Merge branch 'main' into CSOAR-3557

Author: mahendrak-sumo

blog-cse/2025-10-28-content.md

@@ -12,7 +12,7 @@ This content release includes:
     - Updates to existing mappers for Crowdstrike Falcon, F5, and Okta events to support additional fields and events.
     - Updates to F5 Networks and Okta SSO parsers.
 
-Changes are enumerated below.
+This new and updated content is effective as of October 22, 2025. Changes are enumerated below.
 
 ### Log Mappers
 - [New] CrowdStrike Falcon Host API IdpDetectionSummaryEvent

blog-cse/2025-10-29-content.md

@@ -0,0 +1,22 @@
+---
+title: October 29, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+    - New log mappers for Crowdstrike Falcon to support eppDetectionSummary events from multiple ingest methods.
+    - New parsers and log mappers for Databricks Audit logs and Varonis Alerts.
+
+## Log Mappers
+- [New] CrowdStrike Falcon - EppDetectionSummaryEvents (CNC)
+- [New] DataBricks Audit Catch All
+- [New] DataBricks Authentication
+- [New] Varonis Alerts Catch All
+
+## Parsers
+- [New] /Parsers/System/Databricks/Databricks Audit
+- [New] /Parsers/System/Varonis/Varonis Alert JSON

blog-service/2025-04-28-manage.md

@@ -12,6 +12,4 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 We are happy to announce that authorized users can now control the visibility of  installed app content. This update allows content administrators and the installing user to configure the roles and users who should be allowed to view the dashboards and log searches that are installed with an app.
 
-For more information about sharing apps, see [Content Sharing in Sumo Logic](/docs/manage/content-sharing/).
-
-<img src={useBaseUrl('img/content-sharing/grant-app-access-to-org.png')} alt="<your image description>" style={{border: '1px solid gray'}} width="<insert-pixel-number>" />
+For more information about sharing apps, see [Content Sharing in Sumo Logic](/docs/manage/content-sharing/).

blog-service/2025-10-31-apps.md

@@ -0,0 +1,61 @@
+---
+title: Apps, Solutions, and Collection Integrations - October Release 
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - apps
+  - october-release
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### New release
+
+
+- **Azure OpenAI**. The Azure OpenAI app enables you to track the request volume, token usage, response latency, and error rates, to ensure efficient model utilization and reliable AI-driven application performance. [Learn more](/docs/integrations/microsoft-azure/azure-open-ai/).
+
+### AWS Observability Solution v2.13.0
+
+**New release**:
+
+- Added tag support for AWS resources created with Terraform based AWS Observability (AWSO) Solution. [Learn more](https://github.com/SumoLogic/sumologic-solution-templates/releases/tag/v2.13.0).
+
+**Enhancements**:
+
+- Enhanced the app installation and sharing workflow within the Admin Recommended folder for smoother management and collaboration.
+- Integrated updated EC2, Lambda, and RDS apps with AWSO Solution.
+- Upgraded the AWS provider to support versions `>= 5.16.2` and `< 7.0.0`.
+- Updated the minimum required Terraform version to `1.5.7`.
+- Addressed CVEs identified in Python and Go modules.
+- Updated the following SAM app versions:
+    - `sumologic-app-utils` - `2.0.21`.
+    - `sumologic-s3-logging-auto-enable` - `1.0.18`.
+
+**Deprecation**:
+
+- The Global Intelligence for AWS CloudTrail DevOps app is scheduled for deprecation in the near future and, as a result, has been removed from the AWS Observability Solution.
+- Deprecated AWS Observability Solution v2.8.0 and earlier due to their dependence on [Node.js 18](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtimes-deprecated), which is deprecated in the AWS Lambda runtime as of September 1, 2025.
+- Amazon will deprecate the [AWS Lambda runtime](https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html) Node.js 20 on April 30, 2026. AWS Observability Solution versions v2.9.0, v2.10.0, and v2.11.0 use Node.js 20 and will therefore be deprecated and no longer supported starting May 1, 2026. Sumo Logic encourages you to upgrade to the [latest version](https://github.com/SumoLogic/sumologic-solution-templates/releases) of the AWS Observability Solution to ensure continued support.
+
+### App enhancements
+
+* Sumo Logic has introduced a new app category (AI/ML) in the Sumo Logic App Catalog.
+* Updated the Azure Machine Learning app to monitor nested namespace metrics.
+* Updated 9 AWS-related apps, including [AWS API Gateway](/docs/integrations/amazon-aws/api-gateway/), [Application Load Balancer (ALB)](/docs/integrations/amazon-aws/application-load-balancer/), [Classic Load Balancer](/docs/integrations/amazon-aws/classic-load-balancer/), [Network Load Balancer (NLB)](/docs/integrations/amazon-aws/network-load-balancer/), [EC2](/docs/platform-services/automation-service/app-central/integrations/aws-ec2), [ElastiCache](/docs/integrations/amazon-aws/elasticache/), [RDS](/docs/integrations/amazon-aws/rds/), [Lambda](/docs/integrations/amazon-aws/lambda/), and [SNS](/docs/integrations/amazon-aws/sns/), to enhance CloudTrail ARN pattern parsing and improve CloudTrail dashboards for ALB and NLB.
+
+### Integration enhancements
+
+Updated the Sumo Logic Lambda Extension to version 1.3.0. [Learn more](https://github.com/SumoLogic/sumologic-lambda-extensions/releases/tag/v1.3.0).
+* Upgraded Golang to version 1.24 with CVE fixes.
+* Updated the base container image.
+* Enhanced error handling for improved reliability.
+* Fixed issues identified by golangci-lint.
+* Migrated from `aws-sdk-go` to `aws-sdk-go-v2` for better performance and modularity.
+
+### Bug fixes
+
+- AWS CloudTrail specific FER for AWS Network Load Balancer and AWS Application Load Balancer apps.
+
+### Deprecation
+
+The method of collecting metrics using [Azure Resource Manager (ARM)](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/) will be deprecated and no longer supported starting January 1, 2026. Refer to the updated approach using [Azure Metric Source](/docs/send-data/hosted-collectors/microsoft-source/azure-metrics-source/), which offers improved functionality and ongoing support.

docs/contributing/style-guide.md

@@ -894,7 +894,7 @@ Always start with `1.`. Markdown automatically numbers sequentially when buildin
    1. Ordered sub-list.
 1. And another item.
 
-  More content for this entry. And a screenshot:<br/> ![span hover](/img/apm/span-hover-view.png)
+  More content for this entry. And a screenshot:<br/><img src={useBaseUrl('img/apm/span-hover-view.png')} alt="Span hover" style={{border: '1px solid gray'}} width="400" />
 
 ```
 </TabItem>
@@ -906,7 +906,7 @@ Always start with `1.`. Markdown automatically numbers sequentially when buildin
 1. Actual numbers do not matter, just that it is a number.
    1. Ordered sub-list.
 1. And another item.
-   * More content for this entry. And a screenshot:<br/> ![span hover](/img/apm/span-hover-view.png)
+   * More content for this entry. And a screenshot:<br/><img src={useBaseUrl('img/apm/span-hover-view.png')} alt="Span hover" style={{border: '1px solid gray'}} width="400" />
 
 </TabItem>
 </Tabs>
@@ -1271,10 +1271,6 @@ In the UI, avoid periods for single sentences on their own. Whenever there are t
 
 Our release notes (also known as changelog) are posted to the both the docs site and corresponding RSS feed. Check out the categories [here](/docs/release-notes). Keep your them concise and add links to documentation. If there are updated UI elements, add an image or gif.
 
-### Text only
-
-To add a text-only release note:
-
 1. In the appropriate blog folder ([blog-collector](https://github.com/SumoLogic/sumologic-documentation/tree/main/blog-collector), [blog-cse](https://github.com/SumoLogic/sumologic-documentation/tree/main/blog-cse), [blog-csoar](https://github.com/SumoLogic/sumologic-documentation/tree/main/blog-csoar), [blog-developer](https://github.com/SumoLogic/sumologic-documentation/tree/main/blog-developer), [blog-service](https://github.com/SumoLogic/sumologic-documentation/tree/main/blog-service)), add a new file that follows the format of the other posts in that folder. For example, for blog-service release notes, the format is `YYYY-MM-DD-<product/feature>`. For Cloud SIEM and SOAR, the format is `YYYY-MM-DD-application-update` or `YYYY-MM-DD-content-update`.<br/><img src={useBaseUrl('img/contributing/release-notes-dropdown-menu.png')} alt="Release notes menu" style={{border: '1px solid gray'}} width="200"/>
 1. Add the following frontmatter, swapping out these example values with your own. Because there's no `image`, we'll use the Sumo Logic logo in its place.
     ```markdown
@@ -1294,29 +1290,10 @@ To add a text-only release note:
     * `hide-table-of-contents`. Hide the TOC on the page, keeping the notes clean and wide on the page.
 1. Document the release notes. Add links, bullets, and images as needed.
 
-#### Long release notes
+### Long release notes
 
 For lengthy release notes, we recommend introducing the notes and adding a truncate line (`<!--truncate-->`), followed by the full set of release notes.
 
-### Text and images
-
-To add release notes with images:
-
-1. In the blog folder, create a new folder with the following name format: `YYYY-MM-DD-product`.
-1. In the new folder, create a markdown file named `index.md`.
-1. Add your release notes with frontmatter:
-    ```markdown
-    ---
-    title: New XYZ Feature
-    hide_table_of_contents: true
-    keywords:
-      - alerts
-    image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
-    ---
-    ```
-1. Save the image to this folder and add them to the markdown file: `![alt text](image-name.png)`.
-
-
 ## Reusing content
 
 For repeatable content - an identical section that appears in one or more docs - you can save a lot of time by creating one instance of that content in the `/docs/reuse` folder and then importing that snippet to other docs.
@@ -1386,7 +1363,7 @@ Tables use plain markdown with one header, default left-aligned columns, and mul
 | Started At | 07/27/2020 09:01:04.533 | When the trace started. |
 | Duration | 12.582 ms | The amount of time the trace spans.  |
 | Number of spans | 35 | A trace consists of spans. This number tells you how many spans are in the trace. |
-| Duration Breakdown | ![breakdown](/img/apm/traces/breakdown.png) | Each color indicates a service. The colors assigned to services are always the same on your account. You can change the color in the span summary tab after clicking on the individual span in trace view.<br/>Hover over to view a percentage breakdown of how long each span covers in the trace.<br/>![span hover](/img/apm/traces/span-hover-view.png) |
+| Duration Breakdown | <img src={useBaseUrl('img/apm/traces/breakdown.png')} alt="Breakdown" style={{border: '1px solid gray'}} width="200" /> | Each color indicates a service. The colors assigned to services are always the same on your account. You can change the color in the span summary tab after clicking on the individual span in trace view.<br/>Hover over to view a percentage breakdown of how long each span covers in the trace.<br/><img src={useBaseUrl('img/apm/span-hover-view.png')} alt="Span hover" style={{border: '1px solid gray'}} width="300" /> |
 | Number of errors | 0 | The number of errors in the trace. |
 | Status | 200 | The HTTP status code of the trace. |
 ```
@@ -1421,7 +1398,7 @@ Markdown | Less | Pretty
 | Started At | 07/27/2020 09:01:04.533 | When the trace started. |
 | Duration | 12.582 ms | The amount of time the trace spans.  |
 | Number of spans | 35 | A trace consists of spans. This number tells you how many spans are in the trace. |
-| Duration Breakdown | ![breakdown](/img/apm/traces/breakdown.png) | Each color indicates a service. The colors assigned to services are always the same on your account. You can change the color in the span summary tab after clicking on the individual span in trace view.<br/>Hover over to view a percentage breakdown of how long each span covers in the trace.<br/>![span hover](/img/apm/span-hover-view.png) |
+| Duration Breakdown | <img src={useBaseUrl('img/apm/traces/breakdown.png')} alt="Breakdown" style={{border: '1px solid gray'}} width="200" /> | Each color indicates a service. The colors assigned to services are always the same on your account. You can change the color in the span summary tab after clicking on the individual span in trace view.<br/>Hover over to view a percentage breakdown of how long each span covers in the trace.<br/><img src={useBaseUrl('img/apm/span-hover-view.png')} alt="Span hover" style={{border: '1px solid gray'}} width="300" /> |
 | Number of errors | 0 | The number of errors in the trace. |
 | Status | 200 | The HTTP status code of the trace. |
 

docs/contributing/templates/generic-doc.md

@@ -9,6 +9,8 @@ description: Example template for creating a document in the Sumo Logic guides.
   <meta name="robots" content="noindex" />
 </head>
 
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
 <!--Copy this markdown file and replace it with your own documentation. To view the full list of markdown components, see our [Style Guide](/docs/contributing/style-guide).
 
 Replace the title above in the [Frontmatter section](/docs/contributing/style-guide#frontmatter) with yours. This will render as an H1 header. All other header sections should be H2, H3, H4, or H5.-->
@@ -20,7 +22,7 @@ To add an image, save the .png file with a simple name to the `/static/img` fold
 
 Example:
 
-![Sumo Logic logo](/img/reuse/sumo-square.png)
+<img src={useBaseUrl('img/reuse/sumo-square.png')} alt="Sumo Logic logo" style={{border: '1px solid gray'}} width="50" />
 -->
 
 ### Instructions
@@ -31,7 +33,7 @@ Always use `1.` to start your instructions. You do not need to actually number t
 1. Click **Collections**, then **Sources** tab.
 1. Next step, just write it out.
     * Bullet list just tab and use `*` or `1.`.
-    * Next bullet.<br/>![Sumo Logic logo](/img/reuse/sumo-square.png)
+    * Next bullet.<br/><img src={useBaseUrl('img/reuse/sumo-square.png')} alt="Sumo Logic logo" style={{border: '1px solid gray'}} width="50" />
 1. The numbers continue with content indented above!
 
 Here is an example table:

docs/cse/rules/write-aggregation-rule.md

@@ -7,6 +7,7 @@ description: Learn how to write an aggregation rule.
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 import CseRule from '../../reuse/cse-rule-description-links.md';
+import CseDynamicSeverity from '../../reuse/cse-dynamic-severity.md';
 import Iframe from 'react-iframe';
 
 This topic has information about Cloud SIEM aggregation rules and how to write them.
@@ -107,6 +108,7 @@ On the right side of the Rules Editor, in the **Then Create a Signal** section,
    1. The severity area updates. 
    1. **severity of**. Use the pulldown to select a default severity value.
    1. **for the record field**. Use the down arrows to display a list of fields, and select one.  The dynamic severity will be based on the value of (or existence of) that field in the record that matched the rule expression.
+      <CseDynamicSeverity/>
    1. The **Add More Mappings** option appears. <br/><img src={useBaseUrl('img/cse/add-more-mappings.png')} alt="Add More Mappings option" style={{border: '1px solid gray'}} width="450"/>
    1. **Click Add More Mappings**. (Optional) You can define additional mappings if desired. If you don’t, the severity value will be the value of the record field you selected above.
    1. The **if the value is** option appears.<br/><img src={useBaseUrl('img/cse/if-the-value-is.png')} alt="If the Value Is option" style={{border: '1px solid gray'}} width="450"/>

docs/cse/rules/write-match-rule.md

@@ -7,6 +7,7 @@ description: Learn how to write a match rule.
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 import CseRule from '../../reuse/cse-rule-description-links.md';
+import CseDynamicSeverity from '../../reuse/cse-dynamic-severity.md';
 import Iframe from 'react-iframe'; 
 
 This topic has information about match rules and how to create them in the Cloud SIEM UI.
@@ -87,6 +88,7 @@ Watch this micro lesson to learn how to create a match rule.
    1. The severity area updates. 
    1. **severity of**. Use the pulldown to select a default severity value.
    1. **for the record field**. Use the down arrows to display a list of fields, and select one.  The dynamic severity will be based on the value of (or existence of) that field in the record that matched the rule expression.
+      <CseDynamicSeverity/>
    1. The **Add More Mappings** option appears. <br/><img src={useBaseUrl('img/cse/add-more-mappings.png')} alt="Add More Mappings option" style={{border: '1px solid gray'}} width="300"/>
    1. Click **Add More Mappings**. (Optional) You can define additional mappings if desired. If you don’t, the severity value will be the value of the record field you selected above.
    1. The **if the value is** option appears.<br/><img src={useBaseUrl('img/cse/if-the-value-is.png')} alt="If the Value is Option.png" style={{border: '1px solid gray'}} width="300"/>

docs/get-started/help.md

@@ -19,7 +19,7 @@ Docs cover all product features and should be your first resource when you have
 If you haven't found the answer to your question in our online help documentation:
 
 1. [**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Help > Support**. <br/> [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu select **Help > Support**. 
-1. You'll be taken to Sumo Logic Support. Click **Submit a Request** to file a ticket.<br/>![Help - Support.png](/img/get-started/Help-Support.png)
+1. You'll be taken to Sumo Logic Support. Click **Submit a Request** to file a ticket.<br/><img src={useBaseUrl('img/get-started/Help-Support.png')} alt="Support page" style={{border: '1px solid gray'}} width="800" />
 
 On this site, you can log in with your account to access resources like Sumo Logic announcements, release notes, Knowledge Base articles, and more. You can also access the Sumo Logic Community in order to ask questions of fellow users.
 
@@ -41,7 +41,7 @@ You can also search for and request features, comment, and vote on issues that a
 
 See the [Sumo Logic Community](https://community.sumologic.com) for more information.
 
-![Help - Community2.png](/img/get-started/Help-Community.png)
+<img src={useBaseUrl('img/get-started/Help-Community.png')} alt="Community page" style={{border: '1px solid gray'}} width="800" />
 
 
 ## Privacy Policy
@@ -74,8 +74,8 @@ The Service Status Indicator on the Help menu shows the severity of the outage.
 | Icon | Status |
 | :-- | :-- |
 | NONE | **None.** All systems operational. |
-| ![](/img/reuse/outage_critical.png) | **Critical.** Major system outage. |
-| ![](/img/reuse/outage_major.png) | **Major.** Partial system outage.  |
-| ![](/img/reuse/outage_minor.png) | **Minor.** Minor system outage. |
+| <img src={useBaseUrl('img/reuse/outage_critical.png')} alt="Critical icon" style={{border: '1px solid gray'}} width="25" />| **Critical.** Major system outage. |
+| <img src={useBaseUrl('img/reuse/outage_major.png')} alt="Major icon" style={{border: '1px solid gray'}} width="25" /> | **Major.** Partial system outage.  |
+| <img src={useBaseUrl('img/reuse/outage_minor.png')} alt="Minor icon" style={{border: '1px solid gray'}} width="25" /> | **Minor.** Minor system outage. |
 
 To determine which pod your account uses, look at the Sumo Logic URL. If you see `us2`, that means you're running on the US2 pod. If you see `eu` or `au`, you're on one of those pods.