Merge branch 'main' into new-pantheon-workflow

Author: kimsauce

blog-collector/2025-10-03-otel.md

@@ -0,0 +1,14 @@
+---
+title: Download a collector using the CDN URL (OpenTelemetry Collector)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - otel-collector
+  - download-collector
+hide_table_of_contents: true    
+---
+
+We’re pleased to announce a new method for downloading the latest version of our OpenTelemetry collectors for Linux, macOS, and Windows. While the static URL method is still available, you now have the option to use a CDN URL via UI for better performance.
+
+:::info
+This change does not affect the UI itself. The download process looks the same, but the underlying URL now uses a CDN to improve reliability and speed. 
+:::

blog-service/2025-10-01-manage.md

@@ -0,0 +1,14 @@
+---
+title: Change to SAML Group-to-Role Mapping (Manage)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - saml
+  - authentication
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+Sumo Logic has introduced a change to the way group-to-role mapping is handled when performing on-demand role provisioning during SAML authentication. Previously, all groups included in a SAML assertion were validated against roles in Sumo Logic. Going forward, only the groups that match existing roles in Sumo Logic will be applied to the authenticating user. Any non-matching groups will be ignored. Only if no roles match with the groups passed in the assertion will an authentication fail.
+
+For more information about SAML configuration for roles provisioning, see [Configure on-demand roles provisioning](/docs/manage/security/saml/set-up-saml/#configure-on-demand-roles-provisioning).

docs/apm/traces/search-query-language-support-for-traces.md

@@ -35,6 +35,8 @@ To search your tracing data do the following:
 
 A Keyword Search Expression defines the scope of data for the query. You need to specify `_index=_trace_spans` in the scope to reference your trace data.
 
+Keyword searching is supported for tracing indexes across all fields, unlike other indexes where only the `_raw` field is searched.
+
 #### _any option
 
 In scenarios where users are not familiar with the schema and would like to search across all the fields, `_any` modifier provides a means to search for a specified value from all of the Ingest Time Fields in your data. For example, to search for data with any field that has a value of success you would put `_any=success` in the scope of your query.

docs/cse/records-signals-entities-insights/search-cse-records-in-sumo.md

@@ -162,6 +162,8 @@ You can search Cloud SIEM fields by keyword, for example:
 
 `_index=sec_record_authentication kerberos`
 
+Keyword searching is supported for security indexes across all fields, unlike other indexes where only the `_raw` field is searched.
+
 ### Referencing nested JSON fields
 
 The **Security Record Details** field contains a JSON object with all of the fields from the underlying record or signal. Some of the data is nested in one or more sub-objects, like the `fields` object for record., shown expanded in the screenshot below. The fields object contains the contents of the [fields](/docs/cse/schema/schema-attributes) field in the underlying record, which is all of the unnormalized data from the original log message before it was normalized to the Cloud SIEM schema.

docs/dashboards/dashboard-child-orgs.md

@@ -81,6 +81,7 @@ If required, toggle off the **Include current variable values in the URL** optio
 
 - Public dashboards are not supported in MSSP environments.
 - Scheduled reports are only supported at the parent organization level, not for child orgs.
+- Variable values generated by Log Search are populated using the parent organization. 
 - Metrics and span queries are supported only at the parent organization level, not for child organizations.
 - Panels containing metrics or span queries will display no data if you switch from the parent organization to any child organization.
-- When exporting a dashboard at the child organization level, panels with metrics or span queries will also show no data.
+- When exporting a dashboard at the child organization level, panels with metrics or span queries will also show no data.

docs/get-started/ai-machine-learning.md

@@ -16,6 +16,16 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 In this document, you'll learn about Sumo Logic features that leverage artificial intelligence (AI), machine learning (ML), and pattern recognition to support cloud security management, mitigate risks, reduce manual workloads for your team, and streamline incident response and resolution.
 
+## What’s new: Dojo AI for the SOC
+
+Sumo Logic Dojo AI is our agentic AI platform for security teams. It brings specialized agents that reduce manual triage, summarize investigations at the insight level, and help analysts move from reactive to proactive workflows. Dojo AI is built and deployed on AWS and focuses on governed, context-first automation designed for enterprise SOCs.
+
+* **Query Agent**. Translate plain-language questions into efficient Sumo queries to speed exploration and scoping. Works hand in hand with Mobot to improve query quality and outcomes.
+* **Summary Agent**. Generate clear, insight-level summaries that help teams understand incidents faster and respond with confidence. Available in Cloud SIEM.
+* **Availability**. Dojo AI is available through Sumo Logic and in AWS Marketplace.
+
+For more information, see: [Sumo Logic brings agentic AI into the enterprise security stack with the launch of Dojo AI on Amazon Web Services](https://www.sumologic.com/newsroom/sumo-logic-brings-agentic-ai-into-enterprise-security-stack-with-launch-of-dojo-ai-on-amazon-web-services).
+
 <details>
 <summary>What do these terms mean?</summary>
 
@@ -43,7 +53,7 @@ Through comprehensive discovery, monitoring, diagnosis, recovery, and prevention
 
 ### Mobot
 
-Mobot is our AI-based assistant designed that simplifies log analysis by allowing you to ask questions in plain English and provides search suggestions without the need to write log queries. Through plain English queries and automatic log query generation, Mobot simplifies the investigation process, allowing even users without extensive log analysis expertise to pinpoint anomalies and potential threats efficiently.
+Mobot is our AI-based assistant designed that simplifies log analysis by allowing you to ask questions in plain language and provides search suggestions without the need to write log queries. Through plain language queries and automatic log query generation, Mobot simplifies the investigation process, allowing even users without extensive log analysis expertise to pinpoint anomalies and potential threats efficiently.
 
 With Mobot, you can effortlessly investigate complex issues without writing intricate log queries manually. Its intuitive interface guides users through each step of the investigation, refining queries based on AI prompts and feedback. This streamlined approach accelerates the identification of security threats, empowering users to make informed decisions rapidly and proactively detect potential risks. [Learn more](/docs/search/mobot).
 
@@ -81,11 +91,20 @@ Sumo Logic offers seamless integrations with various AI-driven platforms to enab
 
 Our Sumo Logic AI for Security functionality empowers SOC analysts and threat hunters to effectively safeguard their technology stack against evolving threats. By integrating advanced tools for discovery, detection, investigation, response, and protection, we minimize dwell time, reduce false positives, accelerate incident resolution, and proactively prevent future incidents, ensuring robust security and resilience for your cloud, container, and on-prem resources.
 
+### Dojo AI (agentic AI for the SOC)
+
+Dojo AI brings governed, specialized agents into daily SOC workflows so you can cut manual triage, accelerate query-to-answer steps, and get consistent, insight-level investigation summaries. Built and deployed on AWS, Dojo AI focuses on measurable gains in accuracy and response time with a human in the loop.
+
+* **Query Agent**. Ask questions in plain language and get optimized Sumo Logic queries that speed data exploration.
+* **Summary Agent**. See AI-generated summaries on insights in Cloud SIEM to understand incidents faster.
+* **Get it**. Available from Sumo Logic and in AWS Marketplace.
+
 ### Cloud SIEM
 
 #### Insight summary
 
-Sumo Logic's Dojo AI Summary Agent, an agentic AI tool, generates a synopsis for each insight that describes the threat incidents that led to its creation. This helps security teams understand incidents faster and accelerate response time. [Learn more](/docs/cse/get-started-with-cloud-siem/insight-summary/).
+Sumo Logic's Dojo AI **Summary** Agent, an agentic AI tool, generates a synopsis for each insight that describes the threat incidents that led to its creation. This helps security teams understand incidents faster and accelerate response time. [Learn more](/docs/cse/get-started-with-cloud-siem/insight-summary/).
+
 
 #### Rules
 
@@ -102,15 +121,11 @@ Our Global Intelligence Service apps provide security teams with valuable real-t
 ## Additional resources
 
 * Guide: [Understanding artificial intelligence for log analytics](https://www.sumologic.com/guides/machine-data-analytics)
-* Blogs: 
+* Blogs:
+   * [Welcome to Dojo AI: Where AI agents strengthen your SOC](https://www.sumologic.com/blog/welcome-dojo-ai-agents-soc)
    * [What are the differences between artificial intelligence, machine learning, deep learning and generative AI?](https://www.sumologic.com/blog/machine-learning-deep-learning)
    * [DevSecOps in an AI world requires disruptive log economics](https://www.sumologic.com/blog/devsecops-ai-disruptive-log-economics)
    * [Generative AI: The latest example of systems of insight](https://www.sumologic.com/blog/generative-ai-latest-example-systems-of-insight)
    * [Harnessing the power of artificial intelligence in log analytics](https://www.sumologic.com/blog/power-ai-log-analytics/)
    * [Reduce alert noise, automate incident response and keep coding with AI-driven alerting](https://www.sumologic.com/blog/ai-driven-low-noise-alerts/)
-
-<!--
--Bashyam's blog about how we trained our AI
--Flex Pricing? The more log data ingested, the sharper your analytics and ML/AI insights become. By eliminating ingest limitations and empowering an ML/AI-driven single source of truth for analytics, Flex enables DevOps and DevSecOps teams to troubleshoot faster, accelerate release velocity, and ensure reliable, secure digital experiences.
--Splunk-to-Sumo conversion migration tool?
--->
+* News: [Dojo AI launch announcement](https://www.sumologic.com/newsroom/sumo-logic-brings-agentic-ai-into-enterprise-security-stack-with-launch-of-dojo-ai-on-amazon-web-services)

docs/integrations/hosts-operating-systems/opentelemetry/linux-opentelemetry.md

@@ -71,7 +71,7 @@ import SetupColl from '../../../reuse/apps/opentelemetry/set-up-collector.md';
 
 <SetupColl/>
 
-<img src='https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Linux-OpenTelemetry/Linux-Collector.png' style={{border:'1px solid gray'}} alt="Collector" />
+<img src={useBaseUrl('img/send-data/opentelemetry-collector/linux-install-ui.png')} alt="linux-terminal" style={{border: '1px solid gray'}} width="900"/>
 
 ### Step 2: Configure integration
 

docs/integrations/hosts-operating-systems/opentelemetry/macos-opentelemetry.md

@@ -46,7 +46,7 @@ import SetupColl from '../../../reuse/apps/opentelemetry/set-up-collector.md';
 
 <SetupColl/>
 
-<img src='https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Mac-OpenTelemetry/Mac-Collector.png' style={{border:'1px solid gray'}} alt="Collector" />
+<img src={useBaseUrl('img/send-data/opentelemetry-collector/macos-install-ui.png')} alt="macos-terminal" style={{border: '1px solid gray'}} width="900"/>
 
 ### Step 2: Configure integration
 

docs/integrations/hosts-operating-systems/opentelemetry/windows-opentelemetry.md

@@ -59,7 +59,7 @@ import SetupColl from '../../../reuse/apps/opentelemetry/set-up-collector.md';
 
 <SetupColl/>
 
-<img src='https://sumologic-app-data-v2.s3.amazonaws.com/dashboards/Windows-OpenTelemetry/Windows-Collector.png' style={{border:'1px solid gray'}} alt="Collector" />
+<img src={useBaseUrl('img/send-data/opentelemetry-collector/windows-install-ui.png')} alt="windows-terminal" style={{border: '1px solid gray'}} width="900"/>
 
 ### Step 2: Configure integration
 

docs/platform-services/automation-service/app-central/integrations/virustotal-v3.md

@@ -8,8 +8,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/virustotal.png')} alt="virustotal"
 width="100"/>
 
-***Version: 1.1
-Updated: July 22, 2025***
+***Version: 1.3
+Updated: October 3, 2025***
 
 Perform threat intelligence evidence gathering with [VirusTotal V3 API](https://docs.virustotal.com/reference/overview).
 
@@ -70,3 +70,5 @@ For information about VirusTotal v3, see [VirusTotal v3 documentation](https://d
     + It is an updated version of VirusTotal which works with V3 API.
 * July 22, 2025
     + Fixed url parsing issue in **URL Reputation** action.
+* October 3, 2025
+    + Implemented polling mechanism (poll_analysis) in *Scan URL* action to wait until VirusTotal scan status becomes completed.