Merge branch 'main' into DOCS-1110

Author: kimsauce

.clabot

@@ -190,7 +190,8 @@
     "samiura",
     "naveenrama",
     "fguimond",
-    "rmeyer-legato"
+    "rmeyer-legato",
+    "jagan2221"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",

blog-collector/2025-09-10-otel.md

@@ -0,0 +1,16 @@
+---
+title: Remote Management for OpenTelemetry Collector (OpenTelemetry Collector)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - collection
+  - opentelemetry
+  - otel
+  - remote-management
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're happy to announce that Sumo Logic now enables you to remotely update the collector timezone for OpenTelemetry collectors through the UI in the OpenTelemetry collector edit flow. You can select the timezone of your choice while editing the collector. If you do not make a selection, the timezone will be set to `(UTC) Etc/UTC` by default.
+
+[Learn more](/docs/send-data/opentelemetry-collector/remote-management/source-templates/otrm-time-reference/#specifying-a-custom-timestamp-format-and-time-zone).

blog-cse/2025-09-19-content.md

@@ -0,0 +1,71 @@
+---
+title: September 19, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - rules
+  - parsers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+- New rules for passing through OCSF Findings, such as those generated by AWS Security Hub.
+- Updates to rules for impossible travel to exclude local system accounts.
+- New log mappers for Cisco Meraki Traffic Events, OCI Authentication Events, and TippingPoint TPS Cloud.
+- Updates to existing log mappers to support new event IDs and enhance functionality.
+- New parser for TippingPoint TPS Cloud.
+- Updates to existing parsers for Cisco ASA, Cisco Meraki C2C, Kaspersky Endpoint Security, and Oracle Cloud Infrastructure to support new events.
+- Schema update to include `ocsf` as an enforced value for `threat_ruleType`.
+
+Changes are enumerated below.
+
+:::note
+These updates have been rolled out to all [deployments](/docs/api/about-apis/getting-started/#aws-region-by-sumo-logic-deployment) with the exception of FED, which will receive the updates in the coming days.
+:::
+
+### Rules
+
+- [New] MATCH-S01053 OCSF Compliance Finding
+<br/>Passes through compliance findings from OCSF sources.
+- [New] MATCH-S01054 OCSF Detection Finding
+<br/>Passes through detection findings from OCSF sources.
+- [New] MATCH-S01055 OCSF Vulnerability Finding
+<br/>Passes through vulnerability findings from OCSF sources.
+- [Updated] THRESHOLD-S00097 Impossible Travel - Successful
+<br/>Exclude local system accounts from the rule.
+- [Updated] THRESHOLD-S00098 Impossible Travel - Unsuccessful
+<br/>Exclude local system accounts from the rule.
+
+### Log Mappers
+
+- [New] Cisco Meraki Traffic Events
+- [New] OCI Catch Authentication events
+- [New] TippingPoint TPS Cloud Catch All
+- [Updated] AWS GuardDuty - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Inspector - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Security Hub - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Security Hub Coverage - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Security Hub Exposure Detection - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] Cisco ASA 109201|109207|113022
+- [Updated] Cisco ASA 722051|722022|722023|722028|722032|722033|722036|722037|722041|722011
+- [Updated] Kaspersky Endpoint Security Catch All
+- [Updated] Oracle Cloud Infrastructure Audit Catch All
+- [Updated] Windows - Security - 4624
+<br/>Added `user_role` field to identify admin users
+- [Updated] Windows - Security - 4648
+<br/>Added `user_role` field to identify admin users.
+
+### Parsers
+
+- [New] /Parsers/System/TippingPoint/TippingPoint TPS Cloud
+- [Updated] /Parsers/System/Cisco/Cisco ASA
+- [Updated] /Parsers/System/Cisco/Cisco Meraki C2C
+- [Updated] /Parsers/System/Kaspersky/Kaspersky Endpoint Security
+- [Updated] /Parsers/System/Oracle/Oracle Cloud Infrastructure Schema
+- [Updated] threat_ruleType
+<br/>Updated enforced values to include `ocsf` as an option for mappers representing Findings records as categorized in the Open Cybersecurity Schema Framework (OCSF).

blog-csoar/2024/12-31.md

@@ -448,7 +448,7 @@ This release contains several updates, including the introduction of new actions
 
 #### Changes and Enhancements
 * Playbooks:
-  * Enabled [playbook testing](/docs/platform-services/automation-service/automation-service-playbooks/#test-a-playbook). With this improvement it is now possible to test a playbook configuration before publishing it, using Insight, Incident or custom JSON as input.
+  * Enabled [playbook testing](/docs/platform-services/automation-service/playbooks/troubleshoot-playbooks/#test-a-playbook). With this improvement it is now possible to test a playbook configuration before publishing it, using Insight, Incident or custom JSON as input.
   * Action configuration: Integration fields configuration now suggests default values, if present.
   * UserChoice, answer by Email: Fixed Authorizer usage from previous nodes.
 * AppCentral: Within the Integrations section, each integration card now contains a hyperlink to the related public documentation page [Integrations in App Central](/docs/platform-services/automation-service/app-central/integrations/).

blog-csoar/2025-02-06-application-update.md

@@ -17,7 +17,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 🚀 **New feature release: Autosave for playbooks**
 
-We’re excited to introduce [autosave for playbooks](/docs/platform-services/automation-service/automation-service-playbooks/#autosave), a feature designed to make workflow changes seamless by automatically saving your progress as draft and preventing accidental data loss. Here's what's new:
+We’re excited to introduce [autosave for playbooks](/docs/platform-services/automation-service/playbooks/create-playbooks/#autosave), a feature designed to make workflow changes seamless by automatically saving your progress as draft and preventing accidental data loss. Here's what's new:
 * Playbooks now automatically save your changes, including node updates, connections, and position adjustments. 
 * Multiple changes made in quick succession are saved together to improve performance. 
 * Visual indicators display the saving status whether in progress, successfully saved, or failed. 

blog-csoar/2025-02-24-application-update.md

@@ -25,4 +25,4 @@ When selecting an array variable in the text area, you will have two options:
 
 If the iterate option is selected, an icon will appear in front of the variable inside the text area to indicate that iteration is enabled. The action will then execute as many times as there are elements in the array.
 
-[Learn more](/docs/platform-services/automation-service/automation-service-playbooks/#arrays-in-text-areas).
+[Learn more](/docs/platform-services/automation-service/playbooks/arrays-in-playbooks/).

blog-csoar/2025-06-03-application-update.md

@@ -25,7 +25,7 @@ What's new:
 * By default, playbooks with any published version are set to enabled, while those that are draft-only or have been deleted remain disabled.
 * Audit logs are generated whenever playbooks are enabled or disabled manually.
 
-For more information, see [Enable or disable playbooks](/docs/platform-services/automation-service/automation-service-playbooks/#enable-or-disable-playbooks).
+For more information, see [Enable or disable playbooks](/docs/platform-services/automation-service/playbooks/create-playbooks/#enable-or-disable-playbooks).
 
 #### Integrations
 

blog-csoar/2025-09-10-application-update.md

@@ -0,0 +1,22 @@
+---
+title: September 10, 2025 - Application Update
+hide_table_of_contents: true
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - automation service
+  - cloud soar
+  - soar
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### New feature: Test nodes in playbooks
+
+The new **Test Node** toggle on nodes allows you to test individual nodes in playbooks without having to run the entire playbook, offering greater control over node configuration and troubleshooting.
+
+What's new:
+* Provide mock values for variables used in the node, and run the results to see the output and any errors.
+* Available on action, condition, user choice, and task nodes. (It is not available on filter or nested playbook nodes.)
+* Testing nodes counts against your [action limit](/docs/platform-services/automation-service/about-automation-service/#actions-limit) quota.
+
+For more information, see [Test nodes in a playbook](/docs/platform-services/automation-service/playbooks/troubleshoot-playbooks/#test-nodes-in-a-playbook).

blog-service/2021/12-31.md

@@ -137,7 +137,7 @@ New - Our [Cloud-to-Cloud Integration Framework](/docs/send-data/hosted-collec
 ---
 ## September 20, 2021 (Manage)
 
-New - You can now [forward aggregate data from a Scheduled View to AWS S3](/docs/manage/data-forwarding/amazon-s3-bucket). Previously, aggregate data was dropped and not included in forwarded file objects. Now, aggregate fields are automatically appended when your Scheduled View conducts aggregation.
+New - You can now [forward aggregate data from a Scheduled View to AWS S3](/docs/manage/data-forwarding/forward-data-from-sumologic). Previously, aggregate data was dropped and not included in forwarded file objects. Now, aggregate fields are automatically appended when your Scheduled View conducts aggregation.
 
 ---
 ## September 15, 2021 (Collection)

blog-service/2022/12-31.md

@@ -167,7 +167,7 @@ Update - We’ve released an improved, re-organized UI for Data Forwarding. Ther
 * Destinations that receive data forwarded from Sumo Logic partitions or scheduled views are still managed on the [**Data Forwarding**](/docs/manage/data-forwarding/view-list-data-forwarding/) page.
 * Destinations that receive data from Installed Collectors are managed on a new page [**Archive**](/docs/manage/data-archiving/archive/#archive-page) page.
 
-For more information, see [Forward Data from Sumo Logic to S3](/docs/manage/data-forwarding/amazon-s3-bucket).
+For more information, see [Forward Data from Sumo Logic to S3](/docs/manage/data-forwarding/forward-data-from-sumologic).
 
 ---
 ## October 3, 2022 (Search)