Merge branch 'main' into DOCS-811

Author: kimsauce

.github/workflows/build_and_deploy.yml

@@ -28,7 +28,7 @@ on:
 
 jobs:
   build-and-deploy:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     environment:
       name: ${{ inputs.environment }}
       url: ${{ inputs.hostname }}${{ inputs.base_url }}

.github/workflows/delete-review.yml

@@ -4,7 +4,7 @@ on: delete
 
 jobs:
   delete-branch-environment:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     environment:
       name: review/${{ github.ref_name }}
     env:

.github/workflows/pr.yml

@@ -10,7 +10,7 @@ on:
 
 jobs:
     build-and-deploy:
-      runs-on: ubuntu-22.04
+      runs-on: ubuntu-latest
       env:
           CI: true
           NODE_ENV: production

blog-cse/2025-04-25-content.md

@@ -0,0 +1,32 @@
+---
+title: April 25, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes:
+- Fixes for Threat Intelligence rules to correct match expression syntax for hash and HTTP referrer.
+- Parsing and mapping updates for Microsoft Office 365 to improve target user visibility.
+
+## Rules
+- [Updated] MATCH-S01009 Threat Intel - HTTP Referrer
+- [Updated] MATCH-S01012 Threat Intel - HTTP Referrer Root Domain
+- [Updated] MATCH-S00999 Threat Intel - IMPHASH Match
+- [Updated] MATCH-S01000 Threat Intel - MD5 Match
+- [Updated] MATCH-S01001 Threat Intel - PEHASH Match
+- [Updated] MATCH-S01003 Threat Intel - SHA1 Match
+- [Updated] MATCH-S01004 Threat Intel - SHA256 Match
+- [Updated] MATCH-S01002 Threat Intel - SSDEEP Match
+
+## Log Mappers
+- [Updated] Microsoft Office 365 Active Directory Authentication Events
+- [Updated] Microsoft Office 365 AzureActiveDirectory Events
+
+## Parsers
+- [Updated] /Parsers/System/Microsoft/Office 365

blog-service/2025-04-28-manage.md

@@ -0,0 +1,17 @@
+---
+title: Content Sharing for Apps (Manage)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - manage
+  - apps
+  - content sharing
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We are happy to announce that authorized users can now control the visibility of  installed app content. This update allows content administrators and the installing user to configure the roles and users who should be allowed to view the dashboards and log searches that are installed with an app.
+
+For more information about sharing apps, see [Content Sharing in Sumo Logic](/docs/manage/content-sharing/).
+
+<img src={useBaseUrl('img/content-sharing/grant-app-access-to-org.png')} alt="<your image description>" style={{border: '1px solid gray'}} width="<insert-pixel-number>" />

cid-redirects.json

@@ -4307,6 +4307,7 @@
   "/docs/manage/partitions/flex/estimate-and-actual-scan-data": "/docs/manage/partitions/flex/estimate-scan-data",
   "/docs/manage/partitions/flex/flex-pricing-faqs": "/docs/manage/partitions/flex/faq",
   "/docs/manage/partitions/flex/flex-pricing-faq": "/docs/manage/partitions/flex/faq",
+  "/docs/platform-services/automation-service/app-central/integrations/exana-open-dns": "/docs/platform-services/automation-service/app-central/integrations",
   "/docs/platform-services/automation-service/app-central/integrations/snowflake": "/docs/platform-services/automation-service/app-central/integrations",
   "/docs/integrations/security-threat-detection/palo-alto-networks-6": "/docs/integrations/security-threat-detection/palo-alto-networks-9",
   "/docs/integrations/security-threat-detection/palo-alto-networks-8":"/docs/integrations/security-threat-detection/palo-alto-networks-9",

docs/alerts/webhook-connections/set-up-webhook-connections.md

@@ -47,7 +47,7 @@ To set up a webhook connection:
 1. (Optional) Enter a **Description** for the connection.
 1. Enter the **URL** for the endpoint. This is generated from the remote system’s API.
     :::important
-    Only HTTPS (`port 443`) and HTTP (`port 80`) URLs are supported. 
+    HTTPS URLs can use any port without restriction, while HTTP URLs are limited to only port 80.
     :::
 1. (Optional) If the third-party system requires an **Authorization Header**, enter it here. For more information, see [Example Authorization Header](#example-authorization-header) below.
 1. (Optional) **Custom Headers**, enter up to five comma separated key-value pairs.

docs/cse/administration/create-custom-threat-intel-source.md

@@ -31,7 +31,7 @@ You can search using the same functionality available for other Cloud SIEM searc
 
 When Cloud SIEM encounters an indicator from a threat source in an incoming record, it adds relevant information to the record. Because threat intelligence information is persisted within records, you can reference it downstream in both rules and search. The built-in rules that come with Cloud SIEM automatically create a signal for records that have been enriched in this way.
 
-Rule authors can also write rules that look for threat intelligence information in records. To leverage the information in a rule, you can extend your custom rule expression, or add a rule tuning expression to a built-in rule. For a more detailed explanation of how to use threat intelligence information in rules, see [Threat Intelligence Indicators in Cloud SIEM](/docs/security/threat-intelligence/threat-indicators-in-cloud-siem/).
+Rule authors can also write rules that look for threat intelligence information in records. To leverage the information in a rule, you can extend your custom rule expression, or add a rule tuning expression to a built-in rule. For a more detailed explanation of how to use threat intelligence information in rules, see [Find Threats with Cloud SIEM](/docs/security/threat-intelligence/threat-indicators-in-cloud-siem/).
 
 ### Target fields for threat indicators
 

docs/cse/integrations/configuring-threatq-source-in-cse.md

@@ -15,7 +15,7 @@ To do so, [ingest threat intelligence indicators](/docs/security/threat-intellig
 
 ## Looking for ThreatQ indicators using Cloud SIEM rules
 
-Threat Intelligence sources are used at the time of record ingestion. When a record is ingested, Cloud SIEM determines whether any of the fields in the record exist in any of your Threat Intelligence sources. When a record contains a value that matches an entry in one or more Threat Intelligence sources, the `hasThreatMatch` Cloud SIEM rules function searches incoming records in Cloud SIEM for matches to threat intelligence indicators. For more information, see [Threat Intelligence Indicators in Cloud SIEM](/docs/security/threat-intelligence/threat-indicators-in-cloud-siem/).
+Threat Intelligence sources are used at the time of record ingestion. When a record is ingested, Cloud SIEM determines whether any of the fields in the record exist in any of your Threat Intelligence sources. When a record contains a value that matches an entry in one or more Threat Intelligence sources, the `hasThreatMatch` Cloud SIEM rules function searches incoming records in Cloud SIEM for matches to threat intelligence indicators. For more information, see [Find Threats with Cloud SIEM](/docs/security/threat-intelligence/threat-indicators-in-cloud-siem/).
 -->
 
 This topic has information about configuring a ThreatQ source in Cloud SIEM.

docs/cse/integrations/integrate-cse-with-taxii-feed.md

@@ -37,7 +37,7 @@ Threat intelligence indicators allow you to enrich incoming records with threat
 
 Because the threat intel information is persisted within records, you can reference it downstream in both rules and search. The built-in rules that come with Cloud SIEM will also automatically create a signal for any record with a match from your threat feed. 
 
-For more information, see [Threat Intelligence Indicators in Cloud SIEM](/docs/security/threat-intelligence/threat-indicators-in-cloud-siem/).
+For more information, see [Find Threats with Cloud SIEM](/docs/security/threat-intelligence/threat-indicators-in-cloud-siem/).
 
 -->