",
-      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','85f70197-4865-4635-a4b2-a9c57e8fea1b','-', '1.0.2')))]"
+      "_analyticRulecontentProductId6": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','85f70197-4865-4635-a4b2-a9c57e8fea1b','-', '1.0.3')))]"
     },
     "analyticRuleObject7": {
-      "analyticRuleVersion7": "1.0.2",
+      "analyticRuleVersion7": "1.0.3",
       "_analyticRulecontentId7": "2d201d21-77b4-4d97-95f3-26b5c6bde09f",
       "analyticRuleId7": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '2d201d21-77b4-4d97-95f3-26b5c6bde09f')]",
       "analyticRuleTemplateSpecName7": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('2d201d21-77b4-4d97-95f3-26b5c6bde09f')))]",
-      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','2d201d21-77b4-4d97-95f3-26b5c6bde09f','-', '1.0.2')))]"
+      "_analyticRulecontentProductId7": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','2d201d21-77b4-4d97-95f3-26b5c6bde09f','-', '1.0.3')))]"
     },
     "analyticRuleObject8": {
-      "analyticRuleVersion8": "1.0.2",
+      "analyticRuleVersion8": "1.0.3",
       "_analyticRulecontentId8": "fddd3840-acd2-41ed-94d9-1474b0a7c8a6",
       "analyticRuleId8": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'fddd3840-acd2-41ed-94d9-1474b0a7c8a6')]",
       "analyticRuleTemplateSpecName8": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('fddd3840-acd2-41ed-94d9-1474b0a7c8a6')))]",
-      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','fddd3840-acd2-41ed-94d9-1474b0a7c8a6','-', '1.0.2')))]"
+      "_analyticRulecontentProductId8": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','fddd3840-acd2-41ed-94d9-1474b0a7c8a6','-', '1.0.3')))]"
     },
     "analyticRuleObject9": {
-      "analyticRuleVersion9": "1.0.2",
+      "analyticRuleVersion9": "1.0.3",
       "_analyticRulecontentId9": "9578ef7f-cbb4-4e9a-bd26-37c15c53b413",
       "analyticRuleId9": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '9578ef7f-cbb4-4e9a-bd26-37c15c53b413')]",
       "analyticRuleTemplateSpecName9": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('9578ef7f-cbb4-4e9a-bd26-37c15c53b413')))]",
-      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9578ef7f-cbb4-4e9a-bd26-37c15c53b413','-', '1.0.2')))]"
+      "_analyticRulecontentProductId9": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','9578ef7f-cbb4-4e9a-bd26-37c15c53b413','-', '1.0.3')))]"
     },
     "analyticRuleObject10": {
-      "analyticRuleVersion10": "1.0.2",
+      "analyticRuleVersion10": "1.0.3",
       "_analyticRulecontentId10": "64e65105-c4fc-4c28-a4e9-bb1a3ce7652d",
       "analyticRuleId10": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', '64e65105-c4fc-4c28-a4e9-bb1a3ce7652d')]",
       "analyticRuleTemplateSpecName10": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('64e65105-c4fc-4c28-a4e9-bb1a3ce7652d')))]",
-      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','64e65105-c4fc-4c28-a4e9-bb1a3ce7652d','-', '1.0.2')))]"
+      "_analyticRulecontentProductId10": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','64e65105-c4fc-4c28-a4e9-bb1a3ce7652d','-', '1.0.3')))]"
     },
     "analyticRuleObject11": {
-      "analyticRuleVersion11": "1.0.2",
+      "analyticRuleVersion11": "1.0.3",
       "_analyticRulecontentId11": "dc79de7d-2590-4852-95fb-f8e02b34f4da",
       "analyticRuleId11": "[resourceId('Microsoft.SecurityInsights/AlertRuleTemplates', 'dc79de7d-2590-4852-95fb-f8e02b34f4da')]",
       "analyticRuleTemplateSpecName11": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-ar-',uniquestring('dc79de7d-2590-4852-95fb-f8e02b34f4da')))]",
-      "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','dc79de7d-2590-4852-95fb-f8e02b34f4da','-', '1.0.2')))]"
+      "_analyticRulecontentProductId11": "[concat(take(variables('_solutionId'),50),'-','ar','-', uniqueString(concat(variables('_solutionId'),'-','AnalyticsRule','-','dc79de7d-2590-4852-95fb-f8e02b34f4da','-', '1.0.3')))]"
     },
     "parserObject1": {
       "_parserName1": "[concat(parameters('workspace'),'/','PingFederate Data Parser')]",
@@ -215,7 +197,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederate Workbook with template version 3.0.1",
+        "description": "PingFederate Workbook with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('workbookVersion1')]",
@@ -278,6 +260,10 @@
                     {
                       "contentId": "PingFederateAma",
                       "kind": "DataConnector"
+                    },
+                    {
+                      "contentId": "CefAma",
+                      "kind": "DataConnector"
                     }
                   ]
                 }
@@ -307,7 +293,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateAuthUrls_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederateAuthUrls_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject1').huntingQueryVersion1]",
@@ -392,7 +378,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateFailedAuthentications_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederateFailedAuthentications_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject2').huntingQueryVersion2]",
@@ -477,7 +463,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateNewUsers_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederateNewUsers_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject3').huntingQueryVersion3]",
@@ -562,7 +548,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederatePasswordResetRequests_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederatePasswordResetRequests_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject4').huntingQueryVersion4]",
@@ -647,7 +633,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateRareSources_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederateRareSources_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject5').huntingQueryVersion5]",
@@ -732,7 +718,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateSAMLSubjects_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederateSAMLSubjects_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject6').huntingQueryVersion6]",
@@ -817,7 +803,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateTopSources_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederateTopSources_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject7').huntingQueryVersion7]",
@@ -902,7 +888,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnusualCountry_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederateUnusualCountry_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject8').huntingQueryVersion8]",
@@ -987,7 +973,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnusualSources_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederateUnusualSources_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject9').huntingQueryVersion9]",
@@ -1072,7 +1058,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUsersPaswordsReset_HuntingQueries Hunting Query with template version 3.0.1",
+        "description": "PingFederateUsersPaswordsReset_HuntingQueries Hunting Query with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('huntingQueryObject10').huntingQueryVersion10]",
@@ -1148,672 +1134,6 @@
         "version": "1.0.0"
       }
     },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PingFederate data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] PingFederate via Legacy Agent",
-                  "publisher": "Ping Identity",
-                  "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
-                  "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "PingFederate",
-                      "baseQuery": "PingFederateEvent"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 10 Devices",
-                      "query": "PingFederateEvent\n | summarize count() by DvcHostname\n | top 10 by count_"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (PingFederate)",
-                      "lastDataReceivedQuery": "PingFederateEvent\n | summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "PingFederateEvent\n | summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution."
-                    },
-                    {
-                      "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-                      "innerSteps": [
-                        {
-                          "title": "1.1 Select or create a Linux machine",
-                          "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                        },
-                        {
-                          "title": "1.2 Install the CEF collector on the Linux machine",
-                          "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                          "instructions": [
-                            {
-                              "parameters": {
-                                "fillWith": [
-                                  "WorkspaceId",
-                                  "PrimaryKey"
-                                ],
-                                "label": "Run the following command to install and apply the CEF collector:",
-                                "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                              },
-                              "type": "CopyableLabel"
-                            }
-                          ]
-                        }
-                      ],
-                      "title": "1. Linux Syslog agent configuration"
-                    },
-                    {
-                      "description": "[Follow these steps](https://docs.pingidentity.com/bundle/pingfederate-102/page/gsn1564002980953.html) to configure PingFederate sending audit log via syslog in CEF format.",
-                      "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
-                    },
-                    {
-                      "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "fillWith": [
-                              "WorkspaceId"
-                            ],
-                            "label": "Run the following command to validate your connectivity:",
-                            "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                          },
-                          "type": "CopyableLabel"
-                        }
-                      ],
-                      "title": "3. Validate connection"
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "4. Secure your machine "
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PingFederate",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] PingFederate via Legacy Agent",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "PingFederate",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] PingFederate via Legacy Agent",
-          "publisher": "Ping Identity",
-          "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "PingFederate",
-              "baseQuery": "PingFederateEvent"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (PingFederate)",
-              "lastDataReceivedQuery": "PingFederateEvent\n | summarize Time = max(TimeGenerated)\n| where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "PingFederateEvent\n | summarize LastLogReceived = max(TimeGenerated)\n| project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 10 Devices",
-              "query": "PingFederateEvent\n | summarize count() by DvcHostname\n | top 10 by count_"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution."
-            },
-            {
-              "description": "Install and configure the Linux agent to collect your Common Event Format (CEF) Syslog messages and forward them to Microsoft Sentinel.\n\n> Notice that the data from all regions will be stored in the selected workspace",
-              "innerSteps": [
-                {
-                  "title": "1.1 Select or create a Linux machine",
-                  "description": "Select or create a Linux machine that Microsoft Sentinel will use as the proxy between your security solution and Microsoft Sentinel this machine can be on your on-prem environment, Azure or other clouds."
-                },
-                {
-                  "title": "1.2 Install the CEF collector on the Linux machine",
-                  "description": "Install the Microsoft Monitoring Agent on your Linux machine and configure the machine to listen on the necessary port and forward messages to your Microsoft Sentinel workspace. The CEF collector collects CEF messages on port 514 TCP.\n\n> 1. Make sure that you have Python on your machine using the following command: python -version.\n\n> 2. You must have elevated permissions (sudo) on your machine.",
-                  "instructions": [
-                    {
-                      "parameters": {
-                        "fillWith": [
-                          "WorkspaceId",
-                          "PrimaryKey"
-                        ],
-                        "label": "Run the following command to install and apply the CEF collector:",
-                        "value": "sudo wget -O cef_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_installer.py&&sudo python cef_installer.py {0} {1}"
-                      },
-                      "type": "CopyableLabel"
-                    }
-                  ]
-                }
-              ],
-              "title": "1. Linux Syslog agent configuration"
-            },
-            {
-              "description": "[Follow these steps](https://docs.pingidentity.com/bundle/pingfederate-102/page/gsn1564002980953.html) to configure PingFederate sending audit log via syslog in CEF format.",
-              "title": "2. Forward Common Event Format (CEF) logs to Syslog agent"
-            },
-            {
-              "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\n>It may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n> 1. Make sure that you have Python on your machine using the following command: python -version\n\n>2. You must have elevated permissions (sudo) on your machine",
-              "instructions": [
-                {
-                  "parameters": {
-                    "fillWith": [
-                      "WorkspaceId"
-                    ],
-                    "label": "Run the following command to validate your connectivity:",
-                    "value": "sudo wget  -O cef_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/CEF/cef_troubleshoot.py&&sudo python cef_troubleshoot.py  {0}"
-                  },
-                  "type": "CopyableLabel"
-                }
-              ],
-              "title": "3. Validate connection"
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "4. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution."
-        }
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName2')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "PingFederate data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion2')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId2')]",
-                  "title": "[Deprecated] PingFederate via AMA",
-                  "publisher": "Ping Identity",
-                  "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
-                  "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "PingFederate",
-                      "baseQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 10 Devices",
-                      "query": "PingFederateEvent\n | summarize count() by DvcHostname\n | top 10 by count_"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "CommonSecurityLog (PingFederate)",
-                      "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "read": true,
-                          "write": true,
-                          "delete": true
-                        }
-                      },
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                        "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                        "providerDisplayName": "Keys",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "action": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-                      },
-                      {
-                        "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "1. Kindly follow the steps to configure the data connector",
-                            "instructionSteps": [
-                              {
-                                "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                                "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                              },
-                              {
-                                "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
-                                "description": "[Follow these steps](https://docs.pingidentity.com/bundle/pingfederate-102/page/gsn1564002980953.html) to configure PingFederate sending audit log via syslog in CEF format."
-                              },
-                              {
-                                "title": "Step C. Validate connection",
-                                "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "label": "Run the following command to validate your connectivity:",
-                                      "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                                    },
-                                    "type": "CopyableLabel"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-                      "title": "2. Secure your machine "
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-                "contentId": "[variables('_dataConnectorContentId2')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion2')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "PingFederate",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] PingFederate via AMA",
-        "contentProductId": "[variables('_dataConnectorcontentProductId2')]",
-        "id": "[variables('_dataConnectorcontentProductId2')]",
-        "version": "[variables('dataConnectorVersion2')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId2'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId2')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId2'))]",
-        "contentId": "[variables('_dataConnectorContentId2')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion2')]",
-        "source": {
-          "kind": "Solution",
-          "name": "PingFederate",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId2'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] PingFederate via AMA",
-          "publisher": "Ping Identity",
-          "descriptionMarkdown": "The [PingFederate](https://www.pingidentity.com/en/software/pingfederate.html) data connector provides the capability to ingest [PingFederate events](https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html) into Microsoft Sentinel. Refer to [PingFederate documentation](https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html) for more information.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "PingFederate",
-              "baseQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "CommonSecurityLog (PingFederate)",
-              "lastDataReceivedQuery": "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "CommonSecurityLog\n |where DeviceProduct has 'PingFederate'\n  |extend sent_by_ama = column_ifexists('CollectorHostName','')\n |where isnotempty(sent_by_ama)\n | summarize LastLogReceived = max(TimeGenerated)\n | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 10 Devices",
-              "query": "PingFederateEvent\n | summarize count() by DvcHostname\n | top 10 by count_"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "read": true,
-                  "write": true,
-                  "delete": true
-                }
-              },
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces/sharedKeys",
-                "permissionsDisplayText": "read permissions to shared keys for the workspace are required. [See the documentation to learn more about workspace keys](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#obtain-workspace-id-and-key).",
-                "providerDisplayName": "Keys",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "action": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "description": "To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. [Learn more](https://docs.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-install?tabs=ARMAgentPowerShell,PowerShellWindows,PowerShellWindowsArc,CLIWindows,CLIWindowsArc)"
-              },
-              {
-                "description": "Common Event Format (CEF) via AMA and Syslog via AMA data connectors must be installed [Learn more](https://learn.microsoft.com/azure/sentinel/connect-cef-ama#open-the-connector-page-and-create-the-dcr)"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "1. Kindly follow the steps to configure the data connector",
-                    "instructionSteps": [
-                      {
-                        "title": "Step A. Configure the Common Event Format (CEF) via AMA data connector",
-                        "description": "_Note:- CEF logs are collected only from Linux Agents_\n\n1. Navigate to Microsoft Sentinel workspace ---> configuration ---> Data connector blade .\n\n2. Search for 'Common Event Format (CEF) via AMA' data connector and open it.\n\n3. Check If there is no existing DCR configured to collect required facility of logs, Create a new DCR (Data Collection Rule)\n\n\t_Note:- It is recommended to install minimum 1.27 version of AMA agent [Learn more](https://learn.microsoft.com/azure/azure-monitor/agents/azure-monitor-agent-manage?tabs=azure-portal ) and ensure there is no duplicate DCR as it can cause log duplicacy_\n\n4. Run the command provided in the CEF via AMA data connector page to configure the CEF collector on the machine"
-                      },
-                      {
-                        "title": "Step B. Forward Common Event Format (CEF) logs to Syslog agent",
-                        "description": "[Follow these steps](https://docs.pingidentity.com/bundle/pingfederate-102/page/gsn1564002980953.html) to configure PingFederate sending audit log via syslog in CEF format."
-                      },
-                      {
-                        "title": "Step C. Validate connection",
-                        "description": "Follow the instructions to validate your connectivity:\n\nOpen Log Analytics to check if the logs are received using the CommonSecurityLog schema.\n\nIt may take about 20 minutes until the connection streams data to your workspace.\n\nIf the logs are not received, run the following connectivity validation script:\n\n 1. Make sure that you have Python on your machine using the following command: python -version\n\n2. You must have elevated permissions (sudo) on your machine",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "label": "Run the following command to validate your connectivity:",
-                              "value": "sudo wget -O Sentinel_AMA_troubleshoot.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Sentinel_AMA_troubleshoot.py&&sudo python Sentinel_AMA_troubleshoot.py --cef"
-                            },
-                            "type": "CopyableLabel"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "Make sure to configure the machine's security according to your organization's security policy\n\n\n[Learn more >](https://aka.ms/SecureCEF)",
-              "title": "2. Secure your machine "
-            }
-          ],
-          "id": "[variables('_uiConfigId2')]",
-          "additionalRequirementBanner": "This data connector depends on a parser based on Kusto Function to work as expected [**PingFederateEvent**](https://aka.ms/sentinel-PingFederate-parser) which is deployed with the Microsoft Sentinel Solution."
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -1823,7 +1143,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateAbnormalPasswordResetsAttempts_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateAbnormalPasswordResetsAttempts_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject1').analyticRuleVersion1]",
@@ -1850,18 +1170,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -1880,8 +1188,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   }
@@ -1939,7 +1247,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateAuthFromNewSource_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateAuthFromNewSource_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject2').analyticRuleVersion2]",
@@ -1966,18 +1274,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -1996,8 +1292,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2005,8 +1301,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2064,7 +1360,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateForbiddenCountry_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateForbiddenCountry_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject3').analyticRuleVersion3]",
@@ -2091,18 +1387,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2121,8 +1405,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2130,8 +1414,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2189,7 +1473,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateMultiplePasswordResetsForUser_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateMultiplePasswordResetsForUser_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject4').analyticRuleVersion4]",
@@ -2216,18 +1500,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2250,8 +1522,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   }
@@ -2309,7 +1581,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateNewUserSSO_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateNewUserSSO_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject5').analyticRuleVersion5]",
@@ -2336,18 +1608,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2368,8 +1628,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   }
@@ -2427,7 +1687,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateOauthOld_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateOauthOld_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject6').analyticRuleVersion6]",
@@ -2454,18 +1714,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2484,8 +1732,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2493,8 +1741,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2552,7 +1800,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederatePasswordRstReqUnexpectedSource_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederatePasswordRstReqUnexpectedSource_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject7').analyticRuleVersion7]",
@@ -2579,18 +1827,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2609,8 +1845,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2618,8 +1854,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2677,7 +1913,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateSamlOld_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateSamlOld_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject8').analyticRuleVersion8]",
@@ -2704,18 +1940,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2734,8 +1958,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2743,8 +1967,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2802,7 +2026,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnexpectedAuthUrl_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateUnexpectedAuthUrl_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject9').analyticRuleVersion9]",
@@ -2829,18 +2053,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2859,8 +2071,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2868,8 +2080,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -2927,7 +2139,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnexpectedUserCountry_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateUnexpectedUserCountry_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject10').analyticRuleVersion10]",
@@ -2954,18 +2166,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -2984,8 +2184,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -2993,8 +2193,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -3052,7 +2252,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateUnusualMailDomain_AnalyticalRules Analytics Rule with template version 3.0.1",
+        "description": "PingFederateUnusualMailDomain_AnalyticalRules Analytics Rule with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('analyticRuleObject11').analyticRuleVersion11]",
@@ -3079,18 +2279,6 @@
                 "triggerThreshold": 0,
                 "status": "Available",
                 "requiredDataConnectors": [
-                  {
-                    "connectorId": "PingFederate",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
-                  {
-                    "connectorId": "PingFederateAma",
-                    "dataTypes": [
-                      "PingFederateEvent"
-                    ]
-                  },
                   {
                     "connectorId": "CefAma",
                     "dataTypes": [
@@ -3109,8 +2297,8 @@
                     "entityType": "Account",
                     "fieldMappings": [
                       {
-                        "identifier": "Name",
-                        "columnName": "AccountCustomEntity"
+                        "columnName": "AccountCustomEntity",
+                        "identifier": "Name"
                       }
                     ]
                   },
@@ -3118,8 +2306,8 @@
                     "entityType": "IP",
                     "fieldMappings": [
                       {
-                        "identifier": "Address",
-                        "columnName": "IpCustomEntity"
+                        "columnName": "IpCustomEntity",
+                        "identifier": "Address"
                       }
                     ]
                   }
@@ -3177,7 +2365,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "PingFederateEvent Data Parser with template version 3.0.1",
+        "description": "PingFederateEvent Data Parser with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -3305,12 +2493,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "PingFederate",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PingFederate/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.pingidentity.com/en/pingone/pingfederate.html\">PingFederate</a> solution provides the capability to ingest <a href=\"https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html\">PingFederate</a> events into Microsoft Sentinel. Refer to <a href=\"https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html\">PingFederate documentation</a> for more information.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors are about to be deprecated by <strong>Aug 31, 2024</strong>.</p>\n<p><strong>Data Connectors:</strong> 2, <strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 11, <strong>Hunting Queries:</strong> 10</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/PingFederate/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.pingidentity.com/en/pingone/pingfederate.html\">PingFederate</a> solution provides the capability to ingest <a href=\"https://docs.pingidentity.com/bundle/pingfederate-102/page/lly1564002980532.html\">PingFederate</a> events into Microsoft Sentinel. Refer to <a href=\"https://docs.pingidentity.com/bundle/pingfederate-102/page/tle1564002955874.html\">PingFederate documentation</a> for more information.</p>\n<p>This solution is dependent on the Common Event Format solution containing the CEF via AMA connector to collect the logs. The CEF solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE:</strong> Microsoft recommends installation of CEF via AMA Connector. The existing connectors were deprecated on <strong>Aug 31, 2024</strong>.</p>\n<p><strong>Parsers:</strong> 1, <strong>Workbooks:</strong> 1, <strong>Analytic Rules:</strong> 11, <strong>Hunting Queries:</strong> 10</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -3389,16 +2577,6 @@
               "contentId": "[variables('huntingQueryObject10')._huntingQuerycontentId10]",
               "version": "[variables('huntingQueryObject10').huntingQueryVersion10]"
             },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId2')]",
-              "version": "[variables('dataConnectorVersion2')]"
-            },
             {
               "kind": "AnalyticsRule",
               "contentId": "[variables('analyticRuleObject1')._analyticRulecontentId1]",
diff --git a/Solutions/PingFederate/ReleaseNotes.md b/Solutions/PingFederate/ReleaseNotes.md
index a92e83ea94c..41fd74293fa 100644
--- a/Solutions/PingFederate/ReleaseNotes.md
+++ b/Solutions/PingFederate/ReleaseNotes.md
@@ -1,6 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
+| 3.0.2       | 22-11-2024                     |    Removed Deprecated **Data Connectors**                           |
 | 3.0.1 	  | 12-07-2024 					   |    Deprecated **Data Connector** 									|
-| 3.0.0       | 04-09-2023                     |	Addition of new PingFederate AMA **Data Connector**             | 	                                                            |  
-         
-                                                                                                                 
+| 3.0.0       | 04-09-2023                     |	Addition of new PingFederate AMA **Data Connector**             |