Merge branch 'main' into docs-235-historical-baselines

Author: jpipkin1

.github/workflows/build_and_deploy.yml

@@ -1,5 +1,8 @@
 name: Build and Deploy
 
+permissions:
+  contents: read
+
 on:
   workflow_call:
     inputs:
@@ -13,7 +16,7 @@ on:
         default: "/"
         type: string
       environment:
-        description: GHA environment name
+        description: GitHub Actions environment name (used for scoping secrets and deployment)
         required: true
         type: string
     secrets:
@@ -35,6 +38,7 @@ jobs:
     env:
       CI: true
       NODE_ENV: production
+      NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
       AWS_PAGER: ""
       HOSTNAME: ${{ inputs.hostname }}
       BASE_URL: ${{ inputs.base_url }}
@@ -53,16 +57,14 @@ jobs:
         uses: actions/cache@v3
         with:
           path: node_modules/.cache
-          key: ${{ runner.os }}-webpack-cache
+          key: ${{ runner.os }}-webpack-cache-${{ hashFiles('yarn.lock') }}
       - name: Install awscli
         uses: unfor19/install-aws-cli-action@v1
       - name: Install jq
         run: sudo apt-get install -y jq
       - name: Install dependencies
         run: yarn install --frozen-lockfile
       - name: Build the Docusaurus site
-        env:
-          NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
         run: yarn build
       - name: Deploy the Docusaurus site
         env:

.github/workflows/delete-review.yml

@@ -1,5 +1,8 @@
 name: delete-review
 
+permissions:
+  contents: read
+
 on: delete
 
 jobs:
@@ -9,6 +12,7 @@ jobs:
       name: review/${{ github.ref_name }}
     env:
       CI: true
+      NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
       AWS_PAGER: ""
       BASE_URL: /${{ github.ref_name }}/
       AWS_DEFAULT_REGION: us-east-1
@@ -23,6 +27,7 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         run: |
+          echo "Removing files at s3://${S3_BUCKET_NAME}${BASE_URL}"
           aws s3 rm --recursive s3://${S3_BUCKET_NAME}${BASE_URL}
           export INVALIDATION_ID=$(
             aws cloudfront create-invalidation \

.github/workflows/pr.yml

@@ -1,40 +1,44 @@
 name: Pull Request Checks
 
+permissions:
+  contents: read
+  pull-requests: read
+
 on:
-    pull_request:
-      branches:
-        - main
-    merge_group:
-      types:
-        - checks_requested
+  pull_request:
+    branches:
+      - main
+  merge_group:
+    types:
+      - checks_requested
+
+env:
+  CI: true
+  NODE_ENV: production
+  NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
 
 jobs:
-    build-and-deploy:
-      runs-on: ubuntu-latest
-      env:
-          CI: true
-          NODE_ENV: production
-      steps:
-        - uses: actions/checkout@v4
-        - name: Set up Node.js
-          uses: actions/setup-node@v3
-          with:
-            node-version: '20.x'
-            cache: 'yarn'
-        - name: Docusaurus Webpack cache
-          uses: actions/cache@v3
-          with:
-            path: node_modules/.cache
-            key: ${{ runner.os }}-webpack-cache
-        - name: Install dependencies
-          run: yarn install --frozen-lockfile
-        - name: Build the Docusaurus site
-          env:
-            NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
-          run: yarn build
-    spellcheck:
-      runs-on: ubuntu-latest
-      steps:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20.x'
+          cache: 'yarn'
+      - name: Docusaurus Webpack cache
+        uses: actions/cache@v3
+        with:
+          path: node_modules/.cache
+          key: ${{ runner.os }}-webpack-cache-${{ hashFiles('yarn.lock') }}
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: Build the Docusaurus site
+        run: yarn build
+  spellcheck:
+    runs-on: ubuntu-latest
+    steps:
       - uses: actions/checkout@v4
       - uses: codespell-project/actions-codespell@master
         name: Check spelling

.github/workflows/production.yml

@@ -1,5 +1,8 @@
 name: deploy-to-production
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:

blog-cse/2025-05-30-content.md

@@ -0,0 +1,54 @@
+---
+title: May 30, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes:
+- Rule updates.
+- New log parsers and mappers to support Akamai CPC and Contrast Security ADR.
+- New and updated log mappers for Azure Event Hub - Windows Defender logs, Cisco ISE, Microsoft Office 365, and Snowflake.
+- Modifications to existing parsers for Microsoft Azure JSON, Nginx Syslog, and Snowflake to support additional formats and events.
+
+Changes are enumerated below.
+
+### Rules
+- [Updated] MATCH-S00068 O365 - Users Password Changed
+    - Updated entity selectors to include both `user_username` and `targetUser_username`
+- [Updated] MATCH-S00069 O365 - Users Password Reset
+    - Updated entity selectors to include both `user_username` and `targetUser_username`
+
+### Log Mappers
+- [New] Akamai CPC
+- [New] Azure Event Hub - Windows Defender Audit events
+- [New] Azure Event Hub - Windows Defender Audit file events
+- [New] Azure Event Hub - Windows Defender Authentication events
+- [New] Azure Event Hub - Windows Defender Email events
+- [New] Azure Event Hub - Windows Defender Endpoint Process events
+- [New] Azure Event Hub - Windows Defender Network events
+- [New] Contrast Security ADR Default Mapping
+- [New] Snowflake Query History
+- [New] Snowflake Session
+- [Updated] Azure Event Hub - Windows Defender Logs - DeviceAlertEvents
+- [Updated] Azure Event Hub - Windows Defender Logs and Azure Alert
+- [Updated] Cisco ISE Catch All
+- [Updated] Microsoft Office 365 Active Directory Authentication Events
+- [Updated] Snowflake Catch All
+- [Updated] Snowflake Login
+
+### Parsers
+- [New] /Parsers/System/Akamai/Akamai CPC
+- [New] /Parsers/System/Contrast Security/Contrast ADR
+- [Updated] /Parsers/System/Cisco/Cisco ISE
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/Nginx/Nginx Syslog
+- [Updated] /Parsers/System/Microsoft/Office 365
+- [Updated] /Parsers/System/Snowflake/Snowflake
+- [Updated] /Parsers/System/Microsoft/Windows PowerShell-JSON
+- [Updated] /Parsers/System/Microsoft/Windows-JSON-Open Telemetry

blog-service/2025-05-30-apps.md

@@ -0,0 +1,24 @@
+---
+title: Apps, Solutions, and Collection Integrations - May Release 
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - may-release
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### Enhancements
+
+- **Classic Apps to Next-Gen Apps Migration**. [ActiveMQ](/docs/integrations/containers-orchestration/activemq/), [IIS 7/8](/docs/integrations/microsoft-azure/iis-7/), [Kafka](/docs/integrations/containers-orchestration/kafka/), [RabbitMQ](/docs/integrations/containers-orchestration/rabbitmq/), [Squid Proxy](/docs/integrations/web-servers/squid-proxy/), [Strimzi Kafka](/docs/integrations/containers-orchestration/strimzi-kafka/), and [Varnish](/docs/integrations/web-servers/varnish/).
+
+- **Updated 13 Azure apps**. [Azure Application Gateway](/docs/integrations/microsoft-azure/azure-application-gateway/), [Azure App Service Plan](/docs/integrations/microsoft-azure/azure-app-service-plan/), [Azure API Management](/docs/integrations/microsoft-azure/azure-api-management/), [Azure Cache for Redis](/docs/integrations/microsoft-azure/azure-cache-for-redis/), [Azure Container Instances](/docs/integrations/microsoft-azure/azure-container-instances/), [Azure Cosmos DB](/docs/integrations/microsoft-azure/azure-cosmos-db/), [Azure Database for MySQL](/docs/integrations/microsoft-azure/azure-database-for-mysql/), [Azure Database for PostgreSQL](/docs/integrations/microsoft-azure/azure-database-for-postgresql/), [Azure Functions](/docs/integrations/microsoft-azure/azure-functions/), [Azure Kubernetes Service (AKS) - Control Plane](/docs/integrations/microsoft-azure/kubernetes/), [Azure Load Balancer](/docs/integrations/microsoft-azure/azure-load-balancer/), [Azure Virtual Machine](/docs/integrations/microsoft-azure/azure-virtual-machine/), and [Azure WebApps](/docs/integrations/microsoft-azure/web-apps/).
+
+- **Updated 12 OpenTelemetry apps**. [ActiveMQ - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/activemq-opentelemetry/), [Apache Tomcat - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/apache-tomcat-opentelemetry/), [Cassandra - OpenTelemetry](/docs/integrations/databases/opentelemetry/cassandra-opentelemetry/), [Elasticsearch - OpenTelemetry](/docs/integrations/databases/opentelemetry/elasticsearch-opentelemetry/), [JMX - OpenTelemetry](/docs/integrations/app-development/opentelemetry/jmx-opentelemetry/), [MongoDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mongodb-opentelemetry/), [MySQL - OpenTelemetry](/docs/integrations/databases/opentelemetry/mysql-opentelemetry/), [Oracle - OpenTelemetry](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/), [PostgreSQL - OpenTelemetry](/docs/integrations/databases/opentelemetry/postgresql-opentelemetry/), [RabbitMQ - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/rabbitmq-opentelemetry/), [Redis - OpenTelemetry](/docs/integrations/databases/opentelemetry/redis-opentelemetry/), and [VMWare - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry/).
+
+- **Updated AWS Lambda**. New use cases added for CloudTrail logs and CloudWatch metrics.
+
+- **Source Template updates**. [Linux](/docs/send-data/opentelemetry-collector/remote-management/source-templates/linux/), [Mac](/docs/send-data/opentelemetry-collector/remote-management/source-templates/mac/), and [Windows](/docs/send-data/opentelemetry-collector/remote-management/source-templates/windows/).
+
+- **Source Template bug fix**. [Apache](/docs/send-data/opentelemetry-collector/remote-management/source-templates/apache/), [Docker](/docs/send-data/opentelemetry-collector/remote-management/source-templates/docker/), [Kafka](/docs/send-data/opentelemetry-collector/remote-management/source-templates/kafka/), and [Nginx](/docs/send-data/opentelemetry-collector/remote-management/source-templates/nginx/).

docs/platform-services/automation-service/app-central/integrations/hatching-triage.md

@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/hatching-triage.png')} alt="hatching-triage" width="100"/>
 
-***Version: 1.2  
-Updated: Jul 06, 2023***
+***Version: 1.3  
+Updated: June 02, 2024***
 
 Detonate files with Hatching Triage Malware Sandbox.
 
@@ -37,3 +37,7 @@ For information about Recorded Future Triage ([formerly Hatching Triage](https:/
 * June 19, 2020 - First upload
 * August 30, 2020 - New actions added
 * July 6, 2023 (v1.2) - Updated the integration with Environmental Variables
+* June 2, 2024 (v1.3) - Updated API calls for the following actions:
+  + Get Static Report
+  + Get Triage Report
+  + Get Summary Report