Merge branch 'main' into oracle-otel-update

Author: chetanchoudhary-sumo

blog-cse/2025-07-09-content.md

@@ -0,0 +1,30 @@
+---
+title: July 09, 2025 - Content Release
+image: https://help.sumologic.com/img/reuse/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+This release includes:
+- Rule bug fix.
+- New device support for Aruba WAP, Oracle Cloud Infrastructure, and Mindpoint SurePass.
+- Updated mapper alternate values for Cloudflare Logpush.
+
+### Rules
+- [Updated] LEGACY-S00005 Possible Black Energy Command and Control
+    - Corrected rule expression for rootDomain to use correct schema field name.
+
+### Log Mappers
+- [New] Aruba WAP
+- [New] Oracle Cloud Infrastructure Audit Catch All
+- [New] Surepass Authentication
+- [New] Surepass Cath All
+- [New] Surepass Network Event
+- [Updated] Cloudflare - Logpush
+
+### Parsers
+- [New] /Parsers/System/HP/Aruba WAP
+- [New] /Parsers/System/Mindpoint Group/Mindpoint SurePass
+- [New] /Parsers/System/Oracle/Oracle Cloud Infrastructure

blog-service/2024/12-31.md

@@ -280,9 +280,9 @@ Explore our technical documentation [here](/docs/integrations/saas-cloud/kandji/
 
 ### November 05, 2024 (Alerts)
 
-#### AI-Driven Alerts for Metrics Anomalies
+#### Alerts for Metrics Anomalies
 
-We're excited to announce the general availability of AI-driven alerts for metrics anomalies, extending our AI-driven alerting capabilities to include metrics-based monitors. This new feature aims to reduce alert fatigue and accelerate incident resolution through the use of automated playbooks. [Learn more](/docs/alerts/monitors/create-monitor).
+We're excited to announce the general availability of alerts for metrics anomalies, extending our alerting capabilities to include metrics-based monitors. This new feature aims to reduce alert fatigue and accelerate incident resolution through the use of automated playbooks. [Learn more](/docs/alerts/monitors/create-monitor).
 
 ##### Key features
 
@@ -373,9 +373,9 @@ We’ve added the **Convert to Anomaly** option, allowing you to convert outlier
 
 ### October 22, 2024 (Alerts)
 
-#### AI-Driven Alerts for Metrics Anomalies
+#### Alerts for Metrics Anomalies
 
-We're excited to announce the preview of AI-driven alerts for metrics anomalies, extending our AI-driven alerting to metrics-based monitors. This preview release helps reduce alert fatigue and enables faster incident resolution with automated playbooks.
+We're excited to announce the preview of alerts for metrics anomalies, extending our alerting to metrics-based monitors. This preview release helps reduce alert fatigue and enables faster incident resolution with automated playbooks.
 
 ##### Key Features
 
@@ -957,7 +957,7 @@ Learn more [here](/docs/integrations/amazon-aws/api-gateway/).
 
 ### March 12, 2024 (Alerts)
 
-#### Monitor Enhancements - AI-Driven Alerting
+#### Monitor Enhancements - Anomaly Alerting
 
 We're happy to announce two new monitoring features that allow you to generate alerts that notify you of suspicious behavior and automatically run playbooks to address it.
 

blog-service/2025-07-04-collection.md

@@ -0,0 +1,12 @@
+---
+title: Vectra Source (Collection)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - c2c
+  - vectra-source
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to announce the release of our new cloud-to-cloud source for Vectra. This source aims to collect the threat detections from the Vectra platform and send them to Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source).

blog-service/2025-07-07-collection.md

@@ -0,0 +1,12 @@
+---
+title: Zimperium MTD Source (Collection)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - c2c
+  - zimperium-mtd-source
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to announce the release of our new cloud-to-cloud source for Zimperium MTD. This source aims to collect the device logs from the Zimperium API and send it to Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source).

cid-redirects.json

@@ -1679,6 +1679,7 @@
   "/cid/10128": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vmware-workspace-one-source",
   "/cid/10129": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/dragos-source",
   "/cid/10731": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/akamai-cpc-source",
+  "/cid/10732": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zimperium-mtd-source", 
   "/cid/10135": "/docs/manage/manage-subscription/create-and-manage-orgs/manage-org-settings",
   "/cid/10136": "/docs/send-data/hosted-collectors/amazon-aws/aws-kinesis-firehose-logs-source",
   "/cid/10234": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trellix-mvisio-epo-source",
@@ -2899,6 +2900,7 @@
   "/cid/21035": "/docs/integrations/google/cloud-traffic-director",
   "/cid/21036": "/docs/integrations/google/cloud-vertex-ai",
   "/cid/21037": "/docs/integrations/google/cloud-vpn",
+  "/cid/21039": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source",
   "/cid/21097": "/docs/integrations/saas-cloud/confluent-cloud",
   "/cid/21040": "/docs/manage/manage-subscription/create-and-manage-orgs/create-manage-orgs-service-providers",
   "/cid/21038": "/docs/integrations/containers-orchestration/vmware-tanzu-application-service",
@@ -3909,6 +3911,7 @@
   "/Beta/SLO_Reliability_Management/Access_and_Create_SLOs": "/docs/observability/reliability-management-slo",
   "/Beta/Workday/Collect_Logs_for_the_Workday_App": "/docs/integrations/saas-cloud/workday",
   "/docs/beta/search-log-level": "/docs/search/get-started-with-search/search-page/log-level",
+  "/docs/search/get-started-with-search/search-page/event-analytics/": "/docs/search/get-started-with-search/search-page",
   "/Cloud_SIEM_Enterprise/Entities_and_Insights": "/docs/cse/records-signals-entities-insights",
   "/Cloud_SIEM_Enterprise/Entities_and_Insights/Insight_Generation_Process": "/docs/cse/records-signals-entities-insights",
   "/Cloud_SIEM_Enterprise/Entities_and_Insights/Global_Intelligence_for_Security_Insights": "/docs/cse/records-signals-entities-insights/global-intelligence-security-insights",

docs/alerts/monitors/create-monitor.md

@@ -9,7 +9,7 @@ import Iframe from 'react-iframe';
 
 This guide will walk you through the steps of creating a monitor in Sumo Logic, from setting up trigger conditions to configuring advanced settings, notifications, and playbooks.
 
-Our AI-driven alerts use machine learning to analyze historical data, establish baselines, detect significant deviations, and filter out irrelevant alerts to reduce alert fatigue and help teams focus on critical issues. These capabilities apply to both logs and metrics, providing a comprehensive monitoring solution. With seasonality detection and customizable anomaly clustering, false positives are minimized, enabling faster issue resolution.
+Our alerts use machine learning to analyze historical data, establish baselines, detect significant deviations, and filter out irrelevant alerts to reduce alert fatigue and help teams focus on critical issues. These capabilities apply to both logs and metrics, providing a comprehensive monitoring solution. With seasonality detection and customizable anomaly clustering, false positives are minimized, enabling faster issue resolution.
 
 Integrated playbooks automate incident response by gathering diagnostics, notifying teams, triggering recovery actions, and streamlining workflows to improve response times. You can link playbooks to monitors to automate tasks such as restarting services or scaling infrastructure, ensuring swift and efficient anomaly resolution.
 
@@ -88,7 +88,7 @@ Set specific threshold conditions for well-defined KPIs with constant thresholds
 
 #### Anomaly
 
-Leverage machine learning to identify unusual behavior and suspicious patterns by establishing baselines for normal activity. This *AI-driven alerting* system uses historical data to minimize false positives and alerts you to deviations.
+Leverage machine learning to identify unusual behavior and suspicious patterns by establishing baselines for normal activity. This alerting system uses historical data to minimize false positives and alerts you to deviations.
 
 * **Model-driven detection**. Machine learning models create accurate baselines, eliminating guesswork and noise.
 * **AutoML**. The system self-tunes with seasonality detection, minimizing user intervention and adjusting for recurring patterns to reduce false positives.
@@ -98,7 +98,7 @@ Leverage machine learning to identify unusual behavior and suspicious patterns b
 * **Customizable detection**. Use advanced rules like "Cluster anomalies" to detect multiple data points exceeding thresholds within a set timeframe.
 
 :::sumo Micro Lesson
-Learn about AI-driven alerting.
+Watch this micro lesson to learn about anomaly monitors.
 
 <Iframe url="https://fast.wistia.net/embed/iframe/8z9b2zqtc3?web_component=true&seo=true&videoFoam=false"
   width="854px"

docs/alerts/scheduled-searches/create-real-time-alert.md

@@ -29,7 +29,7 @@ Monitors offer significant improvements over Real-Time Scheduled Searches, inclu
 * [Multiple trigger conditions](/docs/alerts/monitors/create-monitor/#step-1-set-trigger-conditions) (Critical, Warning, Missing Data)
 * [Alert grouping](/docs/alerts/monitors/alert-grouping/)
 * [Playbook support](/docs/alerts/monitors/alert-response/#alert-details)
-* [AI-driven alerting](/release-notes-service/2024/12/31/#march-12-2024-alerts)
+* [Anomaly alerting](/release-notes-service/2024/12/31/#march-12-2024-alerts)
 * [Integration with the Alert Response page](/docs/alerts/monitors/alert-response/)
 
 Monitors are the strategic focus for our future alerting development and enhancements.

docs/cse/rules/cse-rules-syntax.md

@@ -644,7 +644,7 @@ When an entity is processed by a rule using the `hasThreatMatch` function and is
 
 Parameters:
 * **`<fields>`**. A list of comma-separated [field names](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/schema/full_schema.md). At least one field name is required.
-* **`<filters>`**. A logical expression using [indicator attributes](/docs/security/threat-intelligence/upload-formats/#normalized-json-format). Allowed in the filtering are parentheses `()`; `OR` and `AND` boolean operators; and comparison operators `=`, `<`, `>`, `=<`, `=>`, `!=`. <br/>You can filter on the following indicator attributes:
+* **`<filters>`**. A logical expression using [indicator attributes](/docs/security/threat-intelligence/upload-formats/#normalized-json-format). Allowed in the filtering are parentheses `()`; `OR` and `AND` boolean operators; and comparison operators `=`, `<`, `>`, `=<`, `>=`, `!=`. <br/>You can filter on the following indicator attributes:
    * `actors`. An identified threat actor such as an individual, organization, or group. 
    * `confidence` Confidence that the data represents a valid threat, where 100 is highest.  Malicious confidence scores from different sources are normalized and mapped to a 0-100 numerical value.
    * `id`. ID of the indicator.

docs/get-started/ai-machine-learning.md

@@ -55,7 +55,7 @@ LogReduce® utilizes AI-driven algorithms to cluster log messages based on st
 
 LogCompare simplifies log analysis by enabling easy comparison of log data from different time periods to detect changes or anomalies, facilitating troubleshooting and root cause discovery. By automatically running delta analysis, LogCompare streamlines the process, allowing users to identify significant alterations in log patterns efficiently. Utilizing baseline and target queries, LogCompare clusters logs into patterns and compares them based on the significance of change, providing insights into deviations over time. With intuitive actions like promoting, demoting, and splitting signatures, users can refine their analysis and focus on relevant patterns, ultimately enhancing decision-making and threat detection capabilities. Additionally, LogCompare supports alerts and scheduled searches to notify users of new signatures or significant changes, ensuring proactive monitoring and response to evolving log data. [Learn more](/docs/search/behavior-insights/logcompare).
 
-### AI-driven Alerts
+### AI in alerting
 
 #### Anomaly Detection
 

docs/integrations/microsoft-azure/azure-virtual-network.md

@@ -291,6 +291,12 @@ import AppUninstall from '../../reuse/apps/app-uninstall.md';
 
 ## Troubleshooting
 
+### App installation failed - Content Error - Invalid Field Extraction Rule
+
+This error is encountered if the app which is being installed is trying to create an FER by a name which already exists as an FER in the org. This FER could have been created manually or through some other app.
+
+To resolve the problem, rename or delete the existing FER and try reinstalling the app.
+
 ### HTTP Logs and Metrics Source used by Azure Functions
 
 To troubleshoot metrics collection, follow the instructions in [Collect Metrics from Azure Monitor > Troubleshooting metrics collection](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/#troubleshooting-metrics-collection).