SumoLogic
diff --git a/‎.clabot‎
Lines changed: 2 additions & 1 deletion b/‎.clabot‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎blog-cse/2025-03-24-content.md‎
Lines changed: 39 additions & 0 deletions b/‎blog-cse/2025-03-24-content.md‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎blog-cse/2025-04-03-content.md‎
Lines changed: 36 additions & 0 deletions b/‎blog-cse/2025-04-03-content.md‎
Lines changed: 36 additions & 0 deletions
diff --git a/‎blog-cse/2025-04-08-application.md‎
Lines changed: 16 additions & 0 deletions b/‎blog-cse/2025-04-08-application.md‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎blog-cse/2025-04-14-content.md‎
Lines changed: 81 additions & 0 deletions b/‎blog-cse/2025-04-14-content.md‎
Lines changed: 81 additions & 0 deletions
diff --git a/‎blog-developer/2025-04-09-api.md‎
Lines changed: 13 additions & 0 deletions b/‎blog-developer/2025-04-09-api.md‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎blog-service/2025-03-20-apps.md‎
Lines changed: 13 additions & 0 deletions b/‎blog-service/2025-03-20-apps.md‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎blog-service/2025-03-25-manage.md‎
Lines changed: 14 additions & 0 deletions b/‎blog-service/2025-03-25-manage.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎blog-service/2025-03-28-apps.md‎
Lines changed: 13 additions & 0 deletions b/‎blog-service/2025-03-28-apps.md‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎blog-service/2025-03-31-apps.md‎
Lines changed: 33 additions & 0 deletions b/‎blog-service/2025-03-31-apps.md‎
Lines changed: 33 additions & 0 deletions
@@ -181,7 +181,8 @@
     "ankitgoelcmu",
     "Deklin",
     "justrelax19",
-    "dlindelof-sumologic"
+    "dlindelof-sumologic",
+    "snyk-bot"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",
 
@@ -0,0 +1,39 @@
+---
+title: March 24, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes Threat Intelligence match rules that use the new [`hasThreatMatch`](/docs/cse/rules/cse-rules-syntax/#hasthreatmatch) operator to support both global and custom threat intelligence feeds.
+
+To reduce initial signal volume, basic inbound and outbound IP address threat match rules with a low or medium confidence level are disabled by default (see below). We highly recommend tuning these rules before enabling them to reduce signal volume, and therefore entity risk assignment, to manageable levels.
+
+### Rules
+* MATCH-S00999 Threat Intel - IMPHASH Match
+* MATCH-S01000 Threat Intel - MD5 Match
+* MATCH-S01001 Threat Intel - PEHASH Match
+* MATCH-S01002 Threat Intel - SSDEEP Match
+* MATCH-S01003 Threat Intel - SHA1 Match
+* MATCH-S01004 Threat Intel - SHA256 Match
+* MATCH-S01005 Threat Intel - Source Hostname
+* MATCH-S01006 Threat Intel - Device Hostname
+* MATCH-S01007 Threat Intel - Destination Device Hostname
+* MATCH-S01008 Threat Intel - HTTP Hostname
+* MATCH-S01009 Threat Intel - HTTP Referrer Hostname
+* MATCH-S01010 Threat Intel - DNS Query Domain
+* MATCH-S01011 Threat Intel - DNS Reply Domain
+* MATCH-S01012 Threat Intel - HTTP Referrer Domain
+* MATCH-S01013 Threat Intel - HTTP URL Root Domain
+* MATCH-S01014 Threat Intel - HTTP URL FQDN
+* MATCH-S01015 Threat Intel - HTTP URL
+* MATCH-S01025 Threat Intel - Inbound Traffic from Threat Feed IP (Low Confidence) - Disabled By Default
+* MATCH-S01026 Threat Intel - Destination IP Address (Low Confidence) - Disabled By Default
+* MATCH-S01027 Threat Intel - Inbound Traffic from Threat Feed IP (Medium Confidence) - Disabled By Default
+* MATCH-S01028 Threat Intel - Destination IP Address (Medium Confidence) - Disabled By Default
+* MATCH-S01023 Threat Intel - Inbound Traffic from Threat Feed IP (High Confidence)
+* MATCH-S01024 Threat Intel - Destination IP Address (High Confidence)
+* MATCH-S01018 Threat Intel - Successful Authentication from Threat Feed IP
@@ -0,0 +1,36 @@
+---
+title: April 3, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes new and updated log mappers and parsers for Bitwarden, CommScope, Mimecast, and Sysdig Secure. Updates to Mimecast mappers are to support additional fields and events with new log parser.  
+
+## Log Mappers
+- [New] Bitwarden Authentication
+- [New] Bitwarden Catch All
+- [New] CommScope Authentication Event
+- [New] CommScope STP and DHCPC Event
+- [New] CommScope System|Security
+- [New] Sysdig Secure Packages
+- [New] Sysdig Secure Vulnerability
+- [Updated] Mimecast AV Event
+- [Updated] Mimecast Audit Authentication Logs
+- [Updated] Mimecast Audit Hold Messages
+- [Updated] Mimecast Audit Logs
+- [Updated] Mimecast DLP Logs
+- [Updated] Mimecast Email logs
+- [Updated] Mimecast Impersonation Event
+- [Updated] Mimecast Spam Event
+- [Updated] Mimecast Targeted Threat Protection Logs
+
+## Parsers
+- [New] /Parsers/System/Bitwarden/Bitwarden
+- [New] /Parsers/System/CommScope/CommScope
+- [New] /Parsers/System/Mimecast/Mimecast
+- [New] /Parsers/System/Sysdig/Sysdig Secure
@@ -0,0 +1,16 @@
+---
+title: April 8, 2025 - Application Update
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - threat intel
+  - security
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### New Threat Intelligence Source
+
+We’re excited to announce a new default source for Sumo Logic Threat Intelligence incorporating Indicators of Compromise (IoC) from Intel 471.
+
+For more information, [see our release note](/release-notes-service/2025/04/08/security/) in the *Service* release notes section.
@@ -0,0 +1,81 @@
+---
+title: April 14, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes:
+- Additional data requirements for GitHub rules added to rule descriptions.
+- Spelling corrections for AWS Lambda rules.
+- New Slack Anomaly Event log mapper and supporting parsing changes:
+   - Enables passthrough detection of Slack Anomaly Events using Normalized Security Signal (MATCH-S00402).
+   - Requires parser be defined for passthrough detection.
+- Updates to Sysdig parsing and mapping to support additional events.
+- Support for Microsoft Windows Sysmon-29 event.
+- Additional normalized field mappings for Microsoft Windows Sysmon events.
+- New `user_phoneNumber` and `targetUser_phoneNumber` schema fields.
+
+
+### Rules
+- [Updated] MATCH-S00874 AWS Lambda Function Recon
+- [Updated] MATCH-S00952 GitHub - Administrator Added or Invited
+- [Updated] MATCH-S00953 GitHub - Audit Logging Modification
+- [Updated] MATCH-S00954 GitHub - Copilot Seat Cancelled by GitHub
+- [Updated] FIRST-S00091 GitHub - First Seen Activity From Country for User
+- [Updated] FIRST-S00090 GitHub - First Seen Application Interacting with API
+- [Updated] MATCH-S00950 GitHub - Member Invitation or Addition
+- [Updated] MATCH-S00955 GitHub - Member Permissions Modification
+- [Updated] MATCH-S00956 GitHub - OAuth Application Activity
+- [Updated] MATCH-S00957 GitHub - Organization Transfer
+- [Updated] OUTLIER-S00026 GitHub - Outlier in Distinct User Agent Strings by User
+- [Updated] OUTLIER-S00027 GitHub - Outlier in Repository Cloning or Downloads
+- [Updated] MATCH-S00958 GitHub - PR Review Requirement Removed
+- [Updated] MATCH-S00959 GitHub - Repository Public Key Deletion
+- [Updated] MATCH-S00960 GitHub - Repository Transfer
+- [Updated] MATCH-S00961 GitHub - Repository Visibility Changed to Public
+- [Updated] MATCH-S00962 GitHub - Repository Visibility Permissions Changed
+- [Updated] MATCH-S00963 GitHub - SSH Key Created for Private Repo
+- [Updated] MATCH-S00964 GitHub - SSO Recovery Codes Access Activity
+- [Updated] MATCH-S00951 GitHub - Secret Scanning Alert
+- [Updated] MATCH-S00965 GitHub - Secret Scanning Potentially Disabled
+- [Updated] MATCH-S00966 GitHub - Two-Factor Authentication Disabled for Organization
+
+### Log Mappers
+- [New] Slack Anomaly Event
+- [New] Windows - Microsoft-Windows-Sysmon/Operational - 16
+- [New] Windows - Microsoft-Windows-Sysmon/Operational - 19|20
+- [New] Windows - Microsoft-Windows-Sysmon/Operational-29
+- [Updated] Sysdig Secure Packages
+- [Updated] Sysdig Secure Vulnerability
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 1
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 2
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 3
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 4
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 5
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 6
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 7
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 8
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 9
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 10
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 11
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 15
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 17
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 18
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 23
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 24
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 26
+- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 27
+
+### Parsers
+- [New] /Parsers/System/Slack/Slack Enterprise Audit
+- [Updated] /Parsers/System/Sysdig/Sysdig Secure
+
+### Schema
+- [New] `targetUser_phoneNumber`
+- [New] `user_phoneNumber`
@@ -0,0 +1,13 @@
+---
+title: April 9, 2025 - Deprecation of Sumo Logic India Data Center
+image: https://help.sumologic.com/img/sumo-square.png
+hide_table_of_contents: true    
+---
+
+As previously communicated to impacted customers, effective as of April 30, 2025, customers will no longer be able to ingest data into the Sumo Logic Mumbai data center (`https://api.in.sumologic.com/`). Customers will retain access to historical data and basic search functionality until April 30, 2026, at which point all access will be terminated.
+
+Historical data will not be migrated to other deployments.
+
+**Reminder**: If you're still referencing the India endpoint, please update your integrations. For supported alternatives, see the [endpoint guide](/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security).
+
+For help, contact [Support](https://support.sumologic.com/).
@@ -0,0 +1,13 @@
+---
+title: Azure Security - Advisor (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - azure-security-advisor
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+
+We're excited to introduce the new Azure Security - Advisor app for Sumo Logic. By leveraging this app, security analysts can quickly assess Azure Advisor’s recommendations, track remediation progress over time, and take action to enhance the security and efficiency of their Azure infrastructure. [Learn more](/docs/integrations/microsoft-azure/azure-security-advisor/).
@@ -0,0 +1,14 @@
+---
+title: Open Navigation Menu Items in New Browser Tabs by Default
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - manage
+  - preferences
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+A new preference setting allows you to open links from the left navigation menu in a new browser tab by default. This feature is available only in the New UI. [Learn more](/docs/get-started/account-settings-preferences/#navigation).
+
+<img src={useBaseUrl('img/get-started/open-in-new-tab-button.png')} alt="Open in New Tab button" style={{border: '1px solid gray'}} width="125" />
@@ -0,0 +1,13 @@
+---
+title: CyberArk Audit (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - cyberark-audit
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+
+We're excited to introduce the new CyberArk Audit app for Sumo Logic. By leveraging this app, security analysts can monitor, analyze, and visualize audit trails of user activities, security events, and anomalies to enhance security. [Learn more](/docs/integrations/saas-cloud/cyberark-audit).
@@ -0,0 +1,33 @@
+---
+title: Apps, Solutions, and Collection Integrations - March Release 
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - march-release
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### New release
+
+We’re excited to announce the release of the new Azure Key Vault and AWS Auto scaling apps for Sumo Logic.
+
+- **Azure Key Vault**. Azure Key Vault is a cloud service that helps you securely store and manage secrets, keys, and certificates. You can use it to protect data for cloud apps and services. This integration helps in comprehensive monitoring of your Key Vault operations, requests, failures, and latency. [Learn more](/docs/integrations/microsoft-azure/azure-key-vault/).
+- **AWS Auto scaling**. Amazon EC2 Auto Scaling helps you maintain application availability and lets you automatically add or remove EC2 instances using scaling policies that you define. Dynamic or predictive scaling policies let you add or remove EC2 instance capacity to service established or real-time demand patterns. [Learn more](/docs/integrations/amazon-aws/amazon-ec2-auto-scaling/).
+
+### Enhancements
+
+- **Added metrics collection capability for OpenTelemetry collectors**. [RabbitMQ](/docs/send-data/opentelemetry-collector/remote-management/source-templates/rabbitmq/#for-metrics-collection) and [Redis](/docs/send-data/opentelemetry-collector/remote-management/source-templates/redis/#for-metrics-collection).
+- **Added use cases to monitor EBS volume and snapshots in AWS EC2 apps**. [AWS EC2](/docs/integrations/amazon-aws/ec2-cloudwatch-metrics/#events).
+- **Updated the metric collection and dashboard for Google apps**. [Google BigQuery](/docs/integrations/google/bigquery/) and [Google Cloud Load Balancing](/docs/integrations/google/cloud-load-balancing/).
+- Added new dashboards to the [Sumo Logic Kickstart Data (Beta)](/docs/integrations/sumo-apps/kickstart-data/) app.
+- **Updated the queries to accommodate the new threat intel feed**. [Apache - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/apache-opentelemetry/), [Apache Tomcat - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/apache-tomcat-opentelemetry/), [HAProxy - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/haproxy-opentelemetry/), [IIS 10 - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/iis-10-opentelemetry/), [Ngin - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/nginx-opentelemetry/), [PostgreSQL - OpenTelemetry](/docs/integrations/databases/opentelemetry/postgresql-opentelemetry/), [Varnish - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/varnish-opentelemetry/), [Acquia](/docs/integrations/saas-cloud/acquia/), [Azure Web Apps](/docs/integrations/microsoft-azure/web-apps/), [JFrog Xray](/docs/integrations/app-development/jfrog-xray/), and [MongoDB Atlas 6](/docs/integrations/databases/mongodb-atlas/).
+- Updated Azure integration from` Node.js v18` to `Node.js v20`. [Learn more](https://github.com/SumoLogic/sumologic-azure-function/releases/tag/v4.1.6).
+
+### Bug Fixes
+
+Bugs for the following apps have been fixed:
+- Filtering the security groups dashboard in [AWS VPC Flow Logs](/docs/integrations/amazon-aws/vpc-flow-logs/#security-groups).
+- [AWS ECS](/docs/integrations/amazon-aws/elastic-container-service/).
+- [JFrog Artifactory 7 app](/docs/integrations/app-development/jfrog-artifactory/).