Merge branch 'main' into threat-intel-ga

Author: jpipkin1

.clabot

@@ -173,7 +173,8 @@
     "JamoCA",
     "darshan-sumo",
     "mahendrak-sumo",
-    "chvik"
+    "chvik",
+    "Apoorvkudesia-sumologic"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",

blog-cse/2025-01-14-content.md

@@ -20,7 +20,7 @@ This content release includes:
 In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted Location" will be deleted from the out-of-the-box Cloud SIEM rules due to unmanageable deny list logic and low adoption. To retain this rule, a duplicate must be made prior to the deletion.
 :::
 
-## Log Mappers
+### Log Mappers
 - [New] Azure DevOps Auditing Catch All
 - [New] Check Point Application Control URL Filtering
 - [New] Cisco ISE Radius Diagnostics
@@ -40,15 +40,15 @@ In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted
 - [Updated] Cloudflare - Logpush
     - Adds mapping for `dns_query`, `http_hostname`, `http_response_contentLength`, `http_response_contentType`, and an alternative value for `ipProtocol`.
 - [Updated] Linux OS Syslog - Process sshd - SSH Session Closed|disconnect
-    - Adds mapping for `normalizedActio`n
+    - Adds mapping for `normalizedAction`
 - [Updated] Linux OS Syslog - Process systemd - Systemd Session Start and Systemd File Configuration
     - Added support for additional events and mapping of `file_path`
 
-## Parsers
+### Parsers
 - [New] /Parsers/System/Pfsense/Pfsense Firewall
 - [Updated] /Parsers/System/Check Point/Check Point Firewall JSON
 - [Updated] /Parsers/System/Cisco/Cisco ISE
 - [Updated] /Parsers/System/Cloudflare/Cloudflare Logpush
 - [Updated] /Parsers/System/Linux/Linux OS Syslog
 - [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers
-- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers
+- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers

blog-cse/2025-01-28-content.md

@@ -0,0 +1,26 @@
+---
+title: January 28, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+- Fix to Azure DevOps Auditing mapper to ensure only Azure DevOps logs are mapped by it when ingested via Event Hubs C2C.
+- Adds parsing and mapping support for additional OpenVPN events.
+- Adds additional timestamp format handling to Azure JSON log parsing.
+
+### Log Mappers
+- [Updated] Azure DevOps Auditing Catch All
+- [Updated] OpenVPN Audit Event
+- [Updated] OpenVPN Network Event
+
+### Parsers
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/OpenVPN/OpenVPN Syslog

blog-cse/2025-01-31-content.md

@@ -0,0 +1,54 @@
+---
+title: January 31, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+- Removal and updates to Cloud SIEM rules.
+- Parsing and mapping support for new products.
+- Updates to existing parsing and mappers to support additional events and field mappings.
+
+Changes are enumerated below.
+
+### Rules
+- [Deleted] MATCH-S00604 OneLogin - API Credentials - Key Used from Untrusted Location
+- [Updated] FIRST-S00044 First Seen AppID Generating MailItemsAccessed Event from User
+    - Corrected typo in "MailItemsAccessed".
+- [Updated] FIRST-S00046 First Seen Client Generating MailItemsAccessed Event from User
+    - Corrected typo in "MailItemsAccessed".
+
+### Log Mappers
+- [New] Crowdstrike FileVantage Catch All
+- [New] Dragos Communication
+- [New] Dragos Indicator
+- [New] Dragos System|Asset
+- [New] Extrahop JSON Catch All
+- [New] F5 TMM Http Request|TMM Network|TMM Connection error
+- [New] F5 TMSH - Custom Parser
+- [New] Zendesk - Login events
+#### Updated Field Mappings
+- [Updated] Code42 Incydr Alerts C2C
+- [Updated] Cyber Ark EPM AggregateEvent
+- [Updated] Google G Suite - meet
+- [Updated] Palo Alto GlobalProtect - Custom Parser
+- [Updated] Palo Alto GlobalProtect Auth - Custom Parser
+- [Updated] Zendesk Catch All
+
+### Parsers
+- [New] /Parsers/System/CrowdStrike/CrowdStrike Filevantage
+- [New] /Parsers/System/Extrahop/Extrahop JSON
+#### Updated parsers to handle additional events and field parsing
+- [Updated] /Parsers/System/Code42/Code42 Incydr
+- [Updated] /Parsers/System/Dragos/Dragos
+- [Updated] /Parsers/System/F5/F5 Syslog
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/Microsoft/Office 365
+- [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV

blog-service/2021/12-31.md

@@ -76,7 +76,7 @@ Update - The [Mimecast Source](/docs/send-data/hosted-collectors/cloud-to-cloud
 ---
 ## October 27, 2021 (Traces)
 
-New - Build custom Dashboards with [new panels](/docs/apm/traces/services-list-map) to view Service Maps filtered by service and application and Trace Lists filtered by a query to directly access trace views. Add panels to existing or new dashboards, setting filters and customized options.
+New - Build custom Dashboards with [new panels](/docs/apm/services-list-map) to view Service Maps filtered by service and application and Trace Lists filtered by a query to directly access trace views. Add panels to existing or new dashboards, setting filters and customized options.
 
 ---
 ## October 27, 2021 (Apps)
@@ -102,7 +102,7 @@ Update - We are delighted to release the additional Logs and Metrics dashboards
 ---
 ## October 14, 2021 (Traces)
 
-New - Operation level health metrics describe performance and availability on the level of a single SQL query or API call. They are automatically generated from tracing data real time for the most active operations, enabling you to understand application service health on one level below: what operations is this service executing towards its peers and what's the performance of each of them individually. See [Service Map and Dashboards](/docs/apm/traces/services-list-map).
+New - Operation level health metrics describe performance and availability on the level of a single SQL query or API call. They are automatically generated from tracing data real time for the most active operations, enabling you to understand application service health on one level below: what operations is this service executing towards its peers and what's the performance of each of them individually. See [Service Map and Dashboards](/docs/apm/services-list-map).
 
 ---
 ## October 6, 2021 (Collection)
@@ -230,7 +230,7 @@ Update - We are delighted to announce the availability of enhanced search functi
 ---
 ## August 12, 2021 (Traces)
 
-New - We are excited to introduce a new [Span Analytics](/docs/apm/traces/spans) experience to help you explore your trace data at the raw span level so you can understand the performance and behavior of your infrastructure.
+New - We are excited to introduce a new [Span Analytics](/docs/apm/spans) experience to help you explore your trace data at the raw span level so you can understand the performance and behavior of your infrastructure.
 
 ---
 ## August 12, 2021 (Collection)
@@ -596,7 +596,7 @@ Update - Explore now offers the ability to [filter your view](/docs/dashboards
 ---
 ## March 24, 2021 (Traces)
 
-New - We're excited to announce our [Service Map and Dashboards](/docs/apm/traces/services-list-map). A Service Map is a high-level out-of-the-box overview of your environment created from distributed tracing data. Service Maps provide you a real-time view of:
+New - We're excited to announce our [Service Map and Dashboards](/docs/apm/services-list-map). A Service Map is a high-level out-of-the-box overview of your environment created from distributed tracing data. Service Maps provide you a real-time view of:
 
 -   Your microservices and connections between them, to give you insight into their dependencies and relations.
 -   Health and load of each microservice reflected in size and color, so you can immediately ascertain potential problems and bottlenecks in your application infrastructure.

blog-service/2022/12-31.md

@@ -558,7 +558,7 @@ Update - The [Tenable Source](/docs/send-data/hosted-collectors/cloud-to-cloud-i
 ---
 ## April 26, 2022 (Traces)
 
-New - You can now add the results of Spans queries directly to Dashboards from the [Spans analytics](/docs/apm/traces/spans#add-to-dashboard) window. You'll use the same easy query builder to [modify your panels](/docs/dashboards/panels/modify-chart) later. You can still use [Log Search](/docs/apm/traces/search-query-language-support-for-traces) to add span results to Dashboards by running queries in the `_trace_spans` index. The same limitations of Log Search still apply, your query scan volume should not exceed 200x of your tracing ingest.
+New - You can now add the results of Spans queries directly to Dashboards from the [Spans analytics](/docs/apm/spans#add-to-dashboard) window. You'll use the same easy query builder to [modify your panels](/docs/dashboards/panels/modify-chart) later. You can still use [Log Search](/docs/apm/traces/search-query-language-support-for-traces) to add span results to Dashboards by running queries in the `_trace_spans` index. The same limitations of Log Search still apply, your query scan volume should not exceed 200x of your tracing ingest.
 
 ---
 ## April 17, 2022 (Apps)
@@ -678,7 +678,7 @@ Update - We’ve made an improvement to the [Sumo Logic Organizations](/docs/man
 ---
 ## February 10, 2022 (Traces)
 
-New - Number of [spans](/docs/apm/traces/spans) per Trace has been increased by 10 times to 10000 spans per trace to better support monitoring for long running and complex transactions. Please note that new spans can increase credits consumption.
+New - Number of [spans](/docs/apm/spans) per Trace has been increased by 10 times to 10000 spans per trace to better support monitoring for long running and complex transactions. Please note that new spans can increase credits consumption.
 
 Update - Traces logs and data includes a new `duration` field that holds the difference between `endTimestamp` and `startTimestamp` in nanoseconds.
 

blog-service/2023/12-31.md

@@ -57,7 +57,7 @@ Here are some of the key features the new solution offers:
 * **Misconfigurations**. See areas in your environment that need to be addressed because they fail best practice security controls.
 * **Suspicious activity assessment**. See suspicious activity across users, web interactions, networks, and Identity Access Management (IAM).
 
-To learn how you can set up and use Cloud Infrastructure Security for AWS, and for preview limitations, check out our technical documentation [here](/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
+To learn how you can set up and use Cloud Infrastructure Security for AWS, and for preview limitations, check out our technical documentation [here](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
 
 :::note
 To use the solution, you are required to sign up and activate Amazon GuardDuty and AWS Security Hub.
@@ -1012,7 +1012,7 @@ We're excited to introduce an improved approach to calculating and aggregating p
 
 What's New?
 * All APM metrics on dashboards now use the recently released [Metrics Histograms](/docs/metrics/introduction/metric-histograms/).
-* The Service List panel replaces the existing timeseries table in the Application Details panel and is now included in out-of-the-box dashboards for APM views. This change leverages the new and useful visualization for [Services List](/docs/apm/traces/services-list-map/#services-list-view) released earlier.
+* The Service List panel replaces the existing timeseries table in the Application Details panel and is now included in out-of-the-box dashboards for APM views. This change leverages the new and useful visualization for [Services List](/docs/apm/services-list-map/#services-list-view) released earlier.
 * The top bar selector for latency type has been renamed to `latency_type`, which now automatically drives all latency percentile metrics in all panels that support pct metrics.
 
 [Learn more](/docs/apm/traces/tracing-dashboards/).
@@ -1359,7 +1359,7 @@ Update - We have updated the **Reuse Password After** password policy. Previousl
 
 #### Tracing Services List
 
-New - Our new tracing **Services List** view provides a high-level summary of your service health insights and important KPIs in one compact table, allowing you to spot potential issues in your application infrastructure. [Learn more](/docs/apm/traces/services-list-map).
+New - Our new tracing **Services List** view provides a high-level summary of your service health insights and important KPIs in one compact table, allowing you to spot potential issues in your application infrastructure. [Learn more](/docs/apm/services-list-map).
 
 ---
 ### January 17, 2023 (Metrics)

blog-service/2024/12-31.md

@@ -401,7 +401,7 @@ You can now more easily configure sources on a simplified screen, allowing you t
 
 <img src={useBaseUrl('img/integrations/amazon-aws/cis-for-aws-install-0.png')} alt="Configure Sources screen" style={{border: '1px solid gray'}} width="700"/>
 
-[Learn more](/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
+[Learn more](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
 
 ### October 21, 2024 (Apps)
 
@@ -807,7 +807,7 @@ We're excited to announce increased visibility into your AWS Cloud environment w
 
 This functionality is in preview. To participate, reach out to your Sumo Logic account executive.
 
-[Learn more](/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
+[Learn more](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
 
 :::note
 As part of the preview, you can use CloudQuery logs with Cloud Infrastructure Security for AWS. To use the logs, configure the CloudQuery source when you deploy the solution.
@@ -1077,7 +1077,7 @@ Here are some of the key features the new solution offers:
 * **Misconfigurations**. See areas in your environment that need to be addressed because they fail best practice security controls.
 * **Suspicious activity assessment**. See suspicious activity across users, web interactions, networks, and Identity Access Management (IAM).
 
-To learn how you can set up and use Cloud Infrastructure Security for AWS, check out our [technical documentation](/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
+To learn how you can set up and use Cloud Infrastructure Security for AWS, check out our [technical documentation](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
 
 
 :::note Action Required

blog-service/2025-01-28-apps.md

@@ -0,0 +1,14 @@
+---
+title: VMware Workspace ONE (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - vmware-workspace-one
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to introduce the new VMware Workspace ONE app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud VMware Workspace ONE source that collects audit logs data from the VMware Workspace ONE platform. This app helps security analysts monitor device compliance, encryption, and overall security status, offering a powerful solution for effective risk analysis, policy enforcement, and device security. [Learn more](/docs/integrations/saas-cloud/vmware-workspace-one/).

blog-service/2025-01-30-manage.md

@@ -0,0 +1,15 @@
+---
+title: Introducing Sumo Logic Organizations for Flex Customers (Manage)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - manage
+  - create-manage-orgs-flex
+  - flex-plan
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We are excited to announce that we are now supporting Sumo Logic's Organizations ("Sumo Orgs") feature for Sumo Logic Flex customers. With this release, Flex customers can effectively group, provision, manage, and monitor the credit usage across multiple organizations, providing greater visibility and control over account structures. [Learn more](/docs/manage/manage-subscription/create-manage-orgs-flex).