Merge branch 'main' into SUMO-249359

himanshu219 · web-flow · commit 364a177f94e8 · 2024-10-24T17:18:15.000+05:30
diff --git a/docs/alerts/monitors/create-monitor.md b/docs/alerts/monitors/create-monitor.md
@@ -51,8 +51,8 @@ To create a monitor from the [Metrics Explorer](/docs/metrics/metrics-queries/me
 1. On the **Metrics Explorer** page:
    1. Enter a metrics query.<br/><img src={useBaseUrl('img/alerts/query-metrics-explorer-view.png')} alt="Metrics explorer query" style={{border: '1px solid gray'}} width="800"/>
    1. In the **Thresholds** section, define the critical and warning thresholds for your metrics query.<br/><img src={useBaseUrl('img/alerts/thresholdonly-metrics-explorer-view.png')} alt="Screenshot of the Metrics Explorer in Sumo Logic, displaying a line chart for node memory utilization over time. The chart shows the memory utilization metric from 17:42:12 to 17:57:12 on 21/02/2023. The right side of the screen includes a thresholds panel with critical and warning thresholds set to 500000000 and 80, respectively. The 'Fill remaining area as green' option is toggled off." style={{border: '1px solid gray'}} width="800"/>
-1. Click the three-dot kebab icon button at the end of the query field and select **Create a Monitor**.<br/><img src={useBaseUrl('img/monitors/create-monitor.png')} alt="Screenshot of the Metrics Explorer in Sumo Logic, showing the dropdown menu accessed via the three vertical dots icon. The menu includes options for Basic Mode, Duplicate Query, Create a Monitor, and Create an SLO. The option 'Create a Monitor' is highlighted. Below the menu, the thresholds panel shows critical and warning thresholds set to 500000000 and 80, respectively, with the 'Fill remaining area as green' option toggled off." style={{border: '1px solid gray'}} width="400"/>
-1. The **New Monitor** will open with prefilled data based on the threshold values you set in the previous steps.<br/><img src={useBaseUrl('img/monitors/new-monitor-window.png')} alt="Screenshot of the 'New Monitor' setup page in Sumo Logic, specifically focusing on the Trigger Conditions section. The Monitor Type is set to Metrics and Detection Method to Static. The query is set for node memory utilization for a specific collector. The Alert Grouping options include one alert per monitor or one alert per time series. The Trigger Type section shows critical alerts set to trigger when the result is greater than or equal to 500000000 within 15 minutes. The recovery settings are enabled to recover automatically when the result is less than 500000000 within a 15-minute window. Historical Trend is displayed below, with a dashed red line indicating the threshold." style={{border: '1px solid gray'}} width="600"/>
+1. Click the three-dot kebab icon button at the end of the query field and select **Create a Monitor**.<br/><img src={useBaseUrl('img/alerts/monitors/create-monitor.png')} alt="Screenshot of the Metrics Explorer in Sumo Logic, showing the dropdown menu accessed via the three vertical dots icon. The menu includes options for Basic Mode, Duplicate Query, Create a Monitor, and Create an SLO. The option 'Create a Monitor' is highlighted. Below the menu, the thresholds panel shows critical and warning thresholds set to 500000000 and 80, respectively, with the 'Fill remaining area as green' option toggled off." style={{border: '1px solid gray'}} width="400"/>
+1. The **New Monitor** will open with prefilled data based on the threshold values you set in the previous steps.<br/><img src={useBaseUrl('img/alerts/monitors/new-monitor-window.png')} alt="Screenshot of the 'New Monitor' setup page in Sumo Logic, specifically focusing on the Trigger Conditions section. The Monitor Type is set to Metrics and Detection Method to Static. The query is set for node memory utilization for a specific collector. The Alert Grouping options include one alert per monitor or one alert per time series. The Trigger Type section shows critical alerts set to trigger when the result is greater than or equal to 500000000 within 15 minutes. The recovery settings are enabled to recover automatically when the result is less than 500000000 within a 15-minute window. Historical Trend is displayed below, with a dashed red line indicating the threshold." style={{border: '1px solid gray'}} width="600"/>
 1. In the **Trigger Type** section, enable the checkbox that corresponds to the threshold value that you want to use (Critical and/or Warning).
    * The threshold values will be the same as defined in the Metrics page for both Critical and Warning thresholds.
    * Set all other parameters to default, including the window (15 minutes) and the **at all times** box.
@@ -119,7 +119,7 @@ In this step, you'll need to provide a logs or metrics query. This is not applic
 
 **Logs** monitors can have one query up to 15,000 characters long.
 
-**Metrics** monitors can have up to 6 queries. When providing multiple metrics queries, use the letter labels to reference a query row. The monitor will automatically detect the query that triggers your alert, and will mark that row with a notification bell icon. See [Joined metrics queries](/docs/metrics/metrics-queries/metrics-explorer/#join-metric-queries) for details.<br/><img src={useBaseUrl('img/monitors/metrics-monitor-query-row.png')} alt="Screenshot of the 'New Monitor' setup page in Sumo Logic, showing the Trigger Conditions section. Metrics is selected as the Monitor Type and Static as the Detection Method. The query includes two metrics: CPU_Sys and CPU_User, with an alert condition combining both metrics (#B + #C). A bell icon is highlighted on the left side." style={{border: '1px solid gray'}} width="700"/>
+**Metrics** monitors can have up to 6 queries. When providing multiple metrics queries, use the letter labels to reference a query row. The monitor will automatically detect the query that triggers your alert, and will mark that row with a notification bell icon. See [Joined metrics queries](/docs/metrics/metrics-queries/metrics-explorer/#join-metric-queries) for details.<br/><img src={useBaseUrl('img/alerts/monitors/metrics-monitor-query-row.png')} alt="Screenshot of the 'New Monitor' setup page in Sumo Logic, showing the Trigger Conditions section. Metrics is selected as the Monitor Type and Static as the Detection Method. The query includes two metrics: CPU_Sys and CPU_User, with an alert condition combining both metrics (#B + #C). A bell icon is highlighted on the left side." style={{border: '1px solid gray'}} width="700"/>
 
 ### Anomaly or Outlier Direction
 
diff --git a/docs/alerts/webhook-connections/servicenow/set-up-searches.md b/docs/alerts/webhook-connections/servicenow/set-up-searches.md
@@ -23,7 +23,6 @@ Before you can set up searches for ServiceNow, you'll need to configure a [Servi
 1. Choose an option from the **Run Frequency** menu:
 
    * **Never.** Choose this option to temporarily **turn off a scheduled search**.
-   * **Real Time.** Enterprise and paid trial customers can use this option to set up [Real Time Alerts](../../../alerts/scheduled-searches/create-real-time-alert.md).
    * **Every 15 Minutes.** The search will run for the first time when you save the schedule, and then every 15 minutes after that.
    * **Hourly.** The search will run for the first time at the top of the next hour after you save the schedule, and then every hour after that. * **Every 2, 4, 6, 8, or 12 Hours.** The search will run for the first time at the top of the hour you choose.
    * **Daily.** Choose the time you'd like to run the search every day. A Daily search will cover exactly 24 hours of activity. You can change the schedule whenever you'd like.
diff --git a/docs/platform-services/automation-service/app-central/integrations/microsoft-sentinel.md b/docs/platform-services/automation-service/app-central/integrations/microsoft-sentinel.md
@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/microsoft-sentinel.png')} alt="microsoft-sentinel" width="100"/>
 
-***Version: 1.4  
-Updated: Oct 14, 2024***
+***Version: 1.5  
+Updated: Oct 22, 2024***
 
 Microsoft Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise. 
 
@@ -18,6 +18,7 @@ Microsoft Sentinel is a cloud-native security information and event manager (SIE
 * **List Incidents** (*Enrichment*) - Get a list of all incidents.
 * **Search Into Sentinel Events** (*Enrichment*) - Query into a Sentinel event.
 * **List Incident Entities** (*Enrichment*) - Get all incident related entities.
+* **List Incident Entities V2** (*Enrichment*) - Get all incident related entities and enrich Sentinel entities with additional information to Cloud SOAR entities.
 * **Add Incident Comment** (*Containment*) - Add a new incident comment.
 * **Delete Incident** (*Containment*) - Delete an incident.
 * **Update Incident** (*Containment*) - Update an incident.
@@ -37,4 +38,8 @@ Microsoft Sentinel is a cloud-native security information and event manager (SIE
 	+ renamed action Incidents Daemon Sentinel to Microsoft Sentinel Incidents Daemon
 	+ added new action List Incident Alerts
 * October 14, 2024 (v1.4)
-	+ Updated the integration by adding two new fields (**API Root** and **Login Endpoint**) to the configuration
+	+ Updated the integration by adding two new fields (**API Root** and **Login Endpoint**) to the configuration
++ October 22, 2024 (v1.5)
+	+ Added new action **List Incident Entities V2**
+    + Updated the integration by adding a new fields (**Cloud SOAR URL API URL**, **Access ID** , **Access Key**) to the configuration
+    
diff --git a/docs/send-data/collect-from-other-data-sources/vmware-vrealize-log-insight.md b/docs/send-data/collect-from-other-data-sources/vmware-vrealize-log-insight.md
@@ -4,6 +4,8 @@ title: VMware vRealize Log Insight
 description: This page shows you how to configure log collection for VMware vRealize Log Insight and then forward your logs to Sumo Logic. VMware vRealize Log Insight is a log management and analytics tool.
 ---
 
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
 This page shows you how to configure log collection for VMware vRealize Log Insight and then forward your logs to Sumo Logic. VMware vRealize Log Insight is a log management and analytics tool.
 
 ## Prerequisites
@@ -22,21 +24,15 @@ These instructions apply to vRealize Log Insight 8.0, may differ for earlier ver
 
 To set up vRealize Log Insight log collection for Sumo Logic, do the following:
 
-1. Log in to vRealize Log Insight UI, and navigate to **Management > Event Forwarding**.
-
-   ![vRealize_EventForwarding.png](/img/send-data/vRealize_EventForwarding.png)
-
-1. Add a new connection by clicking **New Destination**.
-
-   ![vRealize_New-Destination.png](/img/send-data/vRealize_New-Destination.png)
-
+1. Sign in to vRealize Log Insight UI, and navigate to **Management > Event Forwarding**.<br/><img src={useBaseUrl('/img/send-data/vRealize_EventForwarding.png')} alt="vRealize_EventForwarding" style={{border: '1px solid gray'}} width="400"/>
+1. Add a new connection by clicking **New Destination**.<br/><img src={useBaseUrl('/img/send-data/vRealize_New-Destination.png')} alt="vRealize_New-Destination" style={{border: '1px solid gray'}} width="600"/>
 1. In the Edit Destination dialog, specify the following information. Optionally, you can also add additional tags and also filter the events on this popup.
-
-   ![vRealize_Edit-Destination.png](/img/send-data/vRealize_Edit-Destination.png)
-
+   :::note
+   Select the **Transport** type as **UDP** if you are handling multiple messages.
+   :::
+   <br/><img src={useBaseUrl('/img/send-data/vRealize_Edit-Destination.png')} alt="vRealize_Edit-Destination" style={{border: '1px solid gray'}} width="600"/>
 1. **Test** and **Save** the connection.
 1. Verify logs in Sumo Logic. The following is a sample log message of vRealize forwarded events.
-
    ```
    <167> 2019-12-15T13:08:16.441Z esxi1.esxlab.com Rhttpproxy: verbose rhttpproxy[2099567]
    [Originator@6876 sub=Proxy Req 07995] Resolved endpoint :
