SumoLogic
diff --git a/‎blog-cse/2025-08-15-content.md‎
Lines changed: 41 additions & 0 deletions b/‎blog-cse/2025-08-15-content.md‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎blog-cse/2025-08-19-application.md‎
Lines changed: 23 additions & 0 deletions b/‎blog-cse/2025-08-19-application.md‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎blog-service/2025-08-20-apps.md‎
Lines changed: 12 additions & 0 deletions b/‎blog-service/2025-08-20-apps.md‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎cid-redirects.json‎
Lines changed: 5 additions & 3 deletions b/‎cid-redirects.json‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎docs/api/about-apis/getting-started.md‎
Lines changed: 2 additions & 2 deletions b/‎docs/api/about-apis/getting-started.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/api/about-apis/intro-to-apis.md‎
Lines changed: 25 additions & 12 deletions b/‎docs/api/about-apis/intro-to-apis.md‎
Lines changed: 25 additions & 12 deletions
diff --git a/‎docs/cloud-soar/incidents-triage.md‎
Lines changed: 4 additions & 0 deletions b/‎docs/cloud-soar/incidents-triage.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎docs/cloud-soar/introduction.md‎
Lines changed: 12 additions & 0 deletions b/‎docs/cloud-soar/introduction.md‎
Lines changed: 12 additions & 0 deletions
@@ -0,0 +1,41 @@
+---
+title: August 15, 2025 - Content Release
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+    - New product support for Vectra AI.
+    - Updated parsers and log mappers for Azure Event Hub, Barracuda CloudGen Firewall, Microsoft IIS, and Surepass.
+    - Updated Surepass to the correct vendor name.
+
+Changes are enumerated below.
+
+### Log Mappers
+- [New] Vectra AI Catch All
+- [New] Vectra AI User Login
+- [Updated] Azure Event Hub - Windows Defender Logs
+    - Updated field mappings to include new fields.
+- [Updated] Barracuda CloudGen Firewall Activity
+    - Updated `event_id` criteria to handle abridged event types in some logs.
+- [Updated] Microsoft IIS Parser - Catch All
+    - Updated to support `http_url` and downstream enrichment.
+- [Updated] Surepass Authentication
+- [Updated] Surepass Catch All
+- [Updated] Surepass Network Event
+
+### Parsers
+- [New] /Parsers/System/Vectra/Vectra AI
+- [Updated] /Parsers/System/Barracuda/Barracuda CloudGen
+    - Updated `event_id` criteria to handle abridged event types in some logs and to support additional log formats.
+- [Updated] /Parsers/System/Cylance/Cylance Syslog
+    - Updated timestamp parsing.
+- [Updated] /Parsers/System/DocuSign/DocuSign Monitor
+    - Updated timestamp parsing.
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+    - Updated parser to parse additional nested fields.
+- [Updated] /Parsers/System/Microsoft/Microsoft IIS
+    - Updated to form `http_url` for downstream enrichment.
@@ -0,0 +1,23 @@
+---
+title: August 19, 2025 - Application Update
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - taxii
+  - threat intelligence
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### New TAXII 2 Threat Intelligence Sources
+
+We're excited to announce the following new threat intelligence sources that allow you to collect TAXII feeds with greater ease. These sources are based on the underlying code of our STIX/TAXII 2 Client Source, but are tailored for each of the vendors to facilitate setup:
+* CISA TAXII Client
+* Dragos TAXII Client
+* Nozomi TAXII Client
+* Recorded Future TAXII Client
+* Unit42 TAXII Client
+
+When you set up a source, search for "taxii" and select the tile for the source you want to install:<br/><img src={useBaseUrl('img/security/taxii-sources.png')} alt="TAXII sources" style={{border: '1px solid gray'}} width="800" />
+
+[Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/stix-taxii-2-client-source/#taxii-2-sources).
@@ -0,0 +1,12 @@
+---
+title: Vectra (Apps)
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - apps
+  - vectra
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new Vectra app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud [Vectra source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source/) to collect the detections from the Vectra platform. It provides security analysts with visibility into security threats detected across networks, cloud environments, and endpoints. [Learn more](/docs/integrations/saas-cloud/vectra/).
@@ -1644,6 +1644,7 @@
   "/cid/10211": "/docs/integrations/saas-cloud/microsoft-azure-ad-inventory",
   "/cid/10203": "/docs/integrations/saas-cloud/microsoft-graph-security-v1",
   "/cid/10205": "/docs/integrations/saas-cloud/microsoft-graph-security-v2",
+  "/cid/10212": "/docs/integrations/saas-cloud/vectra",
   "/cid/10206": "/docs/integrations",
   "/cid/10204": "/docs/integrations/saas-cloud/cato-networks",
   "/cid/10198": "/docs/integrations/saas-cloud/microsoft-graph-azure-ad-reporting",
@@ -2832,7 +2833,7 @@
   "/cid/15633": "/docs/c2c/info/",
   "/cid/14323": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/docusign-source",
   "/cid/14324": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/zendesk-source",
-  "/cid/14326": "/docs/integrations/global-intelligence/kubernetes-devops",
+  "/cid/14326": "/docs/integrations/global-intelligence",
   "/cid/30001": "/docs/integrations/microsoft-azure/azure-batch",
   "/cid/30002": "/docs/integrations/microsoft-azure/azure-application-gateway",
   "/cid/30003": "/docs/integrations/microsoft-azure/azure-data-explorer",
@@ -3558,7 +3559,7 @@
   "/Observability_Solution/Kubernetes_Solution/04View_Sumo_Logic_Kubernetes_App_Dashboards": "/docs/observability/kubernetes/monitoring",
   "/Observability_Solution/Kubernetes_Solution/05Kubernetes_Apps": "/docs/observability/kubernetes/apps",
   "/Observability_Solution/Kubernetes_Solution/06Troubleshoot_with_Explore": "/docs/observability/kubernetes/troubleshoot-with-explore",
-  "/Observability_Solution/Kubernetes_Solution/07Global_Intelligence_for_Kubernetes_DevOps_App": "/docs/integrations/global-intelligence/kubernetes-devops",
+  "/Observability_Solution/Kubernetes_Solution/07Global_Intelligence_for_Kubernetes_DevOps_App": "/docs/integrations/global-intelligence",
   "/Observability_Solution/Kubernetes_Solution/06Kubernetes_Alerts": "/docs/observability/kubernetes/alerts",
   "/Observability_Solution/Kubernetes_Solution/08Next_Steps": "/docs/observability/kubernetes",
   "/Observability_Solution/Kubernetes_Solution/09Create_a_New_Dashboard_(New)": "/docs/observability/kubernetes",
@@ -3978,7 +3979,8 @@
   "/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/Root_Cause_Explorer": "/docs/observability/root-cause-explorer-deprecation",
   "/docs/observability/root-cause-explorer": "/docs/observability/root-cause-explorer-deprecation",
   "/Observability_Solution/Kubernetes_Solution/01Set_up_collection_for_Kubernetes": "/docs/observability/kubernetes/collection-setup",
-  "/Observability_Solution/Kubernetes_Solution/Global_Intelligence_for_Kubernetes_DevOps_App": "/docs/integrations/global-intelligence/kubernetes-devops",
+  "/Observability_Solution/Kubernetes_Solution/Global_Intelligence_for_Kubernetes_DevOps_App": "/docs/integrations/global-intelligence",
+  "/docs/integrations/global-intelligence/kubernetes-devops": "/docs/integrations/global-intelligence",
   "/Observability_Solution/Kubernetes_Solution/Navigate_your_Kubernetes_environment": "/docs/observability/kubernetes",
   "/Search/Get-Started-with-Search/How-to-Build-a-Search/Best-Practices:-7-Search-Rules-to-Live-By": "/docs/search/get-started-with-search/build-search/best-practices-search",
   "/Search/Get-Started-with-Search/How-to-Build-a-Search/Search_Templates": "/docs/search/get-started-with-search/build-search/search-templates",
 
@@ -15,9 +15,9 @@ Sumo Logic APIs follow Representational State Transfer (REST) patterns and are o
 
 ## Documentation
 
-To view our main docs, click the link below corresponding to your deployment. If you're not sure, see [How to determine your endpoint](#which-endpoint-should-i-should-use).
+To access our API documentation, navigate to the appropriate link based on your Sumo Logic deployment. If you're not sure, see [Which endpoint should I use?](#which-endpoint-should-i-should-use)
 
-| Deployment | API Docs URL                       |
+| Deployment | API documentation URL                       |
 |:-----------|:----------------------------------|
 | AU         | https://api.au.sumologic.com/docs/  |
 | CA         | https://api.ca.sumologic.com/docs/  |
 
@@ -9,14 +9,15 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('img/icons/operations/advanced-certificates.png')} alt="Thumbnail icon" width="50"/>
 
-Sumo Logic has a host of useful APIs across all products that can add valuable functionality to any organization by providing access to data and activities without going through the website. API calls can be used for data gathering, automation of processes, and custom reports.
+Sumo Logic has a host of useful APIs across all products that let you access data and perform actions without using the Sumo Logic UI. API calls can be used for to gather data, automate processes, and create custom reports.
 
-This article presumes that you have a solid understanding of Sumo Logic functionality: collectors, queries, security offerings, etc. While APIs are typically for "power users" looking for additional customization and access to web service resources, you also don't need a computer science degree to understand and make use of API calls. This article helps walk you through the basics and get you going with important data queries through the API.
+This article is for users who are familiar with Sumo Logic features (collectors, queries, and security tools, for example), but new to working with APIs. You don’t need a development background to follow along. We’ll cover the basics so you can start making API calls to run queries and perform tasks.
 
-In this article, you'll learn about:
-* How to create a Sumo Logic access ID/key.
-* How to access Sumo Logic APIs.
-* How to use APIs with Sumo Logic's Cloud SIEM.
+In this article, you'll learn how to:
+
+* Create a Sumo Logic access ID/key.
+* Access Sumo Logic APIs.
+* Use APIs with Sumo Logic's Cloud SIEM.
 
 ## Create an access key
 
@@ -66,11 +67,9 @@ However, most API users do not use a traditional web browser for API calls, othe
 An open source application such as [Postman](https://www.postman.com/) can be a convenient tool for testing and developing with API calls. To use Postman, download and install the app. Then:
 1. Enter the URL for the API call.
 1. Click the **Authorization** tab.
-1. Fill in the username and password fields with your Sumo Logic access ID and access key respectively. 
+1. Fill in the username and password fields with your Sumo Logic access ID and access key, respectively.
 1. Click **Send** when finished.
-1. You see the JSON output (or error messages if there is a problem) in the bottom panel.
-
-<img src={useBaseUrl('img/api/postman-ui.png')} alt="Postman UI" style={{border: '1px solid gray'}} width="800" />  
+1. You see the JSON output (or error messages if there is a problem) in the bottom panel.<br/><img src={useBaseUrl('img/api/postman-ui.png')} alt="Postman UI" style={{border: '1px solid gray'}} width="800" />  
 
 Most programming and scripting languages provide modules and libraries for making web service and API calls in code. For instance, the following Python code can make the same "get collectors" call programmatically using the `requests` library:
 
@@ -98,6 +97,18 @@ if __name__ == '__main__':
 
 As you are learning how APIs work, we recommend setting up an API test program, then follow along with the API examples shown in the following sections. To execute API commands, you can use Postman as shown above, another API test application, or set up a quick code snippet in Python or the programming language of your choice.
 
+### Download the OpenAPI Specification
+
+Optionally, you can download the OpenAPI Specification for the Sumo Logic API and import it to your API test application. This lets you view the full specification for all Sumo Logic APIs and run them directly from your testing tool.
+
+1. Select the API documentation URL for your deployment from the [Documentation](/docs/api/about-apis/getting-started/#documentation) section of the *API Authentication, Endpoints, and Security* article. For instance, US users would access either https://api.sumologic.com/docs/ or https://api.us2.sumologic.com/docs/. 
+1. Click the **Download** button at the top of the page. <br/><img src={useBaseUrl('img/api/openapi-spec-download-button.png')} alt="Button to download Sumo Logic OpenAPI Specification" style={{border: '1px solid gray'}} width="600" />
+1. Import the downloaded file to your API test application. For example, to [import the file to Postman](https://learning.postman.com/docs/getting-started/importing-and-exporting/importing-data/), select **File > Import**.
+1. The imported specification appears. Select any API to run it.<br/><img src={useBaseUrl('img/api/imported-api.png')} alt="Imported API specification" style={{border: '1px solid gray'}} width="500" />
+1. You can also download the API specification for Cloud SIEM or Cloud SOAR from the following locations. Simply select the API documentation URL for your deployment and click the **Download** button at the top of the page:
+     * [Cloud SIEM API documentation](/docs/api/cloud-siem-enterprise/#documentation)
+     * [Cloud SOAR API documentation](/docs/api/cloud-soar/#documentation)
+
 ## Basic API GET commands
 
 Retrieving system data and configuration is one of the most common use cases for utilizing platform APIs. These data retrieval operations are generally known as GET commands in reference to the "GET" verb used by the HTTP protocol. Data retrieved through API calls can be processed by outside applications and scripts for report generation and advanced analytics, extending functionality beyond that offered by the Sumo Logic website.
@@ -116,7 +127,9 @@ Note the first ID from your list or the sample ID shown above from the Sumo Logi
 
 <img src={useBaseUrl('img/api/collector-id.png')} alt="Collector ID" style={{border: '1px solid gray'}} width="800" />  
 
-Note that the collector data itself also contains a helpful follow-up link to analyze the sources currently configured for our chosen collector. Follow up by clicking on (or copying into the URL field) the given URL for sources:  `https://api.sumologic.com/api/v1/collectors/<collectorID>/sources`
+Note that the collector data itself also contains a helpful follow-up link to analyze the sources currently configured for our chosen collector. Follow up by clicking on (or copying into the URL field) the given URL for sources:
+
+`https://api.sumologic.com/api/v1/collectors/<collectorID>/sources`
 
 <img src={useBaseUrl('img/api/collector-sources.png')} alt="Collector sources" style={{border: '1px solid gray'}} width="800" />  
 
@@ -353,4 +366,4 @@ Or add a new comment to an existing insight by creating comment text in the requ
 
 <img src={useBaseUrl('img/api/insight-comment.png')} alt="Insight comment" style={{border: '1px solid gray'}} width="800" />
 
-All elements of Cloud SIEM functionality are available through the API, including rules, match lists, automations, tags, and custom actions. Users can even use the API to generate their own insights based on a custom selection of signals.
+All elements of Cloud SIEM functionality are available through the API, including rules, match lists, automations, tags, and custom actions. Users can even use the API to generate their own insights based on a custom selection of signals.
@@ -503,3 +503,7 @@ With the **Report** option, you can create incident reports to share with others
     1. Click **Save**.<br/><img src={useBaseUrl('img/cloud-soar/delivery-2-save-report.png')} alt="Save a report" style={{border: '1px solid gray'}} width="300"/>
 1. Click **Export** to export the report to PDF.
 1. Click **Open** to open available reports.
+
+## Additional resources
+
+Blog: [Want to improve collaboration and reduce incident response time? Try Cloud SOAR War Room](https://www.sumologic.com/blog/want-to-improve-collaboration-and-reduce-incident-response-time-try-cloud-soar-war-room)
@@ -663,3 +663,15 @@ Let's create a custom automation rule. This rule will pull information from Clou
 1. Leave the other fields as their defaults, then click **Save**. 
 1. As a best practice, you can enable and test the new rule, but then disable it, since it can disrupt your environment. Continue testing your rule until their behavior is expected before deciding to enable it.
 
+## Additional resources
+
+* Blogs: 
+   * [Why you need both SIEM and SOAR to improve SOC efficiencies and increase effectiveness](https://www.sumologic.com/blog/why-you-need-siem-and-soar-to-improve-soc-efficiencies)
+   * [Cloud-native SOAR and SIEM solutions pave the road to the modern SOC](https://www.sumologic.com/blog/cloud-native-soar-and-siem-solutions-pave-the-road-to-the-modern-soc)
+   * [SIEM vs SOAR: Evaluating security tools for the modern SOC](https://www.sumologic.com/blog/soar-vs-siem)
+   * [Overwhelmed: Why SOAR solutions are a game changer](https://www.sumologic.com/blog/overwhelmed-why-soar-solutions-are-a-game-changer)
+   * [How to improve MTTD and MTTR with SOAR](https://www.sumologic.com/blog/how-to-improve-mttd-and-mttr-with-soar)
+   * [How to implement cybersecurity automation in SecOps with SOAR (7 simple steps)](https://www.sumologic.com/blog/how-to-implement-cyber-security-automation-in-secops-with-soar-7-simple-steps)
+* Briefs
+   * [Sumo Logic Cloud SOAR Solutions Brief](https://www.sumologic.com/briefs/sumo-logic-cloud-soar-solutions-brief)
+   * [How to calculate the ROI of Cloud SOAR](https://www.sumologic.com/briefs/how-to-calculate-roi-of-cloud-soar)