Merge branch 'main' into docs-888-more-improvements-to-automation-integrations

Author: jpipkin1

.github/workflows/build_and_deploy.yml

@@ -1,5 +1,8 @@
 name: Build and Deploy
 
+permissions:
+  contents: read
+
 on:
   workflow_call:
     inputs:
@@ -13,7 +16,7 @@ on:
         default: "/"
         type: string
       environment:
-        description: GHA environment name
+        description: GitHub Actions environment name (used for scoping secrets and deployment)
         required: true
         type: string
     secrets:
@@ -35,6 +38,7 @@ jobs:
     env:
       CI: true
       NODE_ENV: production
+      NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
       AWS_PAGER: ""
       HOSTNAME: ${{ inputs.hostname }}
       BASE_URL: ${{ inputs.base_url }}
@@ -53,16 +57,14 @@ jobs:
         uses: actions/cache@v3
         with:
           path: node_modules/.cache
-          key: ${{ runner.os }}-webpack-cache
+          key: ${{ runner.os }}-webpack-cache-${{ hashFiles('yarn.lock') }}
       - name: Install awscli
         uses: unfor19/install-aws-cli-action@v1
       - name: Install jq
         run: sudo apt-get install -y jq
       - name: Install dependencies
         run: yarn install --frozen-lockfile
       - name: Build the Docusaurus site
-        env:
-          NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
         run: yarn build
       - name: Deploy the Docusaurus site
         env:

.github/workflows/delete-review.yml

@@ -1,5 +1,8 @@
 name: delete-review
 
+permissions:
+  contents: read
+
 on: delete
 
 jobs:
@@ -9,6 +12,7 @@ jobs:
       name: review/${{ github.ref_name }}
     env:
       CI: true
+      NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
       AWS_PAGER: ""
       BASE_URL: /${{ github.ref_name }}/
       AWS_DEFAULT_REGION: us-east-1
@@ -23,6 +27,7 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         run: |
+          echo "Removing files at s3://${S3_BUCKET_NAME}${BASE_URL}"
           aws s3 rm --recursive s3://${S3_BUCKET_NAME}${BASE_URL}
           export INVALIDATION_ID=$(
             aws cloudfront create-invalidation \

.github/workflows/pr.yml

@@ -1,40 +1,44 @@
 name: Pull Request Checks
 
+permissions:
+  contents: read
+  pull-requests: read
+
 on:
-    pull_request:
-      branches:
-        - main
-    merge_group:
-      types:
-        - checks_requested
+  pull_request:
+    branches:
+      - main
+  merge_group:
+    types:
+      - checks_requested
+
+env:
+  CI: true
+  NODE_ENV: production
+  NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
 
 jobs:
-    build-and-deploy:
-      runs-on: ubuntu-latest
-      env:
-          CI: true
-          NODE_ENV: production
-      steps:
-        - uses: actions/checkout@v4
-        - name: Set up Node.js
-          uses: actions/setup-node@v3
-          with:
-            node-version: '20.x'
-            cache: 'yarn'
-        - name: Docusaurus Webpack cache
-          uses: actions/cache@v3
-          with:
-            path: node_modules/.cache
-            key: ${{ runner.os }}-webpack-cache
-        - name: Install dependencies
-          run: yarn install --frozen-lockfile
-        - name: Build the Docusaurus site
-          env:
-            NODE_OPTIONS: "--max-old-space-size=8192 --max-http-header-size=8192"
-          run: yarn build
-    spellcheck:
-      runs-on: ubuntu-latest
-      steps:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: '20.x'
+          cache: 'yarn'
+      - name: Docusaurus Webpack cache
+        uses: actions/cache@v3
+        with:
+          path: node_modules/.cache
+          key: ${{ runner.os }}-webpack-cache-${{ hashFiles('yarn.lock') }}
+      - name: Install dependencies
+        run: yarn install --frozen-lockfile
+      - name: Build the Docusaurus site
+        run: yarn build
+  spellcheck:
+    runs-on: ubuntu-latest
+    steps:
       - uses: actions/checkout@v4
       - uses: codespell-project/actions-codespell@master
         name: Check spelling

.github/workflows/production.yml

@@ -1,5 +1,8 @@
 name: deploy-to-production
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:

blog-cse/2025-05-30-content.md

@@ -0,0 +1,54 @@
+---
+title: May 30, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes:
+- Rule updates.
+- New log parsers and mappers to support Akamai CPC and Contrast Security ADR.
+- New and updated log mappers for Azure Event Hub - Windows Defender logs, Cisco ISE, Microsoft Office 365, and Snowflake.
+- Modifications to existing parsers for Microsoft Azure JSON, Nginx Syslog, and Snowflake to support additional formats and events.
+
+Changes are enumerated below.
+
+### Rules
+- [Updated] MATCH-S00068 O365 - Users Password Changed
+    - Updated entity selectors to include both `user_username` and `targetUser_username`
+- [Updated] MATCH-S00069 O365 - Users Password Reset
+    - Updated entity selectors to include both `user_username` and `targetUser_username`
+
+### Log Mappers
+- [New] Akamai CPC
+- [New] Azure Event Hub - Windows Defender Audit events
+- [New] Azure Event Hub - Windows Defender Audit file events
+- [New] Azure Event Hub - Windows Defender Authentication events
+- [New] Azure Event Hub - Windows Defender Email events
+- [New] Azure Event Hub - Windows Defender Endpoint Process events
+- [New] Azure Event Hub - Windows Defender Network events
+- [New] Contrast Security ADR Default Mapping
+- [New] Snowflake Query History
+- [New] Snowflake Session
+- [Updated] Azure Event Hub - Windows Defender Logs - DeviceAlertEvents
+- [Updated] Azure Event Hub - Windows Defender Logs and Azure Alert
+- [Updated] Cisco ISE Catch All
+- [Updated] Microsoft Office 365 Active Directory Authentication Events
+- [Updated] Snowflake Catch All
+- [Updated] Snowflake Login
+
+### Parsers
+- [New] /Parsers/System/Akamai/Akamai CPC
+- [New] /Parsers/System/Contrast Security/Contrast ADR
+- [Updated] /Parsers/System/Cisco/Cisco ISE
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/Nginx/Nginx Syslog
+- [Updated] /Parsers/System/Microsoft/Office 365
+- [Updated] /Parsers/System/Snowflake/Snowflake
+- [Updated] /Parsers/System/Microsoft/Windows PowerShell-JSON
+- [Updated] /Parsers/System/Microsoft/Windows-JSON-Open Telemetry

blog-cse/2025-06-02-application.md

@@ -0,0 +1,21 @@
+---
+title: June 2, 2025 - Application Update
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - outlier rules
+  - first seen rules
+  - baseline
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### New method for building baselines
+
+We're happy to announce that now when you create or update a first seen or outlier rule, the baseline starts building immediately using existing system data. Typically, the baseline is ready within minutes. You no longer need to wait days for a baseline learning period to complete before it becomes usable. This change enables you to gain insights faster and iterate on your first seen and outlier rules rapidly, reducing tuning time from weeks to minutes.
+
+To learn more, see our information about baselines for [first seen rules](/docs/cse/rules/write-first-seen-rule/) and [outlier rules](/docs/cse/rules/write-outlier-rule/#baselines-for-outlier-rules).
+
+:::note
+This change is rolling out across deployments incrementally and will be available on all deployments by June 12, 2025.
+:::

blog-service/2025-05-30-apps.md

@@ -0,0 +1,24 @@
+---
+title: Apps, Solutions, and Collection Integrations - May Release 
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - may-release
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+### Enhancements
+
+- **Classic Apps to Next-Gen Apps Migration**. [ActiveMQ](/docs/integrations/containers-orchestration/activemq/), [IIS 7/8](/docs/integrations/microsoft-azure/iis-7/), [Kafka](/docs/integrations/containers-orchestration/kafka/), [RabbitMQ](/docs/integrations/containers-orchestration/rabbitmq/), [Squid Proxy](/docs/integrations/web-servers/squid-proxy/), [Strimzi Kafka](/docs/integrations/containers-orchestration/strimzi-kafka/), and [Varnish](/docs/integrations/web-servers/varnish/).
+
+- **Updated 13 Azure apps**. [Azure Application Gateway](/docs/integrations/microsoft-azure/azure-application-gateway/), [Azure App Service Plan](/docs/integrations/microsoft-azure/azure-app-service-plan/), [Azure API Management](/docs/integrations/microsoft-azure/azure-api-management/), [Azure Cache for Redis](/docs/integrations/microsoft-azure/azure-cache-for-redis/), [Azure Container Instances](/docs/integrations/microsoft-azure/azure-container-instances/), [Azure Cosmos DB](/docs/integrations/microsoft-azure/azure-cosmos-db/), [Azure Database for MySQL](/docs/integrations/microsoft-azure/azure-database-for-mysql/), [Azure Database for PostgreSQL](/docs/integrations/microsoft-azure/azure-database-for-postgresql/), [Azure Functions](/docs/integrations/microsoft-azure/azure-functions/), [Azure Kubernetes Service (AKS) - Control Plane](/docs/integrations/microsoft-azure/kubernetes/), [Azure Load Balancer](/docs/integrations/microsoft-azure/azure-load-balancer/), [Azure Virtual Machine](/docs/integrations/microsoft-azure/azure-virtual-machine/), and [Azure WebApps](/docs/integrations/microsoft-azure/web-apps/).
+
+- **Updated 12 OpenTelemetry apps**. [ActiveMQ - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/activemq-opentelemetry/), [Apache Tomcat - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/apache-tomcat-opentelemetry/), [Cassandra - OpenTelemetry](/docs/integrations/databases/opentelemetry/cassandra-opentelemetry/), [Elasticsearch - OpenTelemetry](/docs/integrations/databases/opentelemetry/elasticsearch-opentelemetry/), [JMX - OpenTelemetry](/docs/integrations/app-development/opentelemetry/jmx-opentelemetry/), [MongoDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mongodb-opentelemetry/), [MySQL - OpenTelemetry](/docs/integrations/databases/opentelemetry/mysql-opentelemetry/), [Oracle - OpenTelemetry](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/), [PostgreSQL - OpenTelemetry](/docs/integrations/databases/opentelemetry/postgresql-opentelemetry/), [RabbitMQ - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/rabbitmq-opentelemetry/), [Redis - OpenTelemetry](/docs/integrations/databases/opentelemetry/redis-opentelemetry/), and [VMWare - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry/).
+
+- **Updated AWS Lambda**. New use cases added for CloudTrail logs and CloudWatch metrics.
+
+- **Source Template updates**. [Linux](/docs/send-data/opentelemetry-collector/remote-management/source-templates/linux/), [Mac](/docs/send-data/opentelemetry-collector/remote-management/source-templates/mac/), and [Windows](/docs/send-data/opentelemetry-collector/remote-management/source-templates/windows/).
+
+- **Source Template bug fix**. [Apache](/docs/send-data/opentelemetry-collector/remote-management/source-templates/apache/), [Docker](/docs/send-data/opentelemetry-collector/remote-management/source-templates/docker/), [Kafka](/docs/send-data/opentelemetry-collector/remote-management/source-templates/kafka/), and [Nginx](/docs/send-data/opentelemetry-collector/remote-management/source-templates/nginx/).