SumoLogic
diff --git a/‎blog-cse/2025-09-19-content.md‎
Lines changed: 67 additions & 0 deletions b/‎blog-cse/2025-09-19-content.md‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎blog-cse/2025-09-22-application.md‎
Lines changed: 17 additions & 0 deletions b/‎blog-cse/2025-09-22-application.md‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎blog-csoar/2025-09-10-application-update.md‎
Lines changed: 1 addition & 1 deletion b/‎blog-csoar/2025-09-10-application-update.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎blog-service/2025-09-19-apps.md‎
Lines changed: 14 additions & 0 deletions b/‎blog-service/2025-09-19-apps.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎blog-service/2025-09-19-collection.md‎
Lines changed: 12 additions & 0 deletions b/‎blog-service/2025-09-19-collection.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎blog-service/2025-09-22-collection.md‎
Lines changed: 12 additions & 0 deletions b/‎blog-service/2025-09-22-collection.md‎
Lines changed: 12 additions & 0 deletions
@@ -0,0 +1,67 @@
+---
+title: September 19, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - rules
+  - parsers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+- New rules for passing through OCSF Findings, such as those generated by AWS Security Hub.
+- Updates to rules for impossible travel to exclude local system accounts.
+- New log mappers for Cisco Meraki Traffic Events, OCI Authentication Events, and TippingPoint TPS Cloud.
+- Updates to existing log mappers to support new event IDs and enhance functionality.
+- New parser for TippingPoint TPS Cloud.
+- Updates to existing parsers for Cisco ASA, Cisco Meraki C2C, Kaspersky Endpoint Security, and Oracle Cloud Infrastructure to support new events.
+- Schema update to include `ocsf` as an enforced value for `threat_ruleType`.
+
+Changes are enumerated below.
+
+### Rules
+
+- [New] MATCH-S01053 OCSF Compliance Finding
+<br/>Passes through compliance findings from OCSF sources.
+- [New] MATCH-S01054 OCSF Detection Finding
+<br/>Passes through detection findings from OCSF sources.
+- [New] MATCH-S01055 OCSF Vulnerability Finding
+<br/>Passes through vulnerability findings from OCSF sources.
+- [Updated] THRESHOLD-S00097 Impossible Travel - Successful
+<br/>Exclude local system accounts from the rule.
+- [Updated] THRESHOLD-S00098 Impossible Travel - Unsuccessful
+<br/>Exclude local system accounts from the rule.
+
+### Log Mappers
+
+- [New] Cisco Meraki Traffic Events
+- [New] OCI Catch Authentication events
+- [New] TippingPoint TPS Cloud Catch All
+- [Updated] AWS GuardDuty - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Inspector - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Security Hub - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Security Hub Coverage - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Security Hub Exposure Detection - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] Cisco ASA 109201|109207|113022
+- [Updated] Cisco ASA 722051|722022|722023|722028|722032|722033|722036|722037|722041|722011
+- [Updated] Kaspersky Endpoint Security Catch All
+- [Updated] Oracle Cloud Infrastructure Audit Catch All
+- [Updated] Windows - Security - 4624
+<br/>Added `user_role` field to identify admin users
+- [Updated] Windows - Security - 4648
+<br/>Added `user_role` field to identify admin users.
+
+### Parsers
+
+- [New] /Parsers/System/TippingPoint/TippingPoint TPS Cloud
+- [Updated] /Parsers/System/Cisco/Cisco ASA
+- [Updated] /Parsers/System/Cisco/Cisco Meraki C2C
+- [Updated] /Parsers/System/Kaspersky/Kaspersky Endpoint Security
+- [Updated] /Parsers/System/Oracle/Oracle Cloud Infrastructure Schema
+- [Updated] threat_ruleType
+<br/>Updated enforced values to include `ocsf` as an option for mappers representing Findings records as categorized in the Open Cybersecurity Schema Framework (OCSF).
@@ -0,0 +1,17 @@
+---
+title: September 22, 2025 - Application Update
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - insights
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### Insight summary
+
+We’re excited to announce the new insight summary pane, an AI-generated synopsis for each insight that describes the threat incidents that led to its creation. This helps security teams understand incidents faster and accelerate response time. The summary is generated by Sumo Logic's Summary Agent, an agentic AI tool.
+
+[Learn more](/docs/cse/get-started-with-cloud-siem/insight-summary/).
+
+<img src={useBaseUrl('img/cse/insight-summary-pane.png')} alt="Insight summary" style={{border: '1px solid gray'}} width="300"/>
@@ -12,7 +12,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 ### New feature: Test nodes in playbooks
 
-The new **Test Node** toggle on nodes allows you to test individual nodes in playbooks without having to run the entire playbook, offering greater control over node configuration and troubleshooting.
+The new **Test Mode** toggle on nodes allows you to test individual nodes in playbooks without having to run the entire playbook, offering greater control over node configuration and troubleshooting.
 
 What's new:
 * Provide mock values for variables used in the node, and run the results to see the output and any errors.
 
@@ -0,0 +1,14 @@
+---
+title: Azure Security - Microsoft Defender for Office 365 (Apps)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - apps
+  - azure
+  - microsoft
+  - azure-security-microsoft-defender-for-office-365
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new Sumo Logic app for Azure Security - Microsoft Defender for Office 365. This app provides insights into threats and alerts across Microsoft 365, helping you prioritize incidents, respond faster, and strengthen your Office 365 security posture. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365).
@@ -0,0 +1,12 @@
+---
+title: Azure Metrics Source (Collection)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - collection
+  - azure-metrics-source
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We’re excited to announce the release of our new Azure Metrics Source for Sumo Logic. This source enables you to collect metrics from Azure platform and send them to Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source/).
@@ -0,0 +1,12 @@
+---
+title: ChatGPT Compliance Source (Collection)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - c2c
+  - chatgpt-compliance-source
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to announce the release of our new cloud-to-cloud source for ChatGPT Compliance. This source securely collects conversation logs from the ChatGPT Compliance platform and sends them to Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/chatgpt-compliance-source).