Merge branch 'main' into Databricks-Audit-(apps)

Author: amee-sumo

blog-cse/2025-10-28-content.md

@@ -12,7 +12,7 @@ This content release includes:
     - Updates to existing mappers for Crowdstrike Falcon, F5, and Okta events to support additional fields and events.
     - Updates to F5 Networks and Okta SSO parsers.
 
-Changes are enumerated below.
+This new and updated content is effective as of October 22, 2025. Changes are enumerated below.
 
 ### Log Mappers
 - [New] CrowdStrike Falcon Host API IdpDetectionSummaryEvent

blog-cse/2025-10-29-content.md

@@ -0,0 +1,22 @@
+---
+title: October 29, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+    - New log mappers for Crowdstrike Falcon to support eppDetectionSummary events from multiple ingest methods.
+    - New parsers and log mappers for Databricks Audit logs and Varonis Alerts.
+
+## Log Mappers
+- [New] CrowdStrike Falcon - EppDetectionSummaryEvents (CNC)
+- [New] DataBricks Audit Catch All
+- [New] DataBricks Authentication
+- [New] Varonis Alerts Catch All
+
+## Parsers
+- [New] /Parsers/System/Databricks/Databricks Audit
+- [New] /Parsers/System/Varonis/Varonis Alert JSON

docs/cse/rules/write-aggregation-rule.md

@@ -7,6 +7,7 @@ description: Learn how to write an aggregation rule.
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 import CseRule from '../../reuse/cse-rule-description-links.md';
+import CseDynamicSeverity from '../../reuse/cse-dynamic-severity.md';
 import Iframe from 'react-iframe';
 
 This topic has information about Cloud SIEM aggregation rules and how to write them.
@@ -107,6 +108,7 @@ On the right side of the Rules Editor, in the **Then Create a Signal** section,
    1. The severity area updates. 
    1. **severity of**. Use the pulldown to select a default severity value.
    1. **for the record field**. Use the down arrows to display a list of fields, and select one.  The dynamic severity will be based on the value of (or existence of) that field in the record that matched the rule expression.
+      <CseDynamicSeverity/>
    1. The **Add More Mappings** option appears. <br/><img src={useBaseUrl('img/cse/add-more-mappings.png')} alt="Add More Mappings option" style={{border: '1px solid gray'}} width="450"/>
    1. **Click Add More Mappings**. (Optional) You can define additional mappings if desired. If you don’t, the severity value will be the value of the record field you selected above.
    1. The **if the value is** option appears.<br/><img src={useBaseUrl('img/cse/if-the-value-is.png')} alt="If the Value Is option" style={{border: '1px solid gray'}} width="450"/>

docs/cse/rules/write-match-rule.md

@@ -7,6 +7,7 @@ description: Learn how to write a match rule.
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 import CseRule from '../../reuse/cse-rule-description-links.md';
+import CseDynamicSeverity from '../../reuse/cse-dynamic-severity.md';
 import Iframe from 'react-iframe'; 
 
 This topic has information about match rules and how to create them in the Cloud SIEM UI.
@@ -87,6 +88,7 @@ Watch this micro lesson to learn how to create a match rule.
    1. The severity area updates. 
    1. **severity of**. Use the pulldown to select a default severity value.
    1. **for the record field**. Use the down arrows to display a list of fields, and select one.  The dynamic severity will be based on the value of (or existence of) that field in the record that matched the rule expression.
+      <CseDynamicSeverity/>
    1. The **Add More Mappings** option appears. <br/><img src={useBaseUrl('img/cse/add-more-mappings.png')} alt="Add More Mappings option" style={{border: '1px solid gray'}} width="300"/>
    1. Click **Add More Mappings**. (Optional) You can define additional mappings if desired. If you don’t, the severity value will be the value of the record field you selected above.
    1. The **if the value is** option appears.<br/><img src={useBaseUrl('img/cse/if-the-value-is.png')} alt="If the Value is Option.png" style={{border: '1px solid gray'}} width="300"/>

docs/manage/scheduled-views/pause-disable-scheduled-views.md

@@ -12,7 +12,11 @@ This page outlines the procedures for pausing a scheduled view, manually or auto
 
 By default, all scheduled views are enabled with the AutoPause feature. This mechanism automatically flags scheduled views that have not been queried or referred for *90* consecutive days for potential pausing. This helps with optimizing the system performance and resource usage. 
 
-Scheduled View owners and all active account administrators will receive an in-app warning and email notifications with the list of Scheduled Views that are flagged for inactivity. These notifications are sent 21 days and 7 days prior to the scheduled pause. If no action is taken, the Scheduled Views will be automatically paused on the 90th day with a final notification. 
+Scheduled View creators/owners and all active account administrators will receive an in-app warning and email notifications with the list of Scheduled Views that are flagged for inactivity. These notifications are sent 21 days and 7 days prior to the scheduled pause. If no action is taken, the Scheduled Views will be automatically paused on the 90th day with a final notification. 
+
+| In-app notification | Details section notification |
+| :-- | :-- |
+| <img src={useBaseUrl('/img/scheduled-views/in-app-notification.png')} alt="in-app-notification" style={{border:'1px solid gray'}} width="400"/> | <img src={useBaseUrl('/img/scheduled-views/notification-details-page.png')} alt="notification-details-page.png" style={{border:'1px solid gray'}} width="400"/> |
 
 ### Disable the AutoPause
 

docs/reuse/cse-dynamic-severity.md

@@ -0,0 +1,3 @@
+:::note
+When configuring dynamic severity, you must select a record field that is numeric. If you select a non-numeric field, severity does not return a numeric value, and no signal fires.
+:::