Merge branch 'main' into CSOAR-3889

Author: mahendrak-sumo

blog-cse/2025-10-01-content.md

@@ -0,0 +1,24 @@
+---
+title: October 1, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+- Support for CrowdStrike Falcon EppDetectionSummaryEvents.
+- Updates to Barracuda CloudGen log mappers and parser to fix unmatching logs and expand coverage.
+- Enhancements to Check Point Avanan log mapper to support passthrough signals.
+- Updates to Sophos Masters log mappers for improved IP address mapping.
+
+### Log Mappers
+- [New] CrowdStrike Falcon - EppDetectionSummaryEvents
+- [Updated] Barracuda CloudGen Authenticaton Events
+- [Updated] Barracuda CloudGen Network Events
+- [Updated] Check Point Avanan
+- [Updated] Sophos - Masters
+- [Updated] Sophos - Masters - Threat Events
+
+### Parsers
+- [Updated] /Parsers/System/Barracuda/Barracuda CloudGen

blog-csoar/2025-02-06-application-update.md

@@ -11,6 +11,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 ## January release
 
+Following are the updates made in January.
+
 ### Changes and Enhancements
 
 #### Platform

blog-csoar/2025-02-24-application-update.md

@@ -11,6 +11,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 ## February release
 
+Following are the updates made in February.
+
 ### Changes and Enhancements
 
 #### Platform

blog-csoar/2025-04-21-content.md

@@ -12,6 +12,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 ## March and April releases
 
+Following are the updates made in March and April.
+
 ### Changes and enhancements
 
 #### Integrations

blog-csoar/2025-06-03-application-update.md

@@ -12,6 +12,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 ## May release
 
+Following are the updates made in May.
+
 ### Changes and enhancements
 
 #### New feature: Enable/disable playbooks

blog-csoar/2025-09-04-applicaton-update.md

@@ -12,6 +12,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 ## August release
 
+Following are the updates made in August.
+
 ### Changes and enhancements
 
 #### Platform 

blog-csoar/2025-10-01-application-update.md

@@ -0,0 +1,42 @@
+---
+title: October 1, 2025 - Application Update
+hide_table_of_contents: true
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - automation service
+  - cloud soar
+  - soar
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+## September release
+
+Following are the updates made in September.
+
+### Changes and enhancements
+
+#### Playbooks
+
+- Enhanced playbook node results UI with intuitive action buttons and detailed node information and execution details.
+- Added the ability to test nodes in playbooks. [Learn more](/release-notes-csoar/2025/09/10/application-update/).
+
+#### Integrations
+
+- Added new integration: [Microsoft EWS (Graph)](/docs/platform-services/automation-service/app-central/integrations/microsoft-ews-graph/).
+- Added IAM support for the following AWS integrations:
+[AWS Athena](/docs/platform-services/automation-service/app-central/integrations/aws-athena/), [AWS CloudFront](/docs/platform-services/automation-service/app-central/integrations/aws-cloudfront/), [AWS CloudTrail](/docs/platform-services/automation-service/app-central/integrations/aws-cloudtrail/), [AWS EC2](/docs/platform-services/automation-service/app-central/integrations/aws-ec2/), [AWS Inspector](/docs/platform-services/automation-service/app-central/integrations/aws-inspector/), [AWS Private Certificate Authority](/docs/platform-services/automation-service/app-central/integrations/aws-private-certificate-authority/), [AWS Route 53](/docs/platform-services/automation-service/app-central/integrations/aws-route53/), [AWS S3](/docs/platform-services/automation-service/app-central/integrations/aws-s3/), [AWS Simple Notification Service](/docs/platform-services/automation-service/app-central/integrations/aws-simple-notification-service/), [AWS SQS](/docs/platform-services/automation-service/app-central/integrations/aws-sqs/)
+
+### Bug Fixes
+
+#### Playbooks
+
+- Fixed issue where multiple outputs of iterations of the same node are not shown separately in list view on the playbook execution page.
+- Improved error handling with a toast message while attempting to clone a playbook with a duplicate name.
+- Added line numbers to the Input field on the Start Node for easier error tracking in JSON parsing.
+
+#### Integrations
+
+- Action [Issues Jira Daemon] - Added new deamon action in the [Atlassian Jira Cloud](/docs/platform-services/automation-service/app-central/integrations/atlassian-jira-cloud/) integration.
+- Integration [Zscaler] - Updated the exception handling for better error messages in all the actions and integration file for the [Zscaler](/docs/platform-services/automation-service/app-central/integrations/zscaler/) integration.
+- Action [Splunk Alerts Daemon] - Improved timezone handling in alert queries and improved URL encoding to handle reserved characters in the [Splunk](/docs/platform-services/automation-service/app-central/integrations/splunk/) Integration.

blog-service/2025-10-01-manage.md

@@ -0,0 +1,14 @@
+---
+title: Change to SAML Group-to-Role Mapping (Manage)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - saml
+  - authentication
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+Sumo Logic has introduced a change to the way group-to-role mapping is handled when performing on-demand role provisioning during SAML authentication. Previously, all groups included in a SAML assertion were validated against roles in Sumo Logic. Going forward, only the groups that match existing roles in Sumo Logic will be applied to the authenticating user. Any non-matching groups will be ignored. Only if no roles match with the groups passed in the assertion will an authentication fail.
+
+For more information about SAML configuration for roles provisioning, see [Configure on-demand roles provisioning](/docs/manage/security/saml/set-up-saml/#configure-on-demand-roles-provisioning).

cid-redirects.json

@@ -96,6 +96,8 @@
   "/03Send-Data/01-Design-Your-Deployment": "/docs/send-data/choose-collector-source",
   "/03Send-Data/01-Design-Your-Deployment/Best-Practices%3A-Good-Source-Category%2C-Bad-Source-Category": "/docs/send-data/best-practices",
   "/03Send-Data/01-Design-Your-Deployment/Best-Practices%3A-Local-and-Centralized-Data-Collection": "/docs/send-data/best-practices",
+  "/03Send-Data/01-Design-Your-Deployment/Best-Practices:-Good-Source-Category,-Bad-Source-Category": "/docs/send-data/best-practices",
+  "/03Send-Data/01-Design-Your-Deployment/Best-Practices:-Local-and-Centralized-Data-Collection": "/docs/send-data/best-practices",
   "/03Send-Data/01-Design-Your-Deployment/Compare-Installed-and-Hosted-Collectors": "/docs/send-data/choose-collector-source",
   "/03Send-Data/Applications_AWS_Solution/AWS_S3_Export_App": "/docs/send-data/hosted-collectors/amazon-aws/amazon-s3-audit-source",
   "/03Send-Data/Collect-from-Other-Data-Sources": "/docs/send-data/collect-from-other-data-sources",
@@ -181,6 +183,7 @@
   "/03Send-Data/Collector-Installation-and-Configuration/Linux": "/docs/send-data/installed-collectors/linux",
   "/03Send-Data/Collector-FAQs/Troubleshooting-time-discrepancies": "/docs/send-data/collector-faq",
   "/03Send-Data/Collector-FAQs/Windows%3A-%22This-Collector-does-not-seem-to-have-tanuki-wrapper-integration-enabled.%22": "/docs/send-data/collector-faq",
+  "/03Send-Data/Collectors": "/docs/send-data",
   "/docs/send-data/collectors/docker-collector": "/docs/send-data/collect-from-other-data-sources/docker-collection-methods",
   "/docs/send-data/collectors/collector-peer-forwarding": "/docs/send-data",
   "/03Send-Data/Hosted-Collectors": "/docs/send-data/hosted-collectors",
@@ -189,6 +192,7 @@
   "/03Send-Data/Hosted-Collectors-and-Sources/02Create-a-Hosted-Collector-and-HTTP-Source": "/docs/send-data/hosted-collectors/configure-hosted-collector",
   "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-tracelogs": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-exchange-trace-logs",
   "/03Send-Data/Installed-Collectors": "/docs/send-data/installed-collectors",
+  "/03Send-Data/Installed-Collectors/Installed-Collector-Setup-Guide": "/docs/send-data/installed-collectors",
   "/03Send-Data/Installed-Collectors/01About-Installed-Collectors": "/docs/send-data/installed-collectors",
   "/03Send-Data/Installed-Collectors/02Install-a-Collector-on-MacOS": "/docs/send-data/installed-collectors/macos",
   "/03Send-Data/Installed_Collectors/05Configure_Amazon_S3_Export": "/docs/send-data/installed-collectors",
@@ -4183,7 +4187,9 @@
   "/Send-Data/Applications-and-Other-Data-Sources/Okta": "/docs/integrations/saml/okta",
   "/Send-Data/Applications-and-Other-Data-Sources/Okta/Collect-Okta-Logs": "/docs/integrations/saml/okta",
   "/Send-Data/Applications-and-Other-Data-Sources/Oracle/00Collect_Logs_for_Oracle": "/docs/send-data/collect-from-other-data-sources/collect-logs-oracle-cloud-infrastructure",
+  "/Send-Data/Applications-and-Other-Data-Sources/Palo_Alto_Networks_8": "/docs/integrations/cloud-security-monitoring-analytics/palo-alto-networks-11",
   "/Send-Data/Applications-and-Other-Data-Sources/Palo_Alto_Networks_8/Collect_Logs_for_Palo_Alto_Networks_8": "/docs/integrations/security-threat-detection/palo-alto-networks-9",
+  "/Send-Data/Applications-and-Other-Data-Sources/PCI_Compliance_for_Palo_Alto_Networks": "/docs/integrations/pci-compliance/palo-alto-networks-10",
   "/Send-Data/Applications-and-Other-Data-Sources/Puppet": "/docs/integrations/app-development/puppet",
   "/Send-Data/Applications-and-Other-Data-Sources/Threat-Intel-Quick-Analysis": "/docs/integrations/security-threat-detection/threat-intel-quick-analysis",
   "/Send-Data/Applications-and-Other-Data-Sources/Threat-Intel-Quick-Analysis/Threat-Intel-FAQ": "/docs/integrations/security-threat-detection/threat-intel-quick-analysis",
@@ -4300,6 +4306,7 @@
   "/Visualizations-and-Alerts/Alerts/01-Scheduled-Searches": "/docs/alerts/scheduled-searches",
   "/Visualizations-and-Alerts/Explore/Troubleshoot_with_Explore": "/docs/dashboards/explore-view",
   "/docs/alerts/alert-variables": "/docs/alerts/monitors/alert-variables",
+  "/docs/alerts/alerts-actions/slack-integration": "/docs/alerts/webhook-connections/slack",
   "/docs/alerts/monitors/edit-settings": "/docs/alerts/monitors/settings",
   "/docs/global-intelligence": "/docs/integrations/global-intelligence",
   "/docs/global-intelligence/apache": "/docs/integrations/global-intelligence/apache",
@@ -4349,6 +4356,7 @@
   "/docs/cse/ingestion/zscaler-private-access": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/zscaler-private-access",
   "/docs/cse/administration/onboarding-checklist-cse": "/docs/cse/get-started-with-cloud-siem/onboarding-checklist-cse",
   "/docs/cse/administration/threat-intelligence": "/docs/security/threat-intelligence",
+  "/docs/security/threat-intelligence/notice-about-taxii-2": "/docs/security/threat-intelligence",
   "/docs/cse/records": "/docs/cse/records-signals-entities-insights",
   "/docs/cse/records-signals-entities-insights/about-cse-insight-ui": "/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui",
   "/docs/cse/records-signals-entities-insights/cse-heads-up-display": "/docs/cse/get-started-with-cloud-siem/cse-heads-up-display",

docs/apm/traces/search-query-language-support-for-traces.md

@@ -35,6 +35,8 @@ To search your tracing data do the following:
 
 A Keyword Search Expression defines the scope of data for the query. You need to specify `_index=_trace_spans` in the scope to reference your trace data.
 
+Keyword searching is supported for tracing indexes across all fields, unlike other indexes where only the `_raw` field is searched.
+
 #### _any option
 
 In scenarios where users are not familiar with the schema and would like to search across all the fields, `_any` modifier provides a means to search for a specified value from all of the Ingest Time Fields in your data. For example, to search for data with any field that has a value of success you would put `_any=success` in the scope of your query.