VirtualMetric · KorayErkan · Oct 14, 2025 · Oct 14, 2025 · Oct 14, 2025 · Oct 14, 2025
diff --git a/blog/2025-09-01-release-notes-1.4.0.mdx b/blog/2025-09-01-release-notes-1.4.0.mdx
@@ -5,7 +5,7 @@ tags: [release]
 title: Version 1.4.0 Released
 ---
 
-This release introduces powerful new capabilities for Azure integration and data management. With the new **Settings** menu and **Microsoft Stats** dashboard, managing your workspace and monitoring data flow has never been easier. We've expanded our device and target support with **Azure Blob Storage**, **Azure Event Hubs**, **Microsoft Sentinel Data Lake**, and **Elasticsearch**, while enhancing Windows device capabilities with additional log types and pipeline selection options. Important bug fixes improve configuration persistence and content management workflows.
+This release introduces powerful new capabilities for Azure integration and data management. With the new **Settings** menu and **Microsoft Stats** dashboard, managing your workspace and monitoring data flow has never been easier. We've expanded our device and target support with **Azure Blob Storage**, **Azure Event Hubs**, **Microsoft Sentinel data lake**, and **Elasticsearch**, while enhancing Windows device capabilities with additional log types and pipeline selection options. Important bug fixes improve configuration persistence and content management workflows.
 
 {/* truncate  */}
 

diff --git a/docs/appendix/field-formats/csl.mdx b/docs/appendix/field-formats/csl.mdx
@@ -5,7 +5,7 @@ pagination_next: null
 
 # CSL
 
-The Common Security Log (CSL) is a standardized schema developed by Microsoft for Azure Sentinel (now Microsoft Sentinel). It provides:
+The Common Security Log (CSL) is a standardized schema used in Microsoft Sentinel. It provides:
 
 **Common Fields**:
 

diff --git a/docs/appendix/field-formats/estreamer.mdx → docs/appendix/protocols/estreamer.mdx b/docs/appendix/field-formats/estreamer.mdx → docs/appendix/protocols/estreamer.mdx
diff --git a/docs/appendix/field-formats/netflow.mdx → docs/appendix/protocols/netflow.mdx b/docs/appendix/field-formats/netflow.mdx → docs/appendix/protocols/netflow.mdx
diff --git a/docs/configuration/devices/microsoft-sentinel.mdx b/docs/configuration/devices/microsoft-sentinel.mdx
@@ -4,7 +4,7 @@
 
 ## Synopsis
 
-Creates a collector that fetches security incidents from Azure Sentinel workspaces. Supports authentication, batch processing, and automatic incident tracking with incremental updates.
+Creates a collector that fetches security incidents from Microsoft Sentinel workspaces. Supports authentication, batch processing, and automatic incident tracking with incremental updates.
 
 ## Schema
 

diff --git a/docs/configuration/pipelines/processors/fqdn.mdx b/docs/configuration/pipelines/processors/fqdn.mdx
@@ -52,7 +52,7 @@ The following fields are used to define the processor:
 
 ## Details
 
-The processor analyzes hostname strings and extracts meaningful components based on ASIM (Azure Sentinel Information Model) logic. It supports multiple input formats:
+The processor analyzes hostname strings and extracts meaningful components based on ASIM (Advanced Security Information Model) logic. It supports multiple input formats:
 
 - **URLs**: Full URLs with protocols (http://, https://) are parsed to extract the hostname component
 - **FQDNs**: Domain names like `web01.example.com` are split into hostname and domain parts

diff --git a/docs/configuration/pipelines/processors/username-type.mdx b/docs/configuration/pipelines/processors/username-type.mdx
@@ -11,7 +11,7 @@ sidebar_custom_props:
 
 ## Synopsis
 
-An identity analysis processor that classifies usernames according to their format type following ASIM (Azure Sentinel Information Model) standards, supporting UPN, Windows, Distinguished Name, and Simple username formats for enhanced security analysis.
+An identity analysis processor that classifies usernames according to their format type following ASIM standards, supporting UPN, Windows, Distinguished Name, and Simple username formats for enhanced security analysis.
 
 ## Schema
 
@@ -49,7 +49,7 @@ The following fields are used to define the processor:
 The processor identifies username formats based on structural patterns and assigns appropriate ASIM-compliant type classifications. This enables consistent username analysis across different authentication systems and security platforms.
 
 :::note
-The processor follows ASIM standards for username type classification, ensuring compatibility with Azure Sentinel and other SIEM systems.
+The processor follows ASIM standards for username type classification, ensuring compatibility with Microsoft Sentinel and other SIEM systems.
 :::
 
 Username type detection uses pattern matching to identify format characteristics. UPN format contains "@" symbols, Windows format contains backslashes, Distinguished Names contain LDAP components, and Simple format represents basic usernames without special formatting.

diff --git a/docs/configuration/pipelines/processors/windows-user-type.mdx b/docs/configuration/pipelines/processors/windows-user-type.mdx
@@ -51,7 +51,7 @@ The following fields are used to define the processor:
 The processor analyzes Windows user accounts using both username patterns and SID structures to provide accurate user type classification. SID analysis takes priority over username patterns for more reliable identification.
 
 :::note
-The processor follows ASIM standards for Windows user type classification, ensuring compatibility with Azure Sentinel and Windows security monitoring systems.
+The processor follows ASIM standards for Windows user type classification, ensuring compatibility with Microsoft Sentinel and Windows security monitoring systems.
 :::
 
 SID-based classification uses well-known SID patterns and prefixes to identify system accounts, services, and domain accounts. Username pattern analysis provides additional context for accounts that don't match specific SID patterns.

diff --git a/sidebars.ts b/sidebars.ts
@@ -362,9 +362,7 @@ const sidebars: SidebarsConfig = {
             "appendix/field-formats/cim",
             "appendix/field-formats/csl",
             "appendix/field-formats/ecs",
-            "appendix/field-formats/estreamer",
             "appendix/field-formats/leef",
-            "appendix/field-formats/netflow",
           ],
         },
         {
@@ -375,9 +373,11 @@ const sidebars: SidebarsConfig = {
             description: "Protocol specifications"
           },
           items: [
+            "appendix/protocols/estreamer",
             "appendix/protocols/ipfix",
             "appendix/protocols/kafka",
             "appendix/protocols/nats",
+            "appendix/protocols/netflow",
             "appendix/protocols/rabbitmq",
             "appendix/protocols/redis",
             "appendix/protocols/sflow",

diff --git a/topics.json b/topics.json
@@ -36,6 +36,7 @@
   "processors-uppercase": "/configuration/pipelines/processors/uppercase",
   "snmp-authentication": "/configuration/devices/snmp-trap#authentication-protocols",
   "snmp-privacy": "/configuration/devices/snmp-trap#privacy-protocols",
+
   "appendix-bnf": "/appendix/configuration-bnf",
   "appendix-avro": "/appendix/file-formats/avro",
   "appendix-avro-compression": "/appendix/file-formats/avro#compression-codecs",
@@ -46,11 +47,12 @@
   "appendix-cef": "/appendix/field-formats/cef",
   "appendix-cim": "/appendix/field-formats/cim",
   "appendix-ecs": "/appendix/field-formats/ecs",
-  "appendix-estreamer": "/appendix/field-formats/estreamer",
   "appendix-leef": "/appendix/field-formats/leef",
-  "appendix-netflow": "/appendix/field-formats/netflow",
+  "appendix-estreamer": "/appendix/protocols/estreamer",
+  "appendix-netflow": "/appendix/protocols/netflow",
   "appendix-ipfix": "/appendix/protocols/ipfix",
   "appendix-sflow": "/appendix/protocols/sflow",
   "appendix-syslog": "/appendix/protocols/syslog",
+
   "tutorials-local-pipeline": "/tutorials/a-local-pipeline"
 }
diff --git a/versioned_docs/version-1.1.0/administration/devices/ms-sentinel.mdx b/versioned_docs/version-1.1.0/administration/devices/ms-sentinel.mdx
@@ -4,7 +4,7 @@
 
 ## Synopsis
 
-Creates a collector that fetches security incidents from Azure Sentinel workspaces. Supports authentication, batch processing, and automatic incident tracking with incremental updates.
+Creates a collector that fetches security incidents from Microsoft Sentinel workspaces. Supports authentication, batch processing, and automatic incident tracking with incremental updates.
 
 ## Schema
 

diff --git a/versioned_docs/version-1.2.0/configuration/devices/microsoft-sentinel.mdx b/versioned_docs/version-1.2.0/configuration/devices/microsoft-sentinel.mdx
@@ -4,7 +4,7 @@
 
 ## Synopsis
 
-Creates a collector that fetches security incidents from Azure Sentinel workspaces. Supports authentication, batch processing, and automatic incident tracking with incremental updates.
+Creates a collector that fetches security incidents from Microsoft Sentinel workspaces. Supports authentication, batch processing, and automatic incident tracking with incremental updates.
 
 ## Schema
 

diff --git a/versioned_docs/version-1.2.0/configuration/overview.mdx b/versioned_docs/version-1.2.0/configuration/overview.mdx
@@ -70,7 +70,7 @@ Configuration files are organized in three main directories under `config/`:
 
 - **`devices/`** - Input source configurations for data ingestion (syslog, kafka, http, netflow, etc.)
 - **`routes/`** - Data routing and conditional flow control between devices, pipelines, and targets
-- **`targets/`** - Output destination configurations (elasticsearch, azure sentinel, splunk, etc.)
+- **`targets/`** - Output destination configurations (elasticsearch, microsoft sentinel, splunk, etc.)
 
 Each directory can contain multiple YAML files organized according to your preferred structure - either grouped by function, environment, or kept as individual files per component.
 

diff --git a/versioned_docs/version-1.2.0/configuration/pipelines/processors/fqdn.mdx b/versioned_docs/version-1.2.0/configuration/pipelines/processors/fqdn.mdx
@@ -52,7 +52,7 @@ The following fields are used to define the processor:
 
 ## Details
 
-The processor analyzes hostname strings and extracts meaningful components based on ASIM (Azure Sentinel Information Model) logic. It supports multiple input formats:
+The processor analyzes hostname strings and extracts meaningful components based on ASIM logic. It supports multiple input formats:
 
 - **URLs**: Full URLs with protocols (http://, https://) are parsed to extract the hostname component
 - **FQDNs**: Domain names like `web01.example.com` are split into hostname and domain parts

diff --git a/versioned_docs/version-1.2.0/configuration/pipelines/processors/username-type.mdx b/versioned_docs/version-1.2.0/configuration/pipelines/processors/username-type.mdx
@@ -11,7 +11,7 @@ sidebar_custom_props:
 
 ## Synopsis
 
-An identity analysis processor that classifies usernames according to their format type following ASIM (Azure Sentinel Information Model) standards, supporting UPN, Windows, Distinguished Name, and Simple username formats for enhanced security analysis.
+An identity analysis processor that classifies usernames according to their format type following ASIM standards, supporting UPN, Windows, Distinguished Name, and Simple username formats for enhanced security analysis.
 
 ## Schema
 
@@ -49,7 +49,7 @@ The following fields are used to define the processor:
 The processor identifies username formats based on structural patterns and assigns appropriate ASIM-compliant type classifications. This enables consistent username analysis across different authentication systems and security platforms.
 
 :::note
-The processor follows ASIM standards for username type classification, ensuring compatibility with Azure Sentinel and other SIEM systems.
+The processor follows ASIM standards for username type classification, ensuring compatibility with Microsoft Sentinel and other SIEM systems.
 :::
 
 Username type detection uses pattern matching to identify format characteristics. UPN format contains "@" symbols, Windows format contains backslashes, Distinguished Names contain LDAP components, and Simple format represents basic usernames without special formatting.

diff --git a/...ned_docs/version-1.2.0/configuration/pipelines/processors/windows-user-type.mdx b/...ned_docs/version-1.2.0/configuration/pipelines/processors/windows-user-type.mdx
@@ -51,7 +51,7 @@ The following fields are used to define the processor:
 The processor analyzes Windows user accounts using both username patterns and SID structures to provide accurate user type classification. SID analysis takes priority over username patterns for more reliable identification.
 
 :::note
-The processor follows ASIM standards for Windows user type classification, ensuring compatibility with Azure Sentinel and Windows security monitoring systems.
+The processor follows ASIM standards for Windows user type classification, ensuring compatibility with Microsoft Sentinel and Windows security monitoring systems.
 :::
 
 SID-based classification uses well-known SID patterns and prefixes to identify system accounts, services, and domain accounts. Username pattern analysis provides additional context for accounts that don't match specific SID patterns.

diff --git a/versioned_docs/version-1.3.0/configuration/devices/microsoft-sentinel.mdx b/versioned_docs/version-1.3.0/configuration/devices/microsoft-sentinel.mdx
@@ -4,7 +4,7 @@
 
 ## Synopsis
 
-Creates a collector that fetches security incidents from Azure Sentinel workspaces. Supports authentication, batch processing, and automatic incident tracking with incremental updates.
+Creates a collector that fetches security incidents from Microsoft Sentinel workspaces. Supports authentication, batch processing, and automatic incident tracking with incremental updates.
 
 ## Schema
 

diff --git a/versioned_docs/version-1.3.0/configuration/pipelines/processors/fqdn.mdx b/versioned_docs/version-1.3.0/configuration/pipelines/processors/fqdn.mdx
@@ -52,7 +52,7 @@ The following fields are used to define the processor:
 
 ## Details
 
-The processor analyzes hostname strings and extracts meaningful components based on ASIM (Azure Sentinel Information Model) logic. It supports multiple input formats:
+The processor analyzes hostname strings and extracts meaningful components based on ASIM logic. It supports multiple input formats:
 
 - **URLs**: Full URLs with protocols (http://, https://) are parsed to extract the hostname component
 - **FQDNs**: Domain names like `web01.example.com` are split into hostname and domain parts

diff --git a/versioned_docs/version-1.3.0/configuration/pipelines/processors/username-type.mdx b/versioned_docs/version-1.3.0/configuration/pipelines/processors/username-type.mdx
@@ -11,7 +11,7 @@ sidebar_custom_props:
 
 ## Synopsis
 
-An identity analysis processor that classifies usernames according to their format type following ASIM (Azure Sentinel Information Model) standards, supporting UPN, Windows, Distinguished Name, and Simple username formats for enhanced security analysis.
+An identity analysis processor that classifies usernames according to their format type following ASIM standards, supporting UPN, Windows, Distinguished Name, and Simple username formats for enhanced security analysis.
 
 ## Schema
 
@@ -49,7 +49,7 @@ The following fields are used to define the processor:
 The processor identifies username formats based on structural patterns and assigns appropriate ASIM-compliant type classifications. This enables consistent username analysis across different authentication systems and security platforms.
 
 :::note
-The processor follows ASIM standards for username type classification, ensuring compatibility with Azure Sentinel and other SIEM systems.
+The processor follows ASIM standards for username type classification, ensuring compatibility with Microsoft Sentinel and other SIEM systems.
 :::
 
 Username type detection uses pattern matching to identify format characteristics. UPN format contains "@" symbols, Windows format contains backslashes, Distinguished Names contain LDAP components, and Simple format represents basic usernames without special formatting.

diff --git a/...ned_docs/version-1.3.0/configuration/pipelines/processors/windows-user-type.mdx b/...ned_docs/version-1.3.0/configuration/pipelines/processors/windows-user-type.mdx
@@ -51,7 +51,7 @@ The following fields are used to define the processor:
 The processor analyzes Windows user accounts using both username patterns and SID structures to provide accurate user type classification. SID analysis takes priority over username patterns for more reliable identification.
 
 :::note
-The processor follows ASIM standards for Windows user type classification, ensuring compatibility with Azure Sentinel and Windows security monitoring systems.
+The processor follows ASIM standards for Windows user type classification, ensuring compatibility with Microsoft Sentinel and Windows security monitoring systems.
 :::
 
 SID-based classification uses well-known SID patterns and prefixes to identify system accounts, services, and domain accounts. Username pattern analysis provides additional context for accounts that don't match specific SID patterns.
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,7 +5,7 @@ pagination_next: null @@
     # CSL
-    The Common Security Log (CSL) is a standardized schema developed by Microsoft for Azure Sentinel (now Microsoft Sentinel). It provides:
+    The Common Security Log (CSL) is a standardized schema used in Microsoft Sentinel. It provides:
     **Common Fields**:
@@ Expand Down @@