Merge branch 'main' into macro-doc-update

JV0812 · web-flow · commit aa28002a956c · 2025-10-30T11:11:48.000+05:30
diff --git a/blog-cse/2025-10-28-content.md b/blog-cse/2025-10-28-content.md
@@ -12,7 +12,7 @@ This content release includes:
     - Updates to existing mappers for Crowdstrike Falcon, F5, and Okta events to support additional fields and events.
     - Updates to F5 Networks and Okta SSO parsers.
 
-Changes are enumerated below.
+This new and updated content is effective as of October 22, 2025. Changes are enumerated below.
 
 ### Log Mappers
 - [New] CrowdStrike Falcon Host API IdpDetectionSummaryEvent
diff --git a/blog-cse/2025-10-29-content.md b/blog-cse/2025-10-29-content.md
@@ -0,0 +1,22 @@
+---
+title: October 29, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+    - New log mappers for Crowdstrike Falcon to support eppDetectionSummary events from multiple ingest methods.
+    - New parsers and log mappers for Databricks Audit logs and Varonis Alerts.
+
+## Log Mappers
+- [New] CrowdStrike Falcon - EppDetectionSummaryEvents (CNC)
+- [New] DataBricks Audit Catch All
+- [New] DataBricks Authentication
+- [New] Varonis Alerts Catch All
+
+## Parsers
+- [New] /Parsers/System/Databricks/Databricks Audit
+- [New] /Parsers/System/Varonis/Varonis Alert JSON
diff --git a/docs/cse/rules/write-aggregation-rule.md b/docs/cse/rules/write-aggregation-rule.md
@@ -7,6 +7,7 @@ description: Learn how to write an aggregation rule.
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 import CseRule from '../../reuse/cse-rule-description-links.md';
+import CseDynamicSeverity from '../../reuse/cse-dynamic-severity.md';
 import Iframe from 'react-iframe';
 
 This topic has information about Cloud SIEM aggregation rules and how to write them.
@@ -107,6 +108,7 @@ On the right side of the Rules Editor, in the **Then Create a Signal** section,
    1. The severity area updates. 
    1. **severity of**. Use the pulldown to select a default severity value.
    1. **for the record field**. Use the down arrows to display a list of fields, and select one.  The dynamic severity will be based on the value of (or existence of) that field in the record that matched the rule expression.
+      <CseDynamicSeverity/>
    1. The **Add More Mappings** option appears. <br/><img src={useBaseUrl('img/cse/add-more-mappings.png')} alt="Add More Mappings option" style={{border: '1px solid gray'}} width="450"/>
    1. **Click Add More Mappings**. (Optional) You can define additional mappings if desired. If you don’t, the severity value will be the value of the record field you selected above.
    1. The **if the value is** option appears.<br/><img src={useBaseUrl('img/cse/if-the-value-is.png')} alt="If the Value Is option" style={{border: '1px solid gray'}} width="450"/>
diff --git a/docs/cse/rules/write-match-rule.md b/docs/cse/rules/write-match-rule.md
@@ -7,6 +7,7 @@ description: Learn how to write a match rule.
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 import CseRule from '../../reuse/cse-rule-description-links.md';
+import CseDynamicSeverity from '../../reuse/cse-dynamic-severity.md';
 import Iframe from 'react-iframe'; 
 
 This topic has information about match rules and how to create them in the Cloud SIEM UI.
@@ -87,6 +88,7 @@ Watch this micro lesson to learn how to create a match rule.
    1. The severity area updates. 
    1. **severity of**. Use the pulldown to select a default severity value.
    1. **for the record field**. Use the down arrows to display a list of fields, and select one.  The dynamic severity will be based on the value of (or existence of) that field in the record that matched the rule expression.
+      <CseDynamicSeverity/>
    1. The **Add More Mappings** option appears. <br/><img src={useBaseUrl('img/cse/add-more-mappings.png')} alt="Add More Mappings option" style={{border: '1px solid gray'}} width="300"/>
    1. Click **Add More Mappings**. (Optional) You can define additional mappings if desired. If you don’t, the severity value will be the value of the record field you selected above.
    1. The **if the value is** option appears.<br/><img src={useBaseUrl('img/cse/if-the-value-is.png')} alt="If the Value is Option.png" style={{border: '1px solid gray'}} width="300"/>
diff --git a/docs/reuse/cse-dynamic-severity.md b/docs/reuse/cse-dynamic-severity.md
@@ -0,0 +1,3 @@
+:::note
+When configuring dynamic severity, you must select a record field that is numeric. If you select a non-numeric field, severity does not return a numeric value, and no signal fires.
+:::

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+:::note`
	`2`	`+When configuring dynamic severity, you must select a record field that is numeric. If you select a non-numeric field, severity does not return a numeric value, and no signal fires.`
	`3`	`+:::`