Merge branch 'main' into SUMO-263520

Author: sachin-sumologic

blog-service/2025-06-30-manage.md

@@ -0,0 +1,16 @@
+---
+title: Timezone field for Scheduled Views (Manage)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - timezone
+  - manage
+  - scheduled-view
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+
+We're happy to include the **Timezone** field for the Scheduled Views. Previously, *America/Los_Angeles (Includes DST)* was considered as the default timezone. Going forward, you can select/edit the timezone of your choice. If you do not make a selection, the Scheduled View will default to the timezone preference in Sumo Logic.
+
+[Learn more](/docs/manage/scheduled-views/add-scheduled-view/).

cid-redirects.json

@@ -2898,6 +2898,7 @@
   "/cid/21035": "/docs/integrations/google/cloud-traffic-director",
   "/cid/21036": "/docs/integrations/google/cloud-vertex-ai",
   "/cid/21037": "/docs/integrations/google/cloud-vpn",
+  "/cid/21097": "/docs/integrations/saas-cloud/confluent-cloud",
   "/cid/21040": "/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers",
   "/cid/21038": "/docs/integrations/containers-orchestration/vmware-tanzu-application-service",
   "/cid/10999": "/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source",

docs/cloud-soar/introduction.md

@@ -64,7 +64,6 @@ Finally, you can take the Insights from Cloud SIEM and automatically respond to
 Sumo Logic’s Cloud SOAR is a cloud-based web application available as an add-on to existing Sumo Logic deployments. Some of Cloud SOAR’s key features include:
 
 * **War Room**. A central location for all the information, analysis, and actions related to an incident. This includes notes, documentation, and knowledge transfer as well as tools for collecting data and assessing, investigating, and correlating different incidents.
-* **ARK**. The Automated Responder Knowledge (ARK) learns from past incidents and threat intel to recommend relevant playbooks for future incidents.
 * **App Central**. A large out-of-the-box library of playbooks, integrations, and use cases for different threats to get you started. 
 * **Cybersecurity best practices**. Cloud SOAR’s design and architecture meets many cybersecurity industry standards, regulatory frameworks, and best practices from organizations like ISO, GDPR, OASIS, NIST, and many others.
 
@@ -210,12 +209,6 @@ Here are some other workflows you could automate with a playbook:
 
 Cloud SOAR has hundreds of prebuilt playbooks and templates, so you can quickly and easily automate any of these tasks, or create new custom playbooks to suit your specific business needs. Normally, playbooks are automatically attached to incidents based on information like entities and severity scores. 
 
-##### ARK suggestions
-
-Playbooks automate the individual tasks of incident response. But Cloud SOAR's Automated Responder Knowledge (ARK) suggestions take things one step further. ARK uses machine learning to suggest the most appropriate playbook for your incidents based on what you've done on similar incidents in the past. This frees up even more resources for analysts, as they don't have to spend time choosing a playbook before responding.
-
-When ARK suggests a playbook to you, you have the option to add the playbook to the incident, run it, or dismiss the suggestion. 
-
 #### App Central, custom integrations, and other automations
 
 Cloud SOAR has hundreds of pre-built playbooks which you can use as-is or customize. You can also build your own custom playbooks, which you can learn about in the Cloud SIEM Administration class. 

docs/cloud-soar/legacy/legacy-cloud-soar-architecture.md

@@ -25,11 +25,3 @@ All multi-tenant installations offer:
 - Isolation of external actions (e.g., enrichment of indicators of compromise, containment actions prescribed to a host)
 
 <img src={useBaseUrl('img/cloud-soar/image5.png')} alt="Multiple database symbols" width="600"/>
-
-## Automated Responder Knowledge (DF-ARK)
-
-Cloud SOAR's Automated Responder Knowledge (DF-ARK) module utilizes machine
-learning through historical responses to past incidents and threat
-intelligence feeds to enrich new incidents. This enrichment allows
-Cloud SOAR to recommend relevant Playbooks and plans of action to expedite
-detection and response times.

docs/cloud-soar/legacy/legacy-global-functions-menu.md

@@ -32,49 +32,6 @@ When a search result is located within an incident, the incident number will be
 
 <img src={useBaseUrl('img/cloud-soar/image12.png')} alt="Global Search Results" style={{border: '1px solid gray'}} width="800"/>
 
-## Automation
-
-### ARK
-
-ARK or Automated Responder Knowledge is the Machine Learning component of Cloud SOAR which implements the Supervised learning in Case-Based Reasoning (CBR) algorithm.
-CBR solves new problems by adapting previously successful solutions to similar problems. In Cloud SOAR, this can be leveraged by analyzing solved incidents to hint steps and procedures to operators in new similar threats.<br/> <img src={useBaseUrl('img/cloud-soar/image15e.png')} alt="Automation menu" style={{border: '1px solid gray'}} width="250"/>
-
-ARK assists operators during investigations in two main areas: Automatically suggesting/prompting next actions/tasks in Playbooks (until version 5) and Correlation/ Deduplication of similar threats into 1 unique incident.
-
-#### Enable ARK
-
-To enable ARK, click the cog icon, then **Settings** > **ARK** and make sure you have it set to **ON**.
-
-From this page, it’s possible to configure also other ARK Settings such as the Neighbor incidents considered for each recommendation and an age relevance threshold. Those two parameters will allow you to tune the incidents that the Machine Learning algorithm will consider.
-
-<img src={useBaseUrl('img/cloud-soar/image16b.png')} alt="ARK Settings" style={{border: '1px solid gray'}} width="800"/>
-
-When an incident is created in Cloud SOAR, the Incident Type field will be the one defining which Playbooks you can attach to that incident.
-
-#### ARK Usage
-
-ARK has a correlation and deduplication or merging mechanism you can use with the ARK OIF.
-
-ARK 2.0 OIF is a custom Sumo Logic integration which allows investigators to implement a mechanism for deduplication and correlation of ingested alerts and Cloud SOAR incidents.
-
-<img src={useBaseUrl('img/cloud-soar/image16d.png')} alt="ARK OIF" style={{border: '1px solid gray'}} width="800"/>
-
-<img src={useBaseUrl('img/cloud-soar/image16e.png')} alt="Test Action" style={{border: '1px solid gray'}} width="800"/>
-
-OIF ARK enrichment action “Get parents for incident” allows you to retrieve every incident (as proposed parents) that is similar to the analyzed one.
-
-Each optional field allows you to fine tune the weight of the fields, acceptance thresholds and of the algorithm which needs to be trained and fine-tuned in order to get correct and reliable results.
-
-<img src={useBaseUrl('img/cloud-soar/image16f.png')} alt="Field Weight" style={{border: '1px solid gray'}} width="800"/>
-
-Alert deduplication or merging can be achieved by utilizing ARK OIF enrichment actions and Cloud SOAR’s unique Triage capability.
-
-Triage is a customizable section which can be used for enriching and preprocessing multiple different scenarios.
-
-By dispatching the ingested alerts into Triage events, Cloud SOAR can automatically enrich each event, deduplicate them based on the logic configured in our associated Playbooks (which can invoke Ark OIF enrichment) and decide if Cloud SOAR should aggregate multiple entries in one unique incident, create multiple incidents for each event or if a similar incident has already been created, to update the existing incident with updated information.
-
-Cloud SOAR can also correlate existing incidents to check if specific data is already present in the Cloud SOAR Database. It is crucial that all merging or deduplication must be done prior to conversion of an alert into incident. For example, a Triage event that allows you to invoke one or multiple playbooks for each Triage event created.
-
 ## Settings
 
 ### General Settings

docs/cloud-soar/overview.md

@@ -402,8 +402,6 @@ Cloud SOAR has been designed with Interoperability for Cybersecurity Industry st
 
 Cloud SOAR design and architecture follows Cybersecurity Industry standards and regulatory frameworks, and adheres to best Industry practices to meet best Cybersecurity practices followed by ISO, GDPR, OASIS, NIST, Sec Regulations, and more.
 
-Cloud SOAR offers a patent-pending Automated Responder Knowledge (DF-ARK) module which applies machine learning to historical responses and threats. It recommends relevant Playbooks, paths of action to expedite the process, and responses to manage and mitigate similar incidents with better response time.
-
 Cloud SOAR provides static egress for Cloud executions. IP addresses can be entered into the allowlist. For a list of Cloud SOAR addresses by region, contact [Support](https://support.sumologic.com/support/s/).
 
 <img src={useBaseUrl('img/cloud-soar/image3.png')} alt="Cloud SOAR architecture diagram" style={{border: '1px solid gray'}} width="800"/>

docs/integrations/product-list/product-list-a-l.md

@@ -162,7 +162,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/cofense.png')} alt="Thumbnail icon" width="50"/> | [Cofense](https://cofense.com/) | Automation integration: [Cofense](/docs/platform-services/automation-service/app-central/integrations/cofense/) |
 | <img src={useBaseUrl('img/integrations/misc/commscope-logo.svg')} alt="Thumbnail icon" width="100"/> | [CommScope](https://www.commscope.com/) | Cloud SIEM integration: [CommScope](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/e69bff14-6237-4997-a447-4fc02feaeeaf.md) |
 |  <img src={useBaseUrl('img/integrations/misc/configcat-logo.png')} alt="Thumbnail icon" width="50"/>   | [ConfigCat](https://configcat.com/)  | Webhook: [ConfigCat](/docs/integrations/webhooks/configcat/) |
-|  <img src={useBaseUrl('img/send-data/confluent-cloud-metrics.png')} alt="Thumbnail icon" width="100"/>   | [Confluent](https://www.confluent.io/)  | Collector: [Confluent Cloud Metrics Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source) |
+|  <img src={useBaseUrl('img/integrations/saas-cloud/confluent-cloud.png')} alt="Thumbnail icon" width="100"/>   | [Confluent](https://www.confluent.io/)  | App: [Confluent Cloud](/docs/integrations/saas-cloud/confluent-cloud)<br/>Collector: [Confluent Cloud Metrics Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source) |
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/connectwise-manage.png')} alt="Thumbnail icon" width="100"/> | [ConnectWise PSA](https://info.connectwise.com/professional-services-automation/manage/demo/sem/demo) | Automation integration: [ConnectWise Manage](/docs/platform-services/automation-service/app-central/integrations/connectwise-manage/) |
 | <img src={useBaseUrl('img/integrations/misc/contrast-security-logo.png')} alt="Thumbnail icon" width="100"/> | [Contrast Security](https://www.contrastsecurity.com/) | Cloud SIEM integration: [Contrast Security](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/024b4302-9a57-4c60-9d0d-693b2d18225b.md) |
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/coralogix-query-logs.png')} alt="Thumbnail icon" width="75"/> | [Coralogix](https://coralogix.com/) | Automation integrations: <br/>- [Coralogix - Query Logs](/docs/platform-services/automation-service/app-central/integrations/coralogix-query-logs/) <br/>- [Coralogix - Send Logs](/docs/platform-services/automation-service/app-central/integrations/coralogix-send-logs/) |

docs/integrations/saas-cloud/confluent-cloud.md

@@ -0,0 +1,121 @@
+---
+id: confluent-cloud
+title: Confluent Cloud
+sidebar_label: Confluent Cloud
+description: The Sumo Logic app for Confluent Cloud offers deep visibility into your environment with dashboards that monitor Kafka performance, consumer lag, producer latency, connector health, Flink compute pools, KSQL activity, and schema registry operations, enabling proactive troubleshooting and efficient data streaming.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<img src={useBaseUrl('img/integrations/saas-cloud/confluent-cloud.png')} alt="Thumbnail icon" width="100"/>
+
+Confluent Cloud is a fully managed, cloud-native data streaming platform based on Apache Kafka. It enables real-time data processing, integration, and movement across applications and systems without managing infrastructure. With built-in support for connectors, ksqlDB, and stream governance, it simplifies building scalable, event-driven architectures.
+
+The Sumo Logic app for Confluent Cloud provides deep visibility into your Confluent Cloud environment based on key platform metrics. The app’s dashboards use preconfigured searches and filters to help you monitor Kafka cluster performance, topic-level throughput, consumer lag, producer latency, connector health, Flink compute pool utilization, KSQL activity, and schema registry operations—enabling proactive troubleshooting and streamlined data streaming operations.
+
+## Metrics type  
+
+The Confluent Cloud app uses metrics:
+
+* [Confluent Cloud runtime metrics](https://api.telemetry.confluent.cloud/docs/descriptors/datasets/cloud).
+
+### Collecting metrics for the Confluent Cloud app
+
+Sumo Logic supports collecting metrics using the Cloud-to-Cloud integration framework:
+
+* Configure a [Confluent Cloud Metrics Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/confluent-cloud-metrics-source/)
+
+## Installing the Confluent Cloud app
+
+Now that you have set up a collection for **Confluent Cloud**, install the Sumo Logic app to use the pre-configured [dashboards](#viewing-the-confluent-cloud-dashboards) that provide visibility into your environment for real-time analysis of overall usage.
+
+import AppInstall from '../../reuse/apps/app-install-v2.md';
+
+<AppInstall/>
+
+## Viewing the Confluent Cloud dashboards  
+
+### Compute Pool
+
+The **Confluent Cloud - Compute Pool** dashboard provides details on the status and utilization of compute resources in your Confluent Cloud environment.
+
+Use this dashboard to:
+* Monitor the average Flink statement status to identify potential issues with stream processing jobs.
+* Track CPU utilization against the set limit to ensure optimal resource allocation and prevent performance bottlenecks.
+* Analyze trends in CPU minutes consumed over time to optimize cost and capacity planning for your Confluent Cloud deployment.
+* Compare current CPU usage across different compute pools to balance workloads and improve overall system efficiency.
+
+<img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/ConfluentCloud/Confluent-Cloud-Compute-Pool.png')} alt="Confluent Cloud - Compute Pool" style={{border: '1px solid gray'}} width="800" />
+
+### Connectors
+
+The **Confluent Cloud - Connectors** dashboard provides details on the status, performance, and health of Confluent Cloud connectors.
+
+Use this dashboard to:
+* Monitor the status of connectors and their tasks to quickly identify any that are failed, paused, or provisioning.
+* Track the volume of sent and received records across different connectors to ensure data flow is as expected.
+* Analyze the average sent and received bytes to detect any unusual spikes or drops in data transfer.
+* Identify potential bottlenecks by correlating connector status with sent/received records and bytes.
+* Monitor dead letter queue records to catch any messages that failed to be processed correctly.
+
+<img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/ConfluentCloud/Confluent-Cloud-Connectors.png')} alt="Confluent Cloud - Connectors" style={{border: '1px solid gray'}} width="800" />
+
+### Kafka Cluster
+
+The **Confluent Cloud - Kafka Cluster** dashboard provides details on key performance metrics and operational statistics for your Kafka cluster in Confluent Cloud.
+
+Use this dashboard to:
+* Monitor producer latency and cluster load to ensure optimal performance of your Kafka cluster.
+* Track active connections, request bytes, and response bytes to identify potential bottlenecks or unusual traffic patterns.
+* Analyze request count trends over time to understand usage patterns and plan for capacity needs.
+
+<img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/ConfluentCloud/Confluent-Cloud-Kafka-Cluster.png')} alt="Confluent Cloud - Kafka Cluster" style={{border: '1px solid gray'}} width="800" />
+
+### Kafka Cluster Links
+
+The **Confluent Cloud – Kafka Cluster Link** dashboard provides key insights into cluster link performance and health. It tracks link task counts, mirror topic states, offset lags, data volume, and response metrics—helping monitor cross-cluster replication efficiency, detect mirror errors, and ensure seamless data delivery across environments.
+
+Use this dashboard to:
+* Monitor link counts and task activity to ensure proper setup and functioning of cluster replication.
+* Track mirror topic count, bytes, and offset lag to assess replication volume and delays.
+* Analyze destination response bytes for throughput visibility across clusters.
+* Detect mirror transition errors to troubleshoot sync failures efficiently.
+
+<img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/ConfluentCloud/Confluent-Cloud-Kafka-Cluster-Links.png')} alt="Confluent Cloud - Kafka Cluster Topic" style={{border: '1px solid gray'}} width="800" />
+
+### Kafka Cluster Topic
+
+The **Confluent Cloud - Kafka Cluster Topic** dashboard provides details on topic-level metrics for Kafka clusters in Confluent Cloud, including consumer lag, data throughput, and partition information.
+
+Use this dashboard to:
+* Monitor consumer lag offsets to identify potential bottlenecks in data processing and ensure timely consumption of messages.
+* Analyze the relationship between received and sent bytes to detect any data loss or transmission issues within the Kafka cluster.
+* Track the number of received and sent records over time to understand topic usage patterns and optimize resource allocation.
+* Observe retained bytes and partition count to manage storage utilization and ensure proper topic scaling.
+
+<img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/ConfluentCloud/Confluent-Cloud-Kafka-Cluster-Topic.png')} alt="Confluent Cloud - Kafka Cluster Topic" style={{border: '1px solid gray'}} width="800" />
+
+### KSQL
+
+The **Confluent Cloud - KSQL** dashboard provides details on query performance, data processing, and resource utilization for KSQL operations in Confluent Cloud.
+
+Use this dashboard to:
+* Monitor query saturation and identify potential bottlenecks in KSQL operations.
+* Track processing errors and query restarts to ensure smooth data flow and query execution.
+* Analyze storage utilization and streaming unit consumption to optimize resource allocation.
+* Correlate offset lag with processing errors to troubleshoot data processing delays.
+* Examine produced and consumed bytes to understand data throughput and potential network issues.
+
+<img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/ConfluentCloud/Confluent-Cloud-KSQL.png')} alt="Confluent Cloud - KSQL" style={{border: '1px solid gray'}} width="800" />
+
+### Schema Registry
+
+The **Confluent Cloud - Schema Registry** dashboard provides details on schema operations, request counts, and traffic types for your Confluent Cloud Schema Registry.
+
+Use this dashboard to:
+* Monitor the distribution of schema operations (CREATE, READ, DELETE) to ensure proper usage and identify potential issues with schema management.
+* Analyze the ratio of public vs. private traffic to understand access patterns and potential security concerns.
+* Track schema count trends over time to manage growth and capacity planning for your Schema Registry.
+* Correlate request counts with operation types to identify unusual spikes or drops in schema-related activities.
+
+<img src={useBaseUrl('https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/ConfluentCloud/Confluent-Cloud-Schema-Registry.png')} alt="Confluent Cloud - Schema Registry" style={{border: '1px solid gray'}} width="800" />