Merge branch 'main' into docs-72-cloud-siem-rule-limits

Author: jpipkin1

.github/workflows/build_and_deploy.yml

@@ -1,5 +1,8 @@
 name: Build and Deploy
 
+permissions:
+  contents: read
+
 on:
   workflow_call:
     inputs:
@@ -13,7 +16,7 @@ on:
         default: "/"
         type: string
       environment:
-        description: GHA environment name
+        description: GitHub Actions environment name (used for scoping secrets and deployment)
         required: true
         type: string
     secrets:
@@ -35,6 +38,7 @@ jobs:
     env:
       CI: true
       NODE_ENV: production
+      NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
       AWS_PAGER: ""
       HOSTNAME: ${{ inputs.hostname }}
       BASE_URL: ${{ inputs.base_url }}
@@ -53,16 +57,14 @@ jobs:
         uses: actions/cache@v3
         with:
           path: node_modules/.cache
-          key: ${{ runner.os }}-webpack-cache
+          key: ${{ runner.os }}-webpack-cache-${{ hashFiles('yarn.lock') }}
       - name: Install awscli
         uses: unfor19/install-aws-cli-action@v1
       - name: Install jq
         run: sudo apt-get install -y jq
       - name: Install dependencies
         run: yarn install --frozen-lockfile
       - name: Build the Docusaurus site
-        env:
-          NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
         run: yarn build
       - name: Deploy the Docusaurus site
         env:

.github/workflows/delete-review.yml

@@ -1,5 +1,8 @@
 name: delete-review
 
+permissions:
+  contents: read
+
 on: delete
 
 jobs:
@@ -9,6 +12,7 @@ jobs:
       name: review/${{ github.ref_name }}
     env:
       CI: true
+      NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
       AWS_PAGER: ""
       BASE_URL: /${{ github.ref_name }}/
       AWS_DEFAULT_REGION: us-east-1
@@ -23,6 +27,7 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         run: |
+          echo "Removing files at s3://${S3_BUCKET_NAME}${BASE_URL}"
           aws s3 rm --recursive s3://${S3_BUCKET_NAME}${BASE_URL}
           export INVALIDATION_ID=$(
             aws cloudfront create-invalidation \

.github/workflows/pr.yml

@@ -1,40 +1,44 @@
 name: Pull Request Checks
 
+permissions:
+  contents: read
+  pull-requests: read
+
 on:
-    pull_request:
-      branches:
-        - main
-    merge_group:
-      types:
-        - checks_requested
+  pull_request:
+    branches:
+      - main
+  merge_group:
+    types:
+      - checks_requested
+
+env:
+  CI: true
+  NODE_ENV: production
+  NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
 
 jobs:
-    build-and-deploy:
-      runs-on: ubuntu-latest
-      env:
-          CI: true
-          NODE_ENV: production
-      steps:
-        - uses: actions/checkout@v4
-        - name: Set up Node.js
-          uses: actions/setup-node@v3
-          with:
-            node-version: '20.x'
-            cache: 'yarn'
-        - name: Docusaurus Webpack cache
-          uses: actions/cache@v3
-          with:
-            path: node_modules/.cache
-            key: ${{ runner.os }}-webpack-cache
-        - name: Install dependencies
-          run: yarn install --frozen-lockfile
-        - name: Build the Docusaurus site
-          env:
-            NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
-          run: yarn build
-    spellcheck:
-      runs-on: ubuntu-latest
-      steps:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20.x'
+          cache: 'yarn'
+      - name: Docusaurus Webpack cache
+        uses: actions/cache@v3
+        with:
+          path: node_modules/.cache
+          key: ${{ runner.os }}-webpack-cache-${{ hashFiles('yarn.lock') }}
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: Build the Docusaurus site
+        run: yarn build
+  spellcheck:
+    runs-on: ubuntu-latest
+    steps:
       - uses: actions/checkout@v4
       - uses: codespell-project/actions-codespell@master
         name: Check spelling

.github/workflows/production.yml

@@ -1,5 +1,8 @@
 name: deploy-to-production
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:

blog-collector/2023/12-31.md

@@ -5,14 +5,19 @@ image: https://help.sumologic.com/img/sumo-square.png
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
-
-
 This is an archive of 2023 Collector Release Notes. To view the full archive, [click here](/release-notes-collector/archive).
 
 <!--truncate-->
 
 ---
-### November 13, 2023 - Version 19.467-2
+### December 18, 2023 (OpenTelemetry Collector)
+
+#### Auto Discovery
+
+We're excited to announce our new **Auto Discovery for OpenTelemetry** feature, which automatically detects the services that can be installed to monitor the data collected from the server on which the collector is running. [Learn more](/docs/send-data/opentelemetry-collector/auto-discovery).
+
+---
+### November 13, 2023 - Version 19.467-2 (Installed Collector)
 
 In this release, we've enhanced the security and stability of the Collector with added support for security patches and bug fixes.
 
@@ -30,13 +35,13 @@ In this release, we've enhanced the security and stability of the Collector with
 - Fixed temporary files issue in Windows installation.
 
 ---
-### October 26, 2023 - Version 19.461-1
+### October 26, 2023 - Version 19.461-1 (Installed Collector)
 
 In this release, we've resolved the collector start issue that was occurring after the Windows feature update. For collectors running as custom user, refer to the [Advanced UI Installer Settings](/docs/send-data/installed-collectors/collector-installation-reference/advanced-ui-installer-settings#provide-full-control-access-for-custom-user) to provide full access to custom user.
 
 
 ---
-### August 22, 2023 - Version 19.456-3
+### August 22, 2023 - Version 19.456-3 (Installed Collector)
 
 In this release, we've enhanced our Collector security and stability by adding support for security patches and bug fixes.
 
@@ -52,18 +57,18 @@ In this release, we've enhanced our Collector security and stability by adding s
 
 
 ---
-### July 11, 2023 - Version 19.451-1
+### July 11, 2023 - Version 19.451-1 (Installed Collector)
 
 * **Bug fix**. Log level for message `AppendStringInfo` is updated from info to debug.
 * **Security fix**. Upgraded `org.json:json` to version 20230227 to address known security vulnerabilities (CVE-2022-45688).
 
 ---
-### May 23, 2023 - Version 19.441-2
+### May 23, 2023 - Version 19.441-2 (Installed Collector)
 
 In this release, we've upgraded the collector JRE to **Amazon Corretto Version 8.372.07.1** to enhance reliability and stability, and optimized performance for faster execution.
 
 ---
-### May 5, 2023 - Version 19.441-1
+### May 5, 2023 - Version 19.441-1 (Installed Collector)
 
 In this release, we've enhanced the security and stability of Collector with added support for security patches and bug fixes.
 
@@ -82,13 +87,29 @@ In this release, we've enhanced the security and stability of Collector with add
 
 
 ---
-### April 20, 2023 - Version 19.418-8
+### April 20, 2023 - Version 19.418-8 (Installed Collector)
 
 We're pleased to announce that the bridge version now offers enhanced support for the BCTLS FIPS upgrade.
 
 
 ---
-### March 15, 2023 - Version 19.418-7
+### March 28, 2023 (OpenTelemetry Collector)
+
+#### Sumo Logic Distribution for OpenTelemetry
+
+New - We’re happy to announce a release that saves you configuration time. Our new and improved OpenTelemetry collector data onboarding workflow that gets you up and running with infrastructure monitoring in minutes. With this update, you can start monitoring host and process data, web servers (like IIS, Nginx), databases (like MySQL, Redis, Cassandra), and other sources out of the box - no manual configuration required. [Learn more](/docs/get-started/quickstart).
+
+The Sumo Logic Distribution for OpenTelemetry, a single unified agent to send Logs, Metrics, Traces, and Metadata, helps simplify and streamline Observability and debugging to improve overall system reliability and efficiency. [Learn more](/docs/send-data/opentelemetry-collector).
+
+:::note
+The new onboarding workflows are only available for new Trial customers at this time.
+:::
+
+<img src={useBaseUrl('img/send-data/opentelemetry-collector/otel-onboarding.gif')} alt="OpenTelemetry collector onboarding flow" />
+
+
+---
+### March 15, 2023 - Version 19.418-7 (Installed Collector)
 
 In this release, we've enhanced the security and stability of Collector with added support for security patch and bug fix.
 

blog-service/2025-01-08-otel-remote-management.md renamed to blog-collector/2025-01-08-otel.md

@@ -1,5 +1,5 @@
 ---
-title: Remote Management for OpenTelemetry Collector (Collection)
+title: Remote Management for OpenTelemetry Collector (OpenTelemetry Collector)
 image: https://help.sumologic.com/img/sumo-square.png
 keywords:
   - collection

blog-collector/2025-02-18.md renamed to blog-collector/2025-02-18-installed.md

@@ -1,11 +1,9 @@
 ---
-title: Version 19.525-1
+title: Version 19.525-1 (Installed Collector)
 hide_table_of_contents: true
 image: https://help.sumologic.com/img/sumo-square.png
 ---
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
-
-
 In this release, we've upgraded the collector JRE to **Amazon Corretto Version `8.442.06.1`** to enhance stability and optimize performance for faster execution.

blog-collector/2025-05-14.md renamed to blog-collector/2025-05-14-installed.md

@@ -1,5 +1,5 @@
 ---
-title: Version 19.525-42
+title: Version 19.525-42 (Installed Collector)
 hide_table_of_contents: true
 image: https://help.sumologic.com/img/sumo-square.png
 ---
@@ -14,4 +14,4 @@ In this release, we've enhanced the security and stability of the Collector with
 
 ## Bug Fix
 
-- Fixed the improper filtering of `AD` objects when `Exclude Distinguished Name Suffixes` filter is configured.
+- Fixed the improper filtering of `AD` objects when `Exclude Distinguished Name Suffixes` filter is configured.

blog-cse/2025-05-30-content.md

@@ -0,0 +1,54 @@
+---
+title: May 30, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes:
+- Rule updates.
+- New log parsers and mappers to support Akamai CPC and Contrast Security ADR.
+- New and updated log mappers for Azure Event Hub - Windows Defender logs, Cisco ISE, Microsoft Office 365, and Snowflake.
+- Modifications to existing parsers for Microsoft Azure JSON, Nginx Syslog, and Snowflake to support additional formats and events.
+
+Changes are enumerated below.
+
+### Rules
+- [Updated] MATCH-S00068 O365 - Users Password Changed
+    - Updated entity selectors to include both `user_username` and `targetUser_username`
+- [Updated] MATCH-S00069 O365 - Users Password Reset
+    - Updated entity selectors to include both `user_username` and `targetUser_username`
+
+### Log Mappers
+- [New] Akamai CPC
+- [New] Azure Event Hub - Windows Defender Audit events
+- [New] Azure Event Hub - Windows Defender Audit file events
+- [New] Azure Event Hub - Windows Defender Authentication events
+- [New] Azure Event Hub - Windows Defender Email events
+- [New] Azure Event Hub - Windows Defender Endpoint Process events
+- [New] Azure Event Hub - Windows Defender Network events
+- [New] Contrast Security ADR Default Mapping
+- [New] Snowflake Query History
+- [New] Snowflake Session
+- [Updated] Azure Event Hub - Windows Defender Logs - DeviceAlertEvents
+- [Updated] Azure Event Hub - Windows Defender Logs and Azure Alert
+- [Updated] Cisco ISE Catch All
+- [Updated] Microsoft Office 365 Active Directory Authentication Events
+- [Updated] Snowflake Catch All
+- [Updated] Snowflake Login
+
+### Parsers
+- [New] /Parsers/System/Akamai/Akamai CPC
+- [New] /Parsers/System/Contrast Security/Contrast ADR
+- [Updated] /Parsers/System/Cisco/Cisco ISE
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/Nginx/Nginx Syslog
+- [Updated] /Parsers/System/Microsoft/Office 365
+- [Updated] /Parsers/System/Snowflake/Snowflake
+- [Updated] /Parsers/System/Microsoft/Windows PowerShell-JSON
+- [Updated] /Parsers/System/Microsoft/Windows-JSON-Open Telemetry

blog-cse/2025-06-02-application.md

@@ -0,0 +1,22 @@
+---
+title: June 2, 2025 - Application Update
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - outlier rules
+  - first seen rules
+  - baseline
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### New method for building baselines
+
+We're happy to announce that now when you create or update a first seen or outlier rule, the baseline starts building immediately using existing system data. Typically, the baseline is ready within minutes. You no longer need to wait days for a baseline learning period to complete before it becomes usable. This change enables you to gain insights faster and iterate on your first seen and outlier rules rapidly, reducing tuning time from weeks to minutes.
+
+To learn more, see our information about baselines for [first seen rules](/docs/cse/rules/write-first-seen-rule/) and [outlier rules](/docs/cse/rules/write-outlier-rule/#baselines-for-outlier-rules).
+
+:::note
+* This feature update applies only to new and changed first seen and outlier rules. Unchanged existing rules will continue to use their existing baselines.
+* This feature update is rolling out across deployments incrementally and will be available on all deployments by June 12, 2025.
+:::