SumoLogic
diff --git a/‎.clabot‎
Lines changed: 2 additions & 1 deletion b/‎.clabot‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎blog-cse/2025-08-27-content.md‎
Lines changed: 44 additions & 0 deletions b/‎blog-cse/2025-08-27-content.md‎
Lines changed: 44 additions & 0 deletions
diff --git a/‎blog-service/2025-08-26-apps.md‎
Lines changed: 14 additions & 0 deletions b/‎blog-service/2025-08-26-apps.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎blog-service/2025-08-29-apps.md‎
Lines changed: 12 additions & 0 deletions b/‎blog-service/2025-08-29-apps.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎cid-redirects.json‎
Lines changed: 2 additions & 16 deletions b/‎cid-redirects.json‎
Lines changed: 2 additions & 16 deletions
diff --git a/‎docs/alerts/monitors/alert-response.md‎
Lines changed: 10 additions & 10 deletions b/‎docs/alerts/monitors/alert-response.md‎
Lines changed: 10 additions & 10 deletions
@@ -189,7 +189,8 @@
     "aj-sumo",
     "samiura",
     "naveenrama",
-    "fguimond"
+    "fguimond",
+    "rmeyer-legato"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",
 
@@ -0,0 +1,44 @@
+---
+title: August 27, 2025 - Content Release
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - log mappers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+- New mappers and parsing support for additional Cisco ASA events and updates to existing Cisco ASA mappers to support additional fields.
+- Updates to AWS Security Hub OCSF Findings mappers to handle username alternate mappings.
+- Updates to McAfee Web Gateway CSV parser and mapper to support additional fields.
+- Fix to Sysdig Policy Detection JSON mapper to correctly map threat signal name and summary.
+
+Changes are enumerated below.
+
+### Log Mappers
+- [New] Cisco ASA 109201|109207|113022
+- [New] Cisco ASA 317077|317078
+- [New] Cisco ASA 725016|771002
+- [Updated] AWS GuardDuty - OCSF Finding Events
+- [Updated] AWS Inspector - OCSF Finding Events
+- [Updated] AWS Security Hub - OCSF Finding Events
+- [Updated] AWS Security Hub Coverage - OCSF Finding Events
+- [Updated] AWS Security Hub Exposure Detection - OCSF Finding Events
+- [Updated] Cisco ASA 113008 JSON
+- [Updated] Cisco ASA 302010 JSON
+- [Updated] Cisco ASA 303002 JSON
+- [Updated] Cisco ASA 313001 JSON
+- [Updated] Cisco ASA 50000(4|3) JSON
+- [Updated] Cisco ASA 602303-4|602101
+- [Updated] Cisco ASA 710005|716058
+- [Updated] Cisco ASA 713nnn JSON
+- [Updated] Cisco ASA 722034
+- [Updated] Cisco ASA 722051|722022|722023|722028|722032|722033|722036|722037|722041 JSON
+- [Updated] Cisco ASA 733100|734001|737005|737017|737036|737029|746014|746015|746016 JSON
+- [Updated] Cisco ASA 751023|725001|725002|725003|725006|725007|750001|750003|750006|750007|751022 JSON
+- [Updated] Cisco ASA Network events
+- [Updated] McAfee WebGateway - Parser
+- [Updated] Sysdig Policy Detection JSON
+
+### Parsers
+- [Updated] /Parsers/System/Cisco/Cisco ASA
+- [Updated] /Parsers/System/McAfee/McAfee Web Gateway CSV
@@ -0,0 +1,14 @@
+---
+title: OpenTelemetry Collector Insights (Apps)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - apps
+  - sumo-logic
+  - opentelemetry-collector-insights
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+
+We're excited to introduce the new OpenTelemetry Collector Insights app for Sumo Logic. This app offers robust monitoring and observability for Sumo Logic OpenTelemetry Collector instances (version 0.130.1-sumo-0 and above), enabling you to track performance, data flow, and resource usage through prebuilt dashboards and alerts. [Learn more](/docs/integrations/sumo-apps/opentelemetry-collector-insights/).
@@ -0,0 +1,12 @@
+---
+title: Zimperium (Apps)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - apps
+  - zimperium
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new Zimperium app for Sumo Logic. This app provides visibility into mobile threats by centralizing threat intelligence and device telemetry, and collects threat logs for analysis in Sumo Logic. [Learn more](/docs/integrations/saas-cloud/zimperium/).
@@ -66,15 +66,8 @@
   "/01Start-Here/Onboarding_Checklist": "/docs/get-started/onboarding-checklists",
   "/01Start-Here/Quick-Start-Tutorial": "/docs/get-started/quickstart",
   "/01Start-Here/Quick-Start-Tutorials": "/docs/get-started/quickstart",
-  "/01Start-Here/Quick-Start-Tutorials/Hands-on_Labs:_Advanced_Metrics_with_Kubernetes": "/docs/get-started/training-certification-faq",
-  "/01Start-Here/Quick-Start-Tutorials/Hands-On_Labs:_Metrics_Mastery": "/docs/get-started/training-certification-faq",
-  "/01Start-Here/Quick-Start-Tutorials/Hands-on_Labs02:_Security_Analytics": "/docs/get-started/training-certification-faq",
-  "/01Start-Here/Quick-Start-Tutorials/Hands-on_Labs01:_Using_Sumo_Logic/00Introduction": "/docs/get-started/overview",
-  "/01Start-Here/Quick-Start-Tutorials/Using-Sumo-Logic-Tutorial/Lab-1:-Viewing-Data": "/docs/get-started/training-certification-faq",
   "/01Start-Here/Quick-Start-Tutorials/SelfPacedTrainingFundamentals": "/docs/get-started/training-certification-faq",
   "/01Start-Here/Quick-Start-Tutorials/Using-Sumo-Logic-Tutorial": "/docs/get-started/overview",
-  "/01Start-Here/Quick-Start-Tutorials/Hands-on_Labs01:_Using_Sumo_Logic": "/docs/get-started/overview",
-  "/01Start-Here/Quick-Start-Tutorials/Using-Sumo-Logic-Tutorial/Lab-2:-Search-for-Log-Data": "/docs/get-started",
   "/01Start-Here/Quick-Start-Tutorials/Using-Cloud-SIEM-Training-Manual": "/docs/cse",
   "/01Start-Here/Quick-Start-Tutorials/Hands-on_Labs%3A_Cloud_Security_Monitoring_and_Analytics/05Lab_5_-_Detecting_a_landspeed_violation": "/docs/search/search-query-language/search-operators/haversine",
   "/01Start-Here/Quick-Start-Tutorials/Set-Up-Sumo-Logic-Tutorial": "/docs/get-started/overview",
@@ -102,10 +95,8 @@
   "/03Send-Data": "/docs/send-data",
   "/03Send-Data/01-Design-Your-Deployment": "/docs/send-data/choose-collector-source",
   "/03Send-Data/01-Design-Your-Deployment/Best-Practices%3A-Good-Source-Category%2C-Bad-Source-Category": "/docs/send-data/best-practices",
-  "/03Send-Data/01-Design-Your-Deployment/Best-Practices:-Good-Source-Category,-Bad-Source-Category": "/docs/send-data/best-practices",
   "/03Send-Data/01-Design-Your-Deployment/Best-Practices%3A-Local-and-Centralized-Data-Collection": "/docs/send-data/best-practices",
   "/03Send-Data/01-Design-Your-Deployment/Compare-Installed-and-Hosted-Collectors": "/docs/send-data/choose-collector-source",
-  "/03Send-Data/01-Design-Your-Deployment/Best-Practices:-Local-and-Centralized-Data-Collection": "/docs/send-data/best-practices",
   "/03Send-Data/Applications_AWS_Solution/AWS_S3_Export_App": "/docs/send-data/hosted-collectors/amazon-aws/amazon-s3-audit-source",
   "/03Send-Data/Collect-from-Other-Data-Sources": "/docs/send-data/collect-from-other-data-sources",
   "/03Send-Data/Collect-from-Other-Data-Sources/01-About-Collectors/01-Collector-Overview": "/docs/send-data/collect-from-other-data-sources",
@@ -177,7 +168,6 @@
   "/Send-Data/Collector-FAQs/How-can-I-tell-if-I'm-collecting-data": "/docs/send-data/collector-faq",
   "/Send-Data/Collector-FAQs/Troubleshooting-large-message-time-and-receipt-time-discrepancies": "/docs/send-data/collector-faq",
   "/03Send-Data/Collector-FAQs/Collector-fails-to-connect-to-Sumo%3A-Target-server-failed-to-respond-or-HTTP-504-or-HTTP-408-errors": "/docs/send-data/collector-faq",
-  "/03Send-Data/Collector-FAQs/Collector-fails-to-connect-to-Sumo:-Target-server-failed-to-respond-or-HTTP-504-or-HTTP-408-errors": "/docs/send-data/collector-faq",
   "/03Send-Data/Collector-FAQs/Collector-locking-log-files-on-Windows-servers": "/docs/send-data/collector-faq",
   "/03Send-Data/Collector-FAQs/Configure_Limits_for_Collector_Caching": "/docs/send-data/collector-faq",
   "/03Send-Data/Collector-FAQs/Delete-data-already-collected-to-Sumo-Logic": "/docs/send-data/collector-faq",
@@ -260,7 +250,6 @@
   "/03Send-Data/Sources/01Sources-for-Installed-Collectors/Remote-Windows-Performance-Monitor-Log-Source/Preconfigure-a-Machine-to-Collect-Remote-Windows-Performance-Monitoring-Logs": "/docs/send-data/installed-collectors/sources/preconfigure-machine-collect-remote-windows-performance-monitoring-logs",
   "/03Send-Data/Sources/01Sources-for-Installed-Collectors/Script-Action": "/docs/send-data/installed-collectors/sources/script-action",
   "/03Send-Data/Sources/01Sources-for-Installed-Collectors/Script-Source": "/docs/send-data/installed-collectors/sources/script-source",
-  "/03Send-Data/Sources/01Sources-for-Installed-Collectors/Script-Source/Advanced:-Using-a-CRON-Expression": "/docs/send-data/installed-collectors/sources/script-source/use-cron-expression",
   "/03Send-Data/Sources/01Sources-for-Installed-Collectors/Script-Source/Cron-Examples-and-Reference": "/docs/send-data/installed-collectors/sources/script-source/cron-examples-reference",
   "/03Send-Data/Sources/01Sources-for-Installed-Collectors/Script-Source/Troubleshoot-Script-Source-Issues": "/docs/send-data/installed-collectors/sources/script-source/troubleshoot-script-source-issues",
   "/03Send-Data/Sources/01Sources-for-Installed-Collectors/Streaming-Metrics-Source": "/docs/send-data/installed-collectors/sources/streaming-metrics-source",
@@ -394,8 +383,6 @@
   "/05Search/Get-Started-with-Search": "/docs/search/get-started-with-search",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search": "/docs/search/get-started-with-search/build-search",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Best-Practices%3A-Search-Rules-to-Live-By": "/docs/search/get-started-with-search/build-search/best-practices-search",
-  "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Best-Practices:-Search-Rules-to-Live-By": "/docs/search/get-started-with-search/build-search/best-practices-search",
-  "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Best-Practices:-7-Search-Rules-to-Live-By": "/docs/search/get-started-with-search/build-search/best-practices-search",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Dynamic_Parsing": "/docs/search/get-started-with-search/build-search/dynamic-parsing",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Keyword-Search-Expressions": "/docs/search/get-started-with-search/build-search/keyword-search-expressions",
   "/05Search/Get-Started-with-Search/How-to-Build-a-Search/Search-Syntax-Overview": "/docs/search/get-started-with-search/build-search/search-syntax-overview",
@@ -2094,6 +2081,7 @@
   "/cid/22674": "/docs/integrations/google/cloud-functions",
   "/cid/22675": "/docs/integrations/google/cloud-sql",
   "/cid/23233": "/docs/integrations/saas-cloud/zendesk",
+  "/cid/23234": "/docs/integrations/saas-cloud/zimperium",
   "/cid/2323": "/docs/integrations/saas-cloud/zoom",
   "/cid/23239": "/docs/integrations/saas-cloud/lastpass",
   "/cid/2324": "/docs/integrations/saas-cloud/workday",
@@ -2926,6 +2914,7 @@
   "/cid/10999": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source",
   "/cid/11000": "/docs/platform-services/automation-service/automation-service-playbooks",
   "/cid/1105": "/docs/integrations/cloud-security-monitoring-analytics/aws-security-hub-ocsf",
+  "/cid/1106": "/docs/integrations/sumo-apps/opentelemetry-collector-insights",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",
   "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration",
@@ -3629,7 +3618,6 @@
   "/Send_Data/Sources/Source_timestamp_and_time_zone_options/Timestamp_conventions": "/docs/send-data/reference-information/time-reference",
   "/Send_Data/Sources/AWS_S3_Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
   "/Send_Data/Sources/Amazon_S3_Audit_Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
-  "/Send_Data/01_Design_Your_Deployment/Best_Practices:_Good_Source_Category,_Bad_Source_Category": "/docs/send-data/best-practices",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services": "/docs/send-data/hosted-collectors/amazon-aws",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services/AWS_S3_Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services/Amazon_CloudWatch_Source_for_Metrics": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",
@@ -3989,7 +3977,6 @@
   "/Observability_Solution/Kubernetes_Solution/Global_Intelligence_for_Kubernetes_DevOps_App": "/docs/integrations/global-intelligence",
   "/docs/integrations/global-intelligence/kubernetes-devops": "/docs/integrations/global-intelligence",
   "/Observability_Solution/Kubernetes_Solution/Navigate_your_Kubernetes_environment": "/docs/observability/kubernetes",
-  "/Search/Get-Started-with-Search/How-to-Build-a-Search/Best-Practices:-7-Search-Rules-to-Live-By": "/docs/search/get-started-with-search/build-search/best-practices-search",
   "/Search/Get-Started-with-Search/How-to-Build-a-Search/Search_Templates": "/docs/search/get-started-with-search/build-search/search-templates",
   "/Search/Get-Started-with-Search/How-to-Build-a-Search/Search-Templates": "/docs/search/get-started-with-search/build-search/search-templates",
   "/Search/Get-Started-with-Search/How-to-Build-a-Search/Search-Syntax-Overview": "/docs/search/get-started-with-search/build-search/search-syntax-overview",
@@ -4169,7 +4156,6 @@
   "/Send-Data/Data-Types/Linux": "/docs/send-data/installed-collectors/linux",
   "/Send-Data/Data-Types/Threat_Intel_Quick_Analysis/Threat_Intel_Optimization": "/docs/integrations/security-threat-detection/threat-intel-quick-analysis",
   "/Send-Data/Data_Types/Salesforce": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/salesforce-source",
-  "/Send-Data/01-Design-Your-Deployment/Best-Practices:-Good-Source-Category,-Bad-Source-Category": "/docs/send-data/best-practices",
   "/Send-Data/Hosted-Collectors/Configure-a-Hosted-Collector": "/docs/send-data/hosted-collectors/configure-hosted-collector",
   "/Send-Data/Installed-Collectors": "/docs/send-data/installed-collectors",
   "/Send-Data/Installed-Collectors/01About-Installed-Collectors": "/docs/send-data/installed-collectors",
 
@@ -86,23 +86,23 @@ To resolve an alert, click a row to select it, then click **Resolve**.
 
 ## Translating thresholds
 
-Threshold translating allows you to open the alert response page in the [Metrics Explorer](/docs/metrics/metrics-queries/metrics-explorer) that helps you to easily view the threshold associated with an alert. This also helps you to understand how your monitor's thresholds are translating into metrics and compare the threshold values set in a monitor with the data displayed in the Metrics Explorer chart.
+Threshold translating allows you to open the alert response page in the [Metrics Search](/docs/metrics/metrics-queries/metrics-explorer) that helps you to easily view the threshold associated with an alert. This also helps you to understand how your monitor's thresholds are translating into metrics and compare the threshold values set in a monitor with the data displayed in the Metrics Search chart.
 
-For example, when you open an alert response page in Metrics Explorer, you can see critical thresholds defined with some number. You can then see that this threshold is also applied and enabled in the Metrics Explorer view, with exactly the same number defined.<br/> <img src={useBaseUrl('img/alerts/arp-metrics-explorer.png')} alt="arp-metrics-explorer" width="800"/>
+For example, when you open an alert response page in Metrics Search, you can see critical thresholds defined with some number. You can then see that this threshold is also applied and enabled in the Metrics Search view, with exactly the same number defined.<br/> <img src={useBaseUrl('img/alerts/arp-metrics-explorer.png')} alt="arp-metrics-explorer" width="800"/>
 
-To view the alert response chart in Metrics Explorer, follow the steps below:
+To view the alert response chart in Metrics Search, follow the steps below:
 
 1. Navigate to your [Alert List](#alert-list) and select the alert for which you want to view the corresponding metrics and threshold values.
-1. Click the **View in Metrics Explorer** button for that alert. You can click on either of the two buttons, and they both function the same way.
-1. The Metrics Explorer view will open with the graph of the metric associated with the alert.
-1. In the **Threshold** section of the Metrics Explorer, you can see the same threshold values for the monitor associated with the alert.<br/> <img src={useBaseUrl('img/alerts/threshold-metrics-explorer-view.png')} alt="threshold-metrics-explorer" width="800"/>
+1. Click the **View in Metrics Search** button for that alert. You can click on either of the two buttons, and they both function the same way.
+1. The Metrics Search view will open with the graph of the metric associated with the alert.
+1. In the **Threshold** section of the Metrics Search, you can see the same threshold values for the monitor associated with the alert.<br/> <img src={useBaseUrl('img/alerts/threshold-metrics-explorer-view.png')} alt="threshold-metrics-explorer" width="800"/>
 1. The thresholds will be enabled and only the ones that are defined in the monitor will be displayed.
-   * If the alert has both critical and warning thresholds defined in the corresponding monitor, both thresholds will be displayed in the Metrics Explorer view.
-   * If the alert has only a critical threshold defined in the corresponding monitor, only the warning threshold will be displayed in the Metrics Explorer view.
-1. Use this feature to compare the threshold values set in a monitor with the data displayed in the Metrics Explorer graph and gain a better understanding of how your monitors are translating into metrics.
+   * If the alert has both critical and warning thresholds defined in the corresponding monitor, both thresholds will be displayed in the Metrics Search view.
+   * If the alert has only a critical threshold defined in the corresponding monitor, only the warning threshold will be displayed in the Metrics Search view.
+1. Use this feature to compare the threshold values set in a monitor with the data displayed in the Metrics Search graph and gain a better understanding of how your monitors are translating into metrics.
 
 :::note
-Note that the same threshold translating functionality supports to [Create Monitors from the Metrics Explorer](/docs/alerts/monitors/create-monitor/#from-metrics-explorer) and [Opening a Monitor in the Metrics Explorer](/docs/alerts/monitors/settings/#view-in-metrics-explorer).
+Note that the same threshold translating functionality supports to [Create Monitors from the Metrics Search](/docs/alerts/monitors/create-monitor/#from-metrics-search) and [Opening a Monitor in the Metrics Search](/docs/alerts/monitors/settings/#view-in-metrics-search).
 :::
 
 ## Alert details