Merge branch 'main' into add-otel-timestamp-docs

Author: kimsauce

blog-cse/2025-04-25-content.md

@@ -0,0 +1,32 @@
+---
+title: April 25, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes:
+- Fixes for Threat Intelligence rules to correct match expression syntax for hash and HTTP referrer.
+- Parsing and mapping updates for Microsoft Office 365 to improve target user visibility.
+
+## Rules
+- [Updated] MATCH-S01009 Threat Intel - HTTP Referrer
+- [Updated] MATCH-S01012 Threat Intel - HTTP Referrer Root Domain
+- [Updated] MATCH-S00999 Threat Intel - IMPHASH Match
+- [Updated] MATCH-S01000 Threat Intel - MD5 Match
+- [Updated] MATCH-S01001 Threat Intel - PEHASH Match
+- [Updated] MATCH-S01003 Threat Intel - SHA1 Match
+- [Updated] MATCH-S01004 Threat Intel - SHA256 Match
+- [Updated] MATCH-S01002 Threat Intel - SSDEEP Match
+
+## Log Mappers
+- [Updated] Microsoft Office 365 Active Directory Authentication Events
+- [Updated] Microsoft Office 365 AzureActiveDirectory Events
+
+## Parsers
+- [Updated] /Parsers/System/Microsoft/Office 365

cid-redirects.json

@@ -4307,6 +4307,7 @@
   "/docs/manage/partitions/flex/estimate-and-actual-scan-data": "/docs/manage/partitions/flex/estimate-scan-data",
   "/docs/manage/partitions/flex/flex-pricing-faqs": "/docs/manage/partitions/flex/faq",
   "/docs/manage/partitions/flex/flex-pricing-faq": "/docs/manage/partitions/flex/faq",
+  "/docs/platform-services/automation-service/app-central/integrations/exana-open-dns": "/docs/platform-services/automation-service/app-central/integrations",
   "/docs/platform-services/automation-service/app-central/integrations/snowflake": "/docs/platform-services/automation-service/app-central/integrations",
   "/docs/integrations/security-threat-detection/palo-alto-networks-6": "/docs/integrations/security-threat-detection/palo-alto-networks-9",
   "/docs/integrations/security-threat-detection/palo-alto-networks-8":"/docs/integrations/security-threat-detection/palo-alto-networks-9",

docs/integrations/microsoft-azure/azure-container-instances.md

@@ -116,7 +116,7 @@ Sumo Logic Metrics source is currently in Beta, to participate, contact your Sum
 
 In the Sumo Logic Azure Metrics source configuration,
 
-- Tag the location field in the source with correct Azure resource location value. <br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-Storage-Tag-Location.png')} alt="Azure Container Instance Tag Location" style={{border: '1px solid gray'}} width="400" />
+- To set up the Azure Metrics source in Sumo Logic, refer to the shared beta documentation.
 - Configure namespaces as `Microsoft.ContainerInstance/containerGroups`. <br/><img src={useBaseUrl('img/integrations/microsoft-azure/azure-container-instance-namespaces.png')} alt="Azure Container Instance Namespaces" style={{border: '1px solid gray'}} width="500" />
 
 ### Configure logs collection

docs/integrations/microsoft-azure/kubernetes.md

@@ -258,9 +258,7 @@ tenant_name={{tenant_name}} subscription_id={{subscription_id}} resource_group={
 Sumo Logic Metrics source is currently in Beta, to participate, contact your Sumo Logic account executive.
 :::
 
-In the Sumo Logic Azure Metrics source configuration,
-
-- Tag the location field in the source with correct Azure resource location value. <br/><img src={useBaseUrl('img/integrations/microsoft-azure/Azure-Storage-Tag-Location.png')} alt="Azure Container Instance Tag Location" style={{border: '1px solid gray'}} width="400" />
+- To set up the Azure Metrics source in Sumo Logic, refer to the shared beta documentation.
 - Configure the namespaces as `Microsoft.ContainerService/managedClusters`, `microsoft.kubernetes/connectedClusters`, `microsoft.kubernetesconfiguration/extensions`, and `microsoft.hybridcontainerservice/provisionedClusters`. <br/><img src={useBaseUrl('img/integrations/microsoft-azure/azure-kubernetes-service-namespaces.png')} alt="Azure Container Instance Namespaces" style={{border: '1px solid gray'}} width="500" />
 
 ### Collecting logs for the Azure Kubernetes Cluster  

docs/integrations/product-list/product-list-a-l.md

@@ -217,7 +217,6 @@ For descriptions of the different types of integrations Sumo Logic offers, see [
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/ermes.png')} alt="Thumbnail icon" width="75"/> | [Ermes](https://www.ermes.company/) | Automation integration: [Ermes](/docs/platform-services/automation-service/app-central/integrations/ermes/) |
 | <img src={useBaseUrl('img/integrations/misc/eset-logo.png')} alt="Thumbnail icon" width="75"/> | [ESET](https://www.eset.com/us/) | Cloud SIEM integration: [ESET](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/ced86de0-64e4-4e7c-ae25-fb5b3dff3cb8.md) |
 | <img src={useBaseUrl('img/integrations/misc/exabeam-logo.svg')} alt="Thumbnail icon" width="75"/> | [Exabeam](https://www.exabeam.com/) | Cloud SIEM integration: [Exabeam](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/9d2d799d-2d6c-4894-a46f-0cce00641bcb.md) |
-| <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/exana-open-dns.png')} alt="Thumbnail icon" width="100"/> | [Exana](https://www.f6s.com/company/exana.io) | Automation integration: [Exana Open DNS](/docs/platform-services/automation-service/app-central/integrations/exana-open-dns/) |
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/exploit-database.png')} alt="Thumbnail icon" width="75"/> | [Exploit Database](https://www.exploit-db.com/) | Automation integration: [Exploit Database](/docs/platform-services/automation-service/app-central/integrations/exploit-database/) |
 | <img src={useBaseUrl('img/integrations/misc/extrahop-logo.png')} alt="Thumbnail icon" width="100"/>  | [ExtraHop](https://www.extrahop.com/)  | Cloud SIEM integration: [Extrahop](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/a8b03e2e-7497-4104-874d-cafd03aeb4c1.md) <br/>Community app: [Sumo Logic for ExtraHop Reveal(x) 360](https://github.com/SumoLogic/sumologic-content/tree/master/ExtraHop%20Reveal(x)%20360)  |
 

docs/platform-services/automation-service/app-central/integrations/exana-open-dns.md

@@ -18,7 +18,7 @@ All integrations require authentication to communicate between the vendor and Su
 
 ## Integrations
 
-Count of available integrations: 337
+Count of available integrations: 336
 
 import DocCardList from '@theme/DocCardList';
 import {useCurrentSidebarCategory} from '@docusaurus/theme-common';

docs/platform-services/automation-service/app-central/integrations/index.md

@@ -6,8 +6,8 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 <img src={useBaseUrl('/img/platform-services/automation-service/app-central/logos/microsoft-onedrive.png')} alt="microsoft-onedrive" width="100"/>
 
-***Version: 1.5  
-Updated: July 02, 2024***
+***Version: 1.6  
+Updated: April 25, 2025***
 
 Utilize and manipulate files for incident investigation using OneDrive.
 
@@ -36,4 +36,5 @@ import IntegrationsAuth from '../../../../reuse/integrations-authentication.md';
     - Updated ***Upload File*** action with the new Cloud SOAR API; results can now be saved as incident attachments and artifacts.
     - Added a new field to the Integration resource named ***Authentication Grant Type***. You can select a value based on the permissions added to your app:
       - Password (Delegated Context) 
-      - Client Credentials (Application Context)
+      - Client Credentials (Application Context)
+* April 25, 2025 (v1.6) - Changed required=False for username and password parsers in Integration file.

docs/platform-services/automation-service/app-central/integrations/microsoft-onedrive.md

@@ -0,0 +1,48 @@
+---
+id: copilot-unstructured-logs-beta
+title: Sumo Logic Copilot - Unstructured Logs Support (Beta)
+description: Streamline your log analysis with Sumo Logic Copilot, our AI-based assistant that simplifies log analysis by letting you ask questions in plain English, even for logs without a well-defined structure.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<head>
+  <meta name="robots" content="noindex" />
+</head>
+
+<p><a href="/docs/beta"><span className="beta">Beta</span></a></p>
+
+This feature is in Beta. For more information, contact your Sumo Logic account executive.
+
+Unstructured Logs Support for [Sumo Logic Copilot](/docs/search/copilot), our AI assistant, enables it to understand and provide insights from raw, text-based logs, even if they don't follow a structured format like JSON. This means you can ask questions in plain English and get meaningful results from nearly any log data, without requiring Field Extraction Rules (FERs).
+
+## What's new
+
+Currently, [Copilot works best on structured (JSON) logs](/docs/search/copilot/#compatible-log-formats). With this beta update, Copilot automatically applies parsing logic to unstructured logs, even if no FERs are configured.
+
+At this stage, Copilot prioritizes unstructured logs that are already used in dashboards, allowing it to surface insights from high-value log sources out-of-the-box. This means it won’t interpret all raw logs yet, but we’re actively working to broaden this support beyond dashboards.
+
+* **Broader coverage**. Copilot now parses and generates insights from unstructured log formats, even without FERs, making it useful for environments that include custom or inconsistent log types.
+* **Improved usability**. Ask questions in natural language. Copilot interprets your intent and suggests relevant searches, even for raw, non-JSON logs.
+* **Performance and reliability**. Response times and suggestion accuracy are consistent with Copilot’s structured log experience.
+* **Security and compliance**. The same strict data handling and privacy standards apply. Unstructured Logs Support builds on Copilot’s secure foundation.
+
+<!---No need to call it out until GA
+### Powered by Intelliparse mode
+Unstructured Logs Support is powered by [Intelliparse mode (Beta)](/docs/search/get-started-with-search/build-search/intelliparse-beta), a new parsing engine that automatically extracts fields from raw logs based on patterns already used in your dashboards. This eliminates the need for manual Field Extraction Rules (FERs) and allows Copilot to surface insights from unstructured logs out-of-the-box. Behind the scenes, Copilot injects a hidden `intelliparse` operator into relevant queries to make unstructured logs easier to work with.
+-->
+
+### Common use cases
+
+* **General log exploration**. Ask questions about unstructured logs that are already used in your dashboards, even if they lack predefined fields.
+* **Error triage**. Investigate frequently visualized log data to surface patterns and recurring issues in unstructured formats.
+* **Security insights**. Detect anomalies or signs of failed logins by querying raw logs already powering security dashboards.
+* **Smarter prioritization**. Copilot focuses on unstructured logs that are visualized in dashboards, helping you get meaningful insights from high-value data sources.
+
+## FAQ
+
+**Will Copilot interpret all my logs?**<br/>
+Copilot prioritizes unstructured logs that are already used in dashboards. This improves the relevance of insights and helps focus on high-value logs.
+
+**How is this different from structured log support?**<br/>  
+Structured logs have predefined fields, allowing Copilot to map queries directly. For unstructured logs, Copilot uses AI and parsing techniques to infer structure on the fly.

docs/search/copilot-unstructured-logs-beta.md

@@ -1,5 +1,5 @@
 ---
-id: intelliparse
+id: intelliparse-beta
 title: Intelliparse Mode (Beta)
 description: Intelliparse mode extends automatic parsing to unstructured logs, allowing you to search and filter logs even when they don’t follow a consistent format like JSON.
 ---
@@ -14,16 +14,14 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 This feature is currently available to select customers. Contact your Sumo Logic account representative to request access.
 
-We've introduced a new parsing mode in the Log Search UI: Intelliparse mode. It extends automatic parsing to unstructured logs, allowing you to search and filter logs even when they don’t follow a consistent format like JSON.
-
-<!-- link to Copilot unstructured logs doc -->
+We've introduced a new Log Search parsing mode called Intelliparse. It extends automatic parsing to unstructured logs, allowing you to search and filter logs even when they don’t follow a consistent format like JSON.
 
 ## Available parsing modes
 
 You can now choose from three parsing options in the log search UI:
 
 * **Intelliparse (new)**. Combines JSON parsing with automatic parsing of unstructured logs using pre-discovered parsers.
-* [**Auto Parse**](/docs/search/get-started-with-search/build-search/dynamic-parsing). JSON blocks within logs are automatically parsed.
+* **Auto Parse**. JSON blocks within logs are automatically parsed ([learn more](/docs/search/get-started-with-search/build-search/dynamic-parsing)).
 * **Manual**. No automatic parsing applied.
 
 <img src={useBaseUrl('img/search/get-started-search/build-search/log-search-parsing-modes.png')} alt="log-search-parsing-modes.png" style={{border: '1px solid gray'}} width="700"/>
@@ -76,7 +74,6 @@ Copilot uses Intelliparse mode in the background to:
 
 This integration allows Copilot to work with raw, unstructured log data; no setup required on your part.
 
-<!-- When Copilot - Unstructured Logs (Beta) doc has been published, crosslink from there...
-Want to learn more about Intelliparse mode? See how it works in Log Search
-https://sumologic.atlassian.net/browse/DOCS-752
---->
+:::tip
+Want to learn more about Intelliparse mode? [See how it works in Log Search](/docs/search/copilot-unstructured-logs-beta).
+:::