Make terms lowercase in 'Sensors' section

Author: jpipkin1

docs/cse/sensors/index.md

@@ -21,7 +21,7 @@ In this section, we'll introduce the following concepts:
 <div className="box smallbox card">
   <div className="container">
   <a href="/docs/cse/sensors/sensor-download-locations"><img src={useBaseUrl('img/icons/operations/sensor.png')} alt="Database icon" width="40"/><h4>Sensor Download Locations</h4></a>
-  <p>Learn about where to download the Cloud SIEM Network sensor that's specific to your Cloud SIEM deployment.</p>
+  <p>Learn about where to download the Cloud SIEM Network Sensor that's specific to your Cloud SIEM deployment.</p>
   </div>
 </div>
 <div className="box smallbox card">

docs/cse/sensors/ingest-zeek-logs.md

@@ -30,7 +30,7 @@ After configuring the appropriate source, use one of the methods described in [E
 
 ### Enable parsing and mapping of Zeek logs
 
-This configuration step is required to ensure that Cloud SIEM knows how to parse incoming Zeek logs, correctly map the log fields to schema attributes, and create Cloud SIEM Records. The most important bit of information is what type of data a particular log contains. Zeek has a variety of log types, for example `conn` for TCP/UDP/ICMP connections, `http` for HTTP requests and replies, and `ftp` for FTP activity.
+This configuration step is required to ensure that Cloud SIEM knows how to parse incoming Zeek logs, correctly map the log fields to schema attributes, and create Cloud SIEM records. The most important bit of information is what type of data a particular log contains. Zeek has a variety of log types, for example `conn` for TCP/UDP/ICMP connections, `http` for HTTP requests and replies, and `ftp` for FTP activity.
 
 So, how to determine whether a Zeek log is a `conn`, `http`, `ftp`, or some other log type? Zeek logs don’t contain a key that explicitly holds a value that is only the log type identifier. There are two options for dealing with this:
 
@@ -111,7 +111,7 @@ Perform these steps for each of the FERs.
 This section describes using the Cloud SIEM Network Sensor. [Network Sensor has reached its end of life](/docs/cse/sensors/network-sensor-end-of-life/). Instead, use Zeek. For more information, see [Supported collection method: Sumo Logic Source](#supported-collection-method-sumo-logic-source) above. 
 :::
 
-You can use Cloud SIEM’s Network Sensor to collect Zeek logs and upload them to an HTTP Source on a Sumo Logic Hosted Collector. This method ensures that supported Bro policies are enabled and that the supported Bro output format is configured. It also results in the creation of Cloud SIEM Records from the raw Zeek log messages. For instructions, see [Network Sensor Deployment Guide](/docs/cse/sensors/network-sensor-deployment-guide). 
+You can use Cloud SIEM’s Network Sensor to collect Zeek logs and upload them to an HTTP Source on a Sumo Logic Hosted Collector. This method ensures that supported Bro policies are enabled and that the supported Bro output format is configured. It also results in the creation of Cloud SIEM records from the raw Zeek log messages. For instructions, see [Network Sensor Deployment Guide](/docs/cse/sensors/network-sensor-deployment-guide). 
 
 The Network Sensor extracts files observed over cleartext protocols that match selected MIME types. You can configure what types will be extracted using the [extracted_file_types](/docs/cse/sensors/network-sensor-deployment-guide) property in the Network Sensor’s configuration file, `trident-sensor.cfg`. By default the sensor will upload password-protected zip files and the following types of executables:
 

docs/cse/sensors/network-sensor-deployment-guide.md

@@ -46,11 +46,11 @@ Forward proxies, such as HTTP web proxies, broker client connections to the inte
 
 The following diagram Illustrates optimal sensor positioning prior to a web proxy.
 
-<img src={useBaseUrl('img/cse/Network_Sensor_Deployment_Guide_SS_1.png')} alt="Network sensor deployment" width="800"/>
+<img src={useBaseUrl('img/cse/Network_Sensor_Deployment_Guide_SS_1.png')} alt="Network Sensor deployment" width="800"/>
 
-Sumo Logic advises positioning network sensors for visibility at a monitoring point immediately in front of the proxy server(s). This allows the sensor to record client source addresses and to see all web requests prior to content filtering. This is an important factor for a number of Cloud SIEM’s rules and analytics, which rely on knowing the “true” source of requests. Because a number of threats beacon to remote internet servers, seeing even those requests that are filtered by a proxy server is important for monitoring and response.
+Sumo Logic advises positioning Network Sensors for visibility at a monitoring point immediately in front of the proxy server(s). This allows the sensor to record client source addresses and to see all web requests prior to content filtering. This is an important factor for a number of Cloud SIEM’s rules and analytics, which rely on knowing the “true” source of requests. Because a number of threats beacon to remote internet servers, seeing even those requests that are filtered by a proxy server is important for monitoring and response.
 
-Positioning the network sensor after a forward proxy is not advised. This placement results in the sensor seeing all traffic sourced from the proxy and complicates (or renders impossible) the ability to determine which assets or users on the LAN were the origin of the traffic.
+Positioning the Network Sensor after a forward proxy is not advised. This placement results in the sensor seeing all traffic sourced from the proxy and complicates (or renders impossible) the ability to determine which assets or users on the LAN were the origin of the traffic.
 
 #### Explicit versus transparent forward proxies and server access logs
 
@@ -88,7 +88,7 @@ This section describes resource requirements and prerequisites for Network Senso
 
 ### Host resource requirements
 
-We recommend installing the network sensor on a host with at least two interfaces - one for traffic monitoring and one for management. That way, the sensor doesn't process and upload traffic associated with sensor management for analysis.
+We recommend installing the Network Sensor on a host with at least two interfaces - one for traffic monitoring and one for management. That way, the sensor doesn't process and upload traffic associated with sensor management for analysis.
 
 The system upon which you install the Network Sensor must have the following resources, at a minimum. Depending on expected throughput, additional core, memory, and storage resources may be required, as shown in [Throughput-dependent resource requirements](#throughput-dependent-resource-requirements)
 below. 
@@ -98,7 +98,7 @@ below. 
 | CentOS 7 or Ubuntu 16, 18, 20 | 4           | 4GB          | 250GB          |
 
 :::note
-Before you deploy the network sensor, make sure you know the TAP or SPAN interface upon which captured data is available.
+Before you deploy the Network Sensor, make sure you know the TAP or SPAN interface upon which captured data is available.
 :::
 
 ### Prerequisites for CentOS
@@ -127,7 +127,7 @@ reboot
 | 1.75gbps | 10 | 28GB | 500GB |
 | 2gbps+ | Consult your SE. | Consult SE<br/>(Estimate is 4GB per 250Mbs) | Consult your SE. |
 
-### Outbound Firewall Rules
+### Outbound firewall rules
 
 See [Securing access to Sumo Logic infrastructure via DNS name or IP address](/docs/api/getting-started#securing-access-to-sumo-logic-infrastructure-via-dns-name-or-ip-address) for information on how to configure your firewall for outbound access to Sumo Logic.
 
@@ -342,7 +342,7 @@ Configured by wizard? No
 
 ### no_data_cutoff
 
-**Description.** Threshold used to determine when data is being captured by the Network Sensor (value is in Records per second). When Records per second is below this threshold for a status report interval (default is 5 minutes) the report will be counted towards [no_data_restart_threshold](#no_data_restart_threshold). Use this parameter to tune automatic restarts of the Network Sensor when no data is being captured/reported (requires `no_data_restart_threshold` to be set, the recommended value for this parameter is 3, as described below ).
+**Description.** Threshold used to determine when data is being captured by the Network Sensor (value is in records per second). When records per second is below this threshold for a status report interval (default is 5 minutes) the report will be counted towards [no_data_restart_threshold](#no_data_restart_threshold). Use this parameter to tune automatic restarts of the Network Sensor when no data is being captured/reported (requires `no_data_restart_threshold` to be set, the recommended value for this parameter is 3, as described below ).
 
 **Default value.** 3
 

docs/cse/sensors/network-sensor-troubleshooting.md

@@ -11,7 +11,7 @@ import SensorEOL from '../../reuse/cloud-siem-network-sensor-eol.md';
 <SensorEOL/>
 :::
 
-The Cloud SIEM Network Sensor is a flexible network security monitor that monitors IP networks and collects flow and protocol session data, building audit records of network communications. As with all network sensors, performance is a key consideration for proper operation and comprehensive data collection. The installation of the Cloud SIEM network sensor configures the sensor with reasonable defaults for many environments. For other environments, such as high throughput deployments, Sumo Logic advises the use of a supported 3rd party Bro/Zeek sensor offering or a custom Zeek cluster deployment.
+The Cloud SIEM Network Sensor is a flexible network security monitor that monitors IP networks and collects flow and protocol session data, building audit records of network communications. As with all Network Sensors, performance is a key consideration for proper operation and comprehensive data collection. The installation of the Cloud SIEM Network Sensor configures the sensor with reasonable defaults for many environments. For other environments, such as high throughput deployments, Sumo Logic advises the use of a supported 3rd party Bro/Zeek sensor offering or a custom Zeek cluster deployment.
 
 ## General Troubleshooting
 
@@ -45,7 +45,7 @@ A number of statistics named with “errors” are available. All of them ideall
 
 ### PF_RING
 
-PF_RING enables accelerated network packet capture under Linux and is included in the default Cloud SIEM network sensor installation.
+PF_RING enables accelerated network packet capture under Linux and is included in the default Cloud SIEM Network Sensor installation.
 
 PF_RING configuration information is available in `/proc/net/pf_ring/info`. Information on interfaces may be found in `/proc/net/pf_ring/dev/<interface>/info`.
 
@@ -59,15 +59,15 @@ It can be helpful to verify that Bro is linked against the PF_RING enabled libpc
 $(ldd /opt/trident/sensor/bro/bin/zeek | awk '{print $3}' | grep libpcap) >/dev/null && echo "PF_RING enabled"
 ```
 
-### Network Sensor stops capturing traffic
+### Network sensor stops capturing traffic
 
-Zeek can get into a state where it runs out of memory and stops processing traffic but does not crash. This has been observed on RHEL 7.9. To automatically restart the sensor when consecutive status reports with low Records per second is observed use [no_data_restart_threshold](/docs/cse/sensors/network-sensor-deployment-guide#no_data_restart_threshold) (recommended value 3), and [no_data_cutoff](/docs/cse/sensors/network-sensor-deployment-guide#no_data_cutoff) to tune the record threshold if needed.
+Zeek can get into a state where it runs out of memory and stops processing traffic but does not crash. This has been observed on RHEL 7.9. To automatically restart the sensor when consecutive status reports with low records per second is observed use [no_data_restart_threshold](/docs/cse/sensors/network-sensor-deployment-guide#no_data_restart_threshold) (recommended value 3), and [no_data_cutoff](/docs/cse/sensors/network-sensor-deployment-guide#no_data_cutoff) to tune the record threshold if needed.
 
 ## Monitoring Capture Performance
 
-Security monitoring can be complex. Network data capture is a system with many layers, and degradation or faults at one layer can affect the whole. Performance starts at the initial traffic acquisition source (i.e. TAPs, SPANs/port mirrors) and ends with the monitoring software itself (Bro/Zeek). Along the way a number of hardware and software components are involved, such as cabling, capture network interface cards, CPU, memory, drivers, OS kernel, memory buffers, and numerous settings. Some work fine as defaults and others must be tuned correctly. All components must be monitored and validated for proper operation. This document provides an overview of how to properly configure and monitor some of the important components in a network sensor deployment.
+Security monitoring can be complex. Network data capture is a system with many layers, and degradation or faults at one layer can affect the whole. Performance starts at the initial traffic acquisition source (i.e. TAPs, SPANs/port mirrors) and ends with the monitoring software itself (Bro/Zeek). Along the way a number of hardware and software components are involved, such as cabling, capture network interface cards, CPU, memory, drivers, OS kernel, memory buffers, and numerous settings. Some work fine as defaults and others must be tuned correctly. All components must be monitored and validated for proper operation. This document provides an overview of how to properly configure and monitor some of the important components in a Network Sensor deployment.
 
-Sumo Logic recommends that network sensor admins monitor and collect performance statistics from deployed sensors. Doing so can help with tracking and spotting faults when they occur and help plan for adequate system resources. 
+Sumo Logic recommends that Network Sensor admins monitor and collect performance statistics from deployed sensors. Doing so can help with tracking and spotting faults when they occur and help plan for adequate system resources. 
 
 In the examples below, we use `eno1` as the example interface name. Substitute the proper interface name(s) on your sensor as needed.
 
@@ -106,7 +106,7 @@ Having verified performance of the data delivery path, the next focus area is Br
 
 ## CaptureLoss
 
-An important metric Zeek log that is collected from the Cloud SIEM network sensor is the notice `CaptureLoss::Too_Much_Loss`. Zeek internally tracks loss rates by observing when streams arrive with gaps indicating missing segments in the stream. Because this metric relates directly to traffic monitored by Zeek, it may either indicate packet loss in Zeek itself, or a loss condition happening elsewhere upstream from Zeek (anywhere along the line). This notice is logged on a periodic basis when a configured threshold is exceeded and is the topic of a key FAQ. https://www.zeek.org/documentation/faq.html#how-can-i-reduce-the-amount-of-captureloss-or-dropped-packets-notice It is possible to analyze occurrences of CaptureLoss notices in Cloud SIEM using the following query in an Sumo Logic log search tab.
+An important metric Zeek log that is collected from the Cloud SIEM Network Sensor is the notice `CaptureLoss::Too_Much_Loss`. Zeek internally tracks loss rates by observing when streams arrive with gaps indicating missing segments in the stream. Because this metric relates directly to traffic monitored by Zeek, it may either indicate packet loss in Zeek itself, or a loss condition happening elsewhere upstream from Zeek (anywhere along the line). This notice is logged on a periodic basis when a configured threshold is exceeded and is the topic of a key FAQ. https://www.zeek.org/documentation/faq.html#how-can-i-reduce-the-amount-of-captureloss-or-dropped-packets-notice It is possible to analyze occurrences of CaptureLoss notices in Cloud SIEM using the following query in an Sumo Logic log search tab.
 
 `_sourceCategory = "cse/network/notice" | where note = "CaptureLoss::Too_Much_Loss"`
 

docs/cse/sensors/sensor-download-locations.md

@@ -1,7 +1,7 @@
 ---
 id: sensor-download-locations
 title: Sensor Download Locations
-description: The Cloud SIEM Network sensor can be downloaded from a static URL that is specific to your Cloud SIEM deployment.
+description: The Cloud SIEM Network Sensor can be downloaded from a static URL that is specific to your Cloud SIEM deployment.
 ---
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
@@ -13,9 +13,9 @@ import SensorEOL from '../../reuse/cloud-siem-network-sensor-eol.md';
 
 The Cloud SIEM Network Sensor can be downloaded from a static URL that is specific to your Cloud SIEM deployment. Each Sumo Logic deployment has URLs used to download sensor software. If you are not sure which endpoint to use, see How can I determine which endpoint I should use?
 
-## Installing the Network sensor
+## Installing the Network Sensor
 
-After downloading the Network sensor appropriate for your system architecture, run this command:
+After downloading the Network Sensor appropriate for your system architecture, run this command:
 
 ```bash
 sudo wget -q -O - <URL> | sudo /bin/bash

docs/reuse/cloud-siem-network-sensor-eol.md

@@ -1 +1 @@
-This article describes using the Cloud SIEM Network Sensor. [Network Sensor has reached its end of life](/docs/cse/sensors/network-sensor-end-of-life/). Instead, use Zeek. For more information, see [Ingest Zeek Logs](/docs/cse/sensors/ingest-zeek-logs/). 
+This article describes using the Cloud SIEM Network Sensor. [The Network Sensor has reached its end of life](/docs/cse/sensors/network-sensor-end-of-life/). Instead, use Zeek. For more information, see [Ingest Zeek Logs](/docs/cse/sensors/ingest-zeek-logs/).