Merge branch 'main' into macro-doc-update

Author: JV0812

blog-cse/2024/12-31.md

@@ -16,6 +16,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 This is an archive of 2024 Cloud SIEM release notes. To view the full archive, [click here](/release-notes-cse/archive).
 
+<!--truncate-->
+
 ---
 ### December 20, 2024 - Content Release
 
@@ -852,7 +854,7 @@ Other changes are enumerated below.
 
 This release reverts a change to our AWS CloudTrail default (catch all) mapper for how `user_username` is mapped. This is being reverted due to reports of breaking rule tuning and missing user context for some `AssumedRole` events.
 
-AWS `AssumedRole` events can contain service and user role assumptions. Oftentimes service role assumptions will contain a dynamic session identifier instead of a static user identifer which contains the originating identity. Prior to the change we are now reverting, this was causing certain services to generate user entities from these sessions, creating false positives. This behavior changed with the [August 5th, 2024 content release](/release-notes-cse/#august-5-2024---content-release) to handle role assumptions to instead map the role as user to prevent false positives from dynamic service sessions. While this decreased the number of false positives from dynamic service sessions, it also eliminated visibility into user role assumptions, creating potential for false negatives.
+AWS `AssumedRole` events can contain service and user role assumptions. Oftentimes service role assumptions will contain a dynamic session identifier instead of a static user identifer which contains the originating identity. Prior to the change we are now reverting, this was causing certain services to generate user entities from these sessions, creating false positives. This behavior changed with the [August 5th, 2024 content release](#august-5-2024---content-release) to handle role assumptions to instead map the role as user to prevent false positives from dynamic service sessions. While this decreased the number of false positives from dynamic service sessions, it also eliminated visibility into user role assumptions, creating potential for false negatives.
 
 AWS best practices suggest defining `sourceIdentity` to allow for the originating user for a role assumption to be identifiable. This is the best path to avoid false positive generation, as our mapper will favor `sourceIdentity` if it is present in CloudTrail logs. If it is not present, then `userIdentity.arn` will be used and the `resource-id` will be mapped to `user_username`, creating potential for false positives from dynamic session identifiers. See [Viewing source identity in CloudTrail](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html#id_credentials_temp_control-access_monitor-ct) in the AWS documentation for more information.
 

blog-cse/2025/01-14.md renamed to blog-cse/2025-01-14-content.md

@@ -1,4 +1,16 @@
-### January 14, 2025 - Content Release
+---
+title: January 14, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - rules
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
 
 This content release includes:
 - Parsing and mapping support for Azure DevOps Auditing via EventHubs, and Pfsense Firewall.

blog-csoar/2024/12-31.md

@@ -14,6 +14,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 This is an archive of 2024 Cloud SOAR release notes. To view the full archive, [click here](/release-notes-csoar/archive).
 
+<!--truncate-->
+
 ---
 ### December 31, 2024 - Application Update
 
@@ -312,7 +314,7 @@ This release introduces three new integrations, as well as several updates.
 ---
 ### March 12, 2024 - Content Release
 
-Our Cloud SOAR [application update](/release-notes-csoar/#march-12-2024---application-update) features an important upgrade to Python 3.12 for our Lambda functions. This enhancement is part of our ongoing commitment to security, performance, and the latest technological standards.
+Our Cloud SOAR [application update](#march-12-2024---application-update) features an important upgrade to Python 3.12 for our Lambda functions. This enhancement is part of our ongoing commitment to security, performance, and the latest technological standards.
 
 The Python upgrade impacts a total of 38 integrations. These integrations will require updates to ensure compatibility with the new Python version.
 
@@ -369,7 +371,7 @@ We strongly encourage all users to review the provided documentation and prepare
 ### March 12, 2024 - Application Update
 
 #### Changes and Enhancements
-* Python version updated. If you experience any issues, refer to our [content release note](/release-notes-csoar/#march-12-2024---content-release).
+* Python version updated. If you experience any issues, refer to our [content release note](#march-12-2024---content-release).
 
 ##### Cloud SOAR
 * Playbooks: Test feature now permits you to use internal Incident ID.

blog-service/2023/12-31.md

@@ -758,7 +758,7 @@ We're excited to announce the release of our new cloud-to-cloud source for Trell
 
 We’re happy to announce a new security option allowing administrators to set a custom policy for the number of days an API Access Key can go unused before being automatically deactivated. This setting allows administrators to tailor the feature to suit their organization’s specific security requirements. This enhances the security of your account by reducing the risk of unauthorized access through abandoned access keys. This ensures that only active access keys can be used to access your account and its resources.
 
-[Learn more](/docs/manage/security/access-keys#edit-deactivate-or-delete-an-access-key).
+[Learn more](/docs/manage/security/access-keys#access-keys-deactivation-policy).
 
 
 ---

blog-service/2025-01-16-manage.md

@@ -0,0 +1,32 @@
+---
+title: Access Keys Enhancements (Manage)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - access keys
+  - manage
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to announce enhancements to how you create and manage access keys.
+
+### Personal Access Keys
+
+The **My Access Keys** section has been moved out of **Preferences** to its own tab and renamed **Personal Access Keys**. 
+
+<img src={useBaseUrl('/img/security/access-key-preferences-page.png')} alt="Personal access keys" style={{border: '1px solid gray'}} width="800"/>
+
+To open the Personal Access Keys tab:
+* [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select your username and then **Preferences > Personal Access Keys**.
+* [**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select your username, and then under **Preferences** select **Personal Access Keys**. You can also click the **Go To...** menu at the top of the screen and select **Personal Access Keys**.
+
+### Scopes
+
+You can now create permission scopes for access keys. Scopes limit the API endpoints an access key can be used to call. This allows you to specify only the permissions the access key needs to accomplish a specific task, making the key more secure. 
+
+[Learn more](/docs/manage/security/access-keys).
+
+<img src={useBaseUrl('/img/security/custom-scopes-example.png')} alt="Custom scopes example" style={{border: '1px solid gray'}} width="500"/>

cid-redirects.json

@@ -79,6 +79,7 @@
   "/01Start-Here/02Getting-Started/Glossary": "/docs/contributing/glossary",
   "/01Start-Here/02Getting-Started": "/docs/get-started",
   "/Start_Here": "/docs/get-started",
+  "/Start_Here/About_Sumo_Logic/What_is_the_optimal_log_format_to_use_with_Sumo_Logic": "/docs/get-started/faq",
   "/Start_Here/About_Sumo_Logic/Status_and_Scheduled_Maintenance": "/docs/get-started/help",
   "/Start_Here/About_Sumo_Logic/Sumo_Logic_Support_Terms_and_Conditions": "/docs/get-started/support-terms",
   "/Start_Here/Analyst_or_Administrator": "/docs/get-started/onboarding-checklists",
@@ -106,6 +107,7 @@
   "/03Send-Data/Collect-from-Other-Data-Sources/01-About-Collectors/01-Collector-Overview": "/docs/send-data/collect-from-other-data-sources",
   "/03Send-Data/Collect-from-Other-Data-Sources/Amazon_MSK_Prometheus_metrics_collection": "/docs/send-data/collect-from-other-data-sources/amazon-msk-prometheus-metrics-collection",
   "/03Send-Data/Collect-from-Other-Data-Sources/Amazon-CloudWatch-Logs": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",
+  "/Send-Data/Collect-from-Other-Data-Sources": "/docs/send-data/collect-from-other-data-sources",
   "/Send-Data/Collect-from-Other-Data-Sources/Amazon-CloudWatch-Logs": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",
   "/03Send-Data/Collect-from-Other-Data-Sources/Amazon-Web-Services": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",
   "/03Send-Data/Collect-from-Other-Data-Sources/Amazon-CloudWatch-Logs/Collect_Amazon_CloudWatch_Logs_using_a_Lambda_Function": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-lambda-function",
@@ -1392,6 +1394,7 @@
   "/APIs/General_API_Information/Sumo_Logic_Endpoints_and_Firewall_Security": "/docs/api/getting-started",
   "/Send_Data": "/docs/send-data",
   "/Send_Data/Collector_Management_API/Sumo_Logic_Endpoints": "/docs/api/collector-management",
+  "/Send_Data/Collector_Management_API/About_the_Collector_Management_API": "/docs/api/collector-management",
   "/Send_Data/Collector_FAQs/How_to_Ingest_Old_or_Historical_Data": "/docs/send-data/opentelemetry-collector/faq",
   "/APIs/General-API-Information/Sumo-Logic-Endpoints-by-Deployment-and-Firewall-Security": "/docs/api/getting-started",
   "/APIs/General-API-Information/Sumo-Logic-Endpoints-and-Firewall-Security": "/docs/api/getting-started",
@@ -1769,6 +1772,7 @@
   "/cid/10337": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/docker/changelog",
   "/cid/10338": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/nginx/changelog",
   "/cid/10339": "/docs/send-data/opentelemetry-collector/remote-management/source-templates/kafka/changelog",
+  "/cid/10822": "/docs/manage/manage-subscription/create-manage-orgs-flex",
   "/cid/10817": "/docs/integrations/sumo-apps/cse",
   "/cid/10818": "/docs/integrations/sumo-apps/cse",
   "/cid/1082": "/docs/metrics/introduction/get-started-metrics",
@@ -2898,7 +2902,8 @@
   "/Cloud_SIEM_Enterprise/CSE_Schema/Field_Mapping_for_Security_Event_Sources": "/docs/cse/schema/field-mapping-security-event-sources",
   "/Cloud_SIEM_Enterprise/CSE_Schema/Parser_Editor": "/docs/cse/schema/parser-editor",
   "/docs/send-data/parse-data/parser-editor": "/docs/cse/schema/parser-editor",
-  "/Cloud_SIEM_Enterprise/CSE_Schema/Parser_Editor/Parser_Troubleshooting_Tips": "/docs/cse/schema/parser-troubleshooting-tips",
+  "/Cloud_SIEM_Enterprise/CSE_Schema/Parser_Editor/Parser_Troubleshooting_Tips": "/docs/cse/troubleshoot/troubleshoot-parsers",
+  "/docs/cse/schema/parser-troubleshooting-tips": "/docs/cse/troubleshoot/troubleshoot-parsers",
   "/Cloud_SIEM_Enterprise/CSE_Schema/Username_and_Hostname_Normalization": "/docs/cse/schema/username-and-hostname-normalization",
   "/Cloud_SIEM_Enterprise/CSE_Sensors": "/docs/cse/sensors",
   "/Cloud_SIEM_Enterprise/CSE_Sensors/01_Sensor_Download_Locations": "/docs/cse/sensors/sensor-download-locations",
@@ -2916,6 +2921,7 @@
   "/Cloud_SIEM_Enterprise/Ingestion_Guides/Microsoft_Windows": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/microsoft-windows",
   "/Cloud_SIEM_Enterprise/Ingestion_Guides/Fortigate_Firewall": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/fortigate-firewall",
   "/Cloud_SIEM_Enterprise/Ingestion_Guides/Palo_Alto_Firewall": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/palo-alto-firewall",
+  "/Cloud_SIEM_Enterprise/Insights/Insight_Generation_Process": "/docs/cse/records-signals-entities-insights",
   "/Cloud_SIEM_Enterprise/Integrations": "/docs/cse/integrations",
   "/Cloud_SIEM_Enterprise/Integrations/Configuring_a_ThreatQ_Source_in_CSE": "/docs/cse/integrations/configuring-threatq-source-in-cse",
   "/Cloud_SIEM_Enterprise/Integrations/Enable_VirusTotal_Enrichment": "/docs/cse/integrations/enable-virustotal-enrichment",
@@ -3462,6 +3468,7 @@
   "/Other_Solutions/Work_from_Home_Solution": "/docs/observability/work-from-home-vpn",
   "/Other_Solutions/Work_from_Home_Solution/VPN_Monitoring_Resources_and_Tips": "/docs/observability/work-from-home-vpn",
   "/Other_Solutions/Software_Development_Optimization_Solution": "/docs/observability/sdo",
+  "/Release_Archive/Collector_Release_Notes_Archive": "/release-notes-collector",
   "/Release_Archive/Quick-Start-Tutorial(deprecated)": "/docs/get-started",
   "/Release_Archive/Quick-Start-Tutorial(deprecated)/01_Sumo_Logic_Quick_Start_Tutorial": "/",
   "/Release-Notes": "/docs/release-notes",
@@ -3821,6 +3828,7 @@
   "/Search/Get_Started_with_Search/Search_Basics/Export_Search_Results": "/docs/search/get-started-with-search/search-basics/export-search-results",
   "/Search/Get_Started_with_Search/How_to_Use_the_Search_Page/Field_Browser": "/docs/search/get-started-with-search/search-page/field-browser",
   "/Search/Get_Started_with_Search/Search_Basics/Search_Metadata": "/docs/search/get-started-with-search/search-basics",
+  "/Search/Library/Apps-in-Sumo-Logic/01-Sumo-Logic-Apps/Audit-App": "/docs/integrations/sumo-apps/audit",
   "/Search/Library/Apps-in-Sumo-Logic/01-Sumo-Logic-Apps/Data-Volume-App": "/docs/integrations/sumo-apps/data-volume",
   "/Search/Library/Apps-in-Sumo-Logic/01-Sumo-Logic-Apps/Data-Volume-App/Data-Volume-App-Dashboards": "/docs/integrations/sumo-apps/data-volume",
   "/Search/LogCompare": "/docs/search/behavior-insights/logcompare",
@@ -3980,6 +3988,7 @@
   "/Send-Data/Sources/03Use-Case-Library/Amazon-Web-Services/AWS-EC2-Instance-Log-Collection": "/docs/send-data/installed-collectors/sources/host-metrics-source",
   "/Send-Data/Sources/03Use_Case_Examples/Kubernetes_Collection_DaemonSet": "/docs/send-data/collect-from-other-data-sources/kubernetes-fluentd-plugin",
   "/Send-Data/Sources/03Use-JSON-to-Configure-Sources": "/docs/send-data/use-json-configure-sources",
+  "/Send-Data/Sources/03Use-JSON-to-Configure-Sources/JSON-Parameters-for-Installed-Sources": "/docs/send-data/use-json-configure-sources/json-parameters-installed-sources",
   "/Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management": "/docs/send-data/use-json-configure-sources/local-configuration-file-management",
   "/Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/View-or-Download-Source-JSON-Configuration": "/docs/send-data/use-json-configure-sources/local-configuration-file-management/view-download-source-json-configuration",
   "/Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/Local-Configuration-File-Management-for-Existing-Collectors-and-Sources": "/docs/send-data/use-json-configure-sources/local-configuration-file-management/existing-collectors-and-sources",
@@ -4023,6 +4032,7 @@
   "/Start-Here/01About-Sumo-Logic/System-Requirements/Supported-Browsers": "/docs/get-started/system-requirements",
   "/Start-Here/01About-Sumo-Logic/System-Requirements/Installed-Collector-Requirements": "/docs/get-started/system-requirements",
   "/Traces/02Working_with_Tracing_data/Spans": "/docs/apm/traces/spans",
+  "/Traces/02Working_with_Tracing_data/Search_Query_Language_support_for_Traces": "/docs/apm/traces/search-query-language-support-for-traces",
   "/Traces/Getting_Started_with_Transaction_Tracing": "/docs/apm/traces/get-started-transaction-tracing",
   "/Traces/Getting_Started_with_Transaction_Tracing/Set_up_traces_collection_for_other_environments": "/docs/apm/traces/get-started-transaction-tracing/set-up-traces-collection-for-other-environments",
   "/Traces/Getting_Started_with_Transaction_Tracing/Working_with_spans_attributes": "/docs/apm/traces/advanced-configuration/working-with-span-attributes",
@@ -4119,6 +4129,7 @@
   "/docs/dashboards/chart-panel-types/line-charts": "/docs/dashboards/panels/line-charts",
   "/docs/dashboards/chart-panel-types/table-charts": "/docs/dashboards/panels/table-charts",
   "/docs/dashboards/chart-panel-types/string-single-value-charts": "/docs/dashboards/panels/single-value-charts",
+  "/docs/dashboards/get-started": "/docs/dashboards",
   "/docs/dashboards/get-started/add-links-text-panels": "/docs/dashboards/about",
   "/docs/dashboards/get-started/launch-search-data-panel": "/docs/dashboards/about",
   "/docs/dashboards/get-started/markdown-syntax": "/docs/dashboards/panels/markdown-syntax",

docs/cse/integrations/insight-enrichment-server.md

@@ -151,7 +151,7 @@ The following parameters control general server behaviors, as opposed to enrichm
 | Setting | Required? | Description |
 |:--|:--|:--|
 | `URL` | yes | The URL for your API endpoint. For more information, see [Sumo Logic API Authentication, Endpoints, and Security](/docs/api/getting-started#sumo-logic-endpoints-by-deployment-and-firewall-security). |
-| `api_id` | yes | Enter your Sumo Logic Access ID. For more information, see [Manage your access keys on Preferences page](/docs/manage/security/access-keys#from-the-preferences-page). |
+| `api_id` | yes | Enter your Sumo Logic Access ID. For more information, see [Access Keys](/docs/manage/security/access-keys). |
 | `api_key` | yes | Enter your Sumo Logic Access Key.|
 | `log_level` | no | Log level the server should use. The options are:<br/><br/>-`error`. Only display error messages.<br/>-`info`. Display informational messages. This is the recommended value.<br/>-`debug`. Displays debug (or trace) data. Recommended only when debugging.<br/><br/>Default: `info` |
 | `poll_interval` | no | How often the Insight Enrichment Server should check for new insights. You can specify the interval in seconds (s), minutes (m), or hours (h).<br/><br/>Default: 10s |

docs/cse/integrations/security-incident-response-integration.md

@@ -36,7 +36,7 @@ Your Cloud SIEM role must allow you to use API keys and to retrieve and modify i
 
 In this step, you make a copy of your API credentials, which you'll need to supply when you install the SIR-Cloud SIEM integration in [Step 5](#step-5-install-the-sir-cloud-siem-integration) below. 
 
-You’ll need to supply a Sumo Logic Access ID and Access Key. If necessary, you can create those on your **Preferences** page in the Sumo Logic UI. For more information, see [Create an access key on Preferences page](/docs/manage/security/access-keys#from-the-preferences-page).
+You’ll need to supply a Sumo Logic Access ID and Access Key. If necessary, you can create those in the Sumo Logic UI. For more information, see [Access Keys](/docs/manage/security/access-keys).
 
 ## Step 2: Install ServiceNow plugins
 

docs/cse/schema/index.md

@@ -69,10 +69,4 @@ This guide has information about Cloud SIEM schemas. In this section, we'll intr
   <p>Learn how to import YARA rules from GitHub into Cloud SIEM.</p>
   </div>
 </div>
-<div className="box smallbox card">
-  <div className="container">
-  <a href="/docs/cse/schema/parser-troubleshooting-tips"><img src={useBaseUrl('img/icons/operations/schema.png')} alt="Flow diagram icon" width="40"/><h4>Parser Troubleshooting</h4></a>
-  <p>Learn how to troubleshoot problems with parsers.</p>
-  </div>
-</div>
 </div>