Merge branch 'main' into docs-514-transform-if-present-note

Author: jpipkin1

blog-service/2024-10-29-manage.md

@@ -0,0 +1,22 @@
+---
+title: Scan Budgets (Manage) 
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - scan-budgets
+  - manage
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We are happy to introduce our new **Usage Management** tab under the **Accounts** section. This feature allows you to define query spending limits, helping prevent unexpected charges and manage Sumo Logic credits, particularly in pay-per-use scenarios by limiting search volume.
+
+Key features include:
+
+- **Org-wide query budget**. Set a budget for queries that applies to all users in the organization.
+- **User-level query budget**. Set a budget for queries at the user level. With this, *Admins* can specify roles and easily select groups based on roles.
+- **Flexible actions**. Choose what happens when the budget limit is reached. Options include **Display a warning to the user** or **Restrict queries to background scans only**.
+
+Explore our technical documentation [here](/docs/manage/manage-subscription/usage-management/) to learn how to set up and use Scan Budgets.

docs/cse/get-started-with-cloud-siem/insight-generation-process.md

@@ -89,7 +89,7 @@ By default, when an entity’s Activity Score exceeds the threshold of 12, Clou
 
 After Cloud SIEM fires a particular Signal on a particular Entity, it suppresses Signals for that Signal-Entity combination for 12 to 24 hours. For more information, see [Redundant Signal suppression](#redundant-signal-suppression), below. 
 
-### Example of an Entity that has reached Activity Score threshold
+### Example of an Entity that has exceeded Activity Score threshold
 
 In the screenshot below, the **Details** pane on the left shows that the Insight was created for the entity “217.xxx.x.x”, an IP address. The right side of the page shows the Signals that contributed to the Insight. You can see each of the Signals relate to the IP address for which the Insight was created; in the Record underlying each of the Signals, is mapped to the `srcDevice_ip` schema attribute. 
 

docs/cse/introduction-to-cloud-siem.md

@@ -207,7 +207,7 @@ Cloud SIEM automatically normalizes, enriches, and correlates all your data acro
 
 <img src={useBaseUrl('img/cse/intro-cloud-siem-insight-generation-process-1.png')} alt="Records creation" style={{border: '1px solid gray'}} width="800"/>
 
-When records enter Cloud SIEM, rules analyze Entities on the records to produce Signals. The Signals are correlated, and if an Entity's activity score is 12 or more in a two-week period, [an Insight is generated](/docs/cse/get-started-with-cloud-siem/insight-generation-process/) for that Entity.
+When records enter Cloud SIEM, rules analyze Entities on the records to produce Signals. The Signals are correlated, and if an Entity's activity score exceeds 12 or more in a two-week period, [an Insight is generated](/docs/cse/get-started-with-cloud-siem/insight-generation-process/) for that Entity.
 
 <img src={useBaseUrl('img/cse/intro-cloud-siem-insight-generation-process-2.png')} alt="Insights creation" style={{border: '1px solid gray'}} width="725"/>
 
@@ -273,7 +273,7 @@ On the Cloud SIEM main page, you'll see a panel similar to this one. In this cas
 
 Cloud SIEM takes everything one step further and correlates those Signals into a manageable number of Insights. Here, just one Insight was created out of all those Signals.
 
-An Insight is a group of Signals clustered around a single entity. An Insight is created when the sum of the severity scores of Signals with the same entity goes above a certain activity score within a certain timeframe. By default, this is an activity score of 12 within the last 14 days. For example, if a rule was triggered with a severity of 5, and then ten days later another rule with the same entity and a severity of 5 was triggered, the total activity score would only be 10 in the last 14 days, so an Insight would not be created. However, if those same two rules had a severity score of 7, an Insight would be created.
+An Insight is a group of Signals clustered around a single entity. An Insight is created when the sum of the severity scores of Signals with the same entity goes above a certain activity score within a certain timeframe. By default, this is an activity score of 12 within the last 14 days. For example, if a rule was triggered with a severity of 5, and then ten days later another rule with the same entity and a severity of 5 was triggered, the total activity score would only be 10 in the last 14 days, so an Insight would not be created. However, if those same two rules had a severity score of 7, an Insight would be created because the total activity score exceeds 12.
 
 ## Get started with threat investigation
 
@@ -330,7 +330,7 @@ When you click into a Signal, you’ll have the option to see the full details o
 
 #### Entities
 
-The Entities tab lists all the entities that your rules have detected in the last 14 days, by default. Each entity has an Activity Score associated with it. The activity score is the sum of all the severity scores of all the unique signals associated with that entity. When an entity’s activity score reaches at least 12, an Insight is created. If you have several entities with relatively high activity scores, they might be a good starting point for a threat hunt.
+The Entities tab lists all the entities that your rules have detected in the last 14 days, by default. Each entity has an Activity Score associated with it. The activity score is the sum of all the severity scores of all the unique signals associated with that entity. When an entity’s activity score exceeds 12, an Insight is created. If you have several entities with relatively high activity scores, they might be a good starting point for a threat hunt.
 
 <img src={useBaseUrl('img/cse/intro-cloud-siem-entities.png')} alt="Entities tab" style={{border: '1px solid gray'}} width="800"/>
 

docs/cse/records-signals-entities-insights/set-insight-generation-window-threshold.md

@@ -17,8 +17,8 @@ To change the Insight generation settings:
 <br/>Your current detection settings are displayed on the Insight Detection page.<br/><img src={useBaseUrl('img/cse/detection-threshold-popup.png')} alt="Detection threshold settings" style={{border: '1px solid gray'}} width="600"/>
 1. Enter values for **Detection Threshold** and **Signal Suppression**:
      *  **Standard Threshold**
-         * **Detection Window (Days)**. Enter the duration, in days, during which an Entity's Activity Score must reach the threshold to result in an Insight being generated for the Entity. 
-         * **Threshold**. Enter the threshold Activity Score value that an Entity must reach during the detection window to result in an Insight being generated for the Entity. 
+         * **Detection Window (Days)**. Enter the duration, in days, during which an Entity's Activity Score must exceed the threshold to result in an Insight being generated for the Entity. 
+         * **Threshold**. Enter the threshold Activity Score value that an Entity must exceed during the detection window to result in an Insight being generated for the Entity. 
      * **Global Signal Suppression**
          * **Maximum Period (Hours)**. By default, redundant Signals for a Signal-Entity combination are automatically suppressed for a maximum period of 72 hours to avoid repeated Signals contributing to Insight generation. This setting lets you modify this period based upon your organizational needs. To change this setting, select the number of hours to suppress Signals, anywhere from 24 hours to 72 hours. For additional ways to control signal suppression, see [About Signal Suppression](/docs/cse/records-signals-entities-insights/about-signal-suppression/).
 1. Click **Save**. 

docs/platform-services/automation-service/app-central/integrations/connectwise-manage.md

@@ -7,7 +7,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/connectwise-manage.png')} alt="connectwise-manage" width="100"/>
 
 ***Version: 1.3  
-Updated: Oct 28, 2024***
+Updated: Oct 29, 2024***
 
 Create, update, search, and gather ticket information from ConnectWise.
 
@@ -30,5 +30,5 @@ Create, update, search, and gather ticket information from ConnectWise.
 	+ renamed Get Tickets action to List Tickets
 	+ added new actions: Add Notes To Ticket, List Ticket Notes
 	+ removed Get Tickets Daemon
-* October 28, 2024 (v1.3) Beta Release
+* October 29, 2024 (v1.3) Beta Release
     + Added the "Priority" field to the Create Ticket and Update Ticket actions.

docs/platform-services/automation-service/app-central/integrations/google-chat.md

@@ -8,7 +8,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/google.png')} alt="google" width="80"/>
 
 ***Version: 2.0  
-Updated: August 27, 2024***
+Updated: Oct 29, 2024***
 
 Google Chat is an intelligent and secure communication and collaboration tool, built for teams.
 
@@ -30,13 +30,15 @@ Google Chat is an intelligent and secure communication and collaboration tool, b
 3. Go to the **API&Services** > **Credentials** page.
 4. In the same page click on **ENABLES API AND SERVICES** and search for Google Chat and enable it.
 5. Click **CREATE CREDENTIALS** and select **Service Account**.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-1.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/>
-6. Enter a Service account name to display in the Google Cloud console. The Google Cloud console generates a service account ID based on this name.
+6. Enter a service account name to display in the Google Cloud console. The Google Cloud console generates a service account ID based on this name.
 7. (Optional) Enter a description of the service account.
 8. Skip two optional grant permissions steps and click **Done** to complete the service account creation.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-2.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/>
 9. Click on the generated service account to open the details.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-3.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/>
-10. Under the **KEYS** tab, Click **ADD KEY** and choose **Create new key**.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-4.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/>
+10. Under the **KEYS** tab, click **ADD KEY** and choose **Create new key**.<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-4.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/>
 11. Click on **CREATE** (make sure **JSON** is selected).<br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-5.png')} style={{border:'1px solid gray'}} alt="google-drive" width="400"/>
 12. The JSON file is downloaded. Make sure you save it in a safe place.
+13. To configure the app in Google Chat API, go to **APIs & Services**, select **Google Chat API**, and in **CONFIGURATION** provide the details and click on **SAVE**. <br/><img src={useBaseUrl('/img/platform-services/automation-service/app-central/integrations/google-drive/google-drive-10.png')} style={{border:'1px solid gray'}} alt="google-drive" width="800"/>
+14. Go to the **Google Chat App** and add the above app in that. Also, to add above app in space, go to **space** and in **Apps & integration** add the app.
 
 ## Google Chat in Automation Service and Cloud SOAR
 
@@ -46,4 +48,5 @@ Google Chat is an intelligent and secure communication and collaboration tool, b
 
 ## Change Log
 
-* August 27, 2024 (v2.0) - First upload
+* August 27, 2024 (v2.0) - First upload
+* October 29, 2024 (v2.0) - Updated the docs 

docs/platform-services/automation-service/app-central/integrations/microsoft-sentinel.md

@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/microsoft-sentinel.png')} alt="microsoft-sentinel" width="100"/>
 
-***Version: 1.5  
-Updated: Oct 22, 2024***
+***Version: 1.6  
+Updated: Oct 29, 2024***
 
 Microsoft Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise. 
 
@@ -41,5 +41,7 @@ Microsoft Sentinel is a cloud-native security information and event manager (SIE
 	+ Updated the integration by adding two new fields (**API Root** and **Login Endpoint**) to the configuration
 + October 22, 2024 (v1.5)
 	+ Added new action **List Incident Entities V2**
-    + Updated the integration by adding a new fields (**Cloud SOAR URL API URL**, **Access ID** , **Access Key**) to the configuration
+    + Updated the integration by adding new fields (**Cloud SOAR URL API URL**, **Access ID** , **Access Key**) to the configuration
++ October 29, 2024 (v1.6)
+	+ Updated **List Incident Entities V2** action in the output field.