Merge branch 'main' into azure-events-hub-doc-changes

Author: himanshu219

blog-csoar/2024-12-31-application-update.md

@@ -0,0 +1,20 @@
+---
+title: December 31, 2024 - Application Update
+keywords:
+  - sumo logic
+  - cloud soar
+image: https://help.sumologic.com/img/sumo-square.png
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-csoar/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+### Sumo Logic On-Premises SOAR Solution End-of-Life
+
+Effective today, **December 31, 2024**, Sumo Logic’s on-premises SOAR solution has reached end-of-life and is obsolete. Beginning today, it no longer receives applicable support entitled by active support contracts or by applicable warranty terms and conditions.
+
+We [previously announced](/release-notes-csoar/2023/12/31/#november-1-2023---application-update) that as of November 15, 2023, Sumo Logic's on-premises SOAR solution no longer received updates, and Sumo Logic Engineering no longer developed, repaired, maintained, or tested the software as of that date.
+
+To upgrade to Sumo Logic’s [Cloud SOAR](https://help.sumologic.com/docs/cloud-soar/) offering, reach out to your Sumo Logic representative.

blog-service/2024-12-31-apps.md

@@ -0,0 +1,73 @@
+---
+title: Apps, Solutions, and Collection Integrations - December Release (Observability)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - releases-notes
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+### New release
+
+We’re excited to announce the release of new Azure Service Bus, Azure API Management, Azure Event Grid, and AWS Serverless Application Models for Sumo Logic.
+
+- **Azure Service Bus**. Azure Service Bus is a fully managed enterprise message broker with message queues and publish-subscribe topics (in a namespace) used for decoupling applications and services from each other. This integration helps in monitoring incoming/outgoing messages, connections, throttled requests, and resource usage of your Service Bus namespace. [Learn more](/docs/integrations/microsoft-azure/azure-service-bus/).
+- **Azure API Management**. Azure API Management is a hybrid multicloud platform for managing APIs across different environments. As a platform-as-a-service, it supports the entire API lifecycle and provides near real-time visibility into API status and health, offering essential API Management operations and details for auditing. [Learn more](/docs/integrations/microsoft-azure/azure-api-management/).
+- **Azure Event Grid**. Azure Event Grid is a highly scalable, fully managed Pub Sub message distribution service that offers flexible message consumption patterns using the MQTT and HTTP protocols. This integration helps in monitoring data plane requests, delivery failures and publish failures of Event Grid resources - custom topics, system topics and domains. [Learn more](/docs/integrations/microsoft-azure/azure-event-grid/)
+- **AWS Serverless Application Models**. Released the following four SAMs with Python v3.13 and updated the AWS Lambda runtime with latest libraries:
+    - `sumologic-securityhub-connector-aws-org` - SAM SemanticVersion: 1.0.8.
+    - `sumologic-s3-logging-auto-enable` - SAM SemanticVersion: 1.0.15.
+    - `sumologic-aws-cloudtrail-benchmark` - SAM SemanticVersion: 1.0.18.
+    - `sumologic-app-utils` - SAM SemanticVersion: 2.0.19.
+
+### Enhancements 
+
+- **Added Monitors**. We have added new pre-configured monitors to the [Cassandra - OpenTelemetry](/docs/integrations/databases/opentelemetry/cassandra-opentelemetry/#cassandra-alerts), [Couchbase - OpenTelemetry](/docs/integrations/databases/opentelemetry/couchbase-opentelemetry/#couchbase-alerts), [HAProxy - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/haproxy-opentelemetry/#haproxy-alerts), [IIS - OpenTelemetry](/docs/integrations/web-servers/iis-10), [Linux - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry/#sql-server-linux-alerts), [MariaDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mariadb-opentelemetry/#mariadb-alerts), [Memcached - OpenTelemetry](/docs/integrations/databases/opentelemetry/memcached-opentelemetry/#memcached-alerts), [MongoDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mongodb-opentelemetry/#mongodb-alerts), [Oracle - OpenTelemetry](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/#oracle-alerts), [RabbitMQ - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/rabbitmq-opentelemetry/#rabbitmq-alerts), [Redis - OpenTelemetry](/docs/integrations/databases/opentelemetry/redis-opentelemetry/#redis-alerts), [Squid Proxy - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/squid-proxy-opentelemetry/#squidproxy-alerts), [Varnish - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/varnish-opentelemetry/#varnish-alerts), [JFrog Artifactory - OpenTelemetry](/docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry), [VMWare - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry), and [Active Directory JSON - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry) apps.     
+- **Azure Blob Storage (block blobs) Collection**. Updated the Block Blob collection to support collection for Network Flow logs. The Network Security Group (NSG) flow logs will be removed on 30 September 2027. **From 30 June 2025, you will no longer be able to generate new NSG flow logs as part of this retirement**. For more details, refer to the Azure [documentation](https://learn.microsoft.com/en-us/azure/network-watcher/flow-logs-read?tabs=nsg).
+- The apps listed below have been updated, and as part of the app installation flow, you can now create Cloud-to-Cloud sources:
+    - [1Password](/docs/integrations/saas-cloud/1password/#collection-configuration-and-app-installation)
+    - [Abnormal Security](/docs/integrations/saas-cloud/abnormal-security/#collection-configuration-and-app-installation)
+    - [Airtable](/docs/integrations/saas-cloud/airtable/#collection-configuration-and-app-installation)
+    - [Akamai Security Events](/docs/integrations/security-threat-detection/akamai-security-events/#collection-configuration-and-app-installation)
+    - [Atlassian](/docs/integrations/saas-cloud/atlassian/#collection-configuration-and-app-installation)
+    - [Box](/docs/integrations/saas-cloud/box/#set-up-collection)
+    - [Cato Networks](/docs/integrations/saas-cloud/cato-networks/#collection-configuration-and-app-installation)
+    - [Cisco Meraki](/docs/integrations/saas-cloud/cisco-meraki-c2c/#collection-configuration-and-app-installation)
+    - [CrowdStrike - Falcon Endpoint Protection](/docs/integrations/security-threat-detection/crowdstrike-falcon-endpoint-protection/#collection-configuration-and-app-installation)
+    - [CrowdStrike FDR Host Inventory](/docs/integrations/saas-cloud/crowdstrike-fdr-host-inventory/#collection-configuration-and-app-installation)
+    - [CrowdStrike Spotlight](/docs/integrations/saas-cloud/crowdstrike-spotlight/#collection-configuration-and-app-installation)
+    - [Duo Security](/docs/integrations/security-threat-detection/duo-security/#collection-configuration-and-app-installation)
+    - [KnowBe4](/docs/integrations/saas-cloud/knowbe4/#collection-configuration-and-app-installation)
+    - [LastPass](/docs/integrations/saas-cloud/lastpass/#collection-configuration-and-app-installation)
+    - [Microsoft Azure AD Inventory](/docs/integrations/saas-cloud/microsoft-azure-ad-inventory/#collection-configuration-and-app-installation)
+    - [Microsoft Graph Azure AD Reporting](/docs/integrations/saas-cloud/microsoft-graph-azure-ad-reporting/#collection-configuration-and-app-installation)
+    - [Microsoft Graph Security](/docs/integrations/saas-cloud/microsoft-graph-security-v1/#collection-configuration-and-app-installation)
+    - [Netskope](/docs/integrations/security-threat-detection/netskope/#collection-configuration-and-app-installation)
+    - [Okta](/docs/integrations/saml/okta/#collection-configuration-and-app-installation)
+    - [Proofpoint On Demand](/docs/integrations/saas-cloud/proofpoint-on-demand/#collection-configuration-and-app-installation)
+    - [Proofpoint TAP](/docs/integrations/saas-cloud/proofpoint-tap/#collection-configuration-and-app-installation)
+    - [Qualys VMDR](/docs/integrations/saas-cloud/qualys-vmdr/#collection-configuration-and-app-installation)
+    - [Rapid7](/docs/integrations/saas-cloud/rapid7/#collection-configuration-and-app-installation)
+    - [Salesforce](/docs/integrations/saas-cloud/salesforce/#collection-configuration-and-app-installation)
+    - [SentinelOne](/docs/integrations/saas-cloud/sentinelone/#collection-configuration-and-app-installation)
+    - [Slack](/docs/integrations/saas-cloud/slack/#collection-configuration-and-app-installation)
+    - [Sophos](/docs/integrations/saas-cloud/sophos/#collection-configuration-and-app-installation)
+    - [Tenable](/docs/integrations/saas-cloud/tenable/#collection-configuration-and-app-installation)
+    - [Workday](/docs/integrations/saas-cloud/workday/#collection-configuration-and-app-installation)
+
+### Bug fixes
+
+- Minor *query* fixes in the following [Next-Gen Apps](/docs/get-started/apps-integrations/#next-gen-apps):
+    - Kubernetes
+    - EKS Control Plane app
+    - Doppel Vision
+    
+- Minor fixes in the *monitors* in the following [Classic Apps (Legacy)](/docs/get-started/apps-integrations/#classic-apps-legacy):
+    - AWS WAF
+    - AWS WAF - Cloud Security Monitoring and Analytics
+
+- **Flex app**. Minor changes in the variable name.

docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry.md

@@ -15,11 +15,15 @@ The Sumo Logic app for Artifactory provides insight into your [JFrog Artifactory
 
 <img src='https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Artifactory-OpenTelemetry/Artifactory-Schematics.png' alt="Artifactory-Schematics" />
 
+:::info
+This app includes [built-in monitors](#jfrog-artifactory-alerts). For details on creating custom monitors, refer to the [Create monitors for JFrog Artifactory app](#create-monitors-for-jfrog-artifactory-app).
+:::
+
 ## Fields creation in Sumo Logic for Artifactory
 
 Following are the Tags which will be created as part of Artifactory app install if not already present.
 
-* `sumo.datasource`. Has fixed value of **artifactory**
+* `sumo.datasource`. Has fixed value of **artifactory**.
 
 ## Prerequisites
 
@@ -244,3 +248,21 @@ import JfrogReq from '../../../reuse/apps/jfrog/artifactory-request-access.md';
 import JfrogTr from '../../../reuse/apps/jfrog/artifactory-traffic.md';
 
 <JfrogTr/>
+
+## Create monitors for JFrog Artifactory app
+
+import CreateMonitors from '../../../reuse/apps/create-monitors.md';
+
+<CreateMonitors/>
+
+### JFrog Artifactory alerts
+
+| Name | Description | Alert Condition | Recover Condition |
+|:--|:--|:--|:--|
+| `Artifactory - Excessive Denied Login Attempts` | This alert is triggered when there are multiple denied login attempts from the same IP or user. | Count `>` 5 | Count `<=` 5 |
+| `Artifactory - High 4xx Status Codes` | This alert is triggered when there's a high number of HTTP 4xx error responses. | Count `>` 10 | Count `<=` 10 |
+| `Artifactory - High 5xx Status Codes` | This alert is triggered when there's a high number of HTTP 5xx error responses. | Count `>` 10 | Count `<=` 10 |
+| `Artifactory - High Denied Deploys to Cached Repos` | This alert is triggered when there's a high number of denied deploy attempts to cached repositories. | Count `>` 5 | Count `<=` 5 |
+| `Artifactory - High Denied Deploys to Non-Cached Repos` | This alert is triggered when there's a spike in denied deploy attempts to non-cached repositories. | Count `>` 5 | Count `<=` 5 |
+| `Artifactory - High Denied Downloads` | This alert is triggered when there's a high number of denied download attempts. | Count `>` 5 | Count `<=` 5 |
+| `Artifactory - Slow HTTP Response Times` | This alert is triggered when Artifactory response times are high. | Count `>` 5 | Count `<=` 5 |

docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry.md

@@ -21,7 +21,12 @@ See the [vSphere product page](https://www.vmware.com/products/vsphere.html) for
 
 <img src='https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/VMWare-OpenTelemetry/VMWare-Schematics.png' alt="Schematics" />
 
+:::info
+This app includes [built-in monitors](#vmware-alerts). For details on creating custom monitors, refer to the [Create monitors for JFrog Artifactory app](#create-monitors-for-vmware-app).
+:::
+
 ## Prerequisites
+
 VMWare metrics are collected through the [vCenter Receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/vcenterreceiver) of OpenTelemetry.
 
 This receiver has been built to support ESXi and vCenter versions:
@@ -276,3 +281,22 @@ The **VMWare - VM Details** dashboard provides a detailed analysis of VM metrics
 - **Top 25 VMs Network Packet Rate**. Top 25 VMs Network transmitted/received packet rate.
 - **Top 25 VMs Network Packet Drop Rate**. Top 25 VMs Network transmitted/received packet drop rate.
 - **Top 25 VMs Memory Swapped**. Top 25 VMs Memory swapped.
+
+## Create monitors for VMWare app
+
+import CreateMonitors from '../../../reuse/apps/create-monitors.md';
+
+<CreateMonitors/>
+
+### VMWare alerts
+
+| Name | Description | Alert Condition | Recover Condition |
+|:--|:--|:--|:--|
+| `VMware - Datastore High Utilization` | This alert is triggered when datastore usage is approaching capacity. | Count `>=` 90 | Count `<` 90 |
+| `VMware - High Virtual Disk Read Latency` | This alert gets triggered on high virtual datastore read latency indicating storage performance issues. | Count `>=` 20 | Count `<` 20 |
+| `VMware - High Virtual Disk Write Latency` | This alert gets triggered on high virtual datastore write latency indicating storage performance issues. | Count `>=` 20 | Count `<` 20 |
+| `VMware - Host CPU High Utilization` | This alert is triggered when host CPU utilization is consistently high, which may impact VM performance. | Count `>=` 90 | Count `<` 90 |
+| `VMware - Host Memory Utilization` | This alert is triggered when host memory utilization is consistently high. | Count `>=` 95 | Count `<` 95 |
+| `VMware - VM CPU Ready Time High` | This alert gets triggered when VMs are waiting too long for CPU resources, indicating CPU contention. | Count `>=` 10 | Count `<` 10 |
+| `VMware - VM Memory Balloon Pressure` | This alert gets triggered when VMs are experiencing significant memory ballooning. | Count `>=` 1024 | Count `<` 1024 |
+