Azure
diff --git a/‎Solutions/Halcyon/Data Connectors/Halcyon_ccp/Halcyon_DCR.json‎
Lines changed: 59 additions & 1531 deletions b/‎Solutions/Halcyon/Data Connectors/Halcyon_ccp/Halcyon_DCR.json‎
Lines changed: 59 additions & 1531 deletions
diff --git a/‎Solutions/Halcyon/Data Connectors/Halcyon_ccp/Halcyon_connectorDefinition.json‎
Lines changed: 13 additions & 67 deletions b/‎Solutions/Halcyon/Data Connectors/Halcyon_ccp/Halcyon_connectorDefinition.json‎
Lines changed: 13 additions & 67 deletions
@@ -11,80 +11,26 @@
         "publisher": "Halcyon",
         "logo": "halcyon.svg",
         "descriptionMarkdown": "The [Halcyon](https://www.halcyon.ai) connector provides the capability to send data from Halcyon to Microsoft Sentinel.",
+        "sampleQueries": [],
         "graphQueries": [
           {
-            "metricName": "Authentication Events",
-            "legend": "HalcyonAuthenticationEvents_CL",
-            "baseQuery": "HalcyonAuthenticationEvents_CL"
-          },
-          {
-            "metricName": "DNS Activity",
-            "legend": "HalcyonDnsActivity_CL",
-            "baseQuery": "HalcyonDnsActivity_CL"
-          },
-          {
-            "metricName": "File Activity",
-            "legend": "HalcyonFileActivity_CL",
-            "baseQuery": "HalcyonFileActivity_CL"
-          },
-          {
-            "metricName": "Network Sessions",
-            "legend": "HalcyonNetworkSession_CL",
-            "baseQuery": "HalcyonNetworkSession_CL"
-          },
-          {
-            "metricName": "Process Events",
-            "legend": "HalcyonProcessEvent_CL",
-            "baseQuery": "HalcyonProcessEvent_CL"
-          }
-        ],
-        "sampleQueries": [
-          {
-            "description": "Get Sample Authentication Events",
-            "query": "HalcyonAuthenticationEvents_CL\n | take 10"
-          },
-          {
-            "description": "Get Sample DNS Activity",
-            "query": "HalcyonDnsActivity_CL\n | take 10"
-          },
-          {
-            "description": "Get Sample File Activity",
-            "query": "HalcyonFileActivity_CL\n | take 10"
-          },
-          {
-            "description": "Get Sample Network Sessions",
-            "query": "HalcyonNetworkSession_CL\n | take 10"
-          },
-          {
-            "description": "Get Sample Process Events",
-            "query": "HalcyonProcessEvent_CL\n | take 10"
+            "metricName": "Events",
+            "legend": "HalcyonEvents_CL",
+            "baseQuery": "HalcyonEvents_CL"
           }
         ],
         "dataTypes": [
           {
-            "name": "Halcyon Authentication Events",
-            "lastDataReceivedQuery": "HalcyonAuthenticationEvents_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-          },
-          {
-            "name": "Halcyon DNS Activity",
-            "lastDataReceivedQuery": "HalcyonDnsActivity_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-          },
-          {
-            "name": "Halcyon File Activity",
-            "lastDataReceivedQuery": "HalcyonFileActivity_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-          },
-          {
-            "name": "Halcyon Network Sessions",
-            "lastDataReceivedQuery": "HalcyonNetworkSession_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
-          },
-          {
-            "name": "Halcyon Process Events",
-            "lastDataReceivedQuery": "HalcyonProcessEvent_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
+            "name": "Halcyon Events",
+            "lastDataReceivedQuery": "HalcyonEvents_CL\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
           }
         ],
         "connectivityCriteria": [
           {
-            "type": "HasDataConnectors"
+            "type": "IsConnectedQuery",
+            "value": [
+              "HalcyonEvents_CL | summarize LastLogReceived = max(TimeGenerated) | project IsConnected = LastLogReceived > ago(7d)"
+            ]
           }
         ],
         "availability": {
@@ -129,14 +75,14 @@
               {
                 "parameters": {
                   "label": "Deploy Halcyon Connector Resources",
-                  "applicationDisplayName": "Halcyon Connector Application"
+                  "applicationDisplayName": "Halcyon Sentinel Connector"
                 },
                 "type": "DeployPushConnectorButton"
               }
             ]
           },
           {
-            "title": "2. Configured your integration in the Halcyon Platform",
+            "title": "2. Configure your integration in the Halcyon Platform",
             "description": "Use the following parameters to configure your integration in the Halcyon Platform.",
             "instructions": [
               {
@@ -180,7 +126,7 @@
               },
               {
                 "parameters": {
-                  "label": "Data Collection Rule Immutable ID (Rule ID)",
+                  "label": "Data Collection Rule ID (Rule ID)",
                   "fillWith": [
                     "DataCollectionRuleId"
                   ],