SumoLogic
diff --git a/‎.clabot‎
Lines changed: 1 addition & 7 deletions b/‎.clabot‎
Lines changed: 1 addition & 7 deletions
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 6 additions & 4 deletions b/‎.github/CODEOWNERS‎
Lines changed: 6 additions & 4 deletions
diff --git a/‎blog-cse/2024-11-22-content.md‎
Lines changed: 61 additions & 0 deletions b/‎blog-cse/2024-11-22-content.md‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎docs/alerts/monitors/settings.md‎
Lines changed: 2 additions & 1 deletion b/‎docs/alerts/monitors/settings.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎docs/cse/administration/cse-audit-logging.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/cse/administration/cse-audit-logging.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/get-started/account-settings-preferences.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/get-started/account-settings-preferences.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/get-started/apps-integrations.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/get-started/apps-integrations.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/get-started/help.md‎
Lines changed: 0 additions & 1 deletion b/‎docs/get-started/help.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎docs/get-started/keyboard-shortcuts.md‎
Lines changed: 1 addition & 4 deletions b/‎docs/get-started/keyboard-shortcuts.md‎
Lines changed: 1 addition & 4 deletions
@@ -5,13 +5,9 @@
     "JV0812",
     "jpipkin1",
     "JainM6",
-    "swiatekm-sumo",
     "docsSeema",
-    "@dependabot[bot]",
-    "dependabot[bot]",
     "angadrandhawa1",
     "kkujawa-sumo",
-    "open-source-collection-team",
     "mat-rumian",
     "perk-sumo",
     "jmartini-sumo",
@@ -28,12 +24,10 @@
     "agaur",
     "bhargavisumo",
     "ravipadala-sumo",
-    "jd-sumo",
     "davidcarltonsumo",
     "pkazmir-sumo",
     "dkarabin-sumo",
     "kevin-sumo",
-    "mgol-sumo",
     "crm6718",
     "mvirga-sumo",
     "tarunk2",
@@ -176,7 +170,7 @@
     "antonymartinsumo",
     "amee-sumo"
   ],
-  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we'll add you to our approved list of contributors.",
+  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",
   "recheckComment": "The GitHub CLA Bot is rechecking to see that you have signed our CLA."
 }
@@ -1,14 +1,16 @@
+# More details: https://help.github.com/articles/about-codeowners
+
 # Default owners for everything in the repo.
 * @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
-# Owners of all files in the `/docs` directory and its subdirectories.
-/docs/   @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
+# Owners of all files in the `/docs/integrations` directory.
+/docs/integrations/ @SumoLogic/sumoappdev @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/kubernetes` directory.
-/docs/send-data/kubernetes/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
+/docs/send-data/kubernetes/ @SumoLogic/open-source-collection-team @SumoLogic/k8s-developers @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/opentelemetry-collector` directory and its subdirectories.
-/docs/send-data/opentelemetry-collector/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812 @amee-sumo
+/docs/send-data/opentelemetry-collector/ @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812 @amee-sumo
 
 # GitHub workflow owners
 /.github/workflows/ @SumoLogic/open-source-collection-team @kimsauce
@@ -0,0 +1,61 @@
+---
+title: November 22, 2024 - Content Release
+hide_table_of_contents: true
+keywords:
+  - log mappers
+  - log parsers
+  - detection rules
+  - tag schemas
+image: https://help.sumologic.com/img/sumo-square.png  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+* New mapping support for: Qumulo Core, and Teramind Teraserver.
+* Updates to existing parsers for: Code42 Incydr, Palo Alto, and Okta.
+* Updates to the existing Okta log mappings to support a new HTTP source log formatting.
+* Updates to Code42 Incydr Alerts C2C mapping to support new alert log format.
+
+Changes are enumerated below.
+
+### Rules
+* [Deleted] FIRST-S00031 First Seen IP Address Associated with User for a Successful Azure AD Sign In Event
+   * Consider using FIRST-S00047 (First Seen ASN Associated with User for a Successful Azure AD Sign In Event) in its place.
+* [New] THRESHOLD-S00116 Password Attack from IP
+   * This is a fork of THRESHOLD-S00095 Password Attack to address a bug with null values causing backend issues with detection rules. Rule has been forked to ensure no null values are considered in the entity grouping.
+* [Updated] FIRST-S00095 Password Attack from Host
+   * Updates rule to remove IP entity (now handled in THRESHOLD-S00116) and ensure no null values are considered for the host entity.
+* [Updated] FIRST-S00068 Okta - First Seen User Accessing Admin Application
+   * Baseline retention window size increased from 35 days to the standard 90 day retention.
+   * Modified the summary description to read as follows: "User: `{{user_username}}` has successfully accessed the Okta Admin Application".
+
+### Log Mappers
+* [New] Palo Alto Threat DLP non File - Custom Parser
+   * Mapping support added for event id pattern: threat-dlp-non-file.
+* [New] Qumulo Core - Catch All
+* [New] Qumulo Core - Login
+* [New] Teramind Authentication
+* [New] Teramind Catch All
+* [New] Teramind Email
+* [Updated] Code42 Incydr Alerts C2C
+* [Updated] Okta Authentication - auth_via_AD_agent
+* [Updated] Okta Authentication - auth_via_mfa
+* [Updated] Okta Authentication - auth_via_radius
+* [Updated] Okta Authentication - sso
+* [Updated] Okta Authentication Events
+* [Updated] Okta Catch All
+* [Updated] Okta Security Threat Events
+
+### Parsers
+* [New] /Parsers/System/Qumulo/Qumulo Core
+* [New] /Parsers/System/Salesforce/Salesforce
+* [New] /Parsers/System/Teramind/Teramind Teraserver
+* [Updated] /Parsers/System/Code42/Code42 Incydr
+   * Transform update for a new alert log format for tenantId.
+* [Updated] /Parsers/System/Okta/Okta
+   * Modified event_id from eventType to event_type.
+* [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV
+   * Additional parsing support for a new Palo Alto Threat event format.
@@ -116,9 +116,10 @@ Click the **Mute** button mute the monitor. See also: [Muting Schedules](/docs/
 Click the **More Actions** menu to view more options, including:
 
 * **Copy Path**. Copies the path of the monitor to your computer clipboard.
-* **Duplicate**. Makes another monitor based on the same settings.
+* **Duplicate**. Copies the monitor and gives you creator permissions on the duplicated monitor. 
 * **Move**. Moves the monitor to a different path.
 * **Export**. Provides JSON of the monitor, allowing you to transfer content within Sumo Logic by copying this JSON, then pasting it into the import dialog in the [Library](/docs/get-started/library) location you choose. This JSON format may change without notice. 
+* **Copy Link**. Copies a link to the monitor. Provide the link to any Sumo Logic user in your organization so they can view the monitor. While this option doesn't allow you to share the monitor in the same way you can share a dashboard, you can use this option to quickly allow others in your Sumo Logic organization to view the monitor details.
 
 <img src={useBaseUrl('img/alerts/monitors/more-actions.png')} alt="monitor more actions" style={{border: '1px solid gray'}} width="600"/>
 
 
@@ -37,7 +37,7 @@ Use  `_index=sumologic_system_events` to limit results to events related to sys
 
 You can use the `subsystem` field, which every event log contains, to limit the events returned to Cloud SIEM-related events:
 
-`subsystem=cse`
+`subsystem=cse*`
 
 For information about other fields you can use in Audit Index searches, see auto-generated documentation at the documentation URL for your deployment.
 
@@ -122,7 +122,7 @@ To search the Audit Event Index or System Event Index for logs that describe Clo
     ```sql
     _index=sumologic_system_events
     | json auto
-    | where subsystem="cse"
+    | where subsystem="cse*"
     ```
 3. Choose the time range for your search.
 4. Click **Start** to run the search.
 
@@ -1,7 +1,7 @@
 ---
 id: account-settings-preferences
 title: Setting Account Preferences and Credentials
-sidebar_label: Account Preferences
+sidebar_label: Account preferences
 description: Update and manage your Sumo Logic account.
 ---
 
 
@@ -1,7 +1,7 @@
 ---
 id: apps-integrations
 title: Installing Apps and Integrations
-sidebar_label: Installing Apps
+sidebar_label: Installing apps
 description: Learn how to install apps to your Library and to multiple environments.
 ---
 
 
@@ -1,7 +1,6 @@
 ---
 id: help
 title: Help
-sidebar_label: Help
 ---
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
@@ -1,7 +1,7 @@
 ---
 id: keyboard-shortcuts
 title: Keyboard Shortcuts
-sidebar_label: Keyboard Shortcuts
+sidebar_label: Keyboard shortcuts
 description: Sumo Logic keyboard shortcuts.
 ---
 
@@ -129,6 +129,3 @@ Keyboard shortcuts are disabled when typing in the [search text box](/docs/searc
 | Option + Shift + D | Open Dashboard page in a new tab |
 | Option + Shift + Q | Duplicate a query in a new tab (Search/Metrics only) |
 | Command + K | Toggle Go To... |
-
-
-