Merge branch 'main' into update-pause-scheduled-views

Author: JV0812

blog-cse/2025-10-28-content.md

@@ -0,0 +1,34 @@
+---
+title: October 28, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+    - New mappers for Crowdstrike Falcon events.
+    - Updates to existing mappers for Crowdstrike Falcon, F5, and Okta events to support additional fields and events.
+    - Updates to F5 Networks and Okta SSO parsers.
+
+Changes are enumerated below.
+
+### Log Mappers
+- [New] CrowdStrike Falcon Host API IdpDetectionSummaryEvent
+- [New] CrowdStrike Falcon Identity Protection
+- [Updated] CrowdStrike UserActivity Logs
+- [Updated] F5 Authentication Catch All
+- [Updated] F5 HTTPd Audit - Custom Parser
+- [Updated] F5 Session and adfs proxy - Custom Parser
+- [Updated] Okta Authentication - auth_via_AD_agent
+- [Updated] Okta Authentication - auth_via_mfa
+- [Updated] Okta Authentication - auth_via_radius
+- [Updated] Okta Authentication - sso
+- [Updated] Okta Authentication Events
+- [Updated] Okta Catch All
+- [Updated] Okta Security Threat Events
+
+### Parsers
+- [Updated] /Parsers/System/F5/F5 Syslog
+- [Updated] /Parsers/System/Okta/Okta

docs/cse/administration/create-cse-context-actions.md

@@ -87,6 +87,8 @@ When you save the action, the URL template will be populated with your Sumo Logi
 
 `{{sumobaseurl}}/ui/#/search/@{{timestamp[ms]-30m}}@_index=sec_record* AND user_username = {{value}}`
 
+The `{{sumobaseurl}}` parameter applies to context actions that run a Sumo Logic log search. Assuming your Cloud SIEM instance is configured to communicate with the Sumo Logic platform, when you create an action that runs a Sumo Logic search, Cloud SIEM will automatically insert this placeholder in your URL template—you don’t need to explicitly insert `{{sumobaseurl}}` placeholder yourself.
+
 ### Create an URL to an external service
 
 To create a URL to be sent to an external service, enter the URL in the format required by the external service, and use the `{{value}}` parameter placeholder for the target entity, record field, or IOC. 
@@ -121,12 +123,6 @@ The table below defines the parameters you can use in the URL template for a con
 
 You can insert any field from the target of a context action into the action URL with the `{{field_name}}` placeholder. For example, you could include `device_ip` in the URL with `{{device_ip}}`.  
 
-### Sumo Logic Base URL
-
-The `{{sumobaseurl}}` parameter applies to context actions that run a Sumo Logic log search.
-
-Assuming your Cloud SIEM instance is configured to communicate with the Sumo Logic platform, when you create an action that runs a Sumo Logic search, Cloud SIEM will automatically insert this placeholder in your URL template—you don’t need to explicitly insert `{{sumobaseurl}} `placeholder yourself.
-
 ### Timestamp
 
 When you run an action on a Cloud SIEM record, if that record has a [timestamp](/docs/cse/schema/schema-attributes) field value, you can insert the timestamp in UTC format into the URL using the `{{timestamp}}` parameter.

docs/integrations/containers-orchestration/vmware.md

@@ -26,8 +26,8 @@ See the [vSphere product page](https://www.vmware.com/products/vsphere.html) for
 
 The Sumo Logic vCenter logs source and vCenter metrics source use the installed collector to gather the following data from VMware:
 
-* VMware Events using the Events API. See [Events API](https://code.vmware.com/apis/196/vsphere/doc/vim.event.EventManager.html) for more details.
-* VMware Metrics using the Performance API. For more information, see [Performance API](https://code.vmware.com/apis/196/vsphere/doc/vim.PerformanceManager.html).
+* VMware Events using the Events API. See [Events API](https://developer.broadcom.com/xapis/vsphere-web-services-api/latest/vim.event.EventManager.html) for more details.
+* VMware Metrics using the Performance API. For more information, see [Performance API](https://developer.broadcom.com/xapis/vsphere-web-services-api/latest/vim.PerformanceManager.html).
 
 The dashboards provide real-time monitoring with visual data displays, allowing you to analyze events and performance metrics for efficient detection and troubleshooting.