Merge branch 'main' into dependabot/npm_and_yarn/express-4.22.1

Author: kimsauce

.github/workflows/job_trigger-jenkins-pipeline.yml

@@ -15,26 +15,28 @@ on:
         required: true
       WEBOPS_JENKINS_HOST:
         required: true
-      WEBOPS_AWS_ACCESS_KEY:
-        required: true
-      WEBOPS_AWS_SECRET_KEY:
+      WEBOPS_AWS_ROLE_JENKINS:
         required: true
       WEBOPS_WEBHOOK_TOKEN:
         required: true
 
 jobs:
   trigger-jenkins-pipeline:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Get runner IP
         if: always()
         id: ip
         uses: haythem/[email protected]
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8
+        with:
+          role-to-assume: ${{ secrets.WEBOPS_AWS_ROLE_JENKINS }}
+          aws-region: us-east-1
       - name: Add runner to AWS security group ingress
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.WEBOPS_AWS_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.WEBOPS_AWS_SECRET_KEY }}
-          AWS_DEFAULT_REGION: ${{ secrets.WEBOPS_AWS_REGION }}
         run: aws ec2 authorize-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
       - name: Trigger Jenkins pipeline
         run: |
@@ -43,9 +45,5 @@ jobs:
             -X POST \
             ${{ secrets.WEBOPS_JENKINS_HOST }}:${{ secrets.WEBOPS_JENKINS_PORT || '80' }}/generic-webhook-trigger/invoke?token=${{ secrets.WEBOPS_WEBHOOK_TOKEN }}
       - name: Remove runner from AWS security group ingress
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.WEBOPS_AWS_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.WEBOPS_AWS_SECRET_KEY }}
-          AWS_DEFAULT_REGION: ${{ secrets.WEBOPS_AWS_REGION }}
         if: always()
         run: aws ec2 revoke-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32

.github/workflows/workflow_deploy-to-pantheon-prod.yml

@@ -2,6 +2,7 @@ name: Deploy to production
 
 permissions:
   contents: write
+  id-token: write
 
 on:
   push:
@@ -38,8 +39,7 @@ jobs:
       WEBOPS_AWS_SG_NAME: ${{ secrets.WEBOPS_AWS_SG_NAME }}
       WEBOPS_JENKINS_PORT: ${{ secrets.WEBOPS_JENKINS_PORT }}
       WEBOPS_JENKINS_HOST: ${{ secrets.WEBOPS_JENKINS_HOST }}
-      WEBOPS_AWS_ACCESS_KEY: ${{ secrets.WEBOPS_AWS_ACCESS_KEY }}
-      WEBOPS_AWS_SECRET_KEY: ${{ secrets.WEBOPS_AWS_SECRET_KEY }}
+      WEBOPS_AWS_ROLE_JENKINS: ${{ secrets.WEBOPS_AWS_ROLE_JENKINS }}
       WEBOPS_WEBHOOK_TOKEN: ${{ secrets.WEBOPS_WEBHOOK_TOKEN }}
   notify-channel:
     needs: [build-site,deploy-to-pantheon,trigger-jenkins-pipeline]

blog-collector/2025-12-03-otel.md

@@ -0,0 +1,14 @@
+---
+title: OpenTelemetry Collector
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - otel-collector
+  - install-collector
+  - remote-management
+hide_table_of_contents: true    
+---
+
+
+We’re pleased to announce the following updates for OpenTelemetry collectors:
+- Collectors can now be installed on Windows using [Ansible](/docs/send-data/opentelemetry-collector/install-collector/ansible/), [Chef](/docs/send-data/opentelemetry-collector/install-collector/chef/), and [Puppet](/docs/send-data/opentelemetry-collector/install-collector/puppet/).
+- Remote management is now supported for Ansible, Chef, and Puppet collectors, offering improved flexibility and customization.

blog-cse/2025-12-05-content.md

@@ -0,0 +1,96 @@
+---
+title: December 05, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+This new and updated content is effective as of December 4, 2025.
+
+This content release includes:
+- Updates to product naming from "G Suite" to "Google Workspace" across rules, log mappers, and parsers to reflect the current branding.
+- Update to product naming from "Dell SonicWall" to "SonicWall Firewall" in parsers and log mappers.
+- New support for Asana audit logging.
+
+Additional changes are enumerated below.
+
+## Rules
+- [Updated] MATCH-S00630 GCP Audit IAM DeleteServiceAccount Observed
+- [Updated] MATCH-S00629 GCP Audit IAM DisableServiceAccount Observed
+- [Updated] MATCH-S00117 Google Workspace - Access - Access Transparency
+- [Updated] MATCH-S00115 Google Workspace - Admin - User Settings - Turn Off 2SV
+- [Updated] MATCH-S00133 Google Workspace - Admin Activity
+- [Updated] MATCH-S00125 Google Workspace - Drive - Drive Open To Public
+- [Updated] MATCH-S00301 Google Workspace - Excessive OAuth Application Permissions Scope
+- [Updated] MATCH-S00128 Google Workspace - Login - Account Warning
+- [Updated] MATCH-S00129 Google Workspace - Login - Government Attack Warning
+- [Updated] MATCH-S00121 Google Workspace - Mobile - Suspicious Activity
+- [Updated] MATCH-S00227 Google Workspace - Unauthorized OAuth Application
+- [Updated] MATCH-S00120 Google Workspace - User Accounts - 2SV Disabled
+
+## Log Mappers
+- [New] Asana Audit Authentication
+- [New] Asana Audit Catch All
+- [Updated] Azure ResourceHealth and ServiceHealth
+- [Updated] AzureActivityLog AuditLogs
+- [Updated] Google Workspace - access_transparency/GSUITE_RESOURCE/ACCESS
+- [Updated] Google Workspace - admin
+- [Updated] Google Workspace - calendar
+- [Updated] Google Workspace - drive.access
+- [Updated] Google Workspace - drive.acl_change
+- [Updated] Google Workspace - gcp
+- [Updated] Google Workspace - gplus
+- [Updated] Google Workspace - groups
+- [Updated] Google Workspace - groups_enterprise
+- [Updated] Google Workspace - login - password_change/recovery_info_change
+- [Updated] Google Workspace - login - risky_sensitive_action_allowed
+- [Updated] Google Workspace - login challenge
+- [Updated] Google Workspace - login-blocked_sender_change
+- [Updated] Google Workspace - login-email_forwarding_change
+- [Updated] Google Workspace - login.account_warning
+- [Updated] Google Workspace - login.gov_attack_warning
+- [Updated] Google Workspace - login.login
+- [Updated] Google Workspace - logout
+- [Updated] Google Workspace - meet
+- [Updated] Google Workspace - mobile
+- [Updated] Google Workspace - rules
+- [Updated] Google Workspace - saml
+- [Updated] Google Workspace - token
+- [Updated] Google Workspace - user_accounts
+- [Updated] Google Workspace Alert Center - AppMaker Editor
+- [Updated] Google Workspace Alert Center - Data Loss Prevention
+- [Updated] Google Workspace Alert Center - Domain wide takeout
+- [Updated] Google Workspace Alert Center - Gmail phishing
+- [Updated] Google Workspace Alert Center - Gmail phishing (Misconfigured whitelist)
+- [Updated] Google Workspace Alert Center - Google Operations
+- [Updated] Google Workspace Alert Center - Google identity
+- [Updated] Google Workspace Alert Center - Mobile device management (Device compromised)
+- [Updated] Google Workspace Alert Center - Mobile device management (Suspicious activity)
+- [Updated] Google Workspace Alert Center - Security Center rules
+- [Updated] Google Workspace Alert Center - Sensitive Admin Action
+- [Updated] Google Workspace Alert Center - State Sponsored Attack
+- [Updated] Google Workspace Alert Center - User Changes
+- [Updated] Netskope - Alerts
+    - Updated action and normalizedAction field mappings.
+- [Updated] SonicWall Firewall - Custom Parser
+- [Updated] SonicWall Flows
+- [Updated] Thinkst Canary Parser - Catch All
+    - Added additional field mappings.
+- [Updated] Windows - Security - 5145
+    - Removes redundant mapping of `baseimage` and `device_ip` fields.
+
+## Parsers
+- [New] /Parsers/System/Asana/Asana Audit
+- [New] /Parsers/System/Google/Google Workspace Alert Center
+- [New] /Parsers/System/Google/Google Workspace Audit
+- [New] /Parsers/System/SonicWall/SonicWall Firewall
+- [Updated] /Parsers/System/Dell/Dell SonicWall
+- [Updated] /Parsers/System/Google/G Suite Alert Center
+- [Updated] /Parsers/System/Google/G Suite Audit
+- [Updated] /Parsers/System/Linux/Linux OS Syslog
+    - Updated parser to drop certain systemd events not useful for security monitoring.
+- [Updated] /Parsers/System/Thinkst Canary/Thinkst Canary
+    - Modified parser to improve field extraction.

blog-service/2025-12-03-manage.md

@@ -0,0 +1,11 @@
+---
+title: Manage Org Details (Manage)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - scheduled-views
+  - manage
+  - autopause
+hide_table_of_contents: true    
+---
+
+We're excited to announce that organization managers can now edit a child organization's name, subdomain, and account owner directly from the organizations pages. [Learn more](/docs/manage/manage-subscription/create-and-manage-orgs/).

cid-redirects.json

@@ -1498,7 +1498,7 @@
   "/Dashboards-and-Alerts/Dashboards/Get-Started-with-Dashboards-and-Panels/Markdown-Syntax": "/docs/dashboards/panels/markdown-syntax",
   "/Manage/01Account_Usage": "/docs/manage/manage-subscription",
   "/Manage/Connections-and-Integrations/Webhook-Connections/Set-Up-Webhook-Connections/Webhook_for_Opsgenie": "/docs/integrations/saas-cloud/opsgenie/",
-  "/Manage/01Account_Usage/Beta_Participation_Opt-In": "/docs/manage/manage-subscription/beta-opt-in",
+  "/Manage/01Account_Usage/Beta_Participation_Opt-In": "/docs/beta",
   "/Manage/Search_Optimization_Tools/Manage_Partitions/Create_a_Partition": "/docs/manage/partitions/",
   "/Manage/01Account_Usage/05Manage_Organization": "/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings",
   "/Manage/01Account_Usage/01Cloud_Flex_Credits": "/docs/manage/manage-subscription/sumo-logic-credits-accounts",
@@ -3144,7 +3144,7 @@
   "/Knowledge_Base/Parsing/Using_line_breaks_as_an_anchor_within_parse": "/docs/search/search-query-language/parse-operators/parse-predictable-patterns-using-an-anchor",
   "/Knowledge_Base/Search": "/docs/search",
   "/Knowledge_Base/Search/How_to_Prevent_your_Scheduled_Search_from_Timing_Out": "/docs/alerts/scheduled-searches/faq",
-  "/Limited_Availability": "/docs/manage/manage-subscription/beta-opt-in",
+  "/Limited_Availability": "/docs/beta",
   "/Limited_Availability/Lookup_Tables": "/docs/search/search-query-language/search-operators/lookupcontains",
   "/Limited_Availability/Lookup_Tables/lookupContains_Operator": "/docs/search/search-query-language/search-operators/lookupcontains",
   "/Manage": "/docs/manage",
@@ -3165,10 +3165,10 @@
   "/Manage/01Manage_Subscription/10Create_and_Manage_Orgs_(Service_Providers)": "/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers",
   "/Manage/01Manage_Subscription/Create_and_Manage_Orgs_(Service_Providers)": "/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers",
   "/Manage/01Manage_Subscription/12Manage_Organizational_Settings": "/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings",
-  "/Manage/01Manage_Subscription/13Beta_Participation_Opt-In": "/docs/manage/manage-subscription/beta-opt-in",
+  "/Manage/01Manage_Subscription/13Beta_Participation_Opt-In": "/docs/beta",
   "/Manage/Manage_Subscription/Manage_Organizational_Settings": "/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings",
   "/Manage/01Manage_Subscription/14What_to_do_if_Your_Account_is_Locked": "/docs/manage/users-roles/users/account-locked",
-  "/Manage/01Manage_Subscription/16Beta_Participation_Opt-In": "/docs/manage/manage-subscription/beta-opt-in",
+  "/Manage/01Manage_Subscription/16Beta_Participation_Opt-In": "/docs/beta",
   "/Manage/01Manage_Subscription/18Close_or_cancel_a_Sumo_Logic_account": "/docs/manage/manage-subscription/close-cancel-sumo-account",
   "/Manage/01Manage_Subscription/Upgrade_a_Cloudflex_Credits_Free_or_Trial_Account": "/docs/manage/manage-subscription/upgrade-account/upgrade-credits-account",
   "/docs/manage/manage-subscription/upgrade-cloud-flex-credits-account": "/docs/manage/manage-subscription/upgrade-account/upgrade-sumo-logic-flex-account",
@@ -4599,5 +4599,6 @@
   "/docs/get-started/training-certification-faq-new": "/docs/get-started/training-certification-faq",
   "/docs/manage/scheduled-views/pausing-inactive-scheduled-views": "/docs/manage/scheduled-views/pause-disable-scheduled-views",
   "/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps-csiem-rules": "/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps",
-  "/docs/search/mobot-multiturn-beta": "/docs/search/mobot"
+  "/docs/search/mobot-multiturn-beta": "/docs/search/mobot",
+  "/docs/manage/manage-subscription/beta-opt-in": "/docs/beta"
 }

docs/beta/index.md

@@ -9,16 +9,27 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('img/icons/business/beta.png')} alt="icon" width="55"/>
 
-Learn about our Beta features that are coming soon to general availability. To participate, contact your Sumo account executive.
+Beta features are capabilities that are coming soon to general availability. To participate, contact your Sumo account executive.
 
-Betas are different than our generally available services in that they have additional terms and conditions for participation. You can [opt-in to beta terms and conditions](/docs/manage/manage-subscription/beta-opt-in), so that you only need to agree to the terms once.
-
-* We may make available to you a Preview, Limited Release, Alpha, Beta or other pre-release version of the service, applications, or APIs for non-production use (“Beta”).
+Betas are different than our generally available services in that they have additional terms and conditions for participation:
+* We may make available to you a Preview, Limited Release, Alpha, Beta, or other pre-release version of the service, applications, or APIs for non-production use.
 * Betas may have limited features, functions, indexing capacity, storage, data security, data continuity, data retention or other limitations as determined by Sumo Logic.
-* Sumo Logic may discontinue the Beta at any time.
-* We may also decide never to make the features and functionality in Beta generally available.
-* Betas (by their nature) have not been fully tested as they are still under development – and may be inoperable or incomplete, including more errors and bugs than our generally available offerings.
+* Sumo Logic may discontinue the beta at any time.
+* We may also decide never to make the features and functionality in beta generally available.
+* Betas (by their nature) have not been fully tested as they are still under development, and may be inoperable or incomplete, including more errors and bugs than our generally available offerings.
 * Betas are offered “as is” with no warranties or indemnities.
 
+## Features in open beta
+
+See [Beta Releases](/docs/contributing/style-guide/#beta-releases) for information about how we publish articles for features in closed beta and open beta.
+
+Following are articles for features in open beta:
 
-<DocCardList items={useCurrentSidebarCategory().items}/>
+<div className="box-wrapper" markdown="1">
+<div className="box smallbox card">
+  <div className="container">
+  <a href={useBaseUrl('docs/api/metrics-searches/')}><img src={useBaseUrl('img/icons/metrics.png')} alt="Thumbnail icon" width="40"/><h4>Metrics Search Management APIs</h4></a>
+  <p>Use Metrics Searches (Beta) API endpoints to save metrics searches in your content library, organize them in a folder hierarchy, and share useful queries with users in your organization.</p>
+  </div>
+</div>
+</div>

docs/cloud-soar/overview.md

@@ -84,9 +84,9 @@ import Theme from '../reuse/dark-light-theme.md';
 
 Sumo Logic Cloud SOAR facilitates timely management of incident response with a rich library of customizable playbooks for different threats.
 
-This solution additionally provides capabilities to support incident responders during the process of assessment, investigation, and data collection to help uncover additional information and metrics analytics to see repetitive patterns when doing analysis. It facilitates documentation and knowledge transfer of information across the critical teams working on incident response and SOC operations team members.
+This solution additionally provides capabilities to support incident responders during the process of assessment, investigation, and data collection to help uncover additional information and metrics analytics. It facilitates documentation and knowledge transfer of information across the critical teams working on incident response and SOC operations team members.
 
-Cloud SOAR Automation and Orchestration features help organizations from all sectors of the industry to manage measure and orchestrate security operations tasks including incident qualification, triage and escalation, threat hunting, analysis, threat containment and
+Cloud SOAR automation and orchestration features help organizations from all sectors of the industry to manage measure and orchestrate security operations tasks including incident qualification, triage and escalation, threat hunting, analysis, threat containment and
 remediation. The gathering of information from different data sources and correlating this information expedites the capabilities and augments human analyst available resources.
 
 The Cloud SOAR tool offers standard management of Incident response events across different teams in the organization with the help of the R3 Rapid response playbook engine. R3 Playbooks are created using a Visual editor supporting granular, stateful and conditional workflows to orchestrate, automate and standardize best practices on a case by case incident response events activities like incident triage, stakeholder notification, data and context enrichment, remediation and threat containment.

docs/get-started/sumo-logic-ui-classic.md

@@ -7,12 +7,14 @@ description: Get to know the Sumo Logic platform user interface.
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
+:::note 
+This page describes the Classic UI. For the most streamlined navigation and the newest user experience, switch to the [New UI](/docs/get-started/sumo-logic-ui).
+:::
+
 This page provides an overview of the Sumo Logic Classic UI, designed to help you navigate and utilize its features effectively.
 
 <img src={useBaseUrl('img/get-started/overview-classic-ui.png')} alt="Overview screenshot of the Classic UI" style={{border: '1px solid gray'}} width="800" />
 
-The Classic UI will be retired in 2025 and will no longer receive updates. The exact date will be communicated closer to the transition. For the latest features, performance improvements, and future innovations, switch to the [New UI](/docs/get-started/sumo-logic-ui) as soon as possible.
-
 ## Switching between the Classic and New UI
 
 If you're using the New UI and need to navigate back to the Classic UI, click the **Return to classic UI** option in the left navigation menu. And to switch back to the New UI, follow the same steps, selecting **Switch to New UI** instead.