Merge branch 'main' into berry

Author: kimsauce

.clabot

@@ -169,7 +169,8 @@
     "Hellfire4959",
     "antonymartinsumo",
     "amee-sumo",
-    "chetanchoudhary-sumo"
+    "chetanchoudhary-sumo",
+    "JamoCA"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",

blog-cse/2022/12-31.md

@@ -453,7 +453,7 @@ Cloud SIEM now supports custom sources of inventory data. Now, if you want to in
 
 #### Standard Match Lists
 
-As a reminder, the migration for our out-of-the-box rules content from standard match lists to tags for Entities has begun. The system is now automatically setting the appropriate tags for any Entities appearing in any of the standard match lists called out in the [previous announcement](https://help.sumologic.com/release-notes-cse/2022/10/13/application-update/). This will continue until January 20, 2023, when the migration will be complete.
+As a reminder, the migration for our out-of-the-box rules content from standard match lists to tags for Entities has begun. The system is now automatically setting the appropriate tags for any Entities appearing in any of the standard match lists called out in the [previous announcement](/release-notes-cse/2022/12/31/#october-13-2022---application-update). This will continue until January 20, 2023, when the migration will be complete.
 
 #### Minor Changes and Enhancements
 
@@ -776,7 +776,7 @@ Labels were not being created properly based on Network Blocks for a small numbe
 #### Read-Only User Capabilities for Cloud SIEM
 New user capabilities (permissions) have been created enabling read-only access to content and configuration features in Cloud SIEM.
 
-These can be used when defining roles in the Sumo Logic platform (at **Administration > Users and Roles > Roles**).
+These can be used when [defining roles](/docs/manage/users-roles/roles/create-manage-roles/) in the Sumo Logic platform.
 
 <img src={useBaseUrl('img/release-notes/cse/Read-Only-Roles.png')} alt="read-only roles" />
 

blog-cse/2023/12-31.md

@@ -166,7 +166,7 @@ For full details, see the [Cloud SOAR documentation](/docs/platform-services/aut
 ---
 ### October 26, 2023 - Content Release
 
-This content release includes templates for creating Cloud SIEM parsers. There are two versions of each, one with comments that explain the purpose of each parser component, and “clean” versions that you can use to start quickly creating custom parsers. Further documentation on using these parsers will be available on [Sumo Logic Docs](https://help.sumologic.com/) in the coming weeks. Other changes in this release are enumerated below.
+This content release includes templates for creating Cloud SIEM parsers. There are two versions of each, one with comments that explain the purpose of each parser component, and “clean” versions that you can use to start quickly creating custom parsers. Further documentation on using these parsers will be available on [Sumo Logic Docs](/docs/cse/get-started-with-cloud-siem/cloud-siem-content-catalog/) in the coming weeks. Other changes in this release are enumerated below.
 
 #### Rules
 
@@ -1325,7 +1325,7 @@ Each node in the graph represents a single Entity. The graph also displays the r
 
 The graph also includes a number of controls for zoom, full screen mode, filtering by Entity type, and adjusting the time frame for relationship detection.
 
-For more information about how to use the Entity Relationship Graph, see the [online documentation](https://help.sumologic.com/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui/#about-the-entities-tab-graph-view). You will also see an introduction to the feature the first time you visit an Insight details page.
+For more information about how to use the Entity Relationship Graph, see the [online documentation](/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui/#about-the-entities-tab-graph-view). You will also see an introduction to the feature the first time you visit an Insight details page.
 
 #### Minor Changes and Enhancements
 

blog-cse/2024-12-20-content.md

@@ -0,0 +1,58 @@
+---
+title: December 20, 2024 - Content Release
+hide_table_of_contents: true
+keywords:
+  - log mappers
+  - log parsers
+  - detection rules
+image: https://help.sumologic.com/img/sumo-square.png  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+- New product support for Dragos WorldView Threat Intelligence, Mindpoint Proactive Security Services, and Trust IAM (Identity and Access Management).
+- AWS Cloudtrail updates.
+    - Adds alternate mapping for `user_userId` in anticipation of AWS Identity Center CloudTrail logging change. For more information on the change, see [Important changes to CloudTrail events for AWS IAM Identity Center](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/).
+- Parsing and mapping updates for Palo Alto Firewall and Cisco Firepower.
+- Rule updates.
+
+Changes are are enumerated below.
+
+## Rules
+- [Deleted] FIRST-S00029 First Seen Successful Authentication From Unexpected Country
+    - Rule has been replaced by FIRST-S00065 as this version was not enabled by default.
+- [Updated] FIRST-S00046 First Seen Client Generating MailIItemsAccessed Event from User
+    - Updated "First Seen" value from ClientInfoString to Client to reduce false positives.
+- [Updated] FIRST-S00065 First Seen Successful Authentication From Unexpected Country
+    - Replaces FIRST-S00029.
+
+## Log Mappers
+- [New] Dragos Catch All
+- [New] Mindpoint Group Keeper Authentication
+- [New] Mindpoint Group Keeper Catch All
+- [New] Trust Login Authentication
+- [New] Trust Login Catch All
+- [Updated] CloudTrail - application-insights.amazonaws.com - ListApplications
+- [Updated] CloudTrail - signin.amazonaws.com - All AwsConsoleSignIn events
+- [Updated] CloudTrail - sso.amazonaws.com - Federate|ListProfilesForApplication
+- [Updated] CloudTrail Default Mapping
+- [Updated] Firepower Catch All
+    - Additional new field mappings to support Firepower events and improve records classification.
+- [Updated] Palo Alto Config - Custom Parser
+    - Adds alternate field mappings.
+- [Updated] Palo Alto System - Custom Parser
+    - Adds alternate field mappings.
+- [Updated] Palo Alto System Auth - Custom Parser
+     - Support additional panorama-auth-success and alternate fields for mapped fields.
+
+## Parsers
+- [New] /Parsers/System/Dragos/Dragos
+- [New] /Parsers/System/Mindpoint Group/Mindpoint Group Keeper
+- [New] /Parsers/System/Trust Login/Trust Login
+- [Updated] /Parsers/System/Cisco/Cisco Firepower Syslog
+    - Adds support for FTD 430002 and 430003 events.
+- [Updated] /Parsers/System/Palo Alto/PAN Firewall LEEF
+    - Adds support for 'panorama-auth-success' events and improves timestamp handling.

blog-csoar/2024-01-03-application-update.md

@@ -13,7 +13,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 <a href="https://help.sumologic.com/release-notes-csoar/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
 
 ### Changes and Enhancements
-* Playbooks: UserChoice nodes can be handled now from Slack workspace (see [documentation](https://help.sumologic.com/docs/cloud-soar/cloud-soar-delivery-2/#configure-slack-for-cloud-soar)).
+* Playbooks: UserChoice nodes can be handled now from Slack workspace (see [documentation](/docs/cloud-soar/automation#configure-slack-for-cloud-soar)).
 
 #### Cloud SOAR
 * New privilege "Api Admin": Enabling this privilege in Log Analytics Platform will allow user to handle incident operations without being involved directly as investigator.

blog-csoar/2024-01-30-application-update.md

@@ -13,7 +13,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 <a href="https://help.sumologic.com/release-notes-csoar/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
 
 ### Changes and Enhancements
-* Added public help document for supported integrations. See [Integrations in App Central](https://help.sumologic.com/docs/platform-services/automation-service/app-central/integrations/).
+* Added public help document for supported integrations. See [Integrations in App Central](/docs/platform-services/automation-service/app-central/integrations/).
 * Integrations: Added possibility to rename an integration keeping original reference in YAML.
 * Playbooks:
   * List view set as default. View changes are saved in user preferences.

blog-csoar/2024-02-19-application-update.md

@@ -14,10 +14,10 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 ### Changes and Enhancements
 * Playbooks:
-  * Enabled [playbook testing](https://help.sumologic.com/docs/cloud-soar/automation/#testing-playbooks). With this improvement it is now possible to test a playbook configuration before publishing it, using Insight, Incident or custom JSON as input.
+  * Enabled [playbook testing](/docs/platform-services/automation-service/automation-service-playbooks/#test-a-playbook). With this improvement it is now possible to test a playbook configuration before publishing it, using Insight, Incident or custom JSON as input.
   * Action configuration: Integration fields configuration now suggests default values, if present.
   * UserChoice, answer by Email: Fixed Authorizer usage from previous nodes.
-* AppCentral: Within the Integrations section, each integration card now contains a hyperlink to the related public documentation page [Integrations in App Central](https://help.sumologic.com/docs/platform-services/automation-service/app-central/integrations/).
+* AppCentral: Within the Integrations section, each integration card now contains a hyperlink to the related public documentation page [Integrations in App Central](/docs/platform-services/automation-service/app-central/integrations/).
 * Integrations: It is now possible to send custom commands when an integration docker image is created. This feature is available for Not Certified integration only.
 
 #### Cloud SOAR

blog-service/2021/12-31.md

@@ -566,7 +566,7 @@ Update - The [alert variable](/docs/alerts/monitors/alert-variables) `Results
 ---
 ## April 7, 2021 (Search)
 
-Update - The LogReduce operator now provides an [optimize option](/docs/search/logreduce) that provides up to 10x speedup over classic LogReduce on datasets with hundreds of thousands of logs.
+Update - The LogReduce operator now provides an [optimize option](/docs/search/behavior-insights/logreduce) that provides up to 10x speedup over classic LogReduce on datasets with hundreds of thousands of logs.
 
 ---
 ## April 6, 2021 (Dashboard)

blog-service/2022/12-31.md

@@ -164,8 +164,8 @@ Update - We’ve released an improvement that eases the processes of administeri
 
 Update - We’ve released an improved, re-organized UI for Data Forwarding. There are now separate pages for managing different types of data forwarding destinations:  
 
-* Destinations that receive data forwarded from Sumo Logic partitions or scheduled views are still managed on the **Manage Data > Logs > Data Forwarding** page.
-* Destinations that receive data from Installed Collectors are managed on a new page: **Manage Data > Collection > Data Archiving** page.
+* Destinations that receive data forwarded from Sumo Logic partitions or scheduled views are still managed on the [**Data Forwarding**](/docs/manage/data-forwarding/view-list-data-forwarding/) page.
+* Destinations that receive data from Installed Collectors are managed on a new page [**Archive**](/docs/manage/data-archiving/archive/#archive-page) page.
 
 For more information, see [Forward Data from Sumo Logic to S3](/docs/manage/data-forwarding/amazon-s3-bucket).
 

blog-service/2023/12-31.md

@@ -422,7 +422,7 @@ We're excited to introduce a new addition to Sumo Logic account management. Org
 
 Here's how to export detailed child usages:
 
-1. In the left navigation bar, select **Administration > Account**. The Account Overview tab is shown by default.
+1. Navigate to the [**Account Overview**](/docs/manage/manage-subscription/sumo-logic-credits-accounts/#account-overview) page.
 1. Click on the kebab button and select **Download Detailed Child Usages**, to export/dowload the detailed child usages.<br/><img src={useBaseUrl('img/manage/account/download-detailed-child-usages.png')} alt="download-detailed-child-usages" width="650" style={{border: '1px solid gray'}}/>
 
 
@@ -758,7 +758,7 @@ We're excited to announce the release of our new cloud-to-cloud source for Trell
 
 We’re happy to announce a new security option allowing administrators to set a custom policy for the number of days an API Access Key can go unused before being automatically deactivated. This setting allows administrators to tailor the feature to suit their organization’s specific security requirements. This enhances the security of your account by reducing the risk of unauthorized access through abandoned access keys. This ensures that only active access keys can be used to access your account and its resources.
 
-To access this feature, log in to your account and navigate to **Administration > Security > Policies**. From there, you can set your preferred policy for deactivation of unused access keys. [Learn more](/docs/manage/security/access-keys#edit-deactivate-or-delete-an-access-key).
+[Learn more](/docs/manage/security/access-keys#edit-deactivate-or-delete-an-access-key).
 
 
 ---