MicrosoftDocs · changeworld · Nov 5, 2025
diff --git a/articles/sentinel/includes/connector-details.md b/articles/sentinel/includes/connector-details.md
@@ -21,7 +21,7 @@ ms.date: 10/20/2025
 |<a name="1password-using-azure-functions"></a><details><summary>**1Password (using Azure Functions)** </summary> <br> The [1Password](https://www.1password.com) solution for Microsoft Sentinel enables you to ingest sign-in attempts, item usage, and audit events from your 1Password Business account using the [1Password Events Reporting API](https://developer.1password.com/docs/events-api). This allows you to monitor and investigate events in 1Password in Microsoft Sentinel along with the other applications and services your organization uses.<br><br>**Underlying Microsoft Technologies used:**<br><br>This solution depends on the following technologies, and some of which may be in [Preview](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) state or may incur additional ingestion or operational costs:<br><br>-  [Azure Functions](https://azure.microsoft.com/services/functions/#overview)<p> **Log Analytics table(s):** <br> - `OnePasswordEventLogs_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **1Password Events API Token**: A 1Password Events API Token is required. For more information, see [the 1Password API](https://developer.1password.com/docs/events-api/reference). <br><br>**Note:** A 1Password Business account is required</details> | [1Password](https://support.1password.com/) | 
 |<a name="abnormalsecurity-using-azure-function"></a><details><summary>**AbnormalSecurity (using Azure Function)** </summary> <br> The Abnormal Security data connector provides the capability to ingest threat and case logs into Microsoft Sentinel using the [Abnormal Security Rest API.](https://app.swaggerhub.com/apis/abnormal-security/abx/)<p> **Log Analytics table(s):** <br> - `ABNORMAL_THREAT_MESSAGES_CL`<br>- `ABNORMAL_CASES_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **Abnormal Security API Token**: An Abnormal Security API Token is required. For more information, see [Abnormal Security API](https://app.swaggerhub.com/apis/abnormal-security/abx/). **Note:** An Abnormal Security account is required</details> | [Abnormal Security](https://abnormalsecurity.com/contact) | 
 |<a name="aishield"></a><details><summary>**AIShield** </summary> <br> [AIShield](https://www.boschaishield.com/) connector allows users to connect with AIShield custom defense mechanism logs with Microsoft Sentinel, allowing the creation of dynamic Dashboards, Workbooks, Notebooks and tailored Alerts to improve investigation and thwart attacks on AI systems. It gives users more insight into their organization's AI assets security posturing and improves their AI systems security operation capabilities.AIShield.GuArdIan analyzes the LLM generated content to identify and mitigate harmful content, safeguarding against legal, policy, role based, and usage based violations<p> **Log Analytics table(s):** <br> - `AIShield_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Note**: Users should have utilized AIShield SaaS offering to conduct vulnerability analysis and deployed custom defense mechanisms generated along with their AI asset. [**Click here**](https://azuremarketplace.microsoft.com/marketplace/apps/rbei.bgsw_aishield_product) to know more or get in touch.</details> | [AIShield](https://www.boschaishield.com/contact-us/) | 
-|<a name="alibaba-cloud-actiontrail-via-codeless-connector-framework"></a><details><summary>**Alibaba Cloud ActionTrail (via Codeless Connector Framework)** </summary> <br> The [Alibaba Cloud ActionTrail](https://www.alibabacloud.com/product/actiontrail) data connector provides the capability to retrieve actiontrail events stored into [Alibaba Cloud Simple Log Service](https://www.alibabacloud.com/product/log-service) and store them into Microsoft Sentinel through the [SLS REST API](https://www.alibabacloud.com/help/sls/developer-reference/api-sls-2020-12-30-getlogs). The connector enables event retrieval to assess potential security risks, monitor collaboration, and diagnose and troubleshoot configuration issues.<p> **Log Analytics table(s):** <br> - `AliCloudActionTrailLogs_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **SLS REST API Credentials/permissions**: **AliCloudAccessKeyId** and **AliCloudAccessKeySecret** are required for making API calls. RAM policy statement with action of atleast `log:GetLogStoreLogs` over resource `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}` is needed to grant a RAM user the permissions to call this operation.</details> | [Microsoft Corporation](https://support.microsoft.com/) | 
+|<a name="alibaba-cloud-actiontrail-via-codeless-connector-framework"></a><details><summary>**Alibaba Cloud ActionTrail (via Codeless Connector Framework)** </summary> <br> The [Alibaba Cloud ActionTrail](https://www.alibabacloud.com/product/actiontrail) data connector provides the capability to retrieve actiontrail events stored into [Alibaba Cloud Simple Log Service](https://www.alibabacloud.com/product/log-service) and store them into Microsoft Sentinel through the [SLS REST API](https://www.alibabacloud.com/help/sls/developer-reference/api-sls-2020-12-30-getlogs). The connector enables event retrieval to assess potential security risks, monitor collaboration, and diagnose and troubleshoot configuration issues.<p> **Log Analytics table(s):** <br> - `AliCloudActionTrailLogs_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **SLS REST API Credentials/permissions**: **AliCloudAccessKeyId** and **AliCloudAccessKeySecret** are required for making API calls. RAM policy statement with action of at least `log:GetLogStoreLogs` over resource `acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}` is needed to grant a RAM user the permissions to call this operation.</details> | [Microsoft Corporation](https://support.microsoft.com/) | 
 |<a name="alicloud-using-azure-functions"></a><details><summary>**AliCloud (using Azure Functions)** </summary> <br> The [AliCloud](https://www.alibabacloud.com/product/log-service) data connector provides the capability to retrieve logs from cloud applications using the Cloud API and store events into Microsoft Sentinel through the [REST API](https://aliyun-log-python-sdk.readthedocs.io/api.html). The connector enables event retrieval to assess potential security risks, monitor collaboration, and diagnose and troubleshoot configuration issues.<p> **Log Analytics table(s):** <br> - `AliCloud_CL`<p>**Data collection rule support:** <br>Not currently supported<p>**Prerequisites:**<br> - **Microsoft.Web/sites permissions**: Read and write permissions to Azure Functions to create a Function App is required. For more information, see [Azure Functions](/azure/azure-functions/).<p> - **REST API Credentials/permissions**: **AliCloudAccessKeyId** and **AliCloudAccessKey** are required for making API calls.</details> | [Microsoft Corporation](https://support.microsoft.com/) | 
 |<a name="amazon-web-services"></a><details><summary>**Amazon Web Services** </summary> <br> Instructions to connect to AWS and stream your CloudTrail logs into Microsoft Sentinel are shown during the installation process. For more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2218883&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).<p> **Log Analytics table(s):** <br> - `AWSCloudTrail`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) | 
 |<a name="amazon-web-services-cloudfront-via-codeless-connector-framework-preview"></a><details><summary>**Amazon Web Services CloudFront (via Codeless Connector Framework) (Preview)** </summary> <br> This data connector enables the integration of AWS CloudFront logs with Microsoft Sentinel to support advanced threat detection, investigation, and security monitoring. By utilizing Amazon S3 for log storage and Amazon SQS for message queuing, the connector reliably ingests CloudFront access logs into Microsoft Sentinel<p> **Log Analytics table(s):** <br> - `AWSCloudFront_AccessLog_CL`<p>**Data collection rule support:** <br>Not currently supported</details> | [Microsoft Corporation](https://support.microsoft.com/) |