Merge branch 'main' into main

Author: kimsauce

README.md

@@ -8,36 +8,80 @@
   <a href="https://help.sumologic.com/release-notes-service"><img src="https://img.shields.io/badge/RSS-FFA500?style=for-the-badge&logo=rss&logoColor=white" alt="RSS Follow" width="50"/></a>
 </p>
 
-Share your knowledge with the Sumo Logic community by contributing to our docs! You can contribute by creating an issue or pull request (PR) on our GitHub repository. We welcome all types of contributions; from minor typo fixes to new topics.
+Sumo Docs is the open-source documentation site for Sumo Logic, an all-in-one cloud data analytics platform built to support security, operations, and business intelligence use cases. Sumo Logic empowers users to monitor, analyze, troubleshoot, and visualize data from their applications and network environments in real time. Its elastic processing capabilities enable seamless log data collection and management from various sources, regardless of type, volume, or location. Learn more at [sumologic.com](https://www.sumologic.com).
 
-Documentation staff members review issues and pull requests on a regular basis. We do our best to address all issues as soon as possible, but working through the backlog takes time. We appreciate your patience.
+## Get involved
 
-## Contributing Content
+We welcome contributions from the community! Whether it's fixing a typo, adding new content, or proposing improvements, your input helps users make the most of Sumo Logic. You can contribute by creating an issue or submitting a pull request in our GitHub repository.
 
-For detailed instructions, including our style guide, see [Contributor Guidelines](https://help.sumologic.com/docs/contributing).
+Here’s how to get started:
+- Fork our repo and create a new branch for your content changes.
+- Preview your edits by building the site locally.
+- Submit a pull request for review.
 
-We recommend forking our repo, creating a new branch for your content changes, and submitting a pull request. We will help review, test, and merge the content for publishing.
+Our team will help review, test, and merge your contributions for publishing.
 
-## Building Locally
+Sumo Docs is built with [Docusaurus 3](https://docusaurus.io/) and supports React, Rehype, and Remark plugins. We also use [cla-bot](https://colineberhardt.github.io/cla-bot/) to manage our Contributor License Agreement (CLA) process.
 
-Docusaurus requires the following to build on locals:
+Before submitting an issue or pull request, we recommend reviewing the sections below.
 
-* [NodeJS](https://nodejs.org/en/download/) version >= 16.14
-* [Yarn](https://yarnpkg.com/en/) version >= 1.5, you can install with [Homebrew](https://brew.sh/) if you have that installed: `brew install yarn`
+## Table of contents
 
-The site includes translations into other languages. To build on your local:
+- [Get involved](#get-involved)
+- [Prerequisites](#prerequisites)
+- [Installation](#installation)
+- [Contributing content](#contributing-content)
+- [Building locally](#building-locally)
+- [Publishing content](#publishing-content)
 
-1. Clone the repo using Git or tools like GitHub Desktop.
-1. In a terminal, change to the cloned repo folder. Run the install command: `yarn install`.
-1. To serve and review your content, use one of the following:
-   * Use start, hot reloads as you make changes: `yarn start`. Any issues with broken links and images are listed according to file. Locate and update those issues, then run build and start again to verify.
-   * Use npm serve to test and review multi-languages: `npm run serve`. This build does not hot reload and requires a rebuild to test and review.
-1. To build locally and test your links, run `yarn build`.   
+## Prerequisites
 
-The static files are generated in the `build` folder and run on your local machine at: `http://localhost:3000/`. To stop the build or served site, hit Ctrl + C to interrupt. You can enter new commands in terminal, rebuild, and restart.
+To contribute to Sumo Docs, ensure you have the following tools installed:
 
-Sumo Docs was created using [Docusaurus 2](https://docusaurus.io/) with React, Rehype, and Remark plugin support. Our CLA bot was built using [cla-bot](https://colineberhardt.github.io/cla-bot/).
+- [Node.js](https://nodejs.org/en/download/) version 18 or higher
+- [Yarn](https://yarnpkg.com/en/), installable via [Homebrew](https://brew.sh/) (`brew install yarn`)
 
-## Publishing Content
+## Installation
 
-As pull requests are merged to the `main` branch by the Sumo Logic Doc team, the content builds and deploys to a staging site. This allows you to review and test your content thoroughly on a server, rather than a local build, prior to merging your code to production.
+1. Fork and clone the repository using Git or a tool like GitHub Desktop.
+2. Navigate to the cloned repository folder:
+   ```bash
+   cd sumologic-documentation
+   ```
+3. Install dependencies:
+   ```bash
+   yarn install
+   ```
+
+## Apply your changes
+
+Make edits using [Markdown syntax](https://help.sumologic.com/docs/contributing/style-guide/#markdown). Keep contributions concise, informative, and aligned with our guidelines.
+
+Refer to our [Contributor Guidelines](https://help.sumologic.com/docs/contributing/create-edit-doc/#edit-a-doc) for more information on:
+- Markdown editing
+- Proposing bug fixes
+- Testing your changes
+
+All contributions must follow our [Style Guide](https://help.sumologic.com/docs/contributing/style-guide/).
+
+## Building locally
+
+Building the site locally ensures your changes are accurate and functional before submission.
+
+1. Serve and preview your content with hot reloads:
+   ```bash
+   yarn start
+   ```
+   Any issues, such as broken links or images, will be listed. Fix them, rebuild, and verify your changes.
+
+2. Build the site and test locally:
+   ```bash
+   yarn build
+   ```
+   The static files will be generated in the `build` folder and served at `http://localhost:3000/`.
+
+To stop the local server or build process, press `Ctrl + C`. You can rebuild and restart as needed.
+
+## Publishing content
+
+Our documentation team regularly reviews issues and pull requests. While we strive to address contributions promptly, there may be delays as we work through the backlog. Your patience is appreciated.

blog-service/2024-12-11-manage.md

@@ -0,0 +1,18 @@
+---
+title: Self-Service Checkout (Manage)
+image: https://help.sumologic.com/img/sumo-square.png
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We’re excited to introduce self-service checkout, a streamlined way for trial users to upgrade to an **Essentials** plan directly from within the Sumo Logic platform. No more waiting for sales assistance—now you can unlock premium features in just a few clicks!
+
+With self-service checkout, you’ll enjoy:  
+- **Quick upgrades**. Complete your purchase in minutes.  
+- **Instant access**. Start using advanced features right away.  
+- **Convenient payments**. Pay securely with a credit card.  
+
+Ready to get started? [Learn how to upgrade your plan](/docs/get-started/sign-up).  

cid-redirects.json

@@ -4072,6 +4072,8 @@
   "/docs/cse/records-signals-entities-insights/cse-heads-up-display": "/docs/cse/get-started-with-cloud-siem/cse-heads-up-display",
   "/docs/cse/records-signals-entities-insights/insight-generation-process": "/docs/cse/get-started-with-cloud-siem/insight-generation-process",
   "/docs/cse/get-started-with-cloud-siem/introduction-to-cloud-siem": "/docs/cse/get-started-with-cloud-siem",
+  "/docs/cse/cloud-siem-content-catalog": "/docs/cse/get-started-with-cloud-siem/cloud-siem-content-catalog",
+  "/docs/cse/introduction-to-cloud-sie": "/docs/cse/get-started-with-cloud-siem",
   "/docs/integrations/sumo-apps/security-foundations": "/docs/integrations/sumo-apps/security-analytics",
   "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-amazon-kinesis": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",
   "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-collector-script": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",

docs/alerts/monitors/create-monitor.md

@@ -139,10 +139,10 @@ Triggers are evaluated by balancing the requirement of timely alert notification
 * For [static logs monitors](#static-detection-method), triggers are similar to "Alert when the result is greater than _ within Y Minutes". The triggers are evaluated periodically as below.
    | When detection window (Y) is | Evaluate trigger every |
    |:-----------------------------|:-----------------------|
-   | 30m or less  | 1m  |
-   | 30m to 3h    | 2m |
-   | 3hr to 12h   | 10m  |
-   | Greater than 12h  | 20m |
+   | 15m or less | 1m  |
+   | 15m to 1h     | 2m  |
+   | 1h to 6h      | 10m |
+   | Greater than 6h   | 20m |
 * For [anomaly logs monitors](#anomaly-detection-method), triggers are evaluated every `timeslice` as specified in the monitor query. For example, the below query is evaluated every 2 minutes.
    ```
    _sourceCategory=Labs/Apache/Access

docs/cse/administration/create-a-custom-tag-schema.md

@@ -21,9 +21,9 @@ For more information about tags in Cloud SIEM, see [Using Tags with Insights, Si
 
 ## Define a custom tag schema
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Workflow** select **Tag Schemas**.<br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Tag Schemas**. You can also click the **Go To...** menu at the top of the screen and select **Tag Schemas**. 
-1. On the **Tag Schemas** page, click **Create**. <br/><img src={useBaseUrl('img/cse/tag-schema-empty.png')} alt="Create tag schema" style={{border: '1px solid gray'}} width="400"/>
-1. The **Tag Schema** popup appears. 
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Workflow** select **Tag Schemas**.<br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Tag Schemas**. You can also click the **Go To...** menu at the top of the screen and select **Tag Schemas**. 
+1. On the **Tag Schemas** page, click **+Add Tag Schema**. 
+1. The **Add Tag Schemas** popup appears. <br/><img src={useBaseUrl('img/cse/tag-schema-empty.png')} alt="Create tag schema" style={{border: '1px solid gray'}} width="400"/>
     1. **Key**. Enter an identifier for the tag you’re defining. It won’t appear in the UI for assigning tags to a content item, unless you leave the **Label** field blank.
     1. **Label**. Enter a label for the tag. If you supply a label, that’s what will appear in the UI for assigning tags to a content item.
     1. **Content Types**. Select the types that you want the tag to be
@@ -32,7 +32,7 @@ For more information about tags in Cloud SIEM, see [Using Tags with Insights, Si
         * **Rule**
         * **Entity** The options do not include **Signal** or **Insight**. Signals and Insights inherit tag values from the rule(s) or Custom Insight definition that triggered the Signal or Insight and involved Entities.
     1. **Allow Custom Values**. Check this box to allow users to add additional allowable values to the tag schema. Otherwise, when applying the tag users may only select one of the values you define in the **Value Options** section below.
-    1. **Value Options**. If **Allow Custom Values** is not checked, you must define at least one value for the tag:
+    1. If **Allow Custom Values** is not checked, you must define at least one value for the tag:
         * **Enter Value**. Enter an allowable value for the tag.
         * **Enter Label**. Enter a label for the value.
         * **Enter Link** (optional). Enter a URL for it to appear in the Actions menu of the tag in any content items to which it’s been applied. Cloud SIEM’s built-in schema tags are examples of schema tags that include a link. The screenshot below shows a link from the **Tactic:TA0002** to associated information on the MITRE site. <br/><img src={useBaseUrl('img/cse/mitre-link.png')} alt="Example MITRE link" style={{border: '1px solid gray'}} width="400"/>

docs/cse/administration/create-cse-actions.md

@@ -72,11 +72,11 @@ The notification sent by a Rule Action contains the name of the rule and the re
 
 ## Create an Action
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Actions**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Actions**. You can also click the **Go To...** menu at the top of the screen and select **Actions**. 
-1. On the **Actions** page, click **Create**.
-1. The **Create Action** popup appears. <br/><img src={useBaseUrl('img/cse/create-action-empty.png')} alt="Create Action dialog" style={{border: '1px solid gray'}} width="500" />
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Integrations** select **Actions**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Actions**. You can also click the **Go To...** menu at the top of the screen and select **Actions**. 
+1. On the **Actions** tab, click **+ Add Action**.
+1. The **Add Action** popup appears. <br/><img src={useBaseUrl('img/cse/create-action-empty.png')} alt="Create Action dialog" style={{border: '1px solid gray'}} width="400" />
 1. **Name**. Enter a name that communicates what the Action does.
-1. **Type**. Choose one of the following options, and follow the instructions for that Action type to complete creating your Action.
+1. **Action Type**. Choose one of the following options, and follow the instructions for that Action type to complete creating your Action.
     * [AWS Simple Notification Service](#aws-simple-notification-service-sns)
     * [Demisto](#demistocortex-xsoar)
     * [Email](#email)

docs/cse/administration/create-cse-context-actions.md

@@ -32,7 +32,7 @@ The Context Actions menu will be available for any of these types, wherever they
 
 ## How a user accesses Context Actions
 
-A user runs a Context Action by clicking the Context Action icon next to an Entity, Record field, or IOC and choosing an action from the list that appears. The icon appears when you hover over the value of the item.
+A user runs a Context Action by clicking the Context Action icon <img src={useBaseUrl('img/cse/context-action-icon.png')} alt="Context action icon" style={{border: '1px solid gray'}} width="20"/> next to an Entity, Record field, or IOC and choosing an action from the list that appears. The icon appears when you hover over the value of the item.
 
 In the screenshot below, Context Actions are listed below the built-in **Add to Match List** and **Add to Suppressed List** options.
 
@@ -57,18 +57,19 @@ import Iframe from 'react-iframe'; 
 
 ## Configure a Context Action
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Context Actions**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Context Actions**. You can also click the **Go To...** menu at the top of the screen and select **Context Actions**.  
-1. On the **Context Actions** page click **Create**.
-1. Create the context action.  <br/><img src={useBaseUrl('img/cse/configured-action.png')} alt="Configure action" style={{border: '1px solid gray'}} width="500"/>
-    1. **Enter Context Action Name**. Enter a name for the Context Action. 
-    1. Choose whether you want to open a **URL** to an external service or
-        a **Sumo Logic Query**. 
-    1. Enter the URL or log query that the context action will issue.
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Integrations** select **Context Actions**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Context Actions**. You can also click the **Go To...** menu at the top of the screen and select **Context Actions**.  
+1. On the **Context Actions** tab click **+ Add Context Action**.
+1. Create the context action.  <br/><img src={useBaseUrl('img/cse/configured-action.png')} alt="Configure action" style={{border: '1px solid gray'}} width="400"/>
+    1. **Name**. Enter a name for the Context Action. 
+    1. **Action Type**. Choose whether you want to open a **Sumo Logic Query** or a **URL** to an external service. 
+    1. **Query**. Enter the URL or log query that the context action will issue.
         For instructions, see:
         * [Create a Sumo Logic search URL](#create-a-sumo-logic-search-url)
         * [Create a URL to external service](#create-an-url-to-an-external-service)
     1. If you chose **Sumo Logic Query** above, the **Timestamp offset** option appears, which set the query time range. The offset can be either -30m or +30m, and it will be applied to the timestamp in the target Record’s [timestamp](/docs/cse/schema/schema-attributes) field.
-    1. Choose the IOC data types to which the context action will apply. You can select one or more of the following data types listed below. Your context action will be available for any occurrences of the IOCs you select.
+    1. **Entity Types**. Select the Entity types that the context action will apply to.
+    1. **Record Properties**. Select the Record properties that the context action will apply to.
+    1. **IOC Data Types**. Choose the IOC data types to which the context action will apply. You can select one or more of the following data types listed below. Your context action will be available for any occurrences of the IOCs you select.
         * **Domain**
         * **Entity Types**
         * **Hash**

docs/cse/administration/create-custom-threat-intel-source.md

@@ -41,7 +41,7 @@ Rule authors can also write rules that look for threat intelligence information
 
 ### Create a threat intelligence source from Cloud SIEM UI
 
-1.  [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Content > Threat Intelligence**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the main Sumo Logic menu, select **Cloud SIEM > Threat Intelligence**. You can also click the **Go To...** menu at the top of the screen and select **Threat Intelligence**.  
+1.  [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Threat Intelligence**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Threat Intelligence**. You can also click the **Go To...** menu at the top of the screen and select **Threat Intelligence**.  
 1. Click **Add Source** on the **Threat Intelligence** page. 
 1. Click **Custom** on the **Add Source** popup.
 1. On the **Add New Source** popup, enter a name, and if desired, a description for the source.