Merge branch 'main' into DOCS-1118

Author: kimsauce

docs/api/data-deletion-rules.md

@@ -0,0 +1,44 @@
+---
+id: data-deletion-rules
+title: Data Deletion Rules APIs
+sidebar_label: Data Deletion Rules
+description: Data Deletion Rules APIs allow you to delete ingested data from Sumo Logic.
+---
+
+<head>
+  <meta name="robots" content="noindex" />
+</head>
+
+<p><a href="/docs/beta"><span className="beta">Beta</span></a></p>
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+import ApiIntro from '../reuse/api-intro.md';
+import ApiRoles from '../reuse/api-roles.md';
+
+<img src={useBaseUrl('img/icons/dashboards.png')} alt="icon" width="50"/>
+
+Data Deletion Rules allow you to quickly and easily request the removal of ingested data from Sumo Logic. This helps you with removal of inadvertently ingested sensitive data.
+
+## Documentation
+
+<ApiIntro/>
+
+|Deployment|Documentation URL                |
+|:----------|:-------------------|
+|AU        |https://api.au.sumologic.com/docs/#tag/dataDeletionRules   |
+|CA        |https://api.ca.sumologic.com/docs/#tag/dataDeletionRules   |
+|DE        |https://api.de.sumologic.com/docs/#tag/dataDeletionRules   |
+|EU        |https://api.eu.sumologic.com/docs/#tag/dataDeletionRules   |
+|FED       |https://api.fed.sumologic.com/docs/#tag/dataDeletionRules  |
+|JP        |https://api.jp.sumologic.com/docs/#tag/dataDeletionRules   |
+|KR        |https://api.kr.sumologic.com/docs/#tag/dataDeletionRules   |
+|US1       |https://api.sumologic.com/docs/#tag/dataDeletionRules      |
+|US2       |https://api.us2.sumologic.com/docs/#tag/dataDeletionRules  |
+
+## Required role capabilities
+
+<ApiRoles/>
+
+* Review Deletion Requests
+* Manage Deletion Requests
+* View Deletion Requests

docs/cse/schema/username-and-hostname-normalization.md

@@ -44,7 +44,7 @@ The following fields of the schema are normalized.
 | `srcDevice_hostname` | hostname           |
 | `user_username`      | username           |
 
-When a username is normalized, the original, un-normalized name is placed in a `_raw` name attribute, for example,  `user_useraname_raw`. The normalized name is placed in the attribute field `user_username`. The rules engine allows the `_raw` username forms to be used in rule creation.
+When a username is normalized, the original, un-normalized name is placed in a `_raw` name attribute, for example,  `user_username_raw`. The normalized name is placed in the attribute field `user_username`. The rules engine allows the `_raw` username forms to be used in rule creation.
 
 If a name normalization configuration exists, the name attribute will be populated with the form `<username>:<friendly_domain>` where the `<friendly domain name>` portion is not populated for the normalized default domain.  When name normalization is enabled all name fields (not-raw) will be lowercase. For more information, see [Single domain example](#single-domain-example) and [Multiple domains example](#multiple-domains-example) below.
 
@@ -182,4 +182,4 @@ Following is an example configuration for a case where the customer has a domain
 
 ## Additional resources
 
-Blog: [What’s going on? The power of normalization in Cloud SIEM](https://www.sumologic.com/blog/whats-going-on-normalization-cloud-siem)
+Blog: [What’s going on? The power of normalization in Cloud SIEM](https://www.sumologic.com/blog/whats-going-on-normalization-cloud-siem)

docs/integrations/saml/onelogin.md

@@ -24,6 +24,7 @@ To use this feature, you'll need to enable access to your OneLogin logs and inge
 :::
 
 Once you begin uploading data, your daily data usage will increase. It's a good idea to check the **Account** page in Sumo Logic to ensure that you have enough quota to accommodate additional data in your account. If you need additional quota, you can [upgrade your account](/docs/manage/manage-subscription/upgrade-account/upgrade-cloud-flex-legacy-account) at any time.
+- **OneLogin Enterprise** or **Unlimited** plan subscription.
 
 ### Configure an event broadcaster for event logs
 

docs/manage/deletion-requests.md

@@ -25,6 +25,10 @@ Key features:
 - **Customizable filters**. Tailor deletion to your needs.
 - **Robust auditing mechanisms**. Ensure thorough tracking.
 
+:::info
+To know about Deletion requests API, refer to the [Data Deletion Rules APIs](/docs/api/data-deletion-rules).
+:::
+
 ## Create a deletion request
 
 :::warning
@@ -34,6 +38,7 @@ After a data deletion request is approved, data will be deleted from the organiz
 :::note
 - During the data deletion process, existing messages may temporarily appear duplicated for a few seconds. These duplicated messages will automatically disappear once the data deletion is complete.
 - Pinned queries may continue to display data identified for deletion for up to 24 hours from the initial run, prior to the data deletion request approval.
+- Data deletion requests are automatically canceled after 30 days if no action is taken.
 :::
 
 :::info
@@ -52,7 +57,11 @@ Data cannot be recovered once it gets deleted. Ensure that you have appropriatel
    :::
 1. Select the **Time Range** when the data was ingested.
 1. When you're done, click **Save**.
-1. Your request will go to a Sumo Logic Customer Support Manager (CSM) for review and approval. You can check on your request in the **Status** column. <br/><img src={useBaseUrl('img/search/get-started-search/deletion-request-status.png')} alt="deletion request status" style={{border: '1px solid gray'}} width="400"/>
+1. An email about your request will be sent to 50 most recently active approval users with [approval access](#approve-the-deletion-request). You can check on your request in the **Status** column.  
+    :::note
+    If you require an approval apart from this 50 users, you can forward the deletion request approval email to the required users. 
+    :::
+    <img src={useBaseUrl('img/search/get-started-search/deletion-request-status.png')} alt="deletion request status" style={{border: '1px solid gray'}} width="400"/>
 
 ### From a Log Search
 
@@ -88,12 +97,27 @@ To cancel a data deletion request:
 
 <img src={useBaseUrl('img/search/get-started-search/deletion-request-cancel.png')} alt="screenshot showing how to cancel a deletion request" style={{border: '1px solid gray'}} width="800"/>
 
+## Approve the deletion request
+
+:::note
+To approve or reject a request, ensure you have the **Review Deletion Requests** [role capability](/docs/manage/users-roles/roles/role-capabilities/). By default, **Manage Deletion Requests** and **View Deletion Requests** capabilities will be added if you have the **Review Deletion Requests** capability.
+:::
+
+Once the deletion request is created, an email notification will be sent to the users who have approval access. To approve or reject the request, follow the steps below:
+
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). Go to **Manage Data > Logs > Deletion Requests**.<br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic main menu select **Data Management**, and then under **Logs** select **Deletion Requests**. 
+1. Filter for the status with **Pending review**. <img src={useBaseUrl('img/search/get-started-search/pending-requests.png')} alt="filter for pending deletion requests" style={{border: '1px solid gray'}} width="800"/>
+1. Click the deletion request to review it.
+1. **Approve** or **Reject** the request based on your requirement.<br/><img src={useBaseUrl('img/search/get-started-search/approve-reject-deletion-request.png')} alt="Approve/Reject deletion requests side panel" style={{border: '1px solid gray'}} width="400"/>
+    - **Approve**. Enter **Delete** in the **Approve Deletion Request** pop-up to permanently delete the data, and click the **Delete Data** button. <br/><img src={useBaseUrl('img/search/get-started-search/approve-deletion-request.png')} alt="Approve deletion requests pop-up" style={{border: '1px solid gray'}} width="400"/>
+    - **Reject**. Enter the reason for rejection in the **Reject Deletion Request** pop-up to help the requester understand the reason for rejection and take any necessary actions, and click the **Reject Request** button.<br/><img src={useBaseUrl('img/search/get-started-search/reject-deletion-request.png')} alt="Reject deletion requests pop-up" style={{border: '1px solid gray'}} width="400"/>
+
 ## Limitations
 
 - Deletion requests will be processed one by one. 
 - You can create upto 100 deletion requests at a time.
 - Each deletion request can include up to 1 petabyte (PB) of scanned data.   
-- You can delete up to 1,000,000 messages per request.   
+- You can delete up to 1,000,000 messages per request. 
 - The maximum time range for each deletion request is one year.   
 - Your system can support up to 10 active concurrent deletion tasks across different customers.
 - Ensure that the requests initiated are not deleting the data prior to `1st February 2024`. Any request before this timestamp will fail in creation.
@@ -106,7 +130,7 @@ Customers must manage the future ingestion of sensitive data using [processing r
 
 ### Deletion scope
 
-Deletion is restricted to partitions and the default view (sumologic_default) in Sumo Logic. Deletion is currently not supported for other view types, such as [Scheduled Views](/docs/manage/scheduled-views) or ad hoc views created using the save view operator. Sensitive data may still be present in these unsupported views.
+Deletion is restricted to [Partitions](/docs/manage/partitions/), Default view (sumologic_default), [Scheduled Views](/docs/manage/scheduled-views), [Scheduled Search](/docs/alerts/scheduled-searches/), and ad hoc views in Sumo Logic. Deletion is currently not supported for audit indexes, security indexes, and other view types. Sensitive data may still be present in these unsupported views.
 
 ### Supported operators
 

docs/metrics/metrics-queries/index.md

@@ -66,4 +66,10 @@ In this section, we'll introduce the following concepts:
   <p>Learn how to share a saved or unsaved metric query.</p>
   </div>
 </div>
+<div className="box smallbox card">
+<div className="container">
+  <a href="/docs/metrics/metrics-queries/metric-query-best-practices"><img src={useBaseUrl('img/icons/operations/queries.png')} alt="icon" width="40"/><h4>Metric Query Best Practices</h4></a>
+  <p>Learn tips for getting the most out of your metric queries.</p>
+  </div>
+</div>
 </div>