Merge branch 'main' into docs-1215-dynamic-severity

jpipkin1 · web-flow · commit 3005a9586b91 · 2025-10-29T09:46:40.000-05:00
diff --git a/blog-cse/2025-10-28-content.md b/blog-cse/2025-10-28-content.md
@@ -0,0 +1,34 @@
+---
+title: October 28, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+    - New mappers for Crowdstrike Falcon events.
+    - Updates to existing mappers for Crowdstrike Falcon, F5, and Okta events to support additional fields and events.
+    - Updates to F5 Networks and Okta SSO parsers.
+
+Changes are enumerated below.
+
+### Log Mappers
+- [New] CrowdStrike Falcon Host API IdpDetectionSummaryEvent
+- [New] CrowdStrike Falcon Identity Protection
+- [Updated] CrowdStrike UserActivity Logs
+- [Updated] F5 Authentication Catch All
+- [Updated] F5 HTTPd Audit - Custom Parser
+- [Updated] F5 Session and adfs proxy - Custom Parser
+- [Updated] Okta Authentication - auth_via_AD_agent
+- [Updated] Okta Authentication - auth_via_mfa
+- [Updated] Okta Authentication - auth_via_radius
+- [Updated] Okta Authentication - sso
+- [Updated] Okta Authentication Events
+- [Updated] Okta Catch All
+- [Updated] Okta Security Threat Events
+
+### Parsers
+- [Updated] /Parsers/System/F5/F5 Syslog
+- [Updated] /Parsers/System/Okta/Okta
diff --git a/docs/api/index.md b/docs/api/index.md
@@ -164,6 +164,11 @@ Use the Sumo Logic Application Programming Interfaces (APIs) to interact with ou
   <a href={useBaseUrl('docs/api/organizations-management')}><img src={useBaseUrl('img/icons/manage.png')} alt="Thumbnail icon" width="50"/><h4>Organizations</h4></a>
   </div>
 </div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href={useBaseUrl('docs/api/parsers-library-management')}><img src={useBaseUrl('img/icons/operations/parsing-data.png')} alt="Thumbnail icon" width="50"/><h4>Parsers Library</h4></a>
+  </div>
+</div>
 <div className="box smallbox card">
   <div className="container">
   <a href={useBaseUrl('docs/api/partition-management')}><img src={useBaseUrl('img/icons/operations/data-overage.png')} alt="Thumbnail icon" width="50"/><h4>Partitions</h4></a>
@@ -204,6 +209,11 @@ Use the Sumo Logic Application Programming Interfaces (APIs) to interact with ou
   <a href={useBaseUrl('docs/api/scheduled-views')}><img src={useBaseUrl('img/icons/general/calendar.png')} alt="Thumbnail icon" width="50"/><h4>Scheduled Views</h4></a>
   </div>
 </div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href={useBaseUrl('docs/api/schema-base-management')}><img src={useBaseUrl('img/icons/operations/schema.png')} alt="Thumbnail icon" width="50"/><h4>Schema Base</h4></a>
+  </div>
+</div>
 <div className="box smallbox card">
   <div className="container">
   <a href={useBaseUrl('docs/api/scim-user')}><img src={useBaseUrl('img/icons/general/session.png')} alt="Thumbnail icon" width="50"/><h4>SCIM User</h4></a>
@@ -234,6 +244,11 @@ Use the Sumo Logic Application Programming Interfaces (APIs) to interact with ou
   <a href={useBaseUrl('docs/api/slo-management')}><img src={useBaseUrl('img/icons/observe.png')} alt="Thumbnail icon" width="50"/><h4>SLOs</h4></a>
   </div>
 </div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href={useBaseUrl('docs/api/source-template-management')}><img src={useBaseUrl('img/icons/operations/topology-explorer.png')} alt="Thumbnail icon" width="50"/><h4>Source Template</h4></a>
+  </div>
+</div>
 <div className="box smallbox card">
   <div className="container">
   <a href={useBaseUrl('docs/api/span-analytics')}><img src={useBaseUrl('img/icons/operations/distributed-operations.png')} alt="Thumbnail icon" width="50"/><h4>Span Analytics</h4></a>
diff --git a/docs/api/parsers-library-management.md b/docs/api/parsers-library-management.md
@@ -0,0 +1,37 @@
+---
+id: parsers-library-management
+title: Parsers Library Management APIs
+sidebar_label: Parsers Library
+description: Customize parsers using the API. 
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+import ApiIntro from '../reuse/api-intro.md';
+import ApiRoles from '../reuse/api-roles.md';
+
+<img src={useBaseUrl('img/icons/operations/parsing-data.png')} alt="Thumbnail icon" width="50"/>
+
+Use this API to customize parsers. The parsers library contains the parsers used in the `_parser` field for collector, FER, or query. For more information on customizing parsers, see [Parser Editor](/docs/cse/schema/parser-editor/).
+
+## Documentation
+
+<ApiIntro/>
+
+| Deployment | Documentation URL                                           |
+|:------------|:-------------------------------------------------------------|
+| AU         | https://api.au.sumologic.com/docs/#tag/parsersLibraryManagement  |
+| CA         | https://api.ca.sumologic.com/docs/#tag/parsersLibraryManagement  |
+| DE         | https://api.de.sumologic.com/docs/#tag/parsersLibraryManagement  |
+| EU         | https://api.eu.sumologic.com/docs/#tag/parsersLibraryManagement  |
+| FED        | https://api.fed.sumologic.com/docs/#tag/parsersLibraryManagement |
+| JP         | https://api.jp.sumologic.com/docs/#tag/parsersLibraryManagement  |
+| KR         | https://api.kr.sumologic.com/docs/#tag/parsersLibraryManagement  |
+| US1        | https://api.sumologic.com/docs/#tag/parsersLibraryManagement     |
+| US2        | https://api.us2.sumologic.com/docs/#tag/parsersLibraryManagement |
+
+## Required role capabilities
+
+<ApiRoles/>
+
+* [Data Management](/docs/manage/users-roles/roles/role-capabilities/#data-management)
+    * View Parsers
diff --git a/docs/api/schema-base-management.md b/docs/api/schema-base-management.md
@@ -0,0 +1,38 @@
+---
+id: schema-base-management
+title: Schema Base Management APIs
+sidebar_label: Schema Base
+description: Customize schema base management APIs.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+import ApiIntro from '../reuse/api-intro.md';
+import ApiRoles from '../reuse/api-roles.md';
+
+<img src={useBaseUrl('img/icons/operations/schema.png')} alt="Thumbnail icon" width="50"/>
+
+Use this API to customize schema used by [OpenTelemetry Remote Management Source Templates](/docs/send-data/opentelemetry-collector/remote-management/source-templates/).
+
+## Documentation
+
+<ApiIntro/>
+
+| Deployment | Documentation URL                                           |
+|:------------|:-------------------------------------------------------------|
+| AU         | https://api.au.sumologic.com/docs/#tag/schemaBaseManagement  |
+| CA         | https://api.ca.sumologic.com/docs/#tag/schemaBaseManagement  |
+| DE         | https://api.de.sumologic.com/docs/#tag/schemaBaseManagement  |
+| EU         | https://api.eu.sumologic.com/docs/#tag/schemaBaseManagement  |
+| FED        | https://api.fed.sumologic.com/docs/#tag/schemaBaseManagement |
+| JP         | https://api.jp.sumologic.com/docs/#tag/schemaBaseManagement  |
+| KR         | https://api.kr.sumologic.com/docs/#tag/schemaBaseManagement  |
+| US1        | https://api.sumologic.com/docs/#tag/schemaBaseManagement     |
+| US2        | https://api.us2.sumologic.com/docs/#tag/schemaBaseManagement |
+
+## Required role capabilities
+
+<ApiRoles/>
+
+* [Data Management](/docs/manage/users-roles/roles/role-capabilities/#data-management)
+   * Manage Collectors
+   * View Collectors
diff --git a/docs/api/source-template-management.md b/docs/api/source-template-management.md
@@ -0,0 +1,38 @@
+---
+id: source-template-management
+title: Source Template Management APIs
+sidebar_label: Source Template
+description: Manage OpenTelemetry Source Templates with APIs.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+import ApiIntro from '../reuse/api-intro.md';
+import ApiRoles from '../reuse/api-roles.md';
+
+<img src={useBaseUrl('img/icons/operations/topology-explorer.png')} alt="Thumbnail icon" width="50"/>
+
+Use this API to manage [OpenTelemetry Remote Management Source Templates](/docs/send-data/opentelemetry-collector/remote-management/source-templates/).
+
+## Documentation
+
+<ApiIntro/>
+
+| Deployment | Documentation URL                                           |
+|:------------|:-------------------------------------------------------------|
+| AU         | https://api.au.sumologic.com/docs/#tag/sourceTemplateManagementExternal  |
+| CA         | https://api.ca.sumologic.com/docs/#tag/sourceTemplateManagementExternal  |
+| DE         | https://api.de.sumologic.com/docs/#tag/sourceTemplateManagementExternal  |
+| EU         | https://api.eu.sumologic.com/docs/#tag/sourceTemplateManagementExternal  |
+| FED        | https://api.fed.sumologic.com/docs/#tag/sourceTemplateManagementExternal |
+| JP         | https://api.jp.sumologic.com/docs/#tag/sourceTemplateManagementExternal  |
+| KR         | https://api.kr.sumologic.com/docs/#tag/sourceTemplateManagementExternal  |
+| US1        | https://api.sumologic.com/docs/#tag/sourceTemplateManagementExternal     |
+| US2        | https://api.us2.sumologic.com/docs/#tag/sourceTemplateManagementExternal |
+
+## Required role capabilities
+
+<ApiRoles/>
+
+* [Data Management](/docs/manage/users-roles/roles/role-capabilities/#data-management)
+   * Manage Collectors
+   * View Collectors
diff --git a/docs/cse/administration/create-cse-context-actions.md b/docs/cse/administration/create-cse-context-actions.md
@@ -87,6 +87,8 @@ When you save the action, the URL template will be populated with your Sumo Logi
 
 `{{sumobaseurl}}/ui/#/search/@{{timestamp[ms]-30m}}@_index=sec_record* AND user_username = {{value}}`
 
+The `{{sumobaseurl}}` parameter applies to context actions that run a Sumo Logic log search. Assuming your Cloud SIEM instance is configured to communicate with the Sumo Logic platform, when you create an action that runs a Sumo Logic search, Cloud SIEM will automatically insert this placeholder in your URL template—you don’t need to explicitly insert `{{sumobaseurl}}` placeholder yourself.
+
 ### Create an URL to an external service
 
 To create a URL to be sent to an external service, enter the URL in the format required by the external service, and use the `{{value}}` parameter placeholder for the target entity, record field, or IOC. 
@@ -121,12 +123,6 @@ The table below defines the parameters you can use in the URL template for a con
 
 You can insert any field from the target of a context action into the action URL with the `{{field_name}}` placeholder. For example, you could include `device_ip` in the URL with `{{device_ip}}`.  
 
-### Sumo Logic Base URL
-
-The `{{sumobaseurl}}` parameter applies to context actions that run a Sumo Logic log search.
-
-Assuming your Cloud SIEM instance is configured to communicate with the Sumo Logic platform, when you create an action that runs a Sumo Logic search, Cloud SIEM will automatically insert this placeholder in your URL template—you don’t need to explicitly insert `{{sumobaseurl}} `placeholder yourself.
-
 ### Timestamp
 
 When you run an action on a Cloud SIEM record, if that record has a [timestamp](/docs/cse/schema/schema-attributes) field value, you can insert the timestamp in UTC format into the URL using the `{{timestamp}}` parameter.
diff --git a/docs/integrations/containers-orchestration/vmware.md b/docs/integrations/containers-orchestration/vmware.md
@@ -26,8 +26,8 @@ See the [vSphere product page](https://www.vmware.com/products/vsphere.html) for
 
 The Sumo Logic vCenter logs source and vCenter metrics source use the installed collector to gather the following data from VMware:
 
-* VMware Events using the Events API. See [Events API](https://code.vmware.com/apis/196/vsphere/doc/vim.event.EventManager.html) for more details.
-* VMware Metrics using the Performance API. For more information, see [Performance API](https://code.vmware.com/apis/196/vsphere/doc/vim.PerformanceManager.html).
+* VMware Events using the Events API. See [Events API](https://developer.broadcom.com/xapis/vsphere-web-services-api/latest/vim.event.EventManager.html) for more details.
+* VMware Metrics using the Performance API. For more information, see [Performance API](https://developer.broadcom.com/xapis/vsphere-web-services-api/latest/vim.PerformanceManager.html).
 
 The dashboards provide real-time monitoring with visual data displays, allowing you to analyze events and performance metrics for efficient detection and troubleshooting.
 
diff --git a/sidebars.ts b/sidebars.ts
@@ -3163,6 +3163,7 @@ integrations: [
         'api/monitors-management',
         'api/muting-schedules',
         'api/organizations-management',
+        'api/parsers-library-management',
         'api/partition-management',
         'api/password-policy',
         'api/policies-management',
@@ -3171,12 +3172,14 @@ integrations: [
         'api/saml-configuration',
         'api/scan-budget',
         'api/scheduled-views',
+        'api/schema-base-management',
         'api/scim-user',
         'api/search-job',
         'api/service-accounts',
         'api/service-allowlist',
         'api/service-map',
         'api/slo-management',
+        'api/source-template-management',
         'api/span-analytics',
         'api/threat-intel-ingest',
         'api/token-management',
