SumoLogic
diff --git a/‎.clabot‎
Lines changed: 2 additions & 1 deletion b/‎.clabot‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/job_build-site.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/job_build-site.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/job_trigger-jenkins-pipeline.yml‎
Lines changed: 9 additions & 11 deletions b/‎.github/workflows/job_trigger-jenkins-pipeline.yml‎
Lines changed: 9 additions & 11 deletions
diff --git a/‎.github/workflows/pr.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/pr.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/workflow_deploy-to-pantheon-prod.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/workflow_deploy-to-pantheon-prod.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 8 deletions b/‎README.md‎
Lines changed: 2 additions & 8 deletions
diff --git a/‎blog-collector/2025-11-20-otel.md‎
Lines changed: 15 additions & 0 deletions b/‎blog-collector/2025-11-20-otel.md‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎blog-collector/2025-12-03-otel.md‎
Lines changed: 14 additions & 0 deletions b/‎blog-collector/2025-12-03-otel.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎blog-collector/2025-12-11-installed.md‎
Lines changed: 19 additions & 0 deletions b/‎blog-collector/2025-12-11-installed.md‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎blog-cse/2025-12-05-content.md‎
Lines changed: 96 additions & 0 deletions b/‎blog-cse/2025-12-05-content.md‎
Lines changed: 96 additions & 0 deletions
@@ -195,7 +195,8 @@
     "pankaj101A",
     "prajalb",
     "dk-logic",
-    "keshavm021"
+    "keshavm021",
+    "prafull-patel"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",
 
@@ -31,6 +31,9 @@ jobs:
         run: yarn install --frozen-lockfile
       - name: Clean Docusaurus cache
         run: rm -rf .docusaurus build
+      - name: Clear the Docusaurus site
+        run: |
+          yarn clear
       - name: Build the Docusaurus site
         run: |
           yarn build
 
@@ -15,26 +15,28 @@ on:
         required: true
       WEBOPS_JENKINS_HOST:
         required: true
-      WEBOPS_AWS_ACCESS_KEY:
-        required: true
-      WEBOPS_AWS_SECRET_KEY:
+      WEBOPS_AWS_ROLE_JENKINS:
         required: true
       WEBOPS_WEBHOOK_TOKEN:
         required: true
 
 jobs:
   trigger-jenkins-pipeline:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Get runner IP
         if: always()
         id: ip
         uses: haythem/[email protected]
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8
+        with:
+          role-to-assume: ${{ secrets.WEBOPS_AWS_ROLE_JENKINS }}
+          aws-region: us-east-1
       - name: Add runner to AWS security group ingress
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.WEBOPS_AWS_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.WEBOPS_AWS_SECRET_KEY }}
-          AWS_DEFAULT_REGION: ${{ secrets.WEBOPS_AWS_REGION }}
         run: aws ec2 authorize-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
       - name: Trigger Jenkins pipeline
         run: |
@@ -43,9 +45,5 @@ jobs:
             -X POST \
             ${{ secrets.WEBOPS_JENKINS_HOST }}:${{ secrets.WEBOPS_JENKINS_PORT || '80' }}/generic-webhook-trigger/invoke?token=${{ secrets.WEBOPS_WEBHOOK_TOKEN }}
       - name: Remove runner from AWS security group ingress
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.WEBOPS_AWS_ACCESS_KEY }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.WEBOPS_AWS_SECRET_KEY }}
-          AWS_DEFAULT_REGION: ${{ secrets.WEBOPS_AWS_REGION }}
         if: always()
         run: aws ec2 revoke-security-group-ingress --group-name ${{ secrets.WEBOPS_AWS_SG_NAME }} --protocol tcp --port ${{ secrets.WEBOPS_JENKINS_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
@@ -34,6 +34,9 @@ jobs:
           key: ${{ runner.os }}-webpack-cache-${{ hashFiles('yarn.lock') }}
       - name: Install dependencies
         run: yarn install --frozen-lockfile
+      - name: Clear the Docusaurus site
+        run: |
+          yarn clear
       - name: Build the Docusaurus site
         run: yarn build
       # --- Disallowed character checks for Pantheon ---
 
@@ -2,6 +2,7 @@ name: Deploy to production
 
 permissions:
   contents: write
+  id-token: write
 
 on:
   push:
@@ -38,8 +39,7 @@ jobs:
       WEBOPS_AWS_SG_NAME: ${{ secrets.WEBOPS_AWS_SG_NAME }}
       WEBOPS_JENKINS_PORT: ${{ secrets.WEBOPS_JENKINS_PORT }}
       WEBOPS_JENKINS_HOST: ${{ secrets.WEBOPS_JENKINS_HOST }}
-      WEBOPS_AWS_ACCESS_KEY: ${{ secrets.WEBOPS_AWS_ACCESS_KEY }}
-      WEBOPS_AWS_SECRET_KEY: ${{ secrets.WEBOPS_AWS_SECRET_KEY }}
+      WEBOPS_AWS_ROLE_JENKINS: ${{ secrets.WEBOPS_AWS_ROLE_JENKINS }}
       WEBOPS_WEBHOOK_TOKEN: ${{ secrets.WEBOPS_WEBHOOK_TOKEN }}
   notify-channel:
     needs: [build-site,deploy-to-pantheon,trigger-jenkins-pipeline]
 
@@ -68,19 +68,13 @@ All contributions must follow our [Style Guide](https://www.sumologic.com/help/d
 
 Building the site locally ensures your changes are accurate and functional before submission.
 
-1. Serve and preview your content with hot reloads:
+Serve and preview your content with hot reloads:
    ```bash
    yarn start
    ```
    Any issues, such as broken links or images, will be listed. Fix them, rebuild, and verify your changes.
 
-2. Build the site and test locally:
-   ```bash
-   yarn build
-   ```
-   The static files will be generated in the `build` folder and served at `http://localhost:3000/`.
-
-To stop the local server or build process, press `Ctrl + C`. You can rebuild and restart as needed.
+To stop the local server process, press `Ctrl + C`. You can restart as needed.
 
 ## Publishing content
 
 
@@ -0,0 +1,15 @@
+---
+title: Remote Management for OpenTelemetry Collector (OpenTelemetry Collector)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - collection
+  - opentelemetry
+  - otel
+  - remote-management
+  - edit-collector-name
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're happy to announce that Sumo Logic now enables you to remotely update the collector name for OpenTelemetry collectors through the UI in the OpenTelemetry collector edit flow. [Learn more](/docs/send-data/opentelemetry-collector/remote-management/source-templates/manage-source-templates/#collector-name).
@@ -0,0 +1,14 @@
+---
+title: OpenTelemetry Collector
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - otel-collector
+  - install-collector
+  - remote-management
+hide_table_of_contents: true    
+---
+
+
+We’re pleased to announce the following updates for OpenTelemetry collectors:
+- Collectors can now be installed on Windows using [Ansible](/docs/send-data/opentelemetry-collector/install-collector/ansible/), [Chef](/docs/send-data/opentelemetry-collector/install-collector/chef/), and [Puppet](/docs/send-data/opentelemetry-collector/install-collector/puppet/).
+- Remote management is now supported for Ansible, Chef, and Puppet collectors, offering improved flexibility and customization.
@@ -0,0 +1,19 @@
+---
+title: Version 19.534-2 (Installed Collector)
+hide_table_of_contents: true
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+In this release, we've enhanced the security and stability of the Collector with added support for security patches.
+
+- Upgraded collector JRE to **Amazon Corretto Version 17.0.17.10.1**.
+- Upgraded `com.tanuki:wrapper` to version 3.6.3.
+- Upgraded `org.bouncycastle:bc-fips` to version 1.0.2.6 to address known security vulnerabilities (CVE-2025-8885).
+- Known issues when upgrading to this version:
+  - **Collector running as non-root user**. Collector running as non-root user (run as mode) cannot be upgraded through the API/Web UI. It displays an error message indicating that the upgrade is not possible. The upgrade must be performed manually on your machine. Follow the [steps to upgrade manually](/docs/send-data/collection/upgrade-collectors/#upgrade-collectors-using-the-command-line).
+  - **Collector running on Mac**. Collector running on a Mac operating system cannot be upgraded through the API/Web UI. The process will stop, and the collector will need to be restarted manually on your machine if upgraded using API or Web UI. Use the below code to manually restart.
+    ```
+    sudo ./collector start
+    ```
@@ -0,0 +1,96 @@
+---
+title: December 05, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+This new and updated content is effective as of December 4, 2025.
+
+This content release includes:
+- Updates to product naming from "G Suite" to "Google Workspace" across rules, log mappers, and parsers to reflect the current branding.
+- Update to product naming from "Dell SonicWall" to "SonicWall Firewall" in parsers and log mappers.
+- New support for Asana audit logging.
+
+Additional changes are enumerated below.
+
+## Rules
+- [Updated] MATCH-S00630 GCP Audit IAM DeleteServiceAccount Observed
+- [Updated] MATCH-S00629 GCP Audit IAM DisableServiceAccount Observed
+- [Updated] MATCH-S00117 Google Workspace - Access - Access Transparency
+- [Updated] MATCH-S00115 Google Workspace - Admin - User Settings - Turn Off 2SV
+- [Updated] MATCH-S00133 Google Workspace - Admin Activity
+- [Updated] MATCH-S00125 Google Workspace - Drive - Drive Open To Public
+- [Updated] MATCH-S00301 Google Workspace - Excessive OAuth Application Permissions Scope
+- [Updated] MATCH-S00128 Google Workspace - Login - Account Warning
+- [Updated] MATCH-S00129 Google Workspace - Login - Government Attack Warning
+- [Updated] MATCH-S00121 Google Workspace - Mobile - Suspicious Activity
+- [Updated] MATCH-S00227 Google Workspace - Unauthorized OAuth Application
+- [Updated] MATCH-S00120 Google Workspace - User Accounts - 2SV Disabled
+
+## Log Mappers
+- [New] Asana Audit Authentication
+- [New] Asana Audit Catch All
+- [Updated] Azure ResourceHealth and ServiceHealth
+- [Updated] AzureActivityLog AuditLogs
+- [Updated] Google Workspace - access_transparency/GSUITE_RESOURCE/ACCESS
+- [Updated] Google Workspace - admin
+- [Updated] Google Workspace - calendar
+- [Updated] Google Workspace - drive.access
+- [Updated] Google Workspace - drive.acl_change
+- [Updated] Google Workspace - gcp
+- [Updated] Google Workspace - gplus
+- [Updated] Google Workspace - groups
+- [Updated] Google Workspace - groups_enterprise
+- [Updated] Google Workspace - login - password_change/recovery_info_change
+- [Updated] Google Workspace - login - risky_sensitive_action_allowed
+- [Updated] Google Workspace - login challenge
+- [Updated] Google Workspace - login-blocked_sender_change
+- [Updated] Google Workspace - login-email_forwarding_change
+- [Updated] Google Workspace - login.account_warning
+- [Updated] Google Workspace - login.gov_attack_warning
+- [Updated] Google Workspace - login.login
+- [Updated] Google Workspace - logout
+- [Updated] Google Workspace - meet
+- [Updated] Google Workspace - mobile
+- [Updated] Google Workspace - rules
+- [Updated] Google Workspace - saml
+- [Updated] Google Workspace - token
+- [Updated] Google Workspace - user_accounts
+- [Updated] Google Workspace Alert Center - AppMaker Editor
+- [Updated] Google Workspace Alert Center - Data Loss Prevention
+- [Updated] Google Workspace Alert Center - Domain wide takeout
+- [Updated] Google Workspace Alert Center - Gmail phishing
+- [Updated] Google Workspace Alert Center - Gmail phishing (Misconfigured whitelist)
+- [Updated] Google Workspace Alert Center - Google Operations
+- [Updated] Google Workspace Alert Center - Google identity
+- [Updated] Google Workspace Alert Center - Mobile device management (Device compromised)
+- [Updated] Google Workspace Alert Center - Mobile device management (Suspicious activity)
+- [Updated] Google Workspace Alert Center - Security Center rules
+- [Updated] Google Workspace Alert Center - Sensitive Admin Action
+- [Updated] Google Workspace Alert Center - State Sponsored Attack
+- [Updated] Google Workspace Alert Center - User Changes
+- [Updated] Netskope - Alerts
+    - Updated action and normalizedAction field mappings.
+- [Updated] SonicWall Firewall - Custom Parser
+- [Updated] SonicWall Flows
+- [Updated] Thinkst Canary Parser - Catch All
+    - Added additional field mappings.
+- [Updated] Windows - Security - 5145
+    - Removes redundant mapping of `baseimage` and `device_ip` fields.
+
+## Parsers
+- [New] /Parsers/System/Asana/Asana Audit
+- [New] /Parsers/System/Google/Google Workspace Alert Center
+- [New] /Parsers/System/Google/Google Workspace Audit
+- [New] /Parsers/System/SonicWall/SonicWall Firewall
+- [Updated] /Parsers/System/Dell/Dell SonicWall
+- [Updated] /Parsers/System/Google/G Suite Alert Center
+- [Updated] /Parsers/System/Google/G Suite Audit
+- [Updated] /Parsers/System/Linux/Linux OS Syslog
+    - Updated parser to drop certain systemd events not useful for security monitoring.
+- [Updated] /Parsers/System/Thinkst Canary/Thinkst Canary
+    - Modified parser to improve field extraction.