Finish 'Integrations Configuration' page

Author: jpipkin1

docs/cse/administration/create-cse-actions.md

@@ -73,10 +73,10 @@ The notification sent by a Rule Action contains the name of the rule and the re
 ## Create an Action
 
 1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Actions**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Actions**. You can also click the **Go To...** menu at the top of the screen and select **Actions**. 
-1. On the **Actions** page, click **Create**.
-1. The **Create Action** popup appears. <br/><img src={useBaseUrl('img/cse/create-action-empty.png')} alt="Create Action dialog" style={{border: '1px solid gray'}} width="500" />
+1. On the **Actions** tab, click **+ Add Action**.
+1. The **Add Action** popup appears. <br/><img src={useBaseUrl('img/cse/create-action-empty.png')} alt="Create Action dialog" style={{border: '1px solid gray'}} width="400" />
 1. **Name**. Enter a name that communicates what the Action does.
-1. **Type**. Choose one of the following options, and follow the instructions for that Action type to complete creating your Action.
+1. **Action Type**. Choose one of the following options, and follow the instructions for that Action type to complete creating your Action.
     * [AWS Simple Notification Service](#aws-simple-notification-service-sns)
     * [Demisto](#demistocortex-xsoar)
     * [Email](#email)

docs/cse/administration/create-cse-context-actions.md

@@ -32,7 +32,7 @@ The Context Actions menu will be available for any of these types, wherever they
 
 ## How a user accesses Context Actions
 
-A user runs a Context Action by clicking the Context Action icon next to an Entity, Record field, or IOC and choosing an action from the list that appears. The icon appears when you hover over the value of the item.
+A user runs a Context Action by clicking the Context Action icon <img src={useBaseUrl('img/cse/context-action-icon.png')} alt="Context action icon" style={{border: '1px solid gray'}} width="20"/> next to an Entity, Record field, or IOC and choosing an action from the list that appears. The icon appears when you hover over the value of the item.
 
 In the screenshot below, Context Actions are listed below the built-in **Add to Match List** and **Add to Suppressed List** options.
 
@@ -58,17 +58,18 @@ import Iframe from 'react-iframe'; 
 ## Configure a Context Action
 
 1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Context Actions**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Context Actions**. You can also click the **Go To...** menu at the top of the screen and select **Context Actions**.  
-1. On the **Context Actions** page click **Create**.
-1. Create the context action.  <br/><img src={useBaseUrl('img/cse/configured-action.png')} alt="Configure action" style={{border: '1px solid gray'}} width="500"/>
-    1. **Enter Context Action Name**. Enter a name for the Context Action. 
-    1. Choose whether you want to open a **URL** to an external service or
-        a **Sumo Logic Query**. 
-    1. Enter the URL or log query that the context action will issue.
+1. On the **Context Actions** tab click **+ Add Context Action**.
+1. Create the context action.  <br/><img src={useBaseUrl('img/cse/configured-action.png')} alt="Configure action" style={{border: '1px solid gray'}} width="400"/>
+    1. **Name**. Enter a name for the Context Action. 
+    1. **Action Type**. Choose whether you want to open a **Sumo Logic Query** or a **URL** to an external service. 
+    1. **Query**. Enter the URL or log query that the context action will issue.
         For instructions, see:
         * [Create a Sumo Logic search URL](#create-a-sumo-logic-search-url)
         * [Create a URL to external service](#create-an-url-to-an-external-service)
     1. If you chose **Sumo Logic Query** above, the **Timestamp offset** option appears, which set the query time range. The offset can be either -30m or +30m, and it will be applied to the timestamp in the target Record’s [timestamp](/docs/cse/schema/schema-attributes) field.
-    1. Choose the IOC data types to which the context action will apply. You can select one or more of the following data types listed below. Your context action will be available for any occurrences of the IOCs you select.
+    1. **Entity Types**. Select the Entity types that the context action will apply to.
+    1. **Record Properties**. Select the Record properties that the context action will apply to.
+    1. **IOC Data Types**. Choose the IOC data types to which the context action will apply. You can select one or more of the following data types listed below. Your context action will be available for any occurrences of the IOCs you select.
         * **Domain**
         * **Entity Types**
         * **Hash**

docs/cse/automation/about-automation-service-and-cloud-siem.md

@@ -47,7 +47,7 @@ Before you can access the Automation Service from Cloud SIEM, you must first [co
 
 1. To access the Automation Service from Cloud SIEM:
    1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**. <br/>The list of available Cloud SIEM automations appears. Each automation runs a playbook.<br/><img src={useBaseUrl('img/cse/automations-automations-list.png')} alt="Automations list" style={{border: '1px solid gray'}} width="800"/>
-   1. At the top of the screen, click **Manage Playbooks**.<br/><img src={useBaseUrl('img/cse/automations-manage-playbooks.png')} alt="Manage Playbooks menu option" width="400"/> <br/>The Automation Service screen displays: <br/><img src={useBaseUrl('img/cse/automations-playbook-list.png')} alt="Automation Playbook list" style={{border: '1px solid gray'}} width="800"/>
+   1. At the top of the screen, click **Manage Playbooks**.<br/><img src={useBaseUrl('img/cse/automations-manage-playbooks.png')} alt="Manage Playbooks menu option" width="300"/> <br/>The Automation Service screen displays: <br/><img src={useBaseUrl('img/cse/automations-playbook-list.png')} alt="Automation Playbook list" style={{border: '1px solid gray'}} width="800"/>
      :::note
      You can also launch the Automation Service by selecting **Automation** from the main menu: <br/><img src={useBaseUrl('img/cse/automation-menu-in-nav-bar.png')} alt="Automation menu option in the nav bar" style={{border: '1px solid gray'}} width="200"/> <br/>If you also have Cloud SOAR installed, a **Cloud SOAR** option appears instead, since all automation services are provided by Cloud SOAR when it installed in conjunction with Cloud SIEM.
      :::

docs/cse/automation/automations-in-cloud-siem.md

@@ -55,10 +55,10 @@ Now that the playbook is configured, you can add it to an automation.
 
 1. [Create a new automation](#create-an-automation).
 1. Select the playbook you created in Step 2.
-1. In **Expects attributes for**,  select **Entity** or **Insight**.
+1. In **Object (expects attributes for)**, select **Entity** or **Insight**.
 1. Select whether you want to automatically run the automation when an Insight is created or closed, or to run it manually. (For the purposes of this overview, select **Manually Done**.)
 1. Select **Enabled**.
-1. Click **Add to List**.
+1. Click **Save**.
 
 ### Step 4: Run the automation
 
@@ -92,13 +92,12 @@ To view the automations that have run on Insights or Entities, see [View results
 The following procedure provides a brief introduction to how to create an automation. For detailed examples, see [Cloud SIEM Automation Examples](/docs/cse/automation/cloud-siem-automation-examples/).
 
 1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**. 
-1. At the top of the automations screen, click **Create**.  (To modify an existing automation, click on the edit icon for the corresponding automation.)<br/><img src={useBaseUrl('img/cse/automations-automations-list.png')} alt="Automations list" style={{border: '1px solid gray'}} width="800"/>
-1. In the **New Automation** dialog, select a **Playbook** from the drop-down list. The playbook must be defined before associating it with an automation. <br/><img src={useBaseUrl('img/cse/automations-new.png')} alt="New Automation" style={{border: '1px solid gray'}} width="400"/>
-1. In **Expects attributes for** select whether the playbook will run on an **Entity** or **Insight**. This defines what data payload will be sent to the playbook from Cloud SIEM.
-1. If **Entity** is selected, in the **Type** field select one or more Entity types. The playbook will only execute on the Entity types selected.
-1. Select one or more **Executes when** Insight triggers: **Insight Created**, **Insight Closed**, or **Manually Done**. If **Manually Done** is not selected, the automation will not appear in any **Actions** menu on Insights or **Automations** menus on Entities.
+1. At the top of the **Automation** tab, click **+ Add Automation**. (To modify an existing automation, select the automation and click **Edit**.)<br/><img src={useBaseUrl('img/cse/automations-automations-list.png')} alt="Automations list" style={{border: '1px solid gray'}} width="800"/>
+1. In the **Add Automation** dialog, select a **Playbook** from the drop-down list. The playbook must be defined before associating it with an automation. <br/><img src={useBaseUrl('img/cse/automations-new.png')} alt="New Automation" style={{border: '1px solid gray'}} width="400"/>
 1. Set the **Status**. Disabled automations will not run automatically and will not appear in any **Actions** or **Automations** menus.
-1. Click **Add to List** (or **Update** if editing an existing automation).
+1. In **Object (xpects attributes for)** select whether the playbook will run on an **Entity** or **Insight**. This defines what data payload will be sent to the playbook from Cloud SIEM. If **Entity** is selected, in the **Type** field select one or more Entity types. The playbook will only execute on the Entity types selected.
+1. For **Execution** select when the automation runs: **Insight Created**, **Insight Closed**, or **Manually Done**. If **Manually Done** is not selected, the automation will not appear in any **Actions** menu on Insights or **Automations** menus on Entities.
+1. Click **Save**.
 
 ## Run an automation automatically
 

docs/cse/automation/cloud-siem-automation-examples.md

@@ -63,11 +63,11 @@ The following example shows how to add an enrichment to an Insight using the “
    1. Click the **Publish** button (clipboard icon) at the bottom of the playbook view. The playbook should look like this:<br/><img src={useBaseUrl('img/cse/configure-an-enrichment-playbook.png')} alt="Simple playbook for Insight enrichment" style={{border: '1px solid gray'}} width="700"/>
 1. Create an automation in Cloud SIEM to run the playbook:
    1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the main Sumo Logic menu select **Cloud SIEM**. In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**. 
-   1. At the top of the automations screen, click **New Automation**.
+   1. At the top of the **Automation** tab, click **+ Add Automation**.
    1. For **Playbook**, select the playbook you created in the previous steps.
-   1. For **Expects attributes for**, select **Insight**.
-   1. For **Executes when**, select **Manually Done**.
-   1. Click **Add to List**.
+   1. For **Object (expects attributes for)**, select **Insight**.
+   1. For **Execution**, select **Manually Done**.
+   1. Click **Save**.
 1. Run the automation:
    1. Select **Insights** from the main Cloud SIEM screen.
    1. Select an Insight.
@@ -135,11 +135,11 @@ The following example shows how to configure a notification that sends an email
    1. Click the **Publish** button (clipboard icon) at the bottom of the playbook view. The playbook should look like this:<br/><img src={useBaseUrl('img/cse/configure-a-notification-playbook.png')} alt="Playbook for notification" style={{border: '1px solid gray'}} width="700"/>
 1. Create an automation in Cloud SIEM to run the playbook:
    1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the main Sumo Logic menu select **Cloud SIEM**. In the top menu of Cloud SIEM select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. 
-   1. At the top of the automations screen, click **New Automation**.
+   1. At the top of the **Automation** tab, click **+ Add Automation**.
    1. For **Playbook**, select the playbook you created in the previous steps.
-   1. For **Expects attributes for**, select **Insight**.
-   1. For **Executes when**, select **Manually Done**.
-   1. Click **Add to List**.
+   1. For **Object (expects attributes for)**, select **Insight**.
+   1. For **Execution**, select **Manually Done**.
+   1. Click **Save**.
 1. Run the automation:
    1. Select **Insights** from the main Cloud SIEM screen.
    1. Select an Insight.
@@ -239,11 +239,11 @@ The action uses [IP Quality Score](https://www.ipqualityscore.com/) to gather IP
     1. Click the **Publish** button (clipboard icon) at the bottom of the playbook view. The playbook should look like this:<br/><img src={useBaseUrl('img/cse/custom-integration-insight-enrichment.png')} alt="Custom playbook for Insight enrichment" style={{border: '1px solid gray'}} width="700"/>
 1. Create an automation in Cloud SIEM to run the playbook:
     1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the main Sumo Logic menu select **Cloud SIEM**. In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. 
-    1. At the top of the automations screen, click **New Automation**.
+    1. At the top of the **Automation** tab, click **+ Add Automation**.
     1. For **Playbook**, select the playbook you created in the previous steps.
-    1. For **Expects attributes for**, select **Insight**.
-    1. For **Executes when**, select **Manually Done**.
-    1. Click **Add to List**.
+    1. For **Object (expects attributes for)**, select **Insight**.
+    1. For **Execution**, select **Manually Done**.
+    1. Click **Save**.
 1. Run the automation:
     1. Select **Insights** from the main Cloud SIEM screen.
     1. Select an **Insight**.
@@ -363,9 +363,9 @@ The following example pulls together elements of the [Simple example](#simple-ex
 1. Create an automation in Cloud SIEM to run the playbook:
    1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the main Sumo Logic menu select **Cloud SIEM**. In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. 
    1. For **Playbook**, select the playbook you created in the previous steps.
-   1. For **Expects attributes for**, select **Insight**.
-   1. For **Executes when**, select **Manually Done**.
-   1. Click **Add to List**.
+   1. For **Object (expects attributes for)**, select **Insight**.
+   1. For **Execution**, select **Manually Done**.
+   1. Click **Save**.
 1. Run the automation:
    1. Select **Insights** from the main Cloud SIEM screen.
    1. Select an Insight.

docs/cse/integrations/enable-virustotal-enrichment.md

@@ -37,8 +37,8 @@ VirusTotal enrichments are only added to Signals that are part of an Insight.
 ## Configure VirusTotal enrichment
 
 1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Enrichment**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Enrichment**. You can also click the **Go To...** menu at the top of the screen and select **Enrichment**.  
-1. On the **Enrichment** page, click the pencil icon for VirusTotal.<br/><img src={useBaseUrl('img/cse/enrichment-page.png')} alt="Edit button on the VirusTotal enrichment" style={{border: '1px solid gray'}} width="500" />
-2. On the **Edit VirusTotal Configuration** popup, enter your VirusTotal API Key, and click Update.<br/><img src={useBaseUrl('img/cse/edit.png')} alt="Edit VirusTotal Configuration pop-up" style={{border: '1px solid gray'}} width="300" />
+1. On the **Enrichment** tab, select **VirusTotal** and click the **Edit** button.
+2. On the **Edit VirusTotal** popup, enter your VirusTotal API Key, and click **Save**.
 
 ## Example VirusTotal enrichment
 <img src={useBaseUrl('img/cse/virus-total-enrichment.png')} alt="Example VirusTotal enrichment" style={{border: '1px solid gray'}} width="700" />

docs/platform-services/automation-service/about-automation-service.md

@@ -58,7 +58,7 @@ Before you can access the Automation Service, you must first [configure role cap
 ### From Cloud SIEM
 
 1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the Cloud SIEM top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**.  <br/>The list of available automations appears. Each automation runs a playbook.<br/><img src={useBaseUrl('img/cse/automations-automations-list.png')} style={{border:'1px solid gray'}} alt="Automations list" width="800"/>
-1. At the top of the screen, click **Manage Playbooks**.<br/><img src={useBaseUrl('img/cse/automations-manage-playbooks.png')} style={{border:'1px solid gray'}} alt="Manage Playbooks menu option" width="400"/>
+1. At the top of the screen, click **Manage Playbooks**.<br/><img src={useBaseUrl('img/cse/automations-manage-playbooks.png')} style={{border:'1px solid gray'}} alt="Manage Playbooks menu option" width="300"/>
 1. The Automation Service screen opens on the **Playbook** tab. <br/><img src={useBaseUrl('img/platform-services/playbook-main-screen.png')} alt="Playbook screen" style={{border: '1px solid gray'}} width="800"/>
 
 ## Prerequisites