Merge branch 'main' into berry

Author: kimsauce

.clabot

@@ -5,13 +5,9 @@
     "JV0812",
     "jpipkin1",
     "JainM6",
-    "swiatekm-sumo",
     "docsSeema",
-    "@dependabot[bot]",
-    "dependabot[bot]",
     "angadrandhawa1",
     "kkujawa-sumo",
-    "open-source-collection-team",
     "mat-rumian",
     "perk-sumo",
     "jmartini-sumo",
@@ -28,12 +24,10 @@
     "agaur",
     "bhargavisumo",
     "ravipadala-sumo",
-    "jd-sumo",
     "davidcarltonsumo",
     "pkazmir-sumo",
     "dkarabin-sumo",
     "kevin-sumo",
-    "mgol-sumo",
     "crm6718",
     "mvirga-sumo",
     "tarunk2",
@@ -174,9 +168,10 @@
     "lol3909",
     "Hellfire4959",
     "antonymartinsumo",
-    "amee-sumo"
+    "amee-sumo",
+    "chetanchoudhary-sumo"
   ],
-  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we'll add you to our approved list of contributors.",
+  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",
   "recheckComment": "The GitHub CLA Bot is rechecking to see that you have signed our CLA."
 }

.github/CODEOWNERS

@@ -1,14 +1,16 @@
+# More details: https://help.github.com/articles/about-codeowners
+
 # Default owners for everything in the repo.
-* @kimsauce @jpipkin1 @JV0812 @mafsumo
+* @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
-# Owners of all files in the `/docs` directory and its subdirectories.
-/docs/   @kimsauce @jpipkin1 @JV0812 @mafsumo
+# Owners of all files in the `/docs/integrations` directory.
+/docs/integrations/ @SumoLogic/sumoappdev @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/kubernetes` directory.
-/docs/send-data/kubernetes/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @JV0812 @mafsumo
+/docs/send-data/kubernetes/ @SumoLogic/open-source-collection-team @SumoLogic/k8s-developers @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/opentelemetry-collector` directory and its subdirectories.
-/docs/send-data/opentelemetry-collector/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812
+/docs/send-data/opentelemetry-collector/ @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812 @amee-sumo
 
 # GitHub workflow owners
 /.github/workflows/ @SumoLogic/open-source-collection-team @kimsauce

blog-collector/2024-11-26.md

@@ -0,0 +1,25 @@
+---
+title: Version 19.516-1
+hide_table_of_contents: true
+image: https://help.sumologic.com/img/sumo-square.png
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-collector/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+In this release, we've enhanced the security and stability of the Collector with added support for security patches.
+		
+### Security Fixes
+		
+- Upgraded `Tanuki version` to version 3.5.60 to fix the collector intermittently crashing issue.
+- Upgraded collector JRE to **Amazon Corretto Version 8.432.06.1**.
+		
+### Troubleshooting
+		
+When upgrading this collector version, the collector running as a non-root user (run as mode) or on a Mac operating system cannot be upgraded through the API/Web UI. To resolve these issue, follow the respective steps below:
+	- **Collector running as a non-root user.** An error message will be displayed indicating that the upgrade is not possible. The upgrade must be performed manually on your machine. Refer to [Upgrade Collectors in Sumo Logic](/docs/send-data/collection/upgrade-collectors/#upgrade-collectors-using-the-command-line) to upgrade the collector manually.
+	- **Collector running on Mac.** The process will stop while upgrading, and the collector will need to be restarted manually on your machine. Use the code below to restart manually.
+        ```
+        sudo ./collector start
+        ```

blog-cse/2024-11-22-content.md

@@ -0,0 +1,61 @@
+---
+title: November 22, 2024 - Content Release
+hide_table_of_contents: true
+keywords:
+  - log mappers
+  - log parsers
+  - detection rules
+  - tag schemas
+image: https://help.sumologic.com/img/sumo-square.png  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+* New mapping support for: Qumulo Core, and Teramind Teraserver.
+* Updates to existing parsers for: Code42 Incydr, Palo Alto, and Okta.
+* Updates to the existing Okta log mappings to support a new HTTP source log formatting.
+* Updates to Code42 Incydr Alerts C2C mapping to support new alert log format.
+
+Changes are enumerated below.
+
+### Rules
+* [Deleted] FIRST-S00031 First Seen IP Address Associated with User for a Successful Azure AD Sign In Event
+   * Consider using FIRST-S00047 (First Seen ASN Associated with User for a Successful Azure AD Sign In Event) in its place.
+* [New] THRESHOLD-S00116 Password Attack from IP
+   * This is a fork of THRESHOLD-S00095 Password Attack to address a bug with null values causing backend issues with detection rules. Rule has been forked to ensure no null values are considered in the entity grouping.
+* [Updated] FIRST-S00095 Password Attack from Host
+   * Updates rule to remove IP entity (now handled in THRESHOLD-S00116) and ensure no null values are considered for the host entity.
+* [Updated] FIRST-S00068 Okta - First Seen User Accessing Admin Application
+   * Baseline retention window size increased from 35 days to the standard 90 day retention.
+   * Modified the summary description to read as follows: "User: `{{user_username}}` has successfully accessed the Okta Admin Application".
+
+### Log Mappers
+* [New] Palo Alto Threat DLP non File - Custom Parser
+   * Mapping support added for event id pattern: threat-dlp-non-file.
+* [New] Qumulo Core - Catch All
+* [New] Qumulo Core - Login
+* [New] Teramind Authentication
+* [New] Teramind Catch All
+* [New] Teramind Email
+* [Updated] Code42 Incydr Alerts C2C
+* [Updated] Okta Authentication - auth_via_AD_agent
+* [Updated] Okta Authentication - auth_via_mfa
+* [Updated] Okta Authentication - auth_via_radius
+* [Updated] Okta Authentication - sso
+* [Updated] Okta Authentication Events
+* [Updated] Okta Catch All
+* [Updated] Okta Security Threat Events
+
+### Parsers
+* [New] /Parsers/System/Qumulo/Qumulo Core
+* [New] /Parsers/System/Salesforce/Salesforce
+* [New] /Parsers/System/Teramind/Teramind Teraserver
+* [Updated] /Parsers/System/Code42/Code42 Incydr
+   * Transform update for a new alert log format for tenantId.
+* [Updated] /Parsers/System/Okta/Okta
+   * Modified event_id from eventType to event_type.
+* [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV
+   * Additional parsing support for a new Palo Alto Threat event format.

blog-service/2024-10-02-apps.md

@@ -1,5 +1,5 @@
 ---
-title: Apps Setup Guides - September Release (Apps)
+title: Apps, Solutions, and Collection Integrations - September Release (Observability)
 image: https://help.sumologic.com/img/sumo-square.png
 keywords:
   - apps

blog-service/2024-10-30-apps.md

@@ -1,5 +1,5 @@
 ---
-title: App Guides - October Release (Apps)
+title: Apps, Solutions, and Collection Integrations - October Release (Observability)
 image: https://help.sumologic.com/img/sumo-square.png
 keywords:
   - apps

blog-service/2024-11-22-collection.md

@@ -0,0 +1,14 @@
+---
+title: Trend Micro C2C Source (Collection)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - collection
+  - trend-micro
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to announce the release of our new cloud-to-cloud source for Trend Micro. This source helps you to collect alert details from the Trend Micro platform, and ingest them into Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source).

blog-service/2024-11-28-apps.md

@@ -0,0 +1,50 @@
+---
+title: Apps, Solutions, and Collection Integrations - November Release (Observability)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - releases-notes
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+### New release
+
+We’re excited to announce the release of the new Azure Database for PostgreSQL, Azure Cosmos DB, and Azure App Service Environment for Sumo Logic.
+
+- **Azure Database for PostgreSQL**. Azure Database for PostgreSQL is a fully managed relational database service in the Microsoft cloud based on the PostgreSQL community edition. This integration helps in monitoring resource utilization and identifying slow queries to optimize your workloads and configure your server for the best performance.
+[Learn more](/docs/integrations/microsoft-azure/azure-database-for-postgresql/).
+- **Azure Cosmos DB**. Azure Cosmos DB is a fully managed NoSQL and relational database for modern app development offering single-digit millisecond response times, automatic and instant scalability, along with guaranteed speed at any scale. This integration helps in monitoring the overall performance, failures, capacity, and operational health of all your Azure Cosmos DB resources.
+[Learn more](/docs/integrations/microsoft-azure/azure-cosmos-db/).
+- **Azure Cosmos DB for PostgreSQL**. Azure Cosmos DB for PostgreSQL is a managed service for PostgreSQL powered by the Citus open source extension which enables you to build highly scalable relational apps. This integration helps in identifying configurations errors, analyzing executed statements, and monitoring resource usage of individual nodes in a cluster.
+[Learn more](/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql/).
+- **Azure App Service Environment**. An Azure App Service Environment is an Azure App Service feature that provides a fully isolated and dedicated environment for running App Service apps securely at high scale. This integration helps in monitoring your environments operational events such as upgrades, scaling, and suspensions. [Learn more](/docs/integrations/microsoft-azure/azure-app-service-environment).
+
+### Enhancements 
+
+We're excited to announce the release of the enhancements listed below for the Sumo Logic apps:
+
+- **Apache - OpenTelemetry**. Added six new monitors for Apache - OpenTelemetry app that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/opentelemetry/apache-opentelemetry/#apache-alerts).
+- **Apache Tomcat - OpenTelemetry**. Added four new monitors for Apache Tomcat - OpenTelemetry app that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/opentelemetry/apache-tomcat-opentelemetry/#apache-tomcat-alerts).
+- **Oracle - OpenTelemetry**.  Updated the collection process to fetch unified audit logs and added new **Unified Audit Syslog** dashboard. This new dashboard offers information on database users, top current users, and trends in logon status. This dashboard can also be used with the unified audit logs exported from both Windows and Linux environments. [Learn more](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/#unified-audit-syslog).
+- **Added CloudTrail Audit dashboard**. The CloudTrail Audit dashboard is added to the [AWS Application Load Balancer](/docs/integrations/amazon-aws/application-load-balancer/#cloudtrail-audit), [AWS Classic Load Balancer](/docs/integrations/amazon-aws/classic-load-balancer/#cloudtrail-audit), and [AWS Network Load Balancer](/docs/integrations/amazon-aws/network-load-balancer/#cloudtrail-audit) apps. This dashboard helps you to visualize the successful and failed events globally, event trends, error details, and user activities, offering insights into load balancer performance, security, and usage patterns. 
+- **Amazon RDS**. Added **Oracle Logs - Alert Logs Analysis**, **Oracle Logs - Audit Logs Analysis**, and **Oracle Logs - Listener Troubleshooting** dashboards. These CloudTrail and CloudWatch Logs dashboard provide monitoring for error logs and essential infrastructure details. [Learn more](/docs/integrations/amazon-aws/rds/#oracle-logs---alert-logs-analysis).
+- **MongoDB Atlas**. New version of the [MongoDB Atlas collection](/docs/integrations/databases/mongodb-atlas/#collecting-logs-and-metrics-for-the-mongodb-atlas-app) was released with `v.1.0.11` in [Pypi](https://pypi.org/project/sumologic-mongodb-atlas/) and `v1.0.18` in [AWS Serverless Repository](https://serverlessrepo.aws.amazon.com/applications/us-east-1/956882708938/sumologic-mongodb-atlas). [Learn more](https://github.com/SumoLogic/sumologic-mongodb-atlas/releases/tag/v2.0.1)
+- Source Template enhancements:
+  - Updated log and metric section feature on 11 Source templates (OTRM).
+  - Updated and maintained the UI uniformity across all Source templates.
+  - Released masking feature for the Windows Source Template. [Learn more](/docs/send-data/opentelemetry-collector/data-transformations/#masking-examples).
+ 
+### Bug fixes
+
+- Minor *query* fixes in the below [Classic Apps (Legacy)](/docs/get-started/apps-integrations/#classic-apps-legacy):
+  - Amazon CloudTrail - Cloud Security Monitoring and Analytics
+  - Github
+    
+- Minor fixes in the *monitors* for the below [Next-Gen Apps](/docs/get-started/apps-integrations/#next-gen-apps):
+  - Microsoft Azure AD Inventory
+  - Audit
+

blog-service/2024-11-28-search.md

@@ -0,0 +1,28 @@
+---
+title: Logs Query Assist - Preview (Search)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - query
+  - ai
+  - copilot
+  - search
+  - log-search
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This feature is in Preview. To participate, contact your Sumo Logic account representative.
+
+We’re excited to announce the preview release of **Query Assist**, designed to simplify query building by reducing complexity, enabling easier field discovery, minimizing errors, and providing intelligent query-writing assistance. These enhancements deliver real-time syntax suggestions, schema-based recommendations, and a frictionless query experience.
+
+### Key features
+
+* **Real-time syntax suggestions**. Get instant recommendations for syntax and operators to accelerate query creation and reduce errors.  
+* **Schema-based field suggestions**. Automatically discover relevant keys and fields for structured data like JSON logs.  
+* **Partial query prediction**. Anticipate the next operator or receive partial query suggestions based on your input.  
+* **Enhanced user experience**. Real-time error highlighting and intelligent suggestions provide a smooth and seamless query-building process.  
+
+These updates make it easier for both beginners and advanced users to craft accurate queries and analyze data efficiently. [Learn more](/docs/search/query-assist).  

blog-service/2024-12-02-apps.md

@@ -0,0 +1,16 @@
+---
+title: Digital Guardian ARC (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - digital-guardian-arc
+  - apps
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to introduce the new Digital Guardian ARC app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Digital Guardian source that provides data protection through analytics, reporting, and workflows. This integration helps to improve real-time activity monitoring, pre-configure alerts for different events, analyze policy enforcements, provide geolocation insights to support targeted threat investigation and response, and identify potential tampering by closely monitoring digital signatures for files and applications.
+
+Explore our technical documentation [here](/docs/integrations/saas-cloud/digital-guardian-arc/) to learn how to set up and use the Digital Guardian ARC app for Sumo Logic.