Merge branch 'SUMO-254672-documentation' of https://github.com/sachin-sumologic/sumologic-documentation into SUMO-254672-documentation

Author: sachin-sumologic

blog-cse/2025-01-31-content.md

@@ -0,0 +1,54 @@
+---
+title: January 31, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+- Removal and updates to Cloud SIEM rules.
+- Parsing and mapping support for new products.
+- Updates to existing parsing and mappers to support additional events and field mappings.
+
+Changes are enumerated below.
+
+### Rules
+- [Deleted] MATCH-S00604 OneLogin - API Credentials - Key Used from Untrusted Location
+- [Updated] FIRST-S00044 First Seen AppID Generating MailItemsAccessed Event from User
+    - Corrected typo in "MailItemsAccessed".
+- [Updated] FIRST-S00046 First Seen Client Generating MailItemsAccessed Event from User
+    - Corrected typo in "MailItemsAccessed".
+
+### Log Mappers
+- [New] Crowdstrike FileVantage Catch All
+- [New] Dragos Communication
+- [New] Dragos Indicator
+- [New] Dragos System|Asset
+- [New] Extrahop JSON Catch All
+- [New] F5 TMM Http Request|TMM Network|TMM Connection error
+- [New] F5 TMSH - Custom Parser
+- [New] Zendesk - Login events
+#### Updated Field Mappings
+- [Updated] Code42 Incydr Alerts C2C
+- [Updated] Cyber Ark EPM AggregateEvent
+- [Updated] Google G Suite - meet
+- [Updated] Palo Alto GlobalProtect - Custom Parser
+- [Updated] Palo Alto GlobalProtect Auth - Custom Parser
+- [Updated] Zendesk Catch All
+
+### Parsers
+- [New] /Parsers/System/CrowdStrike/CrowdStrike Filevantage
+- [New] /Parsers/System/Extrahop/Extrahop JSON
+#### Updated parsers to handle additional events and field parsing
+- [Updated] /Parsers/System/Code42/Code42 Incydr
+- [Updated] /Parsers/System/Dragos/Dragos
+- [Updated] /Parsers/System/F5/F5 Syslog
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/Microsoft/Office 365
+- [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV

blog-service/2025-01-31-apps.md

@@ -0,0 +1,57 @@
+---
+title: Apps, Solutions, and Collection Integrations - January Release 
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - january-release
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+### New release
+
+We’re excited to announce the release of the new Azure Virtual Network app and 11 new OpenTelemetry Remote Management source templates for Sumo Logic.
+
+- **Azure Virtual Network**. Azure Virtual Network is a service that provides the fundamental building block for your private network in Azure, enabling many types of Azure resources to securely communicate with one other, using the internet, and on-premises networks. This integration helps in monitoring the outgoing and incoming traffic flows, dropped packets, bandwidth consumption, verifying network isolation, and compliance. [Learn more](/docs/integrations/microsoft-azure/azure-virtual-network/).
+- **OpenTelemetry Remote Management**. Released [Apache](/docs/send-data/opentelemetry-collector/remote-management/source-templates/apache/), [Docker](/docs/send-data/opentelemetry-collector/remote-management/source-templates/docker/), [Kafka](/docs/send-data/opentelemetry-collector/remote-management/source-templates/kafka/), [Linux](/docs/send-data/opentelemetry-collector/remote-management/source-templates/linux/), [Local File](/docs/send-data/opentelemetry-collector/remote-management/source-templates/localfile/), [Mac](/docs/send-data/opentelemetry-collector/remote-management/source-templates/mac/), [Nginx](/docs/send-data/opentelemetry-collector/remote-management/source-templates/nginx/), [RabbitMQ](/docs/send-data/opentelemetry-collector/remote-management/source-templates/rabbitmq/), [Redis](/docs/send-data/opentelemetry-collector/remote-management/source-templates/redis/), [Syslog](/docs/send-data/opentelemetry-collector/remote-management/source-templates/syslog/), and [Windows](/docs/send-data/opentelemetry-collector/remote-management/source-templates/windows/) OpenTelemetry Remote Management source templates.
+
+### AWS Observability v2.11.0
+
+This section details the new features and updates in AWS Observability for upgrading your Terraform script or CloudFormation template to version v2.11.0.
+
+- **New Features**:
+    - **Amazon RDS app**. Added support to analyze and monitor RDS Oracle CloudWatch and CloudTrail logs.
+    - **Amazon Load Balancer apps**. Added support to analyze and monitor Cloudtrail audit event logs for Application Load Balancer, Classic Load Balancer, and Network Load Balancer.
+    - Added out-of-the-box monitors for RDS Oracle DB, Application Load Balancer, Classic Load Balancer, and Network Load Balancer. Solution now supports 78 out-of-box monitors.
+    - Added support to collect custom metrics namespaces.
+    - Added support to subscribe cloudWatch log groups based on AWS tags to Sumo Logic.
+    - Added support to filter AWS CloudWatch metrics based on AWS tags.
+- **Updates**:
+    - Updated cloudformation helper function with Lambda Runtime to python v3.13.
+    - Updated SAM Lambda runtime to python v3.13 with latest library updates.
+    - Updated Telemetry Lambda Runtime to python v3.13 with latest library updates.
+
+To learn more, refer the [AWS Observability changelog](/docs/observability/aws/deploy-use-aws-observability/changelog/#v2110-24-jan-2025).
+
+### Enhancements
+
+- **Added Monitors in OpenTelemetry apps**. [Jira - App Development](/docs/integrations/app-development/opentelemetry/jira-opentelemetry/#jira-alerts), [Linux - Cloud Security and Monitoring Analytics](/docs/integrations/cloud-security-monitoring-analytics/opentelemetry/linux-opentelemetry/#linux---cloud-security-monitoring-and-analytics-alerts), [PCI Compliance for Linux](/docs/integrations/pci-compliance/opentelemetry/linux-opentelemetry/#pci-compliance-for-linux-alerts), [PCI Compliance For Windows JSON](/docs/integrations/pci-compliance/opentelemetry/windows-json-opentelemetry/#pci-compliance-for-windows-json-alerts), [Puppet - App Development](/docs/integrations/app-development/opentelemetry/puppet-opentelemetry/#puppet-alerts), and [Windows - Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/opentelemetry/windows-opentelemetry/#windows---cloud-security-monitoring-and-analytics-alerts) apps are updated with new monitors.
+- **Integrated Cloud-to-Cloud source creation and app installation**. [Armis](/docs/integrations/saas-cloud/armis/#collection-configuration-and-app-installation), [Asana](/docs/integrations/saas-cloud/asana/#collection-configuration-and-app-installation), [Digital Guardian ARC](/docs/integrations/saas-cloud/digital-guardian-arc/#collection-configuration-and-app-installation), [DocuSign](/docs/integrations/saas-cloud/docusign/#collection-configuration-and-app-installation), [Dropbox](/docs/integrations/saas-cloud/dropbox/#collection-configuration-and-app-installation), [Druva](/docs/integrations/saas-cloud/druva/#collection-configuration-and-app-installation), [Druva Cyber Resilience](/docs/integrations/saas-cloud/druva-cyber-resilience/#collection-configuration-and-app-installation), [Gmail Trace Logs](/docs/integrations/saas-cloud/gmail-tracelogs/#collection-configuration-and-app-installation), [Microsoft Exchange Trace Logs](/docs/integrations/saas-cloud/microsoft-exchange-trace-logs/#collection-configuration-and-app-installation), [Microsoft Graph Identity Protection](/docs/integrations/microsoft-azure/microsoft-graph-identity-protection/#collection-configuration-and-app-installation), [Miro](/docs/integrations/saas-cloud/miro/#collection-configuration-and-app-installation), [SailPoint](/docs/integrations/security-threat-detection/sailpoint/#collection-configuration-and-app-installation), and [Zendesk](/docs/integrations/saas-cloud/zendesk/#collection-configuration-and-app-installation) apps are now updated to have integrated Cloud-to-Cloud source creation and app installation.
+- **Classic Apps to Next-Gen Apps Migration.** [CIS AWS Foundations Benchmark](/docs/integrations/amazon-aws/cis-aws-foundations-benchmark), [Gmail Trace Logs](/docs/integrations/saas-cloud/gmail-tracelogs), and [Microsoft Exchange Trace Logs](/docs/integrations/saas-cloud/microsoft-exchange-trace-logs) apps are migrated from [Classic Apps (Legacy)](/docs/get-started/apps-integrations/#classic-apps-legacy) to [Next-Gen Apps](/docs/get-started/apps-integrations/#next-gen-apps).
+- We have enhanced the following six Cloudtrail Logs based apps:
+    - [Amazon CloudTrail - Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/aws-cloudtrail)
+    - [AWS CloudTrail](/docs/integrations/amazon-aws/cloudtrail)
+    - [CIS AWS Foundations Benchmark](/docs/integrations/amazon-aws/cis-aws-foundations-benchmark)
+    - [Cloud Infrastructure Security for AWS](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws)
+    - [PCI Compliance For AWS CloudTrail](/docs/integrations/amazon-aws/cloudtrail-pci-compliance)
+    - [Threat Intel for AWS](/docs/integrations/amazon-aws/threat-intel)
+- **Sumo Logic Kickstart Data**. Updated the default time range of all the panels to six hours and added text panels in the dashboards.
+- **AWS Serverless Application Models**. Added support for Sumo Logic Korea deployment by releasing the following SAM:
+    - [sumologic-aws-cloudtrail-benchmark](https://github.com/SumoLogic/sumologic-aws-lambda/tree/main/cloudtrailbenchmark) - Semantic v1.0.19
+
+### Bug Fixes
+
+- **Kubernetes Control Plane**. Added the `quantization_interval` filter variable.

blog-service/2025-02-01-apps.md

@@ -0,0 +1,14 @@
+---
+title: JumpCloud Directory Insights (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - jumpcloud-directory-insights
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to introduce the new JumpCloud Directory Insights app for Sumo Logic. This app provides a comprehensive visibility into authentication events, user activities, and security-related actions within your JumpCloud-managed environment. The pre-configured dashboards can help you to track failed login attempts, privileged access changes, and account lockouts in real-time to improve security and ensure organizational policy compliance. [Learn more](/docs/integrations/saas-cloud/jumpcloud-directory-insights/).

cid-redirects.json

@@ -1584,6 +1584,7 @@
   "/cid/10188": "/docs/integrations/saas-cloud/miro",
   "/cid/10187": "/docs/integrations/saas-cloud/digital-guardian-arc",
   "/cid/10114": "/docs/integrations/saas-cloud/jamf",
+  "/cid/10115": "/docs/integrations/saas-cloud/jumpcloud-directory-insights",
   "/cid/10208": "/docs/integrations/saas-cloud/cisco-meraki-c2c",
   "/cid/10209": "/docs/integrations/security-threat-detection/cisco-meraki",
   "/cid/10210": "/docs/integrations/saas-cloud/proofpoint-tap",

docs/dashboards/about.md

@@ -101,3 +101,20 @@ Dashboards have two themes available: Light mode (which is the default) and Dar
 ## Clickable Legend
 
 If you want to focus on one item in your chart you can simply click on the item in the legend. If you want to toggle just one legend item, just hold the **shift** key and then click the item.<br/><img src={useBaseUrl('/img/dashboards/about-dashboard/clicklegend.gif')} alt="clicklegend" style={{border: '1px solid gray'}} width="700" />
+
+## Dashboard Information
+
+The dashboard information popup provides insights into the scan costs associated with log-based queries that run within dashboards.
+
+To view the dashboard information, follow the steps below:
+1. Open the dashboard for which you need to view the information.
+2. Click the three-dot kebab menu icon in the top right corner of the dashboard and select **Info** from the dropdown menu.<br/><img src={useBaseUrl('img/dashboards/dashboard_info/dashboard_info.png')} alt="dashboard_info" style={{border: '1px solid gray'}} width="230"/>
+3. A popup pane will appear, displaying the following dashboard information:<br/><img src={useBaseUrl('img/dashboards/dashboard_info/dashboard_info_panel.png')} alt="dashboard_info_panel" style={{border: '1px solid gray'}} width="600"/>
+    - **Dashboard Name**. Name of the dashboard.
+    - **Created By**. The user who created the dashboard. 
+    - **Time Range Expression**. The time range selected for the dashboard.
+    - **Start**. The current start time based on the selected time range.
+    - **End**. The current end time based on the selected time range.
+    - **Time Zone**. The time zone for the set time range.
+    - **Scanned Bytes**. The total amount of data scanned in bytes.
+    - **Dashboard ID**. A unique identification ID for the dashboard. Copy and use the dashboard ID within the APIs to identify the dashboard when making requests.

docs/get-started/quickstart.md

@@ -25,9 +25,14 @@ What you'll learn:
 
 You'll need a Sumo Logic account. Sign up for a free trial [here](/docs/get-started/sign-up).
 
-## Getting started with kickstart data in your trial
+## Getting started with Kickstart Data in your trial
 
-With your [trial](/docs/get-started/sign-up), you can access preloaded placeholder Kickstart Data to explore Sumo Logic instantly without setting up your own data. This feature helps trial users see immediate value and bypass setup barriers like firewall and security configurations.
+With your [Sumo Logic trial](/docs/get-started/sign-up), you can access preloaded placeholder Kickstart Data to explore Sumo Logic instantly prior to setting up your own data. This feature helps trial users see immediate value and bypass setup barriers like firewall and security configurations.
+
+:::warning limitations
+* Your trial workflow—Kickstart Data or custom data—is automatically determined by marketing-based user profiling. Manual selection of a workflow is not currently supported.
+* This feature is only available to select trial users during the initial rollout phase.
+:::
 
 ### Key benefits
 
@@ -50,11 +55,6 @@ With your [trial](/docs/get-started/sign-up), you can access preloaded placehold
 
 You can skip Kickstart Data anytime and begin ingesting your own data.
 
-:::warning limitations
-* User profiling for selection. Your assignment to either placeholder data or your own data workflow is determined by user profiling data from marketing. You won't be able to manually select your preferred workflow.
-* Limited availability. At launch, the placeholder data option will only be available to select trial users based on profiling.
-:::
-
 ## Step 1: Get your data into Sumo
 
 The journey of 10,000 logs begins with a single collector. Your data analytics journey starts by sending your data to Sumo.

docs/get-started/sign-up.md

@@ -29,13 +29,21 @@ The activation link expires after 3 days. If it expires, you’ll need to comple
 1. Fill out the **Activate Your Account** form, then click **Activate**.
 1. Follow the setup guide to install a data collector and start ingesting data.
 
-### Set up Collector
+:::tip
+Get started with Sumo Logic effortlessly using **Kickstart Data**, preloaded sample data and dashboards designed to help you explore and understand the platform’s capabilities. You can immediately dive into our features like log search and alerts prior to setting up your own data collection. Whether you're new to Sumo Logic or evaluating its features, Kickstart Data offers a hands-on way to experience the platform's power. [Learn more](/docs/get-started/quickstart/#getting-started-with-kickstart-data-in-your-trial).
+:::
+
+### Set up data collection
+
+Upon first logging in, you'll be asked to select the platform (AWS, Kubernetes, Linux, Windows, macOS) from which you want to collect data. This will install the OpenTelemetry collector and relevant dashboards.
+* For AWS, you'll deploy a single account with a CloudFormation Template, CLI, or Terraform.
+* For Kubernetes, Linux, Windows, or macOS, you'll need to run the provided command in your Terminal or PowerShell.
+
+You'll also see an option to bypass setup and explore our [App Catalog](/docs/integrations), where you'll find a wide range of apps and follow easy-to-use setup guides for installation.
 
-1. Select the platform (Linux, Windows, macOS, or AWS) from which you want to collect data.<br/><img src={useBaseUrl('img/get-started/data-collection.png')} alt="Platform selection showing Linux, Windows, macOS, or AWS" style={{border: '1px solid gray'}} width="400" />
-1. Copy, paste, and run the provided command in your Terminal or PowerShell to install the OpenTelemetry collector and relevant dashboards.
-1. When the installation is complete, click **Start using Sumo**. <br/><img src={useBaseUrl('img/get-started/install-otel.png')} alt="icon" style={{border: '1px solid gray'}} width="500" />
+When the installation is complete, click **Start using Sumo**.
 
-Next, you'll be taken to your onboarding checklist guide, where you can view dashboards, run your first log search, set up alerts, install more apps for your environment, and more.
+Your data will start flowing in a couple of minutes. Next, you'll be taken to a step-by-step onboarding guide, where you can visualize your data via dashboards, run your first log search, set up alerts, install apps, and more.
 
 ### Upgrade or continue with Free account
 
@@ -122,16 +130,10 @@ For example, for 10GB/Day:
 - If the billing cycle is 30 days, the Reserved Capacity is 300GB.
 - If the billing cycle is 31 days, the Reserved Capacity is 310GB.
 
-## Kickstart your Sumo Logic experience with placeholder data  
-
-Get started with Sumo Logic effortlessly using **Kickstart Data**, preloaded sample data and dashboards designed to help you explore and understand the platform’s capabilities. With Kickstart Data, you can immediately dive into Sumo Logic's features—like Log Search, Alerts, and Dashboards—without needing to set up your own data sources.  
-
-Whether you're new to Sumo Logic or evaluating its features, Kickstart Data offers a hands-on way to experience the platform's power. For more details, see our [Quickstart Guide](/docs/get-started/quickstart).
-
 
-## Resources
+## Next steps
 
-* [Sumo Logic Quickstart](/docs/get-started/quickstart)
-* [Onboarding checklists](/docs/get-started/onboarding-checklists)
+* [Quickstart Guide](/docs/get-started/quickstart)
+* [Onboarding Checklists](/docs/get-started/onboarding-checklists)
 * [Free Training and Certification](/docs/get-started/training-certification-faq)
-* [Sumo Logic terms and conditions](https://www.sumologic.com/support-terms)
+* [Sumo Logic Terms and Conditions](https://www.sumologic.com/support-terms)