Merge branch 'main' into sumo_264003

Author: JV0812

blog-service/2025-06-30-manage.md

@@ -0,0 +1,16 @@
+---
+title: Timezone field for Scheduled Views (Manage)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - timezone
+  - manage
+  - scheduled-view
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+
+We're happy to include the **Timezone** field for the Scheduled Views. Previously, *America/Los_Angeles (Includes DST)* was considered as the default timezone. Going forward, you can select/edit the timezone of your choice. If you do not make a selection, the Scheduled View will default to the timezone preference in Sumo Logic.
+
+[Learn more](/docs/manage/scheduled-views/add-scheduled-view/).

docs/cloud-soar/introduction.md

@@ -64,7 +64,6 @@ Finally, you can take the Insights from Cloud SIEM and automatically respond to
 Sumo Logic’s Cloud SOAR is a cloud-based web application available as an add-on to existing Sumo Logic deployments. Some of Cloud SOAR’s key features include:
 
 * **War Room**. A central location for all the information, analysis, and actions related to an incident. This includes notes, documentation, and knowledge transfer as well as tools for collecting data and assessing, investigating, and correlating different incidents.
-* **ARK**. The Automated Responder Knowledge (ARK) learns from past incidents and threat intel to recommend relevant playbooks for future incidents.
 * **App Central**. A large out-of-the-box library of playbooks, integrations, and use cases for different threats to get you started. 
 * **Cybersecurity best practices**. Cloud SOAR’s design and architecture meets many cybersecurity industry standards, regulatory frameworks, and best practices from organizations like ISO, GDPR, OASIS, NIST, and many others.
 
@@ -210,12 +209,6 @@ Here are some other workflows you could automate with a playbook:
 
 Cloud SOAR has hundreds of prebuilt playbooks and templates, so you can quickly and easily automate any of these tasks, or create new custom playbooks to suit your specific business needs. Normally, playbooks are automatically attached to incidents based on information like entities and severity scores. 
 
-##### ARK suggestions
-
-Playbooks automate the individual tasks of incident response. But Cloud SOAR's Automated Responder Knowledge (ARK) suggestions take things one step further. ARK uses machine learning to suggest the most appropriate playbook for your incidents based on what you've done on similar incidents in the past. This frees up even more resources for analysts, as they don't have to spend time choosing a playbook before responding.
-
-When ARK suggests a playbook to you, you have the option to add the playbook to the incident, run it, or dismiss the suggestion. 
-
 #### App Central, custom integrations, and other automations
 
 Cloud SOAR has hundreds of pre-built playbooks which you can use as-is or customize. You can also build your own custom playbooks, which you can learn about in the Cloud SIEM Administration class. 

docs/cloud-soar/legacy/legacy-cloud-soar-architecture.md

@@ -25,11 +25,3 @@ All multi-tenant installations offer:
 - Isolation of external actions (e.g., enrichment of indicators of compromise, containment actions prescribed to a host)
 
 <img src={useBaseUrl('img/cloud-soar/image5.png')} alt="Multiple database symbols" width="600"/>
-
-## Automated Responder Knowledge (DF-ARK)
-
-Cloud SOAR's Automated Responder Knowledge (DF-ARK) module utilizes machine
-learning through historical responses to past incidents and threat
-intelligence feeds to enrich new incidents. This enrichment allows
-Cloud SOAR to recommend relevant Playbooks and plans of action to expedite
-detection and response times.

docs/cloud-soar/legacy/legacy-global-functions-menu.md

@@ -32,49 +32,6 @@ When a search result is located within an incident, the incident number will be
 
 <img src={useBaseUrl('img/cloud-soar/image12.png')} alt="Global Search Results" style={{border: '1px solid gray'}} width="800"/>
 
-## Automation
-
-### ARK
-
-ARK or Automated Responder Knowledge is the Machine Learning component of Cloud SOAR which implements the Supervised learning in Case-Based Reasoning (CBR) algorithm.
-CBR solves new problems by adapting previously successful solutions to similar problems. In Cloud SOAR, this can be leveraged by analyzing solved incidents to hint steps and procedures to operators in new similar threats.<br/> <img src={useBaseUrl('img/cloud-soar/image15e.png')} alt="Automation menu" style={{border: '1px solid gray'}} width="250"/>
-
-ARK assists operators during investigations in two main areas: Automatically suggesting/prompting next actions/tasks in Playbooks (until version 5) and Correlation/ Deduplication of similar threats into 1 unique incident.
-
-#### Enable ARK
-
-To enable ARK, click the cog icon, then **Settings** > **ARK** and make sure you have it set to **ON**.
-
-From this page, it’s possible to configure also other ARK Settings such as the Neighbor incidents considered for each recommendation and an age relevance threshold. Those two parameters will allow you to tune the incidents that the Machine Learning algorithm will consider.
-
-<img src={useBaseUrl('img/cloud-soar/image16b.png')} alt="ARK Settings" style={{border: '1px solid gray'}} width="800"/>
-
-When an incident is created in Cloud SOAR, the Incident Type field will be the one defining which Playbooks you can attach to that incident.
-
-#### ARK Usage
-
-ARK has a correlation and deduplication or merging mechanism you can use with the ARK OIF.
-
-ARK 2.0 OIF is a custom Sumo Logic integration which allows investigators to implement a mechanism for deduplication and correlation of ingested alerts and Cloud SOAR incidents.
-
-<img src={useBaseUrl('img/cloud-soar/image16d.png')} alt="ARK OIF" style={{border: '1px solid gray'}} width="800"/>
-
-<img src={useBaseUrl('img/cloud-soar/image16e.png')} alt="Test Action" style={{border: '1px solid gray'}} width="800"/>
-
-OIF ARK enrichment action “Get parents for incident” allows you to retrieve every incident (as proposed parents) that is similar to the analyzed one.
-
-Each optional field allows you to fine tune the weight of the fields, acceptance thresholds and of the algorithm which needs to be trained and fine-tuned in order to get correct and reliable results.
-
-<img src={useBaseUrl('img/cloud-soar/image16f.png')} alt="Field Weight" style={{border: '1px solid gray'}} width="800"/>
-
-Alert deduplication or merging can be achieved by utilizing ARK OIF enrichment actions and Cloud SOAR’s unique Triage capability.
-
-Triage is a customizable section which can be used for enriching and preprocessing multiple different scenarios.
-
-By dispatching the ingested alerts into Triage events, Cloud SOAR can automatically enrich each event, deduplicate them based on the logic configured in our associated Playbooks (which can invoke Ark OIF enrichment) and decide if Cloud SOAR should aggregate multiple entries in one unique incident, create multiple incidents for each event or if a similar incident has already been created, to update the existing incident with updated information.
-
-Cloud SOAR can also correlate existing incidents to check if specific data is already present in the Cloud SOAR Database. It is crucial that all merging or deduplication must be done prior to conversion of an alert into incident. For example, a Triage event that allows you to invoke one or multiple playbooks for each Triage event created.
-
 ## Settings
 
 ### General Settings

docs/cloud-soar/overview.md

@@ -402,8 +402,6 @@ Cloud SOAR has been designed with Interoperability for Cybersecurity Industry st
 
 Cloud SOAR design and architecture follows Cybersecurity Industry standards and regulatory frameworks, and adheres to best Industry practices to meet best Cybersecurity practices followed by ISO, GDPR, OASIS, NIST, Sec Regulations, and more.
 
-Cloud SOAR offers a patent-pending Automated Responder Knowledge (DF-ARK) module which applies machine learning to historical responses and threats. It recommends relevant Playbooks, paths of action to expedite the process, and responses to manage and mitigate similar incidents with better response time.
-
 Cloud SOAR provides static egress for Cloud executions. IP addresses can be entered into the allowlist. For a list of Cloud SOAR addresses by region, contact [Support](https://support.sumologic.com/support/s/).
 
 <img src={useBaseUrl('img/cloud-soar/image3.png')} alt="Cloud SOAR architecture diagram" style={{border: '1px solid gray'}} width="800"/>

docs/manage/scheduled-views/add-scheduled-view.md

@@ -13,13 +13,14 @@ For Scheduled View query requirements, see [Scheduled Views Best Practices and E
 
 1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Scheduled Views**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Logs** select **Scheduled Views**. You can also click the **Go To...** menu at the top of the screen and select **Scheduled Views**. <br/><img src={useBaseUrl('/img/scheduled-views/scheduled-view-page.png')} alt="scheduled-view-page" style={{border:'1px solid gray'}} width="800"/>
 1. Click **+ Add Scheduled View**.<br/><img src={useBaseUrl('/img/scheduled-views/add-view.png')} alt="add-view" style={{border:'1px solid gray'}} width="400"/>
-1. **Scheduled View name**. Enter a name for the view. You'll use this name in queries to search the view, so use a name that's descriptive and easy to remember. Names can contain alphanumeric characters; underscores (`_`) are the only special characters allowed. View names can only have (A-Z, a-z, 0-9), $, and _ after the first letter.
+1. **Name**. Enter a name for the view. You'll use this name in queries to search the view, so use a name that's descriptive and easy to remember. Names can contain alphanumeric characters; underscores (`_`) are the only special characters allowed. View names can only have (A-Z, a-z, 0-9), $, and _ after the first letter.
 1. **Query.** Enter the full query that encompasses the data you'd like indexed in the view. Parse operators and most search operators are supported in views.
 1. **Search Mode**. Set to **Auto Parse Mode** for [Dynamic Parsing](../../search/get-started-with-search/build-search/dynamic-parsing.md) of JSON data. Manual Mode is the default search behavior.
 1. **Start Date.** Click the date that you'd like to use as the start time of the index. All data from that point forward will be indexed in the scheduled view. The oldest selectable date represents the end of the retention period of your Sumo Logic account.
     :::note limitation
     You cannot select a start date older than 365 days.
     :::
+1. **Timezone**. Select the timezone for the scheduled view of your choice from the drop-down. If you do not make a selection, the Scheduled View will default to the timezone preference in Sumo Logic. But if the timezone is not set in Sumo Logic *User Preferences* page, then this will default to the timezone from your browser.
 1. **Retention Period.** Either enter a retention period for the data in the index, in days, or click **Apply the retention period of Default Partition**. For more information, see [Manage Indexes with Variable Retention](../partitions/manage-indexes-variable-retention.md).
 1. **Data Forwarding.** (Optional). Choose **Enable Data Forwarding** to [forward data from Sumo to Amazon S3](../data-forwarding/amazon-s3-bucket.md). The results from the Scheduled View are forwarded to S3. Raw logs are sent if the view query does not use an aggregate operator. If the view query performs an aggregation, aggregate results are sent. See [File Format](../data-forwarding/amazon-s3-bucket.md) for details on how the file objects are structured.
 1. Click **Save**.

docs/manage/scheduled-views/view-list-scheduled-views.md

@@ -32,6 +32,7 @@ You must have a role that grants you the View Scheduled Views [role capability
     * **Retention Period**. The period of time data in the scheduled view is retained.
     * **Start Date**. Date when data was first added to the scheduled view.
     * **Lag Time**. If the scheduled view is not up-to-date, **Lag Time** contains the actual lag time. For more information, see [Scheduled View Lag Time](scheduled-view-lag-time.md).
+    * **Timezone**. Displays the selected time zone or the default timezone of your browser while creating the scheduled view.
     * **Query**. The query that returns that data to be written to the scheduled view.
     * **Data Forwarding**. If the scheduled view is configured to forward data to an S3 bucket, the name of the [data forwarding](../data-forwarding/amazon-s3-bucket.md) destination.  
     * **Created by** and **Modified by**. The user that created the view, and the user that most recently modified the view. <br/><img src={useBaseUrl('/img/scheduled-views/sched-view-details.png')} style={{border: '1px solid gray'}} alt="sched-view-details" width="400"/>

docs/platform-services/automation-service/app-central/integrations/manage-engine-desktop-central.md

@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/manage-engine-desktop-central.png')} alt="manage-engine-desktop-central" width="100"/>
 
-***Version: 1.1  
-Updated: Jul 05, 2023***
+***Version: 1.2  
+Updated: June 24, 2025***
 
 Query data an utilize actions in Desktop Central unified endpoint management (UEM) solution for managing servers, laptops, desktops, smartphones.
 
@@ -38,6 +38,7 @@ import IntegrationTimeout from '../../../../reuse/automation-service/integration
 * <IntegrationLabel/>
 * **Server Host**. Enter your ManageEngine Desktop Central [hostname](https://www.manageengine.com/products/desktop-central/help/getting_started/working_with_desktop_central.html).
 
+* **Account Type**. Select your Account type (default is Cloud).
 * **Access Token**. Enter your ManageEngine Desktop Central [authentication key](https://www.manageengine.com/products/desktop-central/api/).
 * <IntegrationTimeout/>
 * <IntegrationCertificate/>
@@ -52,3 +53,4 @@ For information about ManageEngine Endpoint Central (formerly Desktop Central),
 
 * July 8, 2021 - First upload
 * July 5, 2023 (v1.1) - Updated the integration with Environmental Variables
+* June 24, 2025 (v1.2) - Updated authentication headers to support both cloud and on-prem account type.

docs/send-data/opentelemetry-collector/auto-discovery.md

@@ -16,15 +16,22 @@ With the Sumo Logic OpenTelemetry collector Auto Discovery feature, you can dete
 ## View discovered services
 
 Auto Discovery is enabled by default on all the OpenTelemetry collectors for the supported version. Below are the **Auto Discoverable Services** provided by Sumo Logic.
+
+- ActiveMQ
 - Apache
+- Cassandra
+- Docker
+- ElasticSearch
+- HAProxy
+- JMX
+- Kafka
+- Memcached
+- Microsoft SQL Server
 - MySQL
 - Nginx
-- ElasticSearch
 - PostgreSQL
-- Redis
-- Kafka
-- Docker
 - RabbitMQ
+- Redis
 
 For the discovered services, you can set up data collection with guided onboarding steps. Below are the two different ways by which you can install and setup the OTEL Auto discovery apps.