Merge branch 'main' into DOCS-685-Kickstart-Data-7-day-limit

Author: kimsauce

blog-cse/2025-02-14-content.md

@@ -0,0 +1,43 @@
+---
+title: February 14th, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes: 
+- New and updated mappers and parsers for Carbon Black, Cisco ISE, Cisco Umbrella, PAN Firewall CSV and LEEF, and Signal Science (Fastly) WAF.
+- :heart:
+
+Changes are enumerated below.
+
+### Log Mappers
+- [New] Carbon Black Cloud - alert event
+- [Updated] Cisco ISE Radius Diagnostics
+    - Supports additional Radius Diagnostic messages.
+- [Updated] Cisco Umbrella DNS Logs
+    - Adds `dstDevice_ip`, `normalizedAction`, and `user_email`.
+- [Updated] Cisco Umbrella IP Logs
+    - Adds alternate value for `dstDevice_ip` and adds `user_email`.
+- [Updated] Cisco Umbrella Proxy Logs
+    - Adds `user_email`.
+
+### Parsers
+- [Updated] /Parsers/System/VMware/Carbon Black Cloud
+    - Adds support for alert event event ID.
+- [Updated] /Parsers/System/Cisco/Cisco ISE
+    - Adds key value parsing for descriptions.
+- [Updated] /Parsers/System/Cisco/Cisco Umbrella CSV
+    - Adds a transform for capturing email addresses.
+- [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV
+    - Modifies `parse_system_format_1` regular expression to support additional events.
+- [Updated] /Parsers/System/Palo Alto/PAN Firewall LEEF
+    - Normalizes parsing of subtype to have consistent case.
+- [Updated] /Parsers/System/Signal Science/Signal Science WAF
+    - Adds additional timestamp handling.

docs/observability/aws/deploy-use-aws-observability/deploy-with-aws-cloudformation/index.md

@@ -237,6 +237,7 @@ Below are some common errors that can occur while using the CloudFormation templ
 | The API rate limit for this user has been exceeded. | This error indicates that AWS CloudFormation execution has exceeded the API rate limit set on the Sumo Logic side. It can occur if you install the AWS CloudFormation template in multiple regions or accounts using the same Access Key and Access ID. | - Re-deploy the deployment stack without updating the stack in the template. Re-running will detect the drift and create remaining resources. <br/> - If the throttling problem persists, try to break down the multi-region deployment into parts and use distinct access IDs and access keys for each part. |
 | S3 Bucket already exists. | The error can occur if:<br/>- An S3 bucket with the same name exists in S3, or<br/>- The S3 Bucket is not present in S3 but is referenced by some other AWS CloudFormation stack which created it. | - Remove the S3 bucket from S3 or select “No” in the AWS Cloudformation template for S3 bucket creation. <br/>- Remove the AWS CloudFormation Stack which references the S3 bucket. |
 | The S3 bucket you tried to delete is not empty. | The error can occur when deleting the stack with a non-empty S3 bucket. | Delete the S3 bucket manually if you do not need the bucket or its content in the future. |
+| Invalid IAM role OR AccessDenied | This error can occur when Sumo Logic access keys are disabled or do not have the required permissions. | - Refer to [Edit, deactivate, or delete access keys](/docs/manage/security/access-keys/#edit-deactivate-or-delete-access-keys) for access keys activation. <br/>- Refer to [Role capabilities](/docs/observability/aws/deploy-use-aws-observability/before-you-deploy/#prerequisites) for permissions related issues. |
 
 ### Rolling back the AWS Observability Solution
 

docs/observability/aws/deploy-use-aws-observability/deploy-with-terraform.md

@@ -1668,6 +1668,16 @@ The package is [sumologic-sdk](https://pypi.org/project/sumologic-sdk/) and inst
   ```sql
   pip install sumologic-sdk
   ```
+### Invalid IAM role OR AccessDenied
+#### Error Message
+
+```
+Invalid IAM role OR AccessDenied
+```
+#### Solution
+
+- Refer to [Edit, deactivate, or delete access keys](/docs/manage/security/access-keys/#edit-deactivate-or-delete-access-keys) for access keys activation. 
+- Refer to [Role capabilities](/docs/observability/aws/deploy-use-aws-observability/before-you-deploy/#prerequisites) for permissions related issues.
 
 ### Argument named *managed_apps* is not expected
 #### Error Message