Merge branch 'main' into OneLogin-(c2c)

Author: amee-sumo

.clabot

@@ -185,7 +185,8 @@
     "snyk-bot",
     "stephenthedev",
     "Apoorvkudesia-sumologic",
-    "ntanwar-sumo"
+    "ntanwar-sumo",
+    "aj-sumo"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",

blog-service/2025-07-31-apps.md

@@ -0,0 +1,15 @@
+---
+title: Apps, Solutions, and Collection Integrations - July Release 
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - apps
+  - july-release
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### Enhancements
+
+- **Updated OpenTelemetry apps**. [Oracle - OpenTelemetry](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/), [SQL Server - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-opentelemetry/), and [SQL Server for Linux - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry/).
+- **Updated 1 Webhook app**. [Sentry](/docs/integrations/webhooks/sentry/).

cid-redirects.json

@@ -476,6 +476,7 @@
   "/05Search/Optimize-Search-Performance": "/docs/search/optimize-search-performance",
   "/05Search/Optimize-Search-Performance/Optimizing_Search_with_Partitions": "/docs/search/optimize-search-partitions",
   "/docs/manage/queries/optimize-queries": "/docs/search/optimize-search-performance",
+  "/docs/search/search-across-child-org": "/docs/search/search-across-child-orgs",
   "/05Search/Search-Cheat-Sheets": "/docs/search/search-cheat-sheets",
   "/05Search/Search-Cheat-Sheets/General-Search-Examples-Cheat-Sheet": "/docs/search/search-cheat-sheets/general-search-examples",
   "/05Search/Search-Cheat-Sheets/grep-to-Searching-with-Sumo-Cheat-Sheet": "/docs/search/search-cheat-sheets/grep-searching-with-sumo",
@@ -3802,6 +3803,7 @@
   "/03Send-Data/Collect-from-Other-Data-Sources/Collect_Logs_from_AWS_Lambda_using_Lambda_Extension": "/docs/send-data/collect-from-other-data-sources/collect-aws-lambda-logs-extension",
   "/03Send-Data/Collect-from-Other-Data-Sources/Collecting-Logs-from-a-Local-File-System": "/docs/send-data/installed-collectors/sources/local-file-source",
   "/03Send-Data/Hosted-Collectors/GCP_Metrics_Source": "/docs/send-data/hosted-collectors/google-source/gcp-metrics-source",
+  "/03Send-Data/Hosted-Collectors/HTTP-Source": "/docs/send-data/hosted-collectors/http-source/logs-metrics",
   "/03Send-Data/Sources/01Sources-for-Installed-Collectors": "/docs/send-data/installed-collectors/sources",
   "/03Send-Data/Sources/01Sources-for-Installed-Collectors/Local_Windows_Event_Log_Source": "/docs/send-data/installed-collectors/sources/local-windows-event-log-source",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon-Web-Services": "/docs/send-data/hosted-collectors/amazon-aws",
@@ -3887,6 +3889,7 @@
   "/Apps/Preview_Apps/Cylance/01Collect_Logs_for_Cylance": "/docs/integrations/security-threat-detection/cylance",
   "/Apps/Preview_Apps/Azure_Audit_App": "/docs/integrations/microsoft-azure/audit",
   "/Apps/Preview_Apps/Azure_Audit+App": "/docs/integrations/microsoft-azure/audit",
+  "/Apps/Preview_Apps/Azure_Web_Apps": "/docs/integrations/microsoft-azure/web-apps",
   "/Apps/Windows_App/Windows_App_Dashboards": "/docs/integrations/microsoft-azure",
   "/Beta": "/docs/beta",
   "/Beta/APIs": "/docs/api",

docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-guardduty.md

@@ -11,7 +11,7 @@ To ingest AWS GuardDuty data into Cloud SIEM:
 1. [Configure an HTTP source for GuardDuty](/docs/integrations/amazon-aws/guardduty/#step-1-configure-an-http-source) on a collector. When you configure the source, do the following:
     1. Select the **Forward to SIEM** option in the source configuration UI. This will ensure all logs for this source are forwarded to Cloud SIEM.
     1. Click the **+Add** link to add a field whose name is `_parser` with value */Parsers/System/AWS/GuardDuty*. This ensures that the GuardDuty logs are parsed and normalized into structured records in Cloud SIEM.
-1. [Deploy the Sumo Logic GuardDuty events processor](/docs/integrations/amazon-aws/guardduty/#step-2-deploy-sumo-guardduty-events-processor).
+1. [Deploy the Sumo Logic GuardDuty events processor](/docs/integrations/amazon-aws/guardduty/#step-2-deploy-sumo-logic-guardduty-events-processor).
 1. To verify that your logs are successfully making it into Cloud SIEM:
     1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Incoming Data** select **Log Mappings**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Log Mappings**. You can also click the **Go To...** menu at the top of the screen and select **Log Mappings**.  
     1. On the **Log Mappings** tab search for "GuardDuty" and check the **Records** columns.

docs/cse/rules/cse-rules-syntax.md

@@ -645,16 +645,11 @@ When an entity is processed by a rule using the `hasThreatMatch` function and is
 Parameters:
 * **`<fields>`**. A list of comma-separated [field names](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/schema/full_schema.md). At least one field name is required.
 * **`<filters>`**. A logical expression using [indicator attributes](/docs/security/threat-intelligence/upload-formats/#normalized-json-format). Allowed in the filtering are parentheses `()`; `OR` and `AND` boolean operators; and comparison operators `=`, `<`, `>`, `=<`, `>=`, `!=`. <br/>You can filter on the following indicator attributes:
-   * `actors`. An identified threat actor such as an individual, organization, or group. 
    * `confidence` Confidence that the data represents a valid threat, where 100 is highest.  Malicious confidence scores from different sources are normalized and mapped to a 0-100 numerical value.
-   * `id`. ID of the indicator.
    * `indicator`. Value of the indicator, such as an IP address, file name, email address, etc. 
-   * `killChain`. The various phases an attacker may undertake to achieve their objectives (for example, `reconnaissance`, `weaponization`, `delivery`, `exploitation`, `installation`, `command-and-control`, `actions-on-objectives`).
    * `source`. The source in the Sumo Logic datastore displayed in the **Threat Intelligence** tab.
-   * `threatType`. The threat type of the indicator (for example, `anomalous-activity`, `anonymization`, `benign`, `compromised`, `malicious-activity`, `attribution`, `unknown`).
+   * `threat_type`. The threat type of the indicator (for example, `anomalous-activity`, `anonymization`, `benign`, `compromised`, `malicious-activity`, `attribution`, `unknown`).
    * `type`. The indicator type (for example, `ipv4-addr`, `domain-name`, `'file:hashes`, etc.)
-   * `validFrom`. Beginning time this indicator is valid.
-   * `validUntil`. Ending time this indicator is valid. 
 * **`<indicators>`**. An optional case insensitive option that describes how indicators should be matched with regard to their validity. Accepted values are:
    * `active_indicators`. Match active indicators only (default).
    * `expired_indicators`. Match expired indicators only.

docs/cse/troubleshoot/index.md

@@ -21,4 +21,10 @@ This section contains articles to help you troubleshoot problems with Cloud SIEM
   <p>Learn how to troubleshoot problems with log mappers.</p>
   </div>
 </div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href="/docs/cse/troubleshoot/troubleshoot-rules"><img src={useBaseUrl('img/icons/operations/too-many-tools.png')} alt="Troubleshoot icon" width="40"/><h4>Troubleshoot Rules</h4></a>
+  <p>Learn how to troubleshoot problems with rules.</p>
+  </div>
+</div>
 </div>