Merge branch 'main' into app_central_axana

Author: ruturajsumo

blog-service/2024/12-31.md

@@ -425,10 +425,6 @@ We're excited to announce that when you create a role, you can select **Index Ac
 
 This feature was [previously only available to participants in our beta program](/release-notes-service/2023/12/31/#october-27-2023-manage-account). It is now available for general use.
 
-:::note
-These changes are rolling out across deployments incrementally and will be available on all deployments by March 14, 2025.
-:::
-
 [Learn more](/docs/manage/users-roles/roles/create-manage-roles/#create-a-role).
 
 ### October 14, 2024 (Collection)

docs/alerts/scheduled-searches/generate-cse-signals.md

@@ -15,6 +15,8 @@ For a more detailed description of the options you can configure for a scheduled
 
 ## Requirements for the search query
 
+When you [create a scheduled search](/docs/alerts/scheduled-searches/schedule-search/) to generate signals in Cloud SIEM, you start by creating a search query.
+
 This section describes the requirements for your scheduled search, which include a minimum set of fields to be returned, and renaming message fields as necessary to match attribute names in the selected Cloud SIEM record type schema.  
 
 ### Required fields
@@ -42,7 +44,6 @@ enable signal generation:
     If the `stage` field contains a Tactic that isn't in the MITRE ATT&CK framework, a signal will not be generated, but a record will be. 
     :::
 * At least one entity field:
-
   * `device_ip`
   * `device_mac`
   * `device_natIp`
@@ -56,16 +57,35 @@ enable signal generation:
   * `srcDevice_ip`
   * `srcDevice_mac`
   * `srcDevice_natIp`
-  * `user_username`        
+  * `user_username`
 
 ### Renaming message fields
 
 When you configure a Scheduled Search to create Cloud SIEM signals, you are prompted to select a [Cloud SIEM record type](/docs/cse/schema/cse-record-types/). The fields returned by your search must match an attribute in the record type you select. A field whose name does not match a Cloud SIEM attribute will not be populated in the record created from the Schedule Search results. For more about Cloud SIEM attribute names, see [Attributes You Can Map to Records](/docs/cse/schema/attributes-map-to-records/).
 
+### Example
+
+Let's suppose that `user_username` is the entity field we want to use, and its value needs to be mapped to `actor.email`. Then you need to add the following line to the query: `actor.email as user_username`.
+
+And because the final output of this query is an aggregate, and Cloud SIEM signals expect `normalizedfield`, `stage`, and `entity`, we need need to add those in the `count` expression. 
+
+This is how the final query might look:
+
+```txt
+((_index=sec_record_* objectType=*)
+AND _sourcename = "Google Apps Audit Event")
+AND _sourcecategory = "GoogleWorkspace/Groups"
+| 5 as normalizedseverity
+| "Initial Access" as stage
+| json auto 
+| actor.email as user_username
+| count by events.name, events.type, actor.email, event.parameters.user_email, event.parameters.group_email, user_username, stage, normalizedseverity
+```
+
 ## Scheduling the search
 
 1. After creating and saving your search, click the save icon.<br/><img src={useBaseUrl('img/alerts/save-as.png')} alt="Save the search" style={{border: '1px solid gray'}} width="800"/>
-1. The **Save Item** popup appears.<br/><img src={useBaseUrl('img/alerts/save-item.png')} alt="Save as scheduled search" width="500"/>
+1. The **Save Item** popup appears.<br/><img src={useBaseUrl('img/alerts/save-item.png')} alt="Save as scheduled search" style={{border: '1px solid gray'}} width="500"/>
    :::note
    The name of your scheduled search will appear as the signal name in Cloud SIEM.
    :::

docs/platform-services/automation-service/app-central/integrations/atlassian-jira-cloud.md

@@ -12,6 +12,10 @@ Updated: March 20 , 2025***
 
 Jira is a proprietary issue tracking product developed by Atlassian that allows bug tracking and agile project management.
 
+:::note
+This integration uses the [Jira REST API v3](https://developer.atlassian.com/cloud/jira/platform/rest/v3/intro/#version).
+:::
+
 ## Actions
 
 * **Add Comment to Issue** *(Notification)* - Add a comment to the specified issue.
@@ -73,4 +77,4 @@ Ticketing System
 
 ## Change Log
 
-* March 20, 2025 - First upload
+* March 20, 2025 - First upload

docs/platform-services/automation-service/app-central/integrations/atlassian-jira-v2.md

@@ -12,6 +12,10 @@ Updated: September 2 , 2024***
 
 Jira is a proprietary issue tracking product developed by Atlassian that allows bug tracking and agile project management.
 
+:::note
+This integration uses the [Jira REST API v2](https://developer.atlassian.com/cloud/jira/platform/rest/v2/intro/#version).
+:::
+
 ## Actions
 
 * **Add Comment to Issue** *(Notification)* - Add a comment to the specified issue.
@@ -99,4 +103,4 @@ Ticketing System
 * May 13, 2024 (v2.7) - A new JSON Custom field has been added to update the issue status Action
 * May 23, 2024 (v2.8) - Updated the Add Issue Attachments To Incident action
 * June 20, 2024 (v2.9) - New action: Download Attachment
-* September 2, 2024 (v2.10) -  Updated the Update Issue action
+* September 2, 2024 (v2.10) -  Updated the Update Issue action

docs/platform-services/automation-service/app-central/integrations/crowdstrike-falcon.md

@@ -7,8 +7,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/crowdstrike-falcon.png')} alt="crowdstrike-falcon" width="100"/>
 
-***Version: 1.13  
-Updated: Feb 21, 2025***
+***Version: 1.14  
+Updated: April 23, 2025***
 
 The CrowdStrike Falcon integration allows you to pull and update Detections/Incidents, and search Incidents/Devices/Detections.
 
@@ -72,3 +72,5 @@ import IntegrationsAuth from '../../../../reuse/integrations-authentication.md';
     + Alerts CrowdStrike Falcon Daemon
 * February 21, 2025 (v1.13) - Added new action
     + Get IDP Device Info
+* April 23, 2025 (v1.14) - Updated the Integration
+    + Refactored the code to improve performance and maintainability.

docs/search/get-started-with-search/build-search/intelliparse.md

@@ -0,0 +1,82 @@
+---
+id: intelliparse
+title: Intelliparse Mode (Beta)
+description: Intelliparse mode extends automatic parsing to unstructured logs, allowing you to search and filter logs even when they don’t follow a consistent format like JSON.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<head>
+  <meta name="robots" content="noindex" />
+</head>
+
+<p><a href="/docs/beta"><span className="beta">Beta</span></a></p>
+
+This feature is currently available to select customers. Contact your Sumo Logic account representative to request access.
+
+We've introduced a new parsing mode in the Log Search UI: Intelliparse mode. It extends automatic parsing to unstructured logs, allowing you to search and filter logs even when they don’t follow a consistent format like JSON.
+
+<!-- link to Copilot unstructured logs doc -->
+
+## Available parsing modes
+
+You can now choose from three parsing options in the log search UI:
+
+* **Intelliparse (new)**. Combines JSON parsing with automatic parsing of unstructured logs using pre-discovered parsers.
+* [**Auto Parse**](/docs/search/get-started-with-search/build-search/dynamic-parsing). JSON blocks within logs are automatically parsed.
+* **Manual**. No automatic parsing applied.
+
+<img src={useBaseUrl('img/search/get-started-search/build-search/log-search-parsing-modes.png')} alt="log-search-parsing-modes.png" style={{border: '1px solid gray'}} width="700"/>
+
+## How Intelliparse mode works
+
+When you enable Intelliparse mode:
+* Logs are parsed using a set of parsers discovered from your recently used dashboards.
+* Fields are extracted automatically from both structured and unstructured logs.
+* A hidden operator is applied to your query to power this functionality behind the scenes.
+
+## Benefits
+
+* **No Field Extraction Rules (FERs) required**. Get field-level insights without manual parsing.
+* **Works with your existing dashboards**. Parsers are derived from log panels in recently viewed or edited dashboards.
+* **Improved field visibility**. Fields parsed through Intelliparse mode appear in the Messages tab and can be used in queries, filters, and dashboards.
+
+## Example
+
+If your dashboard includes a query like:
+
+```sql
+_sourceCategory=cassandra "Dropped table"
+| parse "table '*' from database '*'" as db.table, db.name
+```
+
+Then any matching unstructured logs like:
+
+`2025-04-09 11:20:25 * Dropped table 'logins' from database 'auth'`
+
+will be parsed automatically in Intelliparse mode, extracting:
+
+* `db.table = "logins"`
+* `db.name = "auth"`
+
+:::info
+* Parsers are discovered automatically from dashboard content. No manual setup needed.
+* If a dashboard is modified, the associated parser will update. Deleted dashboards do not currently delete parsers.
+* Queries using Intelliparse mode include a hidden intelliparse operator, injected automatically.
+:::
+
+## How Copilot uses Intelliparse mode
+
+Even if you don’t manually enable Intelliparse mode, you may encounter it when using [Sumo Logic Copilot](/docs/search/copilot).
+
+Copilot uses Intelliparse mode in the background to:
+* Automatically parse unstructured logs for natural language queries.
+* Discover field names and values for more accurate suggestions and translations.
+* Generate search queries that include the hidden `intelliparse` operator.
+
+This integration allows Copilot to work with raw, unstructured log data; no setup required on your part.
+
+<!-- When Copilot - Unstructured Logs (Beta) doc has been published, crosslink from there...
+Want to learn more about Intelliparse mode? See how it works in Log Search
+https://sumologic.atlassian.net/browse/DOCS-752
+--->