Merge pull request #85784 from rkarlin/release-sentinel-march

PRMerger15 · web-flow · commit 6d289283d426 · 2019-08-19T04:38:47.000-07:00
syslog note, cef security update
diff --git a/articles/sentinel/connect-common-event-format.md b/articles/sentinel/connect-common-event-format.md
@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 07/31/2019
+ms.date: 08/19/2019
 ms.author: rkarlin
 
 ---
@@ -52,6 +52,13 @@ Alternatively, you can deploy the agent manually on an existing Azure VM, on a V
 
  ![CEF on premises](./media/connect-cef/cef-syslog-onprem.png)
 
+## Security considerations
+
+Make sure to configure the machine's security according to your organization's security policy. For example, you can configure your network to align with your corporate network security policy and change the ports and protocols in the daemon to align with your requirements. You can use the following instructions to improve your machine security configuration:  [Secure VM in Azure](../virtual-machines/linux/security-policy.md), [Best practices for Network security](../security/fundamentals/network-best-practices.md).
+
+To use TLS communication between the security solution and the Syslog machine, you will need to configure the Syslog daemon (rsyslog or syslog-ng) to communicate in TLS: [Encrypting Syslog Traffic with TLS -rsyslog](https://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html), [Encrypting log messages with TLS –syslog-ng](https://support.oneidentity.com/technical-documents/syslog-ng-open-source-edition/3.22/administration-guide/60#TOPIC-1209298).
+
+
 ## Step 1: Configure your Syslog VM
 
 You need to deploy an agent on a dedicated Linux machine (VM or on premises) to support the communication between the appliance and Azure Sentinel. 
diff --git a/articles/sentinel/quickstart-onboard.md b/articles/sentinel/quickstart-onboard.md
@@ -55,7 +55,6 @@ After you connect your data sources, choose from a gallery of expertly created d
    ![search](./media/quickstart-onboard/choose-workspace.png)
 
    >[!NOTE] 
-   > - **Workspace location**  It's important to understand that all the data you stream to Azure Sentinel is stored in the geographic location of the workspace you selected.  
    > - Default workspaces created by Azure Security Center will not appear in the list; you can't install Azure Sentinel on them.
    > - Azure Sentinel can run on workspaces that are deployed in any of the following regions:  Australia Southeast, Canada Central, Central India, East US, East US 2 EUAP (Canary), Japan East, Southeast Asia, UK South, West Europe, West US 2.
 
