Merge branch 'main' into DOCS-718

Author: kimsauce

docs/integrations/amazon-aws/amazon-elastic-block-store.md

@@ -12,15 +12,70 @@ Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for
 
 Amazon EBS is recommended for data that must be quickly accessible and requires long-term persistence. EBS volumes are particularly well-suited for use as the primary storage for file systems, databases, or for any applications that require fine granular updates and access to raw, unformatted, block-level storage. Amazon EBS is well suited to both database-style applications that rely on random reads and writes, and to throughput-intensive applications that perform long, continuous reads and writes. For more details, refer to the [AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html).
 
-## Log and metric types
+## Metric type
 * [CloudWatch Metrics](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using_cloudwatch_ebs.html)
-* [CloudTrail Logs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitor-with-cloudtrail.html)
 
+:::note
+For [CloudTrail log](https://docs.aws.amazon.com/ebs/latest/userguide/logging-ebs-apis-using-cloudtrail.html), Amazon EBS and Amazon EC2 are tightly integrated services. Most EBS-related events are captured and reflected as part of EC2 events, since EBS volumes are typically attached to EC2 instances for storage and compute operations. See the [Amazon EC2 app](https://help.sumologic.com/docs/integrations/amazon-aws/ec2-cloudwatch-metrics/#events) for EBS related captured events.
+:::
 
 ## Setup
-You can collect the logs and metrics for Sumo Logic's Amazon Elastic Block Store (Amazon EBS) integration by following the below steps.
+You can collect the metrics for Sumo Logic's Amazon Elastic Block Store (Amazon EBS) integration by following the below steps.
 
-### Configure metrics collection
-* Collect **CloudWatch Metrics** with namespace `AWS/EBS` using the [AWS Kinesis Firehose for Metrics](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source/) source. For `AWS/EBS` metrics and dimensions, refer to [Amazon Elastic Block Store (Amazon EBS) CloudWatch metrics](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using_cloudwatch_ebs.html).
-### Configure logs collection
-* Collect [AWS CloudTrail Logs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitor-with-cloudtrail.html) using [AWS CloudTrail](/docs/send-data/hosted-collectors/amazon-aws/aws-cloudtrail-source/) source. Amazon EC2 and Amazon EBS are integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or AWS service in Amazon EC2 and Amazon EBS. CloudTrail captures all API calls for Amazon EC2 and Amazon EBS as events, including calls from the console and from code calls to the APIs. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for Amazon EC2 and Amazon EBS. Using the information collected by CloudTrail, you can determine the request that was made to Amazon EC2 and Amazon EBS, the IP address from which the request was made, who made the request, when it was made, and additional details.
+### Collect CloudWatch Metrics
+
+Sumo Logic supports collecting metrics using two source types:
+
+* Configure an [AWS Kinesis Firehose for Metrics Source](/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-metrics-source) (recommended); or
+* Configure an [Amazon CloudWatch Source for Metrics](/docs/send-data/hosted-collectors/amazon-aws/amazon-cloudwatch-source-metrics)
+
+* The namespace for **Amazon Elastic Block Store** Service is **AWS/EBS**.
+   * ​​​**Metadata**. Add an **account** field to the source and assign it a value that is a friendly name/alias to your AWS account from which you are collecting metrics. Metrics can be queried via the “account field”.
+
+## Installing the Elastic Block Store app  
+
+Now that you have set up a collection for **Amazon Elastic Block Store**, install the Sumo Logic app to use the pre-configured [dashboards](#viewing-the-elastic-block-store-dashboards) that provide visibility into your environment for real-time analysis of overall usage.
+
+import AppInstall from '../../reuse/apps/app-install-v2.md';
+
+<AppInstall/>
+
+## Viewing the Elastic Block Store dashboards  
+
+We highly recommend you view these dashboards in the [AWS Observability view](/docs/dashboards/explore-view/#aws-observability) of the AWS Observability solution.
+
+:::note
+Most Amazon EBS metrics shown on the dashboard depend on the volume type and usage conditions. For more details, refer to [CloudWatch Metrics](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using_cloudwatch_ebs.html).
+:::
+
+### Overview
+
+The **Amazon EBS - Overview** dashboard offers a comprehensive view of the performance and utilization throughout the lifecycle of your EBS volumes. It allows you to monitor essential metrics such as volume activity, data throughput, and latency.
+
+Use this dashboard to:
+* Monitor EBS volume performance metrics like IOPS, throughput, and latency.
+* Track burst balance and queue depth to assess I/O efficiency.
+
+<img src={useBaseUrl('img/integrations/amazon-aws/Amazon-EBS-Overview.png')} alt="Elastic Block Store" style={{border: '1px solid gray'}} />
+
+### Performance Monitoring
+
+The **Amazon EBS - Performance** dashboard provides detail visibility into the performance and utilization of your EBS volumes, fast snapshot restore capabilities, and snapshot lifecycle. It enables monitoring of key metrics related to volume activity, latency.
+
+Use this dashboard to:
+* Monitor EBS volume performance metrics like latency, time spent on operations.
+* Track burst balance and queue depth to assess I/O efficiency.
+* Monitor status checks to detect degraded or impaired volumes and snapshot copy progress.
+* Track Fast Snapshot Restore readiness and available restore credits.
+
+<img src={useBaseUrl('img/integrations/amazon-aws/Amazon-EBS-Performance.png')} alt="Elastic Block Store" style={{border: '1px solid gray'}} />
+
+The **Amazon EBS - Throughput and IOPS** dashboard provides detail visibility into the Throughput and IOPS utilization of your EBS volumes, It enables monitoring of key metrics related to volume IOPS activity, data throughput.
+
+Use this dashboard to:
+* Monitor EBS volume performance metrics like IOPS, throughput.
+* Monitor status checks to detect degraded or impaired volumes.
+* Track data transfer activity to understand read/write patterns over time.
+
+
+<img src={useBaseUrl('img/integrations/amazon-aws/Amazon-EBS-Throughput-and-IOPS.png')} alt="Elastic Block Store" style={{border: '1px solid gray'}} />

docs/manage/deletion-requests.md

@@ -30,7 +30,8 @@ After a data deletion request is approved, data will be deleted from the organiz
 :::
 
 :::note
-During the data deletion process, existing messages may temporarily appear duplicated for a few seconds. These duplicated messages will automatically disappear once the data deletion is complete.
+- During the data deletion process, existing messages may temporarily appear duplicated for a few seconds. These duplicated messages will automatically disappear once the data deletion is complete.
+- Pinned queries may continue to display data identified for deletion for up to 24 hours from the initial run, prior to the data deletion request approval.
 :::
 
 :::info

docs/platform-services/automation-service/app-central/integrations/aws-waf.md

@@ -9,7 +9,72 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 ***Version: 1.1  
 Updated: March 26, 2025***
 
+## Overview
+
+### Purpose
+
 AWS WAF is a web application firewall that helps protect web applications from attacks by allowing you to configure rules that allow, block, or monitor (count) web requests based on conditions that you define.
+This integration is designed to manage and retrieve WAF security configurations, including IP sets, regex pattern sets, rule groups, and web access control lists (web ACLs). It enables you to define, update, delete, and retrieve security rule assets that inspect and control web request traffic.
+
+### Use cases
+
+* Creating and managing IP allowlists/denylists
+* Defining regex-based pattern rules for request inspection
+* Grouping multiple rules in custom rule groups
+* Fetching details and summaries of rule components
+* Updating existing rules in response to new threats
+
+### Supported versions
+
+This integration supports WAFv2 API actions and works with resources.
+It is compatible with all standard environments where WAFv2 actions are supported.
+
+### Prerequisites
+
+* IAM permissions for:
+  * `wafv2:CreateIPSet, DeleteIPSet, UpdateIPSet, GetIPSet, ListIPSets`
+  * `wafv2:CreateRegexPatternSet, DeleteRegexPatternSet, ListRegexPatternSets`
+  * `wafv2:CreateRuleGroup, DeleteRuleGroup, GetRuleGroup, ListRuleGroups`
+  * `wafv2:GetWebACL, ListWebACLs, ListResourcesForWebACL`
+  * `wafv2:GetManagedRuleSet, ListManagedRuleSets, ListAvailableManagedRuleGroups`
+* Proper region selection for WAFv2 API calls (`regional` or `global` scope)
+* API credentials with sufficient access
+
+### Limitations
+
+* Regex complexity may be limited by the WAF regex engine's constraints.
+* All changes require propagation time before taking effect (~1-2 minutes).
+
+## Configure AWS WAF in Automation Service and Cloud SOAR
+
+import IntegrationsAuth from '../../../../reuse/integrations-authentication.md';
+
+<IntegrationsAuth/>
+
+### Installation
+
+[Install](/docs/platform-services/automation-service/automation-service-app-central/#install-an-integration-from-app-central) the AWS WAF application from App Central.
+
+### Configuration
+
+After installing the AWS WAF application, create an AWS WAF resource to begin executing actions.
+
+Refer to the image below for guidance on creating an AWS WAF resource.
+
+<img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/aws-waf/aws-waf-1.png')} style={{border:'1px solid gray'}} alt="Edit Resource for AWS WAF" width="400"/>
+
+Provide the following details:
+* Access Key
+* Secret Key
+* AWS Region
+* Scope
+* Automation Engine
+
+Once the information is filled in, click on Test to quickly verify that the provided details are correct.
+
+### Verification
+
+To verify the integration is working, execute any Enrichment action, or once the resource is created, test the resource.
 
 ## Actions
 
@@ -32,17 +97,166 @@ AWS WAF is a web application firewall that helps protect web applications from a
 * **List Web ACLs** (*Enrichment*) - Retrieves a list of WebACLSummary objects for the web ACLs that you manage.
 * **Update IP Set** (*Containment*) - Updates the specified IPSet.
 
-## External Libraries
+## Usage
 
-* [boto3](https://github.com/boto/boto3/blob/develop/LICENSE)
+### Basic usage
 
-## Configure AWS WAF in Automation Service and Cloud SOAR
+* Create an IP Set (allow/block IPs).
+* Create a Regex Pattern Set (match request components).
+* Group rules using Rule Groups.
+* Retrieve or list existing components for monitoring or inspection.
 
-import IntegrationsAuth from '../../../../reuse/integrations-authentication.md';
+### Advanced usage
 
-<IntegrationsAuth/>
+Bulk Listing & Auditing: List all rule groups, regex sets, IP sets, and WebACLs and map their usage across resources.
+
+## API reference
+
+### Configuration
+
+Each API call uses the following structure:
+* Method: Generally POST or GET depending on the action
+* Authentication: AWS Signature V4
+* Scope: REGIONAL or CLOUDFRONT
+
+### Containment APIs
+
+#### Create IP Set
+* Method: POST
+* Action: CreateIPSet
+* Required Parameters:
+  * Name (string)
+  * Scope (REGIONAL | CLOUDFRONT)
+  * Region
+  * IPAddressVersion (IPV4 | IPV6)
+  * Addresses (list of IPs or CIDRs)
+  * Description (optional)
+
+```python title="Sample Request (Python)"
+client.create_ip_set(
+    Name='BlockList',
+    Scope='REGIONAL',
+    IPAddressVersion='IPV4',
+    Addresses=['x.x.x.x/24'],
+    Description='Block bad IPs'
+)
+```
+
+```json title="Sample Response (JSON)"
+{
+  "Summary": {
+    "Name": "BlockList",
+    "Id": "123abcde-4567-890a-bcde-1234567890ab",
+    "ARN": "arn:aws:wafv2:us-east-1:123456789012:regional/ipset/BlockList/123abcde-4567-890a-bcde-1234567890ab",
+    "Description": "Block bad IPs",
+    "LockToken": "e1b2c3d4-5678-9101-1121-314151617181"
+  }
+}
+```
+
+#### Create Regex Pattern Set
+* Method: POST
+* Action: CreateRegexPatternSet
+* Required Parameters:
+  * Name, Scope, RegularExpressionList, Description (optional)
+
+#### Create Rule Group
+* Method: POST
+* Action: CreateRuleGroup
+* Required Parameters:
+  * Name, Scope, Capacity, Rules, VisibilityConfig
+
+#### Update IP Set
+* Method: POST
+* Action: UpdateIPSet
+* Required Parameters:
+  * ID, Name, Scope, Add/Remove IP Addresses
+
+#### Delete IP Set / Regex Pattern Set / Rule Group
+* Method: POST
+* Action: Delete (Type)
+* Required Parameters:
+  * Name, ID, Scope, Region
+
+### Enrichment APIs
+
+#### Get IP Set / Rule Group / Web ACL / Managed Rule Set
+* Method: GET
+* Action: Get (Type) ex: Get IP Set/Get Rule Group
+* Required Parameters:
+  * Id, Name, Scope
+
+#### List IP Sets / Regex Pattern Sets / Rule Groups / Web ACLs / Managed Rule Sets
+* Method: GET
+* Action: List (Type)s
+* Optional Parameters: Limit, NextMarker
+
+#### List Resources for Web ACLs
+* Method: GET
+* Action: ListResourcesForWebACL
+* Required Parameters:
+  * WebACLArn
+
+### Rate limits and quotas
+
+| API type | Quota/rate limit |
+| :-- | :-- |
+| IP sets per region  | 100 |
+| Regex sets per region | 100 |
+| Rule groups per region | 100 |
+| API transactions (TPS) | ~5-10 TPS per account per API |
+
+Limits may vary by region and can be increased via AWS Support.
+
+## Troubleshooting
+
+### Common issues
+
+| Issue | Description | Solution |
+| :-- | :-- | :-- |
+| WAFNonexistentItemException | Occurs when trying to access or delete a non-existent resource. | Double-check the ID, Name, and Scope. Use List APIs to confirm existence. |
+| WAFOptimisticLockException | Indicates a stale or missing LockToken when updating or deleting resources.  | Always fetch the latest LockToken using Get API before performing updates/deletes.  |
+| WAFInvalidParameterException | One or more parameters are invalid or missing. |                              Verify that all required parameters are included and correctly formatted (for example, CIDR for IP sets). |
+| AccessDeniedException  | Occurs when permissions are insufficient.  | Check IAM roles and policies assigned to the user or service making the request. Ensure `wafv2:*` permissions are included. |
+| Resource still appears after deletion. | A deleted IPSet, RuleGroup, etc. still seems accessible in the UI or APIs.  | Allow a few seconds for propagation. Use Get `<action-type>` or List `<action-type>` to confirm removal. |
+| IP addresses not being blocked.  | Traffic from listed IPs still reaches the application. | Ensure the IPSet is attached to a WebACL and the WebACL is associated with the resource (for example, CloudFront or ALB). |
+
+
+### FAQs
+
+#### Can I reuse an IPSet in different rule groups?
+
+Yes, an IPSet can be used in several rule groups or WebACLs. You don’t need to create a new one for each use.
+
+#### What’s the difference between REGIONAL and CLOUDFRONT scopes?
+
+REGIONAL is used for AWS services like Application Load Balancers, API Gateway, and App Runner.
+
+CLOUDFRONT is specifically for CloudFront distributions and must be managed in the US East (N. Virginia) region.
+
+#### Why aren’t my changes showing up right away?
+
+Updates can take a few moments to fully apply within AWS. Try retrieving the latest configuration using the appropriate Get API call to confirm.
+
+#### What if the IP address I provide isn’t in CIDR format?
+
+If the IP isn’t formatted correctly (for example, missing the CIDR suffix), AWS WAF will return a WAFInvalidParameterException. Make sure IPs follow the CIDR notation like 192.0.2.0/24.
+
+### Support
+
+* [AWS WAF documentation](https://docs.aws.amazon.com/waf/latest/developerguide/)
+* [AWS WAF API reference](https://docs.aws.amazon.com/waf/latest/APIReference/)
+* [Contact AWS support](https://aws.amazon.com/support)
+
+## External libraries
+
+* [boto3](https://github.com/boto/boto3/blob/develop/LICENSE)
 
 ## Change Log
 
+### Version history
 * April 19, 2024 (v1.0)- First upload
-* March 26, 2025 (v1.1) - Added **Update IP Set** action: This new action allows users to add or remove IPs from an existing IP Set.
+* March 26, 2025 (v1.1) - Added Update IP Set action. This new action allows users to add or remove IPs from an existing IP Set.
+
+### Deprecation notices
+* NA