Merge branch 'main' into berry

Author: kimsauce

.clabot

@@ -173,7 +173,8 @@
     "Misterjohnson87",
     "lol3909",
     "Hellfire4959",
-    "antonymartinsumo"
+    "antonymartinsumo",
+    "amee-sumo"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we'll add you to our approved list of contributors.",
   "label": "cla-signed",

blog-cse/2023/12-31.md

@@ -247,8 +247,6 @@ The new index is automatically generated and retained for a period of 2 years at
 
 As a result, the optional legacy Signal Forwarding feature in Cloud SIEM will be deprecated on **November 15, 2023**. Existing data will not be deleted, but new Signals generated after that date will no longer be forwarded using that feature and the option will no longer be available. (Signals will continue to be forwarded automatically to `sec_signal`.) Customers leveraging data forwarded using the legacy feature to generate dashboards (or for other use cases) will need to modify those applications to use the new `sec_signal` index before then. Note that the content of the `sec_signal` index is not identical to the content in data forwarded using the legacy option.
 
-For more information about this change, and the differences between the two data sets, refer to our [2023 Cloud SIEM Signal Index Migration FAQ](/docs/cse/records-signals-entities-insights/signal-index-migration-faq/).
-
 
 
 ---

blog-csoar/2024-11-15-application-update.md

@@ -0,0 +1,39 @@
+---
+title: November 15, 2024 - Application Update
+keywords:
+  - sumo logic
+  - cloud soar
+  - automation service
+image: https://help.sumologic.com/img/sumo-square.png
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-csoar/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+### Changes and Enhancements
+
+#### Platform
+
+* Playbooks
+   * Improvement - Disabled Cartesian Product flag on all new nodes by default.
+
+#### Automation Bridge
+
+We are happy to announce a beta version of the [Automation Bridge](/docs/platform-services/automation-service/automation-service-bridge/) that includes the following:
+* Support for new CentOS version
+    * The CentOS docker image version has been upgraded from CentOS 7 to CentOS 8.
+* Security fixes
+
+### Bug Fixes
+
+* Playbooks
+   * Fixed Playbook nodes rendering issue on Safari browser.
+   * Fixed issue related to use of underscore within playbooks input fields.
+   * Fixed issue with using authorizer value from playbook input variables in user choice node.
+* Integrations
+   * Resolved an issue where the 'Close Insight' trigger action was not functioning as expected.
+* Incidents
+   * Improved Incident templates page load time.
+   * Fixed issues while trying to update Incident templates.

blog-csoar/2024-11-20-content.md

@@ -0,0 +1,46 @@
+---
+title: November 20, 2024 - Content Release
+hide_table_of_contents: true
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - automation service
+  - cloud soar
+  - soar
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-csoar/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This release introduces new integrations, new playbooks, and several updates.
+
+### Integrations
+
+* [New] [Google Chat](/docs/platform-services/automation-service/app-central/integrations/google-chat)
+* [New] [Malwarebytes Oneview](/docs/platform-services/automation-service/app-central/integrations/malwarebytes-oneview)
+* [New] [Silent Push](/docs/platform-services/automation-service/app-central/integrations/silent-push)
+* [New] [Sumo Logic Automation Tools](/docs/platform-services/automation-service/app-central/integrations/sumo-logic-automation-tools)
+* [New] [VirusTotal V3](/docs/platform-services/automation-service/app-central/integrations/virustotal-v3)
+* [Updated] [APIVoid](/docs/platform-services/automation-service/app-central/integrations/apivoid)
+* [Updated] [Atlassian Jira V2](/docs/platform-services/automation-service/app-central/integrations/atlassian-jira-v2)
+* [Updated] [Atlassian Opsgenie](/docs/platform-services/automation-service/app-central/integrations/atlassian-opsgenie)
+* [Updated] [AWS EC2](/docs/platform-services/automation-service/app-central/integrations/aws-ec2)
+* [Updated] [AWS EKS](/docs/platform-services/automation-service/app-central/integrations/aws-eks)
+* [Updated] [Azure AD](/docs/platform-services/automation-service/app-central/integrations/azure-ad)
+* [Updated] [Cloudflare](/docs/platform-services/automation-service/app-central/integrations/cloudflare)
+* [Updated] [ConnectWise Manage](/docs/platform-services/automation-service/app-central/integrations/connectwise-manage)
+* [Updated] [Cortex XDR](/docs/platform-services/automation-service/app-central/integrations/cortex-xdr)
+* [Updated] [CrowdStrike Falcon](/docs/platform-services/automation-service/app-central/integrations/crowdstrike-falcon)
+* [Updated] [Freshservice](/docs/platform-services/automation-service/app-central/integrations/freshservice)
+* [Updated] [Gmail](/docs/platform-services/automation-service/app-central/integrations/gmail)
+* [Updated] [HTTP Tools](/docs/platform-services/automation-service/app-central/integrations/http-tools)
+* [Updated] [IBM X-Force Exchange](/docs/platform-services/automation-service/app-central/integrations/ibm-x-force-exchange)
+* [Updated] [Microsoft EWS](/docs/platform-services/automation-service/app-central/integrations/microsoft-ews)
+* [Updated] [Microsoft OneDrive](/docs/platform-services/automation-service/app-central/integrations/microsoft-onedrive)
+* [Updated] [Microsoft Sentinel](/docs/platform-services/automation-service/app-central/integrations/microsoft-sentinel)
+* [Updated] [Netskope V2](/docs/platform-services/automation-service/app-central/integrations/netskope-v2)
+* [Updated] [Slack](/docs/platform-services/automation-service/app-central/integrations/slack)
+* [Updated] [Sumo Logic Cloud SIEM](/docs/platform-services/automation-service/app-central/integrations/sumo-logic-cloud-siem)
+* [Updated] [Sumo Logic Notifications by Gmail](/docs/platform-services/automation-service/app-central/integrations/sumo-logic-notifications-by-gmail)
+* [Updated] [URLScan.io](/docs/platform-services/automation-service/app-central/integrations/urlscan.io)
+* [Updated] [VirusTotal](/docs/platform-services/automation-service/app-central/integrations/virustotal)

blog-service/2024-11-12-search.md

@@ -0,0 +1,15 @@
+---
+title: scanned_partition_count Field Computation Change (Search)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - count
+  - search-operator
+  - log-search
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're happy to announce a change in the computation for the `scanned_partition_count` Search Audit Index field. Previously, we were using incorrect computation to calculate the value for the `scanned_partition_count` field. With this change, the incorrect computation is fixed and now you will obtain the correct number of partitions scanned for the respective search.

blog-service/2024-11-13-manage.md

@@ -0,0 +1,20 @@
+---
+title: Kickstart Data Onboarding
+image: https://help.sumologic.com/img/sumo-square.png
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We know that getting started with new tools can be challenging. To simplify your onboarding, we’ve introduced Kickstart Data with preloaded sample data and prebuilt dashboards designed to streamline your trial experience with Sumo Logic. With this sample data, you can jump right in, explore dashboards, and understand Sumo Logic's value without needing to set up your own data first.
+
+### Key benefits
+
+* **Immediate insights**. Begin with sample data and dashboards to experience Sumo Logic’s capabilities instantly.
+* **Quick setup**. No need to configure firewall settings or security permissions—get started right away.
+* **Guided trial**. Pre-built dashboards and reports demonstrate real-world scenarios, allowig secure and insightful exploration.
+* **Easy transition**. Start ingesting your own data anytime. Kickstart deactivated at the trial’s end.
+
+See how Kickstart Data can simplify your onboarding, helping you focus on monitoring and troubleshooting. For more details, visit our [Quickstart Guide](/docs/get-started/quickstart/#getting-started-with-kickstart-data-in-your-trial).

cid-redirects.json

@@ -90,6 +90,7 @@
   "/docs/contributing/edit-doc": "/docs/contributing/create-edit-doc",
   "/docs/contributing/markdown-cheat-sheet": "/docs/contributing/style-guide",
   "/docs/contributing/templates": "/docs/contributing/templates/generic-doc",
+  "/docs/contributing/templates/template-doc": "/docs/contributing/templates/generic-doc",
   "/docs/c2c": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework",
   "/Send-Data": "/docs/send-data",
   "/03Send-Data": "/docs/send-data",
@@ -225,6 +226,7 @@
   "/03Send-Data/Setup-Wizard/Collect-from-Custom-Apps": "/docs/send-data/setup-wizard",
   "/03Send-Data/Setup-Wizard/Collect-from-Custom-Apps/Collect_Streaming_Data_from_HTTP": "/docs/send-data/setup-wizard",
   "/03Send-Data/Setup-Wizard/Collect-from-Custom-Apps/Collect-Streaming-Data-from-a-Local-File": "/docs/send-data/setup-wizard",
+  "/03Send-Data/Setup-Wizard/Collect-Streaming-Data-for-Metrics/Collect-Streaming-Data-for-CollectD-Metrics": "/docs/send-data/setup-wizard",
   "/03Send-Data/Setup-Wizard/Collect-Streaming-Data-from-Other-Data-Types": "/docs/send-data/setup-wizard",
   "/Send-Data/Setup-Wizard/Collect-Streaming-Data-for-Metrics/01Collect-Streaming-Data-for-Host-Metrics": "/docs/send-data/setup-wizard",
   "/Send-Data/Setup-Wizard/Collect-Streaming-Data-for-Metrics/Collect-Streaming-Data-for-Graphite-Formatted-Metrics": "/docs/metrics/introduction/metric-formats",
@@ -2400,7 +2402,7 @@
   "/cid/5421": "/docs/search/search-query-language/search-operators/fillmissing",
   "/cid/5422": "/docs/search/time-compare",
   "/cid/12356": "/docs/integrations/sumo-apps/log-analysis-quickstart",
-  "/cid/12357": "/docs/integrations/sumo-apps/kickstart-data-astronomy",
+  "/cid/12357": "/docs/integrations/sumo-apps/kickstart-data",
   "/cid/5423": "/docs/send-data/installed-collectors/collector-installation-reference/force-collectors-name-clobber",
   "/cid/5424": "/docs/dashboards/about",
   "/cid/5426": "/docs/send-data/collection/processing-rules/hash-rules",
@@ -2634,6 +2636,7 @@
   "/cid/16323": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/druva-source",
   "/cid/13428": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/kandji-source",
   "/cid/17343": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source",
+  "/cid/17344": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/smartsheet-source",
   "/cid/20172": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-vulnerability-management-source",
   "/cid/19880": "/docs/metrics/metrics-operators/predict",
   "/cid/19881": "/docs/metrics/metrics-operators/accum",
@@ -3265,6 +3268,7 @@
   "/Metrics/Metric-Queries-and-Alerts/07Metrics_Operators/where": "/docs/metrics/metrics-operators/where",
   "/Metrics/Metric-Queries-and-Alerts/09Metric_Query_Error_Messages": "/docs/metrics/metrics-queries/metric-query-error-messages",
   "/Metrics/Metric-Queries-and-Alerts/Metric_Aggregation_Tips": "/docs/metrics/metrics-queries/aggregation-tips",
+  "/Metrics/Metric-Queries-and-Alerts/Filter_Time_Series": "/docs/dashboards/panels",
   "/Monitor_and_Alert/Alerts": "/docs/alerts",
   "/Monitor_and_Alert/Dashboards/About_Dashboards": "/docs/dashboards/about",
   "/Monitor_and_Alert/Alerts/Why_Would_a_Scheduled_Search_Fail": "/docs/alerts/scheduled-searches/faq",
@@ -3764,6 +3768,7 @@
   "/Search/Search-Query-Language/01-Parse-Operators/07-Parse-XML-Formatted-Logs": "/docs/search/search-query-language/parse-operators/parse-xml-formatted-logs",
   "/Search/Search-Query-Language/aaGroup/count,-count-distinct,-and-count-frequent": "/docs/search/search-query-language/group-aggregate-operators/count-count-distinct-and-count-frequent",
   "/Search/Search-Query-Language/aaGroup/fillmissing": "/docs/search/search-query-language/search-operators/fillmissing",
+  "/Search/Search-Query-Language/aaGroup/sum": "/docs/search/search-query-language/group-aggregate-operators/sum",
   "/Search/Search-Query-Language/Search-Operators": "/docs/search/search-query-language/search-operators",
   "/Search/Search-Query-Language/Search-Operators/lookup": "/docs/search/search-query-language/search-operators/lookup",
   "/docs/search/search-query-language/search-operators/parse": "/docs/search/search-query-language/parse-operators",
@@ -3853,6 +3858,7 @@
   "/Send-Data/Applications-and-Other-Data-Sources/Palo_Alto_Networks_8/Collect_Logs_for_Palo_Alto_Networks_8": "/docs/integrations/security-threat-detection/palo-alto-networks-9",
   "/Send-Data/Applications-and-Other-Data-Sources/Threat-Intel-Quick-Analysis": "/docs/integrations/security-threat-detection/threat-intel-quick-analysis",
   "/Send-Data/Applications-and-Other-Data-Sources/Threat-Intel-Quick-Analysis/Threat-Intel-FAQ": "/docs/integrations/security-threat-detection/threat-intel-quick-analysis",
+  "/Send-Data/Applications-and-Other-Data-Types/Okta": "/docs/integrations/saml/okta",
   "/Send-Data/Applications-and-Other-Data-Types/PCI-Compliance-for-Windows/Collecting-Logs-for-PCI-Compliance-for-Windows-App": "/docs/integrations/microsoft-azure/windows-json-pci-compliance",
   "/Send-Data/Collect-from-Other-Data-Sources/Azure_Blob_Storage": "/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs",
   "/Send-Data/Collect-from-Other-Data-Sources/Azure_Blob_Storage/Collect_Logs_from_Azure_Blob_Storage": "/docs/send-data/collect-from-other-data-sources/azure-blob-storage/block-blob/collect-logs",
@@ -3887,6 +3893,7 @@
   "/Send-Data/Sources/01Sources-for-Installed-Collectors/Remote-File-Source": "/docs/send-data/installed-collectors/sources/remote-file-source",
   "/Send-Data/Sources/01Sources-for-Installed-Collectors/Script-Action": "/docs/send-data/installed-collectors/sources/script-action",
   "/Send-Data/Sources/01Sources-for-Installed-Collectors/Script-Source": "/docs/send-data/installed-collectors/sources/script-source",
+  "/Send-Data/Sources/01Sources-for-Installed-Collectors/Remote-Windows-Event-Log-Source/Prerequisites_for_Windows_Log_Collection": "/docs/send-data/installed-collectors/sources/remote-windows-event-log-source",
   "/Send-Data/Sources/01Sources-for-Installed-Collectors/Syslog-Source": "/docs/send-data/installed-collectors/sources/syslog-source",
   "/Send-Data/Sources/01Sources-for-Installed-Collectors/Local_Windows_Event_Log_Source/Local_Windows_Event_Source_Custom_Channels": "/docs/send-data/installed-collectors/sources/local-windows-event-log-source",
   "/Send-Data/Sources/02Sources-for-Hosted-Collectors/AWS-S3-Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
@@ -3897,6 +3904,7 @@
   "/Send-Data/Sources/02Sources-for-Hosted-Collectors/HTTP-Source/Upload-Data-to-an-HTTP-Source": "/docs/send-data/hosted-collectors/http-source",
   "/Send-Data/Sources/02Sources-for-Hosted-Collectors/HTTP-Source/zGenerate-a-new-URL-for-an-HTTP-Source": "/docs/send-data/hosted-collectors/http-source",
   "/Send-Data/Sources/02Sources-for-Hosted-Collectors/Microsoft-Office-365-Audit-Source": "/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source",
+  "/docs/send-data/hosted-collectors/microsoft-source": "/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source",
   "/docs/send-data/hosted-collectors/ms-office-audit-source": "/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source",
   "/docs/send-data/hosted-collectors/webhook-sources": "/docs/send-data/hosted-collectors/webhook-sources/zoom",
   "/Send-Data/Sources/04Reference-Information-for-Sources/Timestamps,-Time-Zones,-Time-Ranges,-and-Date-Formats": "/docs/send-data/reference-information/time-reference",

docs/apm/real-user-monitoring/dashboards.md

@@ -8,20 +8,28 @@ description: Learn how to use the Sumo Logic Real User Monitoring (RUM) Dashboar
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
 
-## RUM App
+## Installing the RUM App (Optional)
 
-Once Sumo Logic detects data coming from user browsers, the RUM app will be installed automatically for all users of your organization. **No action is required**.
+Once Sumo Logic detects data coming from user browsers, the RUM app will be installed automatically for all users of your organization. **No action is required**.
 
-The data will populate in your organization's **Sumo Logic RUM - default** dashboards, located inside of your **Admin Recommended** folder. Do not modify or delete content in this folder, as it's maintained and updated automatically.
+The data will populate in your organization's **Sumo Logic RUM - default** dashboards, located inside of your **Installed Apps** folder. Do not modify or delete content in this folder, as it is maintained by Sumo Logic.
 
-If your RUM app is removed accidentally, you'll need to install it manually:
+If your RUM app is removed accidentally, you'll need to install it manually
+
+import AppInstall from '../../reuse/apps/app-install-v2.md';
+
+## Upgrade/Downgrade the RUM App (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+<AppUpdate/>
+
+## Uninstalling the RUM App (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+<AppUninstall/>
 
-1. Go to the **App Catalog**, then search for and select the **Real User Monitoring** app. 
-1. Click **Add to Library**.
-1. Provide an **App Name**. You can retain the existing name or enter a name of your choice for the app.
-1. **Advanced**. Select the Location in Library (the default is the Personal folder in the library), or click New Folder to add a new folder.
-1. Click **Add to Library**.
-1. Once the app is installed, it will appear in your **Personal** folder or the folder you specified. From here, you can share it with your organization.
 
 ## Using Real User Monitoring view