Merge branch 'main' into CONN-3897-GA-Universal-connector

Author: yleiferman

.clabot

@@ -5,11 +5,9 @@
     "JV0812",
     "jpipkin1",
     "JainM6",
-    "swiatekm-sumo",
     "docsSeema",
     "angadrandhawa1",
     "kkujawa-sumo",
-    "open-source-collection-team",
     "mat-rumian",
     "perk-sumo",
     "jmartini-sumo",
@@ -26,12 +24,10 @@
     "agaur",
     "bhargavisumo",
     "ravipadala-sumo",
-    "jd-sumo",
     "davidcarltonsumo",
     "pkazmir-sumo",
     "dkarabin-sumo",
     "kevin-sumo",
-    "mgol-sumo",
     "crm6718",
     "mvirga-sumo",
     "tarunk2",
@@ -72,6 +68,9 @@
     "rikishi-c",
     "Melvin-CnC",
     "yuting-liu",
+    "jc-sumo",
+    "vfalconisumo",
+    "yuting-liu",
     "arpitjain305",
     "kparekh010",
     "ajaiswals",
@@ -171,7 +170,7 @@
     "antonymartinsumo",
     "amee-sumo"
   ],
-  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement. To proceed with your PR, please [sign here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
+  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",
   "recheckComment": "The GitHub CLA Bot is rechecking to see that you have signed our CLA."
 }

.github/CODEOWNERS

@@ -1,14 +1,16 @@
+# More details: https://help.github.com/articles/about-codeowners
+
 # Default owners for everything in the repo.
 * @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
-# Owners of all files in the `/docs` directory and its subdirectories.
-/docs/   @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
+# Owners of all files in the `/docs/integrations` directory.
+/docs/integrations/ @SumoLogic/sumoappdev @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/kubernetes` directory.
-/docs/send-data/kubernetes/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
+/docs/send-data/kubernetes/ @SumoLogic/open-source-collection-team @SumoLogic/k8s-developers @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/opentelemetry-collector` directory and its subdirectories.
-/docs/send-data/opentelemetry-collector/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812 @amee-sumo
+/docs/send-data/opentelemetry-collector/ @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812 @amee-sumo
 
 # GitHub workflow owners
 /.github/workflows/ @SumoLogic/open-source-collection-team @kimsauce

blog-collector/2024-11-26.md

@@ -0,0 +1,25 @@
+---
+title: Version 19.516-1
+hide_table_of_contents: true
+image: https://help.sumologic.com/img/sumo-square.png
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-collector/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+In this release, we've enhanced the security and stability of the Collector with added support for security patches.
+		
+### Security Fixes
+		
+- Upgraded `Tanuki version` to version 3.5.60 to fix the collector intermittently crashing issue.
+- Upgraded collector JRE to **Amazon Corretto Version 8.432.06.1**.
+		
+### Troubleshooting
+		
+When upgrading this collector version, the collector running as a non-root user (run as mode) or on a Mac operating system cannot be upgraded through the API/Web UI. To resolve these issue, follow the respective steps below:
+	- **Collector running as a non-root user.** An error message will be displayed indicating that the upgrade is not possible. The upgrade must be performed manually on your machine. Refer to [Upgrade Collectors in Sumo Logic](/docs/send-data/collection/upgrade-collectors/#upgrade-collectors-using-the-command-line) to upgrade the collector manually.
+	- **Collector running on Mac.** The process will stop while upgrading, and the collector will need to be restarted manually on your machine. Use the code below to restart manually.
+        ```
+        sudo ./collector start
+        ```

docs/manage/manage-subscription/usage-management.md

@@ -31,7 +31,7 @@ To manage the query size limit using the **Basic** configuration:
 :::info
 Sumo Logic defines scan as two types:
   - **Foreground interactive search**. Search page UI, Copilot, and Dashboards.
-  - **Background search**. API, Scheduled Search, Monitor, and SLO. 
+  - **Background search**. API, Scheduled Search, Monitor, Scheduled Views, and SLO. 
 :::
 
 :::note
@@ -62,7 +62,7 @@ To create the query size limit using the **Advanced** configuration:
     :::info
     Sumo Logic defines scan as two types:
     - **Foreground interactive search**. Search page UI, Copilot, and Dashboards.
-    - **Background search**. API, Scheduled Search, Monitors, and SLO. 
+    - **Background search**. API, Scheduled Search, Monitors, Scheduled Views, and SLO. 
     :::
 1. **Details**. Enter the name for the scan budget.<br/><img src={useBaseUrl('/img/manage/account/create-scan-budget.png')} alt="create-scan-budget" style={{border:'1px solid gray'}} width="650"/>
 1. Click **Save** to create the scan budget.
@@ -85,9 +85,8 @@ To view the selected scan budget:
   - **Deactivate/Activate**. Click the **Deactivate/Activate** button to deactivate/activate the selected scan budget.
   - **Delete**. Click the **Delete** button to delete the selected scan budget.
   - **View violations**. Sumo Logic recommends a GB value per query as per the 95th percentile to be within the safe limits. You can also check the query size of the last 10 queries by clicking on **Click here** to help you determine the appropriate size limit.
-  - **Budget Type**. Defines the type of budget set: **Per Query Budget** or **Time-Based Budgets**(TBA).
+  - **Budget Type**. Defines the type of budget set.
     - **Per Query Budget**. Limits the data (in GBs) that a single query can consume.
-    - **Time-Based Budgets**(TBA). Limits the data or credits consumed over a day, week, or month.
   - **Status**. Describes if the scan budget is active or inactive.
   - **Usage Category**. Describes the type of scan. For Flex this is shown as **Flex Scan** and for Data tier this is shown as **Infrequent Scan**.
   - **Applied to Roles**. Describes the roles for which the selected scan budget is applied for.
@@ -101,7 +100,6 @@ To view the selected scan budget:
   - **Audit Logs**. Records the budget definition changes. Click on **View Details** to view the budget definition changes.
   - **System Audit**. Records the breaches and budget enforcement. Click on **View Details** to view the list of breaches.
 
-
 ## FAQ
 
 ### Handle overlapping budgets

docs/search/copilot.md

@@ -14,8 +14,9 @@ keywords:
 import Iframe from 'react-iframe';
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
-<p><a href="/docs/beta"><span className="beta">Preview Release</span></a></p>
-This is a Preview release. To learn more, contact your Sumo Logic account executive.
+:::sumo Preview release
+This is a Preview release. To learn more, contact your Sumo Logic account executive. To opt out, please open a [support ticket](https://support.sumologic.com/support/s/).
+:::
 
 Sumo Logic Copilot is our AI-powered assistant that accelerates investigations and troubleshooting in logs by allowing you to ask questions in plain English and get contextual suggestions, helping first responders get to answers faster.
 

docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/automox-source.md

@@ -52,11 +52,11 @@ To configure a Automox Source:
       * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist, or is disabled, in the Fields table schema. In this case, an option to automatically add or enable the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema or is disabled it is ignored, known as dropped.
 1. In **Bearer Token**, enter the bearer token collected from the Automox platform.
 1. In **Organization ID**, enter the Organization ID collected from the Automox platform.
-1. Select the **Colleect Audit Trail Logs** checkbox to collect the audit details.
+1. Select the **Collect Audit Trail Logs** checkbox to collect the audit details.
 1. The **Audit Trail Logs Interval** is set for 5 minutes by default. You can adjust it based on your needs.
-1. Select the **Colleect Events Logs** checkbox to collect the event details. Enter the supported events that you want to collect. Leaving this empty will collect all events.
+1. Select the **Collect Events Logs** checkbox to collect the event details. Enter the supported events that you want to collect. Leaving this empty will collect all events.
 1. The **Event Logs Interval** is set for 5 minutes by default. You can adjust it based on your needs.
-1. Select the **Colleect Devices** checkbox to collect the devices list details.
+1. Select the **Collect Devices** checkbox to collect the devices list details.
 1. The **Devices Logs Interval** is set for 12 hours by default. You can adjust it based on your needs.
 1. **Processing Rules**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule).
 1. When you are finished configuring the Source, click **Save**.

docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md

@@ -92,6 +92,10 @@ To configure a Microsoft Azure AD Inventory Source:
    :::note
    To collect the `signInActivity` information you should have `Azure AD Premium P1/P2` license.
    :::
+1. **Collect Users Group Details**. By enabling the checkbox, you can also include the user group information in your user response. [Learn more](https://learn.microsoft.com/en-us/graph/api/directoryobject-getmembergroups?view=graph-rest-1.0&tabs=http#http-request).
+    :::note
+    To know about the permissions required to collect user group details, refer to the [Microsoft documentation](https://learn.microsoft.com/en-us/graph/api/group-get?view=graph-rest-1.0&tabs=http#permissions).
+    :::
 1. **Processing Rules for Logs**. Configure any desired filters, such as allowlist, denylist, hash, or mask, as described in [Create a Processing Rule](/docs/send-data/collection/processing-rules/create-processing-rule).
 1. When you are finished configuring the Source, click **Submit**.
 
@@ -126,6 +130,7 @@ Sources can be configured using UTF-8 encoded JSON files with the Collector Ma
 | application_id | String | Yes | `null` | Provide the Application (client) ID you got after you registered (created) the Azure Application. |  |
 | supported_apis | Array of strings | Yes | `null` | Define one or more of the available APIs to collect: Devices, and Users.| ["Devices","Users"] |
 | userSignInActivity | Boolean | No | False | Select the checkbox to include the sign in activity information in your user response. |  |
+| userGroupDetails | Boolean | No | False | Select the checkbox to include the user’s group details in your user response. |  |
 
 ### JSON example
 

static/files/c2c/microsoft-azure-ad-inventory/example.json

@@ -11,10 +11,11 @@
             "secret_key": "********",
             "application_id": "ApplicationID",
             "userSignInActivity": false,
+            "userGroupDetails": false,
             "fields": {
                 "_siemForward": false
             }
         },
         "sourceType": "Universal"
     }
-}
+}

static/files/c2c/microsoft-azure-ad-inventory/example.tf

@@ -10,6 +10,7 @@ resource "sumologic_cloud_to_cloud_source" "microsoft-azure-ad-inventory-source"
             "secret_key": "********",
             "application_id": "ApplicationID",
             "userSignInActivity": false,
+            "userGroupDetails": false,
             "fields": {
                 "_siemForward": false
             }