Merge branch 'main' into 404s

Author: kimsauce

blog-collector/2024/2025-02-18.md renamed to blog-collector/2025-02-18.md

@@ -0,0 +1,17 @@
+---
+title: Version 19.525-42
+hide_table_of_contents: true
+image: https://help.sumologic.com/img/sumo-square.png
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+In this release, we've enhanced the security and stability of the Collector with added support for security patches and a bug fix.
+
+## Security Fix
+
+- Upgraded `com.google.crypto.tink` to version 1.16.0 to address protobuf-java DOS vulnerability (CVE-2024-7254).
+
+## Bug Fix
+
+- Fixed the improper filtering of `AD` objects when `Exclude Distinguished Name Suffixes` filter is configured.

blog-collector/2025-05-14.md

@@ -21,7 +21,6 @@ This release includes:
 
 Changes are enumerated below.
 
-
 ### Rules
 - [New] OUTLIER-S00033 AWS DynamoDB Outlier in PutItem Events from User
     - [Disabled by Default] This rule detects an unusual amount of PutItem events to a DynamoDB resource within an hour time period (DynamoDB data events are required). Verify the user is authorized to modify the DynamoDB tables and instances. This rule is disabled by default due to potential volume of signals, before enabling consider excluding authorized users via match lists, and adjust floor value and model sensitivity as needed.

blog-cse/2025-05-09-content.md

@@ -0,0 +1,12 @@
+---
+title: Bitwarden (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - bitwarden
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new Bitwarden app for Sumo Logic. This app enables threat detection and identification of high-risk events such as vault exports or SSO deactivation, supporting continuous monitoring and accelerating incident response for credential and secret management workflows. [Learn more](/docs/integrations/saas-cloud/bitwarden).

blog-service/2025-05-13-apps.md

@@ -1639,6 +1639,7 @@
   "/cid/6025": "/docs/integrations/saas-cloud/cisco-vulnerability-management",
   "/cid/6026": "/docs/integrations/saas-cloud/sumo-collection",
   "/cid/6027": "/docs/integrations/saas-cloud/sysdig-secure",
+  "/cid/6028": "/docs/integrations/saas-cloud/bitwarden",
   "/cid/10112": "/docs/integrations/app-development/jfrog-xray",
   "/cid/10113": "/docs/observability/root-cause-explorer",
   "/cid/10116": "/docs/manage/fields",
@@ -4303,8 +4304,8 @@
   "/docs/cse/automation-service/automation-service-bridge": "/docs/platform-services/automation-service/automation-service-bridge",
   "/docs/cloud-soar/cloud-soar-bridge": "/docs/platform-services/automation-service/automation-service-bridge",
   "/docs/cloud-soar/audit-event-index": "/docs/platform-services/automation-service/automation-service-audit-logging/",
-  "/docs/cse/automation-service/automation-service-integration-framework": "/docs/platform-services/automation-service/automation-service-integration-framework",
-  "/docs/cloud-soar/cloud-soar-integration-framework": "/docs/platform-services/automation-service/automation-service-integration-framework",
+  "/docs/cse/automation-service/automation-service-integration-framework": "/docs/platform-services/automation-service/integration-framework",
+  "/docs/cloud-soar/cloud-soar-integration-framework": "/docs/platform-services/automation-service/integration-framework",
   "/docs/send-data/collect-from-other-data-sources/kubernetes": "/docs/send-data/kubernetes",
   "/docs/send-data/kubernetes/v4": "/docs/send-data/kubernetes",
   "/docs/send-data/collect-from-other-data-sources/azure-blob-storage/collect-logs-azure-blob-storage": "/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs",

cid-redirects.json

@@ -20,7 +20,7 @@ Because Cloud SOAR provides automation functionality to the [Automation Service]
 * [Playbooks](/docs/platform-services/automation-service/automation-service-playbooks/)
 * [Integrations](/docs/platform-services/automation-service/automation-service-integrations/)
 * [Automation bridge](/docs/platform-services/automation-service/automation-service-bridge)
-* [Integration framework](/docs/platform-services/automation-service/automation-service-integration-framework/)
+* [Integration framework](/docs/platform-services/automation-service/integration-framework/)
 * [Audit logging](/docs/platform-services/automation-service/automation-service-audit-logging)
 
 The following sections describe automation features only used in Cloud SOAR.

docs/cloud-soar/automation.md

@@ -21,7 +21,7 @@ The Automation Service doesn't include any of Cloud SOAR’s case management or
 
 ### Daemon and trigger action types
 
-The Automation Service does not support [daemon](/docs/platform-services/automation-service/automation-service-integration-framework/#daemon-action-definitions) and [trigger](/docs/platform-services/automation-service/automation-service-integration-framework/#trigger-action-definitions) action types. The Automation Service can only use triggers built into Cloud SIEM and the Log Analytics platform. So you can’t configure a playbook in the Automation Service to monitor an external process or file and fire a trigger in response like you can with Cloud SOAR. A trigger can only fire in the Automation Service for limited events, such as when an Insight is created in Cloud SIEM.
+The Automation Service does not support [daemon](/docs/platform-services/automation-service/integration-framework/about-integration-framework/#daemon-action-definitions) and [trigger](/docs/platform-services/automation-service/integration-framework/about-integration-framework/#trigger-action-definitions) action types. The Automation Service can only use triggers built into Cloud SIEM and the Log Analytics platform. So you can’t configure a playbook in the Automation Service to monitor an external process or file and fire a trigger in response like you can with Cloud SOAR. A trigger can only fire in the Automation Service for limited events, such as when an Insight is created in Cloud SIEM.
 
 ### Additional features
 

docs/cloud-soar/compared-to-automation-service.md

@@ -409,7 +409,7 @@ Within Automation, you’ll see subsections for:
 * [App Central](/docs/platform-services/automation-service/app-central/). A large out-of-the-box library of playbooks, integrations, and use cases for different threats to get you started with orchestrating and automating your SOC.
 * [Playbooks](/docs/platform-services/automation-service/automation-service-playbooks/). Allows you to create new playbooks and edit, delete, and manage existing ones.
 * [Template](/docs/cloud-soar/automation/#incident-templates). Allows you to create new incident templates and edit, delete, and manage existing ones.
-* [Integrations](/docs/platform-services/automation-service/automation-service-integration-framework/). Lets you connect third party tools through APIs.
+* [Integrations](/docs/platform-services/automation-service/automation-service-integrations/). Lets you connect third party tools through APIs.
 * [Rules](/docs/cloud-soar/automation/#automation-rules). Lets you create new automation rules.
 * [Bridge](/docs/platform-services/automation-service/automation-service-bridge/). Contains configuration details on any installed bridges.
 

docs/cloud-soar/introduction.md

@@ -62,7 +62,7 @@ Gain complete insight into incident response performance with customizable dashb
 
 ### Open Integration Framework (OIF)
 
-Choose from hundreds of out-of-the-box actions and playbooks or ask the Sumo Logic team to develop the connectors you need. Anyone can access the API code to quickly integrate tools without any coding experience required. For more information, see [Integrations](/docs/platform-services/automation-service/automation-service-integrations/) and [Integration Framework](/docs/platform-services/automation-service/automation-service-integration-framework/).
+Choose from hundreds of out-of-the-box actions and playbooks or ask the Sumo Logic team to develop the connectors you need. Anyone can access the API code to quickly integrate tools without any coding experience required. For more information, see [Integrations](/docs/platform-services/automation-service/automation-service-integrations/) and [Integration Framework](/docs/platform-services/automation-service/integration-framework/).
 
 <img src={useBaseUrl('img/cloud-soar/overview-openI-itegration.png')} alt="Integrations" style={{border: '1px solid gray'}} width="800" />
 

docs/cloud-soar/overview.md

@@ -153,7 +153,7 @@ The following example shows how to configure a notification that sends an email
 
 ## Advanced example: Configure a custom integration
 
-The following example shows how to create a custom integration with an action that runs a script you provide. The custom integration and action are defined by YAML files. To learn how to build your own YAML files, see [Integration framework file formats](/docs/platform-services/automation-service/automation-service-integration-framework/#integration-framework-file-formats).
+The following example shows how to create a custom integration with an action that runs a script you provide. The custom integration and action are defined by YAML files. To learn how to build your own YAML files, see [Integration framework file formats](/docs/platform-services/automation-service/integration-framework/about-integration-framework/#integration-framework-file-formats).
 
 The action uses [IP Quality Score](https://www.ipqualityscore.com/) to gather IP reputation information for enrichment. (This example shows how to add enrichment to an insight. To use the same action to add enrichment to entities, see [Add entity enrichment](#add-entity-enrichment) below.)