SumoLogic
diff --git a/‎blog-service/2025-11-26-apps.md‎
Lines changed: 12 additions & 0 deletions b/‎blog-service/2025-11-26-apps.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎cid-redirects.json‎
Lines changed: 1 addition & 0 deletions b/‎cid-redirects.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/integrations/product-list/product-list-m-z.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/integrations/product-list/product-list-m-z.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/integrations/saas-cloud/index.md‎
Lines changed: 6 additions & 0 deletions b/‎docs/integrations/saas-cloud/index.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎docs/integrations/saas-cloud/zero-networks-segment.md‎
Lines changed: 185 additions & 0 deletions b/‎docs/integrations/saas-cloud/zero-networks-segment.md‎
Lines changed: 185 additions & 0 deletions
diff --git a/‎static/img/integrations/saas-cloud/Zero-Networks-Segment-Audit-Events.png‎
423 KB b/‎static/img/integrations/saas-cloud/Zero-Networks-Segment-Audit-Events.png‎
423 KB
diff --git a/‎static/img/integrations/saas-cloud/Zero-Networks-Segment-Network-Activities.png‎
577 KB b/‎static/img/integrations/saas-cloud/Zero-Networks-Segment-Network-Activities.png‎
577 KB
diff --git a/‎static/img/integrations/saas-cloud/Zero-Networks-Segment-Security.png‎
634 KB b/‎static/img/integrations/saas-cloud/Zero-Networks-Segment-Security.png‎
634 KB
@@ -0,0 +1,12 @@
+---
+title: Zero Networks Segment (Apps)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none
+keywords:
+  - apps
+  - zero-networks-segment
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new Sumo Logic app for Zero Networks Segment. This app provides deep visibility into network activity, segmentation policies, and enforcement actions, helping security teams detect anomalies, assess risk, and validate zero‑trust controls to strengthen overall network security. [Learn more](/docs/integrations/saas-cloud/zero-networks-segment/)
@@ -2972,6 +2972,7 @@
   "/cid/1120": "/docs/integrations/saas-cloud/github-copilot",
   "/cid/1123": "/docs/integrations/amazon-aws/amazon-bedrock-agentcore",
   "/cid/1122": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-threat-intel-source",
+  "/cid/1124": "/docs/integrations/saas-cloud/zero-networks-segment/",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",
   "/Cloud_SIEM_Enterprise/Administration/Cloud_SIEM_Enterprise_Feature_Update_(2022)": "/docs/cse/administration",
 
@@ -232,7 +232,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/zendesk.png')} alt="Thumbnail icon" width="75"/> | [Zendesk](https://www.zendesk.com/) | App: [Zendesk](/docs/integrations/saas-cloud/zendesk/) <br/> Automation integration: [Zendesk](/docs/platform-services/automation-service/app-central/integrations/zendesk/) <br/>Cloud SIEM integration: [Zendesk](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/18db13d4-1574-465b-a203-1c76456e70b4.md) <br/>Collector: [Zendesk Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source/) |
 |  <img src={useBaseUrl('img/integrations/webhooks/zenduty-logo.png')} alt="Thumbnail icon" width="50"/>   |  [Zenduty](https://www.zenduty.com/) | Webhook: [Zenduty](/docs/integrations/webhooks/zenduty/)	 |
 |  <img src={useBaseUrl('img/integrations/misc/zerofox-logo.png')} alt="Thumbnail icon" width="50"/>   | [ZeroFox](https://www.zerofox.com/) | Automation integration: [ZeroFox](/docs/platform-services/automation-service/app-central/integrations/zerofox/) <br/>Collector: [ZeroFox Threat Intel Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zerofox-intel-source/)<br/> Partner integration: <a href={useBaseUrl('files/zerofox-integrations.pdf')} target="_blank">ZeroFox integration</a>	 |
-|  <img src={useBaseUrl('img/send-data/zero-networks-icon.png')} alt="Thumbnail icon" width="50"/>   |  [Zero Networks](https://zeronetworks.com/) | Cloud SIEM integration: [Zero Networks](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/3e3c8813-9644-4fd6-9d6f-78bb8ffc5f44.md) <br/>Collector: [Zero Networks Segment Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source/)	 |
+|  <img src={useBaseUrl('img/send-data/zero-networks-icon.png')} alt="Thumbnail icon" width="50"/>   |  [Zero Networks](https://zeronetworks.com/) | App: [Zero Networks Segment](/docs/integrations/saas-cloud/zero-networks-segment) <br/>Cloud SIEM integration: [Zero Networks](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/3e3c8813-9644-4fd6-9d6f-78bb8ffc5f44.md) <br/>Collector: [Zero Networks Segment Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source/)	 |
 |  <img src={useBaseUrl('img/send-data/zimperium-mtd.png')} alt="Thumbnail icon" width="50"/>   | [Zimperium](https://zimperium.com/)  | App: [Zimperium](/docs/integrations/saas-cloud/zimperium) <br/>Collector: [Zimperium MTD Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source) |
 |  <img src={useBaseUrl('img/integrations/saas-cloud/zoom.png')} alt="Thumbnail icon" width="50"/>   | [Zoom](https://zoom.us/)  | 	App: [Zoom](/docs/integrations/saas-cloud/zoom/) <br/>Automation integration: [Zoom](/docs/platform-services/automation-service/app-central/integrations/zoom/) <br/>Cloud SIEM integration: [Zoom](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/bda720cd-399c-4dcc-9289-19ad0c9cb221.md) <br/>Collector: [Zoom Source](/docs/send-data/hosted-collectors/webhook-sources/zoom/) |
 |  <img src={useBaseUrl('img/integrations/security-threat-detection/zscaler.png')} alt="Thumbnail icon" width="75"/>   | [Zscaler](https://www.zscaler.com/)  | 	Apps: <br/>- [Zscaler Internet Access](/docs/integrations/security-threat-detection/zscaler-internet-access/)	<br/>- [Zscaler Private Access](/docs/integrations/security-threat-detection/zscaler-private-access/) <br/>Automation integration: [Zscaler](/docs/platform-services/automation-service/app-central/integrations/zscaler/) <br/>Cloud SIEM integration: [Zscaler](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/9dfd2223-1656-4faf-a38a-5a91978fa15e.md) |
@@ -489,6 +489,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.
   <p>Identify security threats by analyzing audit logs.</p>
   </div>
 </div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href={useBaseUrl('docs/integrations/saas-cloud/zero-networks-segment/')}><img src={useBaseUrl('img/send-data/zero-networks-icon.png')} alt="Thumbnail icon" width="40"/><h4>Zero Networks Segment</h4></a>
+  <p>Gain deep visibility into network activity, assess risk, and validate zero‑trust segmentation controls.</p>
+  </div>
+</div>
 <div className="box smallbox card">
   <div className="container">
   <a href={useBaseUrl('docs/integrations/saas-cloud/zimperium')}><img src={useBaseUrl('img/integrations/zimperium/zimperium-logo.png')} alt="icon" width="100"/><h4>Zimperium</h4></a>
 
@@ -0,0 +1,185 @@
+---
+id: zero-networks-segment
+title: Zero Networks Segment
+sidebar_label: Zero Networks Segment
+description: The Zero Networks Segment app for Sumo Logic provides deep visibility into network activity and segmentation policies, helping security teams detect anomalies, assess risk, and validate zero‑trust enforcement to strengthen overall network security.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<img src={useBaseUrl('img/send-data/zero-networks-icon.png')} alt="zero-networks-icon" width="40" />
+
+The Zero Networks Segment app provides unified visibility into network activity, policy actions, and user behavior across your environment. By combining telemetry from connections, enforcement events, and configuration changes, it enables a clear understanding of how assets, users, and applications interact within a zero trust framework.
+
+The app surfaces key metrics such as top devices, active users, protocols, ports, and traffic types to reveal operational patterns and dependencies. Risk-oriented insights highlight high-threat destinations, unsafe processes, and connection outcomes, helping teams quickly identify and contain potential exposures. Governance information tracks who created rules, when MFA was applied, and how enforcement sources contributed to changes.
+
+Together, these views deliver real-time awareness of network usage and security posture, enabling organizations to validate segmentation policies, reduce attack surfaces, and sustain a trusted, well-monitored network environment.
+
+:::info
+This app includes [built-in monitors](#zero-networks-segment-alerts). For details on creating custom monitors, refer to [Create monitors for Zero Networks Segment app](#create-monitors-for-the-zero-networks-segment-app).
+:::
+
+## Log types
+
+This app uses Sumo Logic’s [Zero Networks Segment Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source) to collect Audit logs and Network Activity logs from the Zero Networks Segment platform.
+
+## Sample log message
+
+<details>
+<summary>Audit Log</summary>
+
+```json
+{
+    "timestamp": 1764075603256,
+    "isoTimestamp": "2025-11-25T18:30:03.256Z",
+    "auditType": 9,
+    "enforcementSource": 6,
+    "userRole": 4,
+    "destinationEntitiesList": [
+        {
+            "id": "b:110002",
+            "name": "All protected assets"
+        }
+    ],
+    "details": "{\"rule\":{\"localEntityNames\":{\"id\":\"b:110002\",\"name\":\"All protected assets\"},\"remoteEntityNames\":[{\"id\":\"b:110001\",\"name\":\"Any asset\"}],\"ports\":[{\"protocol_type\":6,\"ports\":\"62246\"}],\"expiration\":1764075603256,\"description\":\"\",\"localProcesses\":[\"*\"],\"created_by\":{\"id\":\"m:13c49a4eb4fa90bbb948b6c8de5175ad2d36cfbc\",\"name\":\"ModuleTesting\"},\"enforcementSource\":6,\"createdAt\":1764075603256,\"usedMfaMethod\":0,\"excludedLocalEntityNames\":[],\"state\":1,\"updatedAt\":1764075603256,\"updatedBy\":{},\"approvedAt\":0,\"approvedBy\":{},\"ruleClass\":2}}",
+    "reportedObjectId": "a3864c59-e263-4d12-a73e-595cf2103f6c",
+    "reportedObjectGeneration": 129335988,
+    "performedBy": {
+        "id": "m:13c49a4eb4fa90bbb948b6c8de5175ad2d36cfbc",
+        "name": "ModuleTesting"
+    }
+}
+```
+</details>
+
+<details>
+<summary>Network Activity Log</summary>
+
+```json
+{
+    "timestamp": 1764075429582,
+    "protocol": 17,
+    "state": 3,
+    "trafficType": 3,
+    "dst": {
+        "assetId": "b:X1003",
+        "fqdn": "time.windows.com",
+        "ip": "193.124.185.120",
+        "port": 123,
+        "processName": "",
+        "processPath": "",
+        "ipThreatScore": 0
+    },
+    "src": {
+        "assetId": "a:d:SRV-TIME01",
+        "assetSrc": 1,
+        "networkProtectionState": 1,
+        "assetType": 2,
+        "eventRecordId": 600013,
+        "fqdn": "NTP-Sync01",
+        "ip": "193.124.185.120",
+        "port": 54312,
+        "processId": 412,
+        "processName": "svchost.exe (412)",
+        "processPath": "C:\\Windows\\System32\\svchost.exe (412)",
+        "userId": "S-1-5-18",
+        "userName": "NT AUTHORITY\\SYSTEM",
+        "user": {
+            "sid": "S-1-5-18",
+            "name": "NT AUTHORITY\\SYSTEM"
+        },
+        "ipThreatScore": 0
+    },
+    "inboundRuleMatches": [],
+    "outboundRuleMatches": [],
+    "reason": 6,
+    "ipSpace": 0
+}
+```
+</details>
+
+## Sample queries
+
+```sql title="Total Audit Logs"
+_sourceCategory="zero-networks-app" auditType
+| json "auditType", "details", "timestamp", "reportedObjectId", "performedBy.name", "performedBy.id", "destinationEntitiesList[*]", "enforcementSource", "userRole", "isoTimestamp" as audit_type, details, timestamp, reported_object_id, actor, actor_id, destination_entities_list, enforcement_source, user_role, iso_timestamp nodrop
+
+| where audit_type matches "*"
+| where enforcement_source matches "*"
+| where user_role matches "*"
+
+| count by audit_type, details, timestamp, reported_object_id
+| count
+```
+
+## Collection configuration and app installation
+
+import CollectionConfiguration from '../../reuse/apps/collection-configuration.md';
+
+<CollectionConfiguration/>
+
+:::important
+Use the [Cloud-to-Cloud Integration for Zero Networks Segment Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zero-networks-segment-source) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your Zero Networks Segment app is properly integrated and configured to collect and analyze your Zero Networks Segment data.
+:::
+
+### Create a new collector and install the app
+
+import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md';
+
+<AppCollectionOPtion1/>
+
+### Use an existing collector and install the app
+
+import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md';
+
+<AppCollectionOPtion2/>
+
+### Use an existing source and install the app
+
+import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md';
+
+<AppCollectionOPtion3/>
+
+## Viewing the Zero Networks Segment dashboards
+
+import ViewDashboards from '../../reuse/apps/view-dashboards.md';
+
+<ViewDashboards/>
+
+### Network Activities
+
+The **Zero Networks Segment - Network Activities** view offers a comprehensive snapshot of how users, devices, and applications communicate across the network. It tracks total source and destination devices, unique active users, connection volumes, and top domains, ports, and processes to reveal usage trends and dependencies. By correlating state, protocol, and traffic‑type distributions with geographic source and destination mapping, it highlights how data flows through internal, external, and Internet segments and helps uncover anomalies or unexpected communication paths. Consolidating these insights provides real‑time awareness of network behavior, enabling teams to validate segmentation effectiveness, identify misconfigurations, and maintain a secure, efficient, and well‑monitored network environment. <br/><img src={useBaseUrl('img/integrations/saas-cloud/Zero-Networks-Segment-Network-Activities.png')} alt="Zero-Networks-Segment-Network-Activities" />
+
+###  Security
+
+The **Zero Networks Segment - Security** view provides a comprehensive picture of the organization’s threat posture and enforcement activity, unifying every indicator of risk into a single operational perspective. It tracks high‑risk connections, threat‑score distributions, and connection reasons to reveal which endpoints, users, or processes are engaging in potentially unsafe communications. Visual metrics categorize network events by threat severity, connection outcome, and justification reason, exposing patterns that signal policy violations, misconfigurations, or emerging threats. Detailed tables connect threat levels to specific destinations, processes, and users, allowing analysts to pinpoint the sources of elevated risk. Global mapping identifies traffic to and from embargoed or untrusted regions, while information on multi‑factor authentication usage and unmonitored rule creation highlights compliance gaps or policy bypasses. Together, these insights give security and operations teams real‑time awareness of exposure, enabling proactive mitigation, enforcement validation, and continuous assurance of Zero Trust segmentation controls. <br/><img src={useBaseUrl('img/integrations/saas-cloud/Zero-Networks-Segment-Security.png')} alt="Zero-Networks-Segment-Security" />
+
+### Audits Events
+
+The **Zero Networks Segment - Audits Events** view provides unified visibility into all policy, configuration, and access-control changes occurring across the Zero Networks environment. It captures every audit event from rule creation, update, and approval to enforcement source actions, linking each to the responsible actor, affected assets, and time of change. Metrics track total audits, top users, and most modified assets, while visual distributions by audit type, user role, enforcement source, and rule state reveal who is making changes and through which system components. Temporal views highlight spikes in activity, exposing patterns that may signal configuration drift or unauthorized updates. Detailed tables correlate users, assets, and actions to support fast investigation and compliance verification. By bringing policy-level governance together in one place, this view enables teams to maintain accountability, trace decision history, and ensure that every modification to Zero Trust segmentation rules aligns with organizational security and compliance standards. <br/><img src={useBaseUrl('img/integrations/saas-cloud/Zero-Networks-Segment-Audit-Events.png')} alt="Zero-Networks-Segment-Audit-Events" />
+
+## Create monitors for the Zero Networks Segment app
+
+import CreateMonitors from '../../reuse/apps/create-monitors.md';
+
+<CreateMonitors/>
+
+### Zero Networks Segment alerts
+
+| Name | Description | Trigger Type (Critical / Warning / MissingData) | Alert Condition | 
+|:--|:--|:--|:--|
+| `Zero Networks Segment - Sources from Embargoed Locations` | Generates an alert when one or more source IP addresses originate from embargoed or restricted geographies. This helps identify unauthorized or non‑compliant traffic entering the network from high-risk regions | Critical | Count > 0 |
+| `Zero Networks Segment - Destinations from Embargoed Locations` | Triggers when outbound connections are detected to destinations associated with embargoed countries or sanctioned regions. Such connections may represent policy violations or potential data exfiltration attempts. | Critical | Count > 0 |
+| `Zero Networks Segment - High Risk Connections` | Alerts when network sessions involve destinations with a threat score greater than 50 indicating known malicious infrastructure or suspicious domains that require immediate investigation. | Critical | Count > 0 |
+
+## Upgrading/Downgrading the Zero Networks Segment app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+<AppUpdate/>
+
+## Uninstalling the Zero Networks Segment app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+<AppUninstall/>