Merge branch 'main' into faster1

Author: kimsauce

.clabot

@@ -172,6 +172,7 @@
     "chetanchoudhary-sumo",
     "JamoCA",
     "darshan-sumo"
+    "mahendrak-sumo"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",

blog-service/2025-01-06-apps.md

@@ -0,0 +1,14 @@
+---
+title: Trend Micro Vision One (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - trend-micro
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to introduce the new Trend Micro Vision One app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Trend Micro Vision One source that collects alert logs data from the Trend Micro Vision One platform. This app helps you can gain real-time visibility into security events and incidents within your organization's infrastructure, allowing them to detect and react to potential threats quickly. [Learn more](/docs/integrations/saas-cloud/trend-micro-vision-one/).

cid-redirects.json

@@ -1595,6 +1595,7 @@
   "/cid/10193": "/docs/integrations/saas-cloud/asana",
   "/cid/10181": "/docs/integrations/saas-cloud/atlassian",
   "/cid/10197": "/docs/integrations/saas-cloud/symantec-web-security-service",
+  "/cid/6016": "/docs/integrations/saas-cloud/trend-micro-vision-one",
   "/cid/10112": "/docs/integrations/app-development/jfrog-xray",
   "/cid/10113": "/docs/observability/root-cause-explorer",
   "/cid/10116": "/docs/manage/fields",

docs/cse/administration/create-custom-threat-intel-source.md

@@ -12,7 +12,7 @@ This topic has information about setting up a *custom threat intelligence source
 
 You can set up and populate custom threat intelligence sources interactively from the Cloud SIEM UI, by uploading a .csv file, or using Cloud SIEM APIs. You can populate the sources with IP addresses, hostnames, URLs, email addresses, and file hashes.
 
-### How Cloud SIEM uses indicators
+## How Cloud SIEM uses indicators
 
 When Cloud SIEM encounters an indicator from your threat source in an incoming
 record it adds relevant information to the record. Because threat intelligence
@@ -24,7 +24,7 @@ this way.
 Rule authors can also write rules that look for threat intelligence information in records. To leverage the information in a rule, you can extend your custom rule expression, or add a Rule Tuning Expression to a built-in rule. For a more detailed explanation of how to use threat intelligence information in rules, see [Threat Intelligence](/docs/cse/rules/about-cse-rules/#threat-intelligence) in the
 *About Cloud SIEM Rules* topic.
 
-### Create a threat intelligence source from Cloud SIEM UI
+## Create a threat intelligence source from Cloud SIEM UI
 
 1.  [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Threat Intelligence**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Threat Intelligence**. You can also click the **Go To...** menu at the top of the screen and select **Threat Intelligence**.  
 1. Click **Add Source** on the **Threat Intelligence** page. 
@@ -34,6 +34,8 @@ Rule authors can also write rules that look for threat intelligence information
 
 Your new source should now appear on the **Threat Intelligence** page.
 
+## Add threat indicators
+
 ### Enter indicators manually
 
 1. On the **Threat Intelligence** page, click the name of the source you want to update.  
@@ -87,5 +89,10 @@ value,description,expires,active
 
 ### Manage sources and indicators using APIs
 
-You can use Cloud SIEM threat intelligence APIs to create and manage indicators and custom threat sources. For information about Cloud SIEM APIs and how to access the API documentation, see [Cloud SIEM APIs](/docs/cse/administration/cse-apis/).  
- 
+You can use Cloud SIEM threat intelligence APIs to create and manage indicators and custom threat sources. For information about Cloud SIEM APIs and how to access the API documentation, see [Cloud SIEM APIs](/docs/cse/administration/cse-apis/).
+
+## Search indicators
+
+To search threat indicators, click the **Search All Indicators** button at the top of the **Threat Intelligence** page. 
+
+You can search using the same functionality available for other Cloud SIEM searches, including regular expressions. For more information, see [Filter and Search Cloud SIEM List Pages](/docs/cse/administration/filter-search).

docs/cse/administration/filter-search.md

@@ -11,18 +11,20 @@ keywords:
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
-You can filter and search the list pages in Cloud SIEM—**Insights**, **Signals**, **Entities**, **Records**, **Rules**, and **Network Blocks**—using the **Filters** bar near the top of the page.
+## Search in Cloud SIEM
 
-<img src={useBaseUrl('img/cse/list-page-search.png')} alt="Filters box at the top of the page " width="500" />
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Cloud SIEM**.<br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Search Cloud SIEM**. You can also click the **Go To...** menu at the top of the screen and select **Search Cloud SIEM**. 
+1. Click in the **Find Insights, Signals, Entities and more...** search bar at the top of the page.<br/><img src={useBaseUrl('img/cse/list-page-search.png')} alt="Search box at the top of the page" width="400" />
+1. Enter text to search.
+1. To filter, click the filter icon <img src={useBaseUrl('img/cse/filter-icon.png')} alt="Filter icon" width="20" /> on the right side of the search box.
+1. Select a source to filter on. <br/><img src={useBaseUrl('img/cse/search-sources.png')} alt="Search sources" width="250" />
+1. A dropdown list of filters appears for that source. Select a field to filter on, or pick a suggestion.<br/><img src={useBaseUrl('img/cse/filter-options.png')} alt="List of fields to filter on" width="400"/>
+1. Continue to select options to filter on from the options presented.
 
-## Filter items
-When you click in the **Filters** bar, a dropdown list of filters appears. After you select a filter you’ll be presented with a dialog so you can specify your filtering criteria.
+## Search using regular expressions
 
-<img src={useBaseUrl('img/cse/filter-options.png')} alt="List of fields to filter on" width="250"/>
+You also enter a search string or regex in the search bar, and press Return to run a search. Note that Cloud SIEM's regular expression engine will return items that contain text matching the complete string. The engine implicitly adds anchors  (`^` and `$`) to the beginning and end of your regex.
 
-## Search items
-You also enter a search string or regex in the **Filter** bar, and press Return to run a search. Note that Cloud SIEM's regular expression engine will return items that contain text matching the complete string. The engine implicitly adds anchors  (`^` and `$`) to the beginning and end of your regex.
+Cloud SIEM search uses Elasticsearch. For regular expressions allowed for use in Cloud SIEM search, see [Regular expression syntax](https://www.elastic.co/guide/en/elasticsearch/reference/current/regexp-syntax.html) in the Elastic documentation.
 
-You can use `not` to search for items that do not contain a particular keyword, for example:
-
-`not:Initial Access`  
+You can use `not` to search for items that do not contain a particular keyword, for example: `not:Initial Access`  

docs/cse/match-lists-suppressed-lists/suppressed-lists.md

@@ -52,15 +52,17 @@ Match lists are for when you want to use the existence or absence of an indicato
 
 Cloud SIEM uses suppressed lists similar to how it uses [match lists](#suppressed-list-or-match-list). When Cloud SIEM processes an incoming record, it compares the entries in each suppressed list to record fields of the same type as the target column of the suppressed list. For example, given a suppressed list whose target column is **Domain**, Cloud SIEM will compare items on that list only to record fields that contain domains.
 
-When a record contains a value that matches one or more suppressed lists, two fields in the record get populated:
+Keep in mind:
+* Suppression lists will suppress any signal where the suppressed indicator is present, regardless of the primary entity in the signal.
+* Entity suppression will only suppress the signal if the suppressed entity is the primary signal.
+* If any entities within the record match items listed in a suppressed list, suppressed signals will be generated for those entities across all rules. Consequently, these signals will not affect the entity's Activity Score or contribute to insight generation.
 
+When a record contains a value that matches one or more suppressed lists, two fields in the record get populated:
 * `listMatches`. Cloud SIEM adds the names of the suppressed lists that the record matched, and the column values of those lists. For example, if an IP address in a record matches the SourceIP address in the “vuln_scanners” suppressed list, the `listMatches` field would look like this: `listMatches: ['vuln_scanners', 'column:SourceIp']`    
 * `matchedItems`. Cloud SIEM adds the actual key-value pairs that were matched. For example, continuing the example above, if “vuln_scanners” match list contained an entry “5.6.7.8”, and the record’s SourceIp is also “5.6.7.8”, the assuming the SourceIP address in the “vuln_scanners” suppressed list, the `matchedItems` field would look like this: `matchedItems: [ { value: '5.6.7.8', …other metadata about list item } ]`
 
 Because the information about list matches gets persisted within records, you can reference it downstream in both rules and search.
 
-**If any entities within the record match items listed in a suppressed list, suppressed signals will be generated for those entities across all rules**. Consequently, these signals will not affect the entity's Activity Score or contribute to insight generation.
-
 For more information about signal Suppression mechanisms, see [About Signal Suppression](/docs/cse/records-signals-entities-insights/about-signal-suppression/).
 
 

docs/integrations/product-list/product-list-m-z.md

@@ -183,7 +183,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/threatminer.png')} alt="Thumbnail icon" width="125"/> | [ThreatMiner](https://www.threatminer.org/) | Automation integration: [ThreatMiner](/docs/platform-services/automation-service/app-central/integrations/threatminer/) |
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/threatq.png')} alt="Thumbnail icon" width="75"/> | [ThreatQ](https://www.threatq.com/) | Automation integration: [ThreatQ](/docs/platform-services/automation-service/app-central/integrations/threatq/) |
 |  <img src={useBaseUrl('img/send-data/trellix-logo.png')} alt="Thumbnail icon" width="75"/>   | [Trellix](https://www.trellix.com/en-us/index.html)  | Automation integrations: <br/>- [FireEye AX](/docs/platform-services/automation-service/app-central/integrations/fireeye-ax/) <br/>- [FireEye Central Management (CM)](/docs/platform-services/automation-service/app-central/integrations/fireeye-central-management-cm/) <br/>- [FireEye Email Security (EX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-email-security-ex/) <br/>- [FireEye Endpoint Security (HX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-endpoint-security-hx/) <br/>- [FireEye Helix](/docs/platform-services/automation-service/app-central/integrations/fireeye-helix/) <br/>- [FireEye Network Security (NX)](/docs/platform-services/automation-service/app-central/integrations/fireeye-network-security-nx/) <br/>Cloud SIEM integrations: <br/>- [FireEye](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/1430ab5c-7b8b-44e9-a8ec-83076fa374eb.md) <br/>- [Trellix](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/9bec8407-4182-46ec-99dd-2adfade15652.md) <br/>Collector: [Trellix mVision ePO Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source/)	 |
-|  <img src={useBaseUrl('https://upload.wikimedia.org/wikipedia/commons/f/f4/Trend_Micro_logo.svg')} alt="Thumbnail icon" width="75"/>   |  [Trend Micro](https://www.trendmicro.com/en_us/business.html) | App: [Trend Micro Deep Security](/docs/integrations/security-threat-detection/trend-micro-deep-security/) <br/>Automation integrations: <br/>- [Trend Micro Deep Security](/docs/platform-services/automation-service/app-central/integrations/trend-micro-deep-security/) <br/>- [Trend Micro Vision ONE](/docs/platform-services/automation-service/app-central/integrations/trend-micro-vision-one/) <br/>Cloud SIEM integration: [Trend Micro](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/8af48b83-18bf-4233-ad51-db37baca0313.md) <br/>Collector: [Trend Micro Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source)| 
+|  <img src={useBaseUrl('https://upload.wikimedia.org/wikipedia/commons/f/f4/Trend_Micro_logo.svg')} alt="Thumbnail icon" width="75"/>   |  [Trend Micro](https://www.trendmicro.com/en_us/business.html) | Apps: <br/>- [Trend Micro Deep Security](/docs/integrations/security-threat-detection/trend-micro-deep-security/) <br/>- [Trend Micro Vision One](/docs/integrations/saas-cloud/trend-micro-vision-one/) <br/>Automation integrations: <br/>- [Trend Micro Deep Security](/docs/platform-services/automation-service/app-central/integrations/trend-micro-deep-security/) <br/>- [Trend Micro Vision One](/docs/platform-services/automation-service/app-central/integrations/trend-micro-vision-one/) <br/>Cloud SIEM integration: [Trend Micro](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/8af48b83-18bf-4233-ad51-db37baca0313.md) <br/>Collector: [Trend Micro Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source)| 
 | <img src={useBaseUrl('img/send-data/trust-login-icon.png')} alt="Thumbnail icon" width="50"/> | [Trust Login](https://trustlogin.com/en/) | Collector: [Trust Login Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trust-login-source) | 
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/tufin-securechange.png')} alt="Thumbnail icon" width="75"/> | [Tufin](https://www.tufin.com/) | Automation integrations: <br/>- [Tufin SecureChange](/docs/platform-services/automation-service/app-central/integrations/tufin-securechange/) <br/>- [Tufin SecureTrack V2](/docs/platform-services/automation-service/app-central/integrations/tufin-securetrack-v2/) |
 

docs/integrations/saas-cloud/index.md

@@ -310,6 +310,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.
   <p>Gain comprehensive visibility and actionable insights into your organization's security posture.</p>
   </div>
 </div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href="/docs/integrations/saas-cloud/trend-micro-vision-one"><img src={useBaseUrl('img/send-data/trend-micro-vision-one.png')} alt="icon" width="140"/><h4>Trend Micro Vision One</h4></a>
+  <p>Analyze alert logs to detect potential security risks.</p>
+  </div>
+</div>
 <div className="box smallbox card">
   <div className="container">
   <a href="/docs/integrations/saas-cloud/webex"><img src={useBaseUrl('img/send-data/webex-logo.png')} alt="icon" width="70"/><h4>Webex</h4></a>