Merge branch 'main' into docs-684-add-new-tab-preference

Author: kimsauce

.clabot

@@ -177,7 +177,9 @@
     "Apoorvkudesia-sumologic",
     "akesle",
     "ankitgoelcmu",
-    "Deklin"
+    "Deklin",
+    "justrelax19",
+    "dlindelof-sumologic"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",

blog-cse/2025-03-10-application.md

@@ -0,0 +1,20 @@
+---
+title: March 10, 2025 - Application Update
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - custom insights
+  - insights
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+### Strict signal configuration
+
+We're happy to announce that now when you create custom insights, you can select an option to generate insights only on those signals defined in your custom insight. Any additional signals related to the applicable entity are excluded. This allows you to generate insights for an immediate and targeted response. 
+
+[Learn more](/docs/cse/records-signals-entities-insights/configure-custom-insight/#for-only-signals-defined-in-the-custom-insight).
+
+<img src={useBaseUrl('img/cse/strict-signal-configuration-checkbox.png')} alt="Strict Signal Configuration checkbox" style={{border: '1px solid gray'}} width="400"/>

blog-cse/2025-03-13-content.md

@@ -0,0 +1,87 @@
+---
+title: March 13, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+
+This release includes:
+- New detection rules for Azure DevOps to identify suspicious or sensitive activity in CI/CD pipelines
+- New support for Barracuda WAF and CloudGen Firewall
+- Support for CyberArk Audit events
+- Updates to 1Password mappers to realign field mappings to reflect proper directionality
+- Fix for normalizedActions in AWS CloudTrail Policy Change mapper
+- Additions to CrowdStrike Audit and UserActivity log mappers to map additional fields and add alternate values
+- Support for additional events from Kubernetes and Linux OS logs
+
+## Rules
+- [New] CHAIN-S00022 Azure DevOps - Agent Pool Created and Deleted within a Short Period
+    - This detection monitors for the creation and deletion of Agent Pools within 5 days by the same user, with the intent of finding Agent Pools active for short durations.
+- [New] MATCH-S00997 Azure DevOps - Browser Observed in Personal Access Token (PAT) Use
+    - This detection monitors for the use of a PAT for authentication from a User Agent String indicating a web browser.
+- [New] MATCH-S00995 Azure DevOps - Change Made to Administrator Group
+    - This detection monitors for additions to the following groups: Project Administrators, Project Collection Administrators, Project Collection Service Accounts, Build Administrators, Project Collection Build Administrators
+- [New] FIRST-S00098 Azure DevOps - First Seen Pull Request Policy Bypassed
+    - This detection monitors for when a user performs a pull request bypass for the first time.
+- [New] FIRST-S00099 Azure DevOps - First Seen User Creating Agent Pool
+    - This detection monitors for new users creating an agent pool. This user has not been observed creating agent pools during the baseline period and may be a new admin or involved in suspicious account activity.
+- [New] FIRST-S00092 Azure DevOps - First Seen User Creating Release Pipeline
+    - This detection monitors for users creating a release pipeline for the first time after the baseline period (by default, 90 days).
+- [New] FIRST-S00097 Azure DevOps - First Seen User Modifying Build Variables
+    - This detection monitors for a user modifying a variable group for the first time.
+- [New] FIRST-S00096 Azure DevOps - First Seen User Modifying Release Pipeline
+    - This detection monitors for users modifying a release pipeline for the first time after the baseline period (by default, 90 days).
+- [New] MATCH-S00998 Azure DevOps - Known Malicious Tooling Detected ADOKit
+    - This is a simple detection matching on “ADOKit” at the start of the HTTP User Agent String (UAS). This detection effectively catches basic ADOKit use. It is brittle to attackers changing the User Agent String to another more innocuous browser to mask the traffic.
+- [New] MATCH-S00994 Azure DevOps - Member Added to Sensitive Group
+    - This detection monitors for changes to the following groups: Project Administrators, Project Collection Administrators, Project Collection Service Accounts, Build Administrator
+- [New] FIRST-S00095 Azure DevOps - New Agent OS Added to Agent Pool
+    - This detection monitors for the addition of an agent to an agent pool when the OS of the agent has not been observed in this pool during the baseline period.
+- [New] FIRST-S00094 Azure DevOps - New Extension Installed
+    - This detection monitors for new extensions installed organization-wide after a 30-day baseline, based on the user installing the new extension.
+- [New] OUTLIER-S00030 Azure DevOps - Outlier in Pools Deleted Rapidly
+    - This detection identifies statistical outliers in user behavior for the number of pools deleted in an hourly window. 
+- [New] MATCH-S00996 Azure DevOps - Personal Access Token (PAT) Misuse Observed
+    - This detection monitors for use of a Personal Access Token in conjunction with categories of action that aren’t normally associated with PAT authentication.
+- [New] CHAIN-S00021 Azure DevOps - Pipeline Created and Deleted within a Short Period
+    - This detection monitors for the creation and deletion of the same pipeline within a short period (by default, a day).
+- [New] MATCH-S00993 Azure DevOps - Pipeline Retention Settings Reduced
+    - This detection monitors for any reduction in the pipeline retention settings.
+
+
+## Log Mappers
+- [New] Barracuda Authentication
+- [New] Barracuda Catch All
+- [New] Barracuda CloudGen Auth Service dcclient and events
+- [New] Barracuda CloudGen Firewall Activity
+- [New] Barracuda CloudGen Settings DNS
+- [New] Barracuda Network Firewall Event|Web Firewall Event|Access Firewall Event
+- [New] Barracuda System Event
+- [New] CyberArk Audit Authentication
+- [New] CyberArk Audit Catch All
+- [Updated] 1Password Item Audit Actions
+- [Updated] 1Password Item Usage Actions
+- [Updated] 1Password Item Usage C2C
+- [Updated] 1Password Signin C2C
+- [Updated] CloudTrail - iam.amazonaws.com - Policy Change
+- [Updated] CrowdStrike Audit Logs
+- [Updated] CrowdStrike Falcon Host API DetectionSummaryEvent
+- [Updated] CrowdStrike Falcon Host API DetectionSummaryEvent (CNC)
+- [Updated] CrowdStrike UserActivity Logs
+- [Updated] Linux OS Syslog - Process sshd - SSH Auth Failure
+- [Updated] Linux OS Syslog - Process sshd - SSH Bind Listening and negotiate event
+
+## Parsers
+- [New] /Parsers/System/Barracuda/Barracuda CloudGen
+- [New] /Parsers/System/Barracuda/Barracuda WAF
+- [New] /Parsers/System/Cyber-Ark/CyberArk Audit
+- [Updated] /Parsers/System/Kubernetes/Kubernetes
+- [Updated] /Parsers/System/Linux/Linux OS Syslog

blog-csoar/2024/12-31.md

@@ -35,7 +35,7 @@ This release introduces new integrations, new playbooks, and several updates.
 #### Integrations
 
 * [New] [Google Chat](/docs/platform-services/automation-service/app-central/integrations/google-chat)
-* [New] [Malwarebytes Oneview](/docs/platform-services/automation-service/app-central/integrations/malwarebytes-oneview)
+* [New] [Malwarebytes ThreatDown OneView](/docs/platform-services/automation-service/app-central/integrations/threatdown-oneview)
 * [New] [Silent Push](/docs/platform-services/automation-service/app-central/integrations/silent-push)
 * [New] [Sumo Logic Automation Tools](/docs/platform-services/automation-service/app-central/integrations/sumo-logic-automation-tools)
 * [New] [VirusTotal V3](/docs/platform-services/automation-service/app-central/integrations/virustotal-v3)

blog-service/2025-03-07-apps.md

@@ -0,0 +1,14 @@
+---
+title: Netskope WebTx (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - netskope-webtx
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to introduce the new Netskope WebTx app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Netskope WebTx source to collect the web transaction logs from the Netskope WebTx platform. It provides security and IT teams the visibility and insights into web transactions, helping organizations monitor, analyze, and secure their web traffic. [Learn more](/docs/integrations/saas-cloud/netskope-webtx/).

blog-service/2025-03-07-collection.md

@@ -0,0 +1,14 @@
+---
+title: Sumo Collection Source (Collection)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - sumo-collection-source
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to announce the release of our new cloud-to-cloud source for Sumo Collection. This source aims to collect the list of collectors and their sources using Sumo Logic Collector API and Source API and send them to Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source).

blog-service/2025-03-07-manage.md

@@ -0,0 +1,21 @@
+---
+title: Content Management for Organizations - Beta (Manage)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - manage
+  - organizations
+  - mssps
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We are excited to announce a new **Content Management** tab that allows MSSP administrators the ability to conveniently push updates to multiple child organizations at once. [Learn more](/docs/manage/manage-subscription/create-and-manage-orgs/manage-orgs-for-mssps/).
+
+:::note
+This feature is in Beta. To participate, contact your Sumo Logic account executive or our Support Team.
+:::
+
+<img src={useBaseUrl('img/manage/subscriptions/mssp-orgs-sync-selected-items.png')} alt="Content Management tab" style={{border: '1px solid gray'}} width="800"/>

cid-redirects.json

@@ -87,6 +87,7 @@
   "/Start_Here/Customize_Your_Sumo_Logic_Experience": "/docs/get-started",
   "/Start_Here/Getting_Started": "/docs/get-started",
   "/Start_Here/Getting_Started/Analyst_or_Administrator": "/docs/get-started/onboarding-checklists",
+  "/Start_Here/Quick_Start_Tutorial": "/docs/get-started/quickstart",
   "/Start-Here/09Customize-Your-Sumo-Logic-Experience/Preferences-Page": "/docs/get-started/account-settings-preferences",
   "/Start-Here/02Getting-Started/Glossary": "/docs/contributing/glossary",
   "/docs/contributing/create-document": "/docs/contributing/create-edit-doc",
@@ -741,6 +742,7 @@
   "/07Sumo-Logic-Apps/01Amazon_and_AWS/AWS_Network_Firewall/Install_the_AWS_Network_Firewall_App_and_View_the_Dashboards": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-network-firewall",
   "/07Sumo-Logic-Apps/01Amazon_and_AWS/AWS_Security_Hub": "/docs/integrations/amazon-aws/security-hub",
   "/07Sumo-Logic-Apps/01Amazon_and_AWS/AWS_Security_Hub/1-Ingest-findings-into-AWS-Security_Hub": "/docs/integrations/amazon-aws/security-hub",
+  "/07Sumo-Logic-Apps/01Amazon_and_AWS/AWS_Security_Hub/2-Collect-findings-for-the-AWS-Security-Hub-App": "/docs/integrations/amazon-aws/security-hub",
   "/07Sumo-Logic-Apps/01Amazon_and_AWS/AWS_Security_Hub/2-Collect-Findings-for-the-AWS-Security-Hub-App": "/docs/integrations/amazon-aws/security-hub",
   "/07Sumo-Logic-Apps/01Amazon_and_AWS/AWS_Security_Hub/3-Install_the_AWS_Security_Hub_App_and_view_the_Dashboards": "/docs/integrations/amazon-aws/security-hub",
   "/07Sumo-Logic-Apps/01Amazon_and_AWS/AWS_WAF": "/docs/integrations/amazon-aws/waf",
@@ -1667,6 +1669,7 @@
   "/cid/10147": "/docs/cse/integrations",
   "/cid/10148": "/docs/cse/rules",
   "/cid/101481": "/docs/cse/rules/about-cse-rules",
+  "/cid/101482": "/docs/cse/rules/rules-status",
   "/cid/10149": "/docs/cse/rules/write-match-rule",
   "/cid/1015": "/docs/send-data/reference-information/use-wildcards-paths",
   "/cid/10150": "/docs/cse/rules/write-threshold-rule",
@@ -1870,6 +1873,7 @@
   "/cid/1962": "/docs/integrations/saas-cloud/cloudflare",
   "/cid/1995": "/docs/integrations/saas-cloud/code42-incydr",
   "/cid/1971": "/docs/integrations/saas-cloud/trust-login",
+  "/cid/1910": "/docs/integrations/saas-cloud/netskope-webtx",
   "/cid/1963": "/docs/integrations/sumo-apps/enterprise-audit",
   "/cid/1964": "/docs/integrations/security-threat-detection/f5-big-ip-ltm",
   "/cid/1965": "/docs/integrations/security-threat-detection/netskope",
@@ -1878,6 +1882,7 @@
   "/cid/1966": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source",
   "/cid/1987": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source",
   "/cid/1996": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sysdig-secure-source",
+  "/cid/1258": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sumo-collection-source",
   "/cid/1257": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source",
   "/cid/1967": "/docs/integrations/web-servers/iis-10",
   "/cid/1968": "/docs/integrations/partner-ecosystem-apps/",
@@ -2994,6 +2999,7 @@
   "/Cloud_SIEM_Enterprise/Records%2C_Signals%2C_Entities%2C_and_Insights": "/docs/cse/records-signals-entities-insights",
   "/Cloud_SIEM_Enterprise/Records%2C_Signals%2C_Entities%2C_and_Insights/00Insight_Generation_Process": "/docs/cse/get-started-with-cloud-siem/insight-generation-process",
   "/Cloud_SIEM_Enterprise/Records%2C_Signals%2C_Entities%2C_and_Insights/05Set_Insight_Generation_Window_and_Threshold": "/docs/cse/records-signals-entities-insights/set-insight-generation-window-threshold",
+  "/docs/cse/records-signals-entities-insights/signal-index-migration-faq": "/docs/cse/records-signals-entities-insights/search-cse-records-in-sumo",
   "/Cloud_SIEM_Enterprise/Records%2C_Signals%2C_Entities%2C_and_Insights/07Entity_Criticality": "/docs/cse/records-signals-entities-insights/entity-criticality",
   "/Cloud_SIEM_Enterprise/Records%2C_Signals%2C_Entities%2C_and_Insights/11Create_a_Custom_Entity_Type": "/docs/cse/records-signals-entities-insights/create-custom-entity-type",
   "/Cloud_SIEM_Enterprise/Records%2C_Signals%2C_Entities%2C_and_Insights/13Using_Tags_with_Insights%2C_Signals%2C_Entities%2C_and_Rules": "/docs/cse/records-signals-entities-insights/tags-insights-signals-entities-rules",
@@ -3479,6 +3485,7 @@
   "/Observability_Solution/Kubernetes_Solution/07Global_Intelligence_for_Kubernetes_DevOps_App": "/docs/integrations/global-intelligence/kubernetes-devops",
   "/Observability_Solution/Kubernetes_Solution/06Kubernetes_Alerts": "/docs/observability/kubernetes/alerts",
   "/Observability_Solution/Kubernetes_Solution/08Next_Steps": "/docs/observability/kubernetes",
+  "/Observability_Solution/Kubernetes_Solution/09Create_a_New_Dashboard_(New)": "/docs/observability/kubernetes",
   "/Observability_Solution/Kubernetes_Solution/18Install_the_Kubernetes_Alerts,_App_and_view_the_Dashboards": "/docs/observability/kubernetes/apps",
   "/Observability_Solution/Kubernetes_Solution/17Next_Steps": "/docs/observability/kubernetes",
   "/Observability_Solution/Kubernetes_Solution/zDrill_down_to_discover_root_causes": "/docs/observability/kubernetes",
@@ -3539,6 +3546,7 @@
   "/Send_Data/Sources/Source_timestamp_and_time_zone_options/Timestamp_conventions": "/docs/send-data/reference-information/time-reference",
   "/Send_Data/Sources/AWS_S3_Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
   "/Send_Data/01_Design_Your_Deployment/Best_Practices:_Good_Source_Category,_Bad_Source_Category": "/docs/send-data/best-practices",
+  "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services": "/docs/send-data/hosted-collectors/amazon-aws",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services/AWS_S3_Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services/Amazon_CloudWatch_Source_for_Metrics": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",
   "/Send-Data/Sources": "/docs/send-data",
@@ -3785,6 +3793,7 @@
   "/Apps/Installing_Apps_from_the_Library": "/docs/get-started/apps-integrations",
   "/Apps/Linux_App/Linux_App_Dashboards": "/docs/integrations/hosts-operating-systems/linux",
   "/Apps/Linux_Performance_App/Collect_Logs_for_the_Linux_Performance_App": "/docs/integrations/hosts-operating-systems/linux",
+  "/Apps/Preview_Apps": "/docs/integrations",
   "/Apps/Preview_Apps/Cylance": "/docs/integrations/security-threat-detection/cylance",
   "/Apps/Preview_Apps/Cylance_App": "/docs/integrations/security-threat-detection/cylance",
   "/Apps/Preview_Apps/AWS_Lambda/AWS_Lambda_App_Dashboards": "/docs/integrations/amazon-aws/lambda",
@@ -3823,6 +3832,7 @@
   "/Beta/Installation_Tokens": "/docs/manage/security/installation-tokens",
   "/Beta/Metadata_Ingest_Budgets": "/docs/manage/ingestion-volume/ingest-budgets/daily-volume",
   "/Beta/Metrics-Rules": "/docs/metrics/metric-rules-editor",
+  "/Beta/Saved_beta_content/Beta---Library/Apps_in_Sumo_Logic/01_Sumo_Logic_Apps": "/docs/integrations",
   "/Beta/SLO_Reliability_Management": "/docs/observability/reliability-management-slo",
   "/Beta/SLO_Reliability_Management/Access_and_Create_SLOs": "/docs/observability/reliability-management-slo",
   "/Beta/Workday/Collect_Logs_for_the_Workday_App": "/docs/integrations/saas-cloud/workday",
@@ -3831,6 +3841,7 @@
   "/Cloud_SIEM_Enterprise/Entities_and_Insights/Insight_Generation_Process": "/docs/cse/records-signals-entities-insights",
   "/Cloud_SIEM_Enterprise/Entities_and_Insights/Global_Intelligence_for_Security_Insights": "/docs/cse/records-signals-entities-insights/global-intelligence-security-insights",
   "/Dashboards-and-Alerts": "/docs/alerts",
+  "/Dashboards_and_Alerts": "/docs/alerts",
   "/Dashboards_and_Alerts/Alerts/01_Scheduled_Searches": "/docs/alerts/scheduled-searches/schedule-search",
   "/Dashboards_and_Alerts/Alerts/Create_a_Real_Time_Alert": "/docs/alerts/scheduled-searches/create-real-time-alert",
   "/Dashboards_and_Alerts/Alerts/Save_to_Index": "/docs/alerts/scheduled-searches/save-to-index",
@@ -3847,6 +3858,7 @@
   "/Manage/Connections_and_Integrations/Webhook_Connections/Webhook_Connection_for_Slack": "/docs/alerts/webhook-connections/slack",
   "/Manage/Connections-and-Integrations/Webhook-Connections/Webhook-Connection-for-Slack": "/docs/alerts/webhook-connections/slack",
   "/Manage/Connections-and-Integrations/Webhook-Connections/Webhook-Connection-for-PagerDuty": "/docs/alerts/webhook-connections/pagerduty",
+  "/Manage/Kubernetes_Solution": "/docs/observability/kubernetes",
   "/Manage/Logs-to-Metrics": "/docs/metrics/logs-to-metrics",
   "/Metrics/Metric-Queries-and-Alerts/01Metrics_Explorer": "/docs/metrics/metrics-queries/metrics-explorer",
   "/Metrics/Metric-Queries-and-Alerts/Metrics_Monitors_and_Alerts": "/docs/alerts/monitors",