Merge branch 'main' into Ddecember-Release-(apps)

Author: JV0812

blog-cse/2024-12-20-content.md

@@ -0,0 +1,58 @@
+---
+title: December 20, 2024 - Content Release
+hide_table_of_contents: true
+keywords:
+  - log mappers
+  - log parsers
+  - detection rules
+image: https://help.sumologic.com/img/sumo-square.png  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+- New product support for Dragos WorldView Threat Intelligence, Mindpoint Proactive Security Services, and Trust IAM (Identity and Access Management).
+- AWS Cloudtrail updates.
+    - Adds alternate mapping for `user_userId` in anticipation of AWS Identity Center CloudTrail logging change. For more information on the change, see [Important changes to CloudTrail events for AWS IAM Identity Center](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/).
+- Parsing and mapping updates for Palo Alto Firewall and Cisco Firepower.
+- Rule updates.
+
+Changes are are enumerated below.
+
+## Rules
+- [Deleted] FIRST-S00029 First Seen Successful Authentication From Unexpected Country
+    - Rule has been replaced by FIRST-S00065 as this version was not enabled by default.
+- [Updated] FIRST-S00046 First Seen Client Generating MailIItemsAccessed Event from User
+    - Updated "First Seen" value from ClientInfoString to Client to reduce false positives.
+- [Updated] FIRST-S00065 First Seen Successful Authentication From Unexpected Country
+    - Replaces FIRST-S00029.
+
+## Log Mappers
+- [New] Dragos Catch All
+- [New] Mindpoint Group Keeper Authentication
+- [New] Mindpoint Group Keeper Catch All
+- [New] Trust Login Authentication
+- [New] Trust Login Catch All
+- [Updated] CloudTrail - application-insights.amazonaws.com - ListApplications
+- [Updated] CloudTrail - signin.amazonaws.com - All AwsConsoleSignIn events
+- [Updated] CloudTrail - sso.amazonaws.com - Federate|ListProfilesForApplication
+- [Updated] CloudTrail Default Mapping
+- [Updated] Firepower Catch All
+    - Additional new field mappings to support Firepower events and improve records classification.
+- [Updated] Palo Alto Config - Custom Parser
+    - Adds alternate field mappings.
+- [Updated] Palo Alto System - Custom Parser
+    - Adds alternate field mappings.
+- [Updated] Palo Alto System Auth - Custom Parser
+     - Support additional panorama-auth-success and alternate fields for mapped fields.
+
+## Parsers
+- [New] /Parsers/System/Dragos/Dragos
+- [New] /Parsers/System/Mindpoint Group/Mindpoint Group Keeper
+- [New] /Parsers/System/Trust Login/Trust Login
+- [Updated] /Parsers/System/Cisco/Cisco Firepower Syslog
+    - Adds support for FTD 430002 and 430003 events.
+- [Updated] /Parsers/System/Palo Alto/PAN Firewall LEEF
+    - Adds support for 'panorama-auth-success' events and improves timestamp handling.

cid-redirects.json

@@ -82,6 +82,7 @@
   "/Start_Here/About_Sumo_Logic/Status_and_Scheduled_Maintenance": "/docs/get-started/help",
   "/Start_Here/About_Sumo_Logic/Sumo_Logic_Support_Terms_and_Conditions": "/docs/get-started/support-terms",
   "/Start_Here/Analyst_or_Administrator": "/docs/get-started/onboarding-checklists",
+  "/Start_Here/Customize_Your_Sumo_Logic_Experience": "/docs/get-started",
   "/Start_Here/Getting_Started": "/docs/get-started",
   "/Start_Here/Getting_Started/Analyst_or_Administrator": "/docs/get-started/onboarding-checklists",
   "/Start-Here/09Customize-Your-Sumo-Logic-Experience/Preferences-Page": "/docs/get-started/account-settings-preferences",
@@ -296,6 +297,7 @@
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/Google_Workspace_Source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Google": "/docs/send-data/hosted-collectors/google-source",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Google-Cloud-Platform-Source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-source",
+  "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/config-based-source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source",
   "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-bigquery": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/Microsoft_Azure_AD_Inventory_Source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Cloud-to-Cloud_Integration_Framework/Microsoft_Graph_Security_API_Source": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source",
@@ -2967,7 +2969,9 @@
   "/Internal_Writers/Topic_Archive/Parse_by_Data_Type/Parse_Apache_Logs/Parse_Apache_Access_Logs": "/docs/search/get-started-with-search/suggested-searches/apache-access-parser",
   "/Internal_Writers/Topic_Archive/Parse_by_Data_Type/Parse_Apache_Logs/Parse_Apache_Error_Logs": "/docs/search/get-started-with-search/suggested-searches/apache-errors-parser",
   "/Internal_Writers/Topic_Archive/Parse_by_Data_Type/Parse_Cisco_ASA_Logs": "/",
+  "/Knowledge_Base/Apps": "/docs/integrations",
   "/Knowledge_Base/Search/How_to_Prevent_your_Scheduled_Search_from_Timing_Out": "/docs/alerts/scheduled-searches/faq",
+  "/Limited_Availability/Lookup_Tables/lookupContains_Operator": "/docs/search/search-query-language/search-operators/lookupcontains",
   "/Manage": "/docs/manage",
   "/Manage/01Manage_Subscription": "/docs/manage/manage-subscription",
   "/Manage/01Manage_Subscription/00Cloud_Flex_Credits_Accounts": "/docs/manage/manage-subscription/upgrade-sumo-logic-credits-account",
@@ -3351,11 +3355,13 @@
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_API_Gateway/AWS_API_Gateway_Dashboards": "/docs/observability/aws/integrations/aws-api-gateway",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_Application_Load_Balancer": "/docs/observability/aws/integrations/aws-application-load-balancer",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_Application_Load_Balancer/AWS_Application_Load_Balancer_Dashboards": "/docs/observability/aws/integrations/aws-application-load-balancer",
+"/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_Observability_DynamoDB/View_the_AWS_Observability_DynamoDB_Dashboards": "/docs/observability/aws/integrations/aws-dynamodb",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_DynamoDB": "/docs/observability/aws/integrations/aws-dynamodb",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_DynamoDB/AWS_DynamoDB_Dashboards": "/docs/observability/aws/integrations/aws-dynamodb",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_EC2": "/docs/observability/aws/integrations/aws-ec2-host-metrics",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_EC2_Metrics/AWS_EC2_Metrics_Dashboards": "/docs/observability/aws/integrations/aws-ec2-host-metrics",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_EC2/AWS_EC2_Dashboards": "/docs/observability/aws/integrations/aws-ec2-host-metrics",
+  "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_EC2_Metrics": "/docs/observability/aws/integrations/aws-ec2-metrics",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_EC2_Metrics": "/docs/observability/aws/integrations/aws-ec2-metrics",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_Lambda": "/docs/observability/aws/integrations/aws-lambda",
   "/Observability_Solution/AWS_Observability_Solution/AWS_Observability_Apps/AWS_Lambda/AWS_Lambda_Dashboards": "/docs/observability/aws/integrations/aws-lambda",
@@ -3850,6 +3856,7 @@
   "/Search/Search-Query-Language/Aggregate-Functions/stats-count": "/docs/search/search-query-language/group-aggregate-operators/count-count-distinct-and-count-frequent",
   "/Search/Search-Query-Language/Search-Operators/save": "/docs/search/search-query-language/search-operators/save",
   "/Search/Search-Query-Language/Search-Operators/where": "/docs/search/search-query-language/search-operators/where",
+  "/Send_Data/Collect_from_Other_Data_Sources": "/docs/send-data/collect-from-other-data-sources",
   "/Send_Data/Collect_from_Other_Data_Sources/Amazon_CloudWatch_Logs": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",
   "/Send_Data/Data_Types/016Amazon_S3_Audit_App": "/docs/integrations/amazon-aws/s3-audit",
   "/Send_Data/Data_Types/Akamai_Cloud_Monitor/01_Collect_Logs_for_Akamai_Cloud_Monitor_App": "/docs/integrations/saas-cloud/akamai-cloud-monitor",
@@ -3874,6 +3881,7 @@
   "/Send_Data/Installed_Collectors/05Reference_Information_for_Collector_Installation/04Add_a_Collector_to_a_Linux_Machine_Image": "/docs/send-data/installed-collectors/collector-installation-reference/add-collector-linux-machine-image",
   "/Send_Data/Installed_Collectors/05Reference_Information_for_Collector_Installation/02Download_a_Collector_from_a_Static_URL": "/docs/send-data/installed-collectors/collector-installation-reference/download-collector-from-static-url",
   "/Send_Data/Installed_Collectors/05Reference_Information_for_Collector_Installation/Advanced_UI_Installer_Settings": "/docs/send-data/installed-collectors/collector-installation-reference/advanced-ui-installer-settings",
+  "/Send_Data/Installed_Collectors/Configure_Limits_for_Collector_Caching": "/docs/send-data/installed-collectors/configuration",
   "/Send_Data/Installed_Collectors/Supporting_Information_for_Collector_Installation/Set_a_Collector_as_Ephemeral": "/docs/send-data/installed-collectors/collector-installation-reference/set-collector-as-ephemeral",
   "/Send_Data/Sources/02Sources_for_Hosted_Collectors/AWS_S3_Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
   "/Send_Data/Sources/02Sources_for_Hosted_Collectors/AWS_IP_Address_Range": "/docs/send-data/hosted-collectors/amazon-aws",
@@ -3910,6 +3918,7 @@
   "/Send-Data/Applications-and-Other-Data-Sources/Azure_SQL/Collect_Logs_and_Metrics_for_Azure_SQL": "/docs/integrations/microsoft-azure/sql",
   "/Send-Data/Applications-and-Other-Data-Sources/Azure_SQL/Install_the_Azure_SQL_App_and_View_the_Dashboards": "/docs/integrations/microsoft-azure/sql",
   "/Send-Data/Applications-and-Other-Data-Sources/Cylance/Cylance-App-Dashboard": "/docs/integrations/security-threat-detection/cylance",
+  "/Send-Data/Applications-and-Other-Data-Sources/DynamoDB/Install-the-DynamoDB-App-and-view-the-Dashboards": "/docs/integrations/amazon-aws/dynamodb",
   "/Send-Data/Applications-and-Other-Data-Sources/Fastly": "/docs/integrations/saas-cloud/fastly",
   "/Send-Data/Applications-and-Other-Data-Sources/Fastly/01Collect-Logs-for-Fastly": "/docs/integrations/saas-cloud/fastly",
   "/Send-Data/Applications-and-Other-Data-Sources/Fastly/03Fastly-App-Dashboards": "/docs/integrations/saas-cloud/fastly",
@@ -4080,7 +4089,7 @@
   "/docs/cse/records-signals-entities-insights/insight-generation-process": "/docs/cse/get-started-with-cloud-siem/insight-generation-process",
   "/docs/cse/get-started-with-cloud-siem/introduction-to-cloud-siem": "/docs/cse/get-started-with-cloud-siem",
   "/docs/cse/cloud-siem-content-catalog": "/docs/cse/get-started-with-cloud-siem/cloud-siem-content-catalog",
-  "/docs/cse/introduction-to-cloud-sie": "/docs/cse/get-started-with-cloud-siem",
+  "/docs/cse/introduction-to-cloud-siem": "/docs/cse/get-started-with-cloud-siem",
   "/docs/integrations/sumo-apps/security-foundations": "/docs/integrations/sumo-apps/security-analytics",
   "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-amazon-kinesis": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",
   "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-collector-script": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",

docs/alerts/monitors/alert-response.md

@@ -20,6 +20,20 @@ import Iframe from 'react-iframe';
 
 Learn how to use alert response.
 
+
+<Iframe url="https://fast.wistia.net/embed/iframe/elkucyy4ap?web_component=true&seo=true&videoFoam=false"
+  width="854px"
+  height="480px"
+  title="Micro Lesson: Using Alert Response Video"
+  id="wistiaVideo"
+  className="video-container"
+  display="initial"
+  position="relative"
+  allow="autoplay; fullscreen"
+  allowfullscreen
+/>
+
+<!-- old
 <Iframe url="https://www.youtube.com/embed/3FHomBuFyV8?rel=0"
         width="854px"
         height="480px"
@@ -30,6 +44,7 @@ Learn how to use alert response.
         allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
         allowfullscreen
         />
+-->
 
 :::
 

docs/alerts/monitors/create-monitor.md

@@ -5,6 +5,7 @@ description: Learn how to create a Sumo Logic monitor.
 ---
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
+import Iframe from 'react-iframe';
 
 This guide will walk you through the steps of creating a monitor in Sumo Logic, from setting up trigger conditions to configuring advanced settings, notifications, and playbooks.
 
@@ -87,7 +88,7 @@ Set specific threshold conditions for well-defined KPIs with constant thresholds
 
 #### Anomaly
 
-Leverage machine learning to identify unusual behavior and suspicious patterns by establishing baselines for normal activity. This [*AI-driven alerting*](https://www.youtube.com/watch?v=nMRoYb1YCfg) system uses historical data to minimize false positives and alerts you to deviations.
+Leverage machine learning to identify unusual behavior and suspicious patterns by establishing baselines for normal activity. This *AI-driven alerting* system uses historical data to minimize false positives and alerts you to deviations.
 
 * **Model-driven detection**. Machine learning models create accurate baselines, eliminating guesswork and noise.
 * **AutoML**. The system self-tunes with seasonality detection, minimizing user intervention and adjusting for recurring patterns to reduce false positives.
@@ -96,6 +97,35 @@ Leverage machine learning to identify unusual behavior and suspicious patterns b
 * **Auto-diagnosis and recovery**. The Automation Service handles diagnosis and resolution, closing the loop from alert to recovery.
 * **Customizable detection**. Use advanced rules like "Cluster anomalies" to detect multiple data points exceeding thresholds within a set timeframe.
 
+:::sumo Micro Lesson
+Learn about AI-driven alerting.
+
+<Iframe url="https://fast.wistia.net/embed/iframe/8z9b2zqtc3?web_component=true&seo=true&videoFoam=false"
+  width="854px"
+  height="480px"
+  title="Micro Lesson: AI-driven Alerting Video"
+  id="wistiaVideo"
+  className="video-container"
+  display="initial"
+  position="relative"
+  allow="autoplay; fullscreen"
+  allowfullscreen
+/>
+
+<!-- old
+<Iframe url="https://www.youtube.com/embed/nMRoYb1YCfg?rel=0"
+        width="854px"
+        height="480px"
+        id="myId"
+        className="video-container"
+        display="initial"
+        position="relative"
+        allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
+        allowfullscreen
+        />
+-->
+:::
+
 **Use Outlier**
 
 If you want to trigger alerts on outlier direction rather than anomaly detection, select **Anomaly** and enable **Use Outlier**. This detects unusual changes or spikes in a time series of a key indicator. Use this detection method when you are alerting on KPIs that don't have well-defined constant thresholds for what's good and bad. You want the monitor to automatically detect and alert on unusual changes or spikes on the alerting query. For example, application KPIs like page request, throughput, and latency. <br/><img src={useBaseUrl('img/alerts/monitors/monitor-detector-types-for-anomaly.png')} alt="Screenshot of the Monitor Type and Detection Method options in Sumo Logic's 'New Monitor' setup page. Logs is selected as the Monitor Type, and Anomaly is selected as the Detection Method. There is an option to use Outlier detection, which is currently toggled off." width="300"/>

docs/alerts/monitors/use-playbooks-with-monitors.md

@@ -6,6 +6,7 @@ description: Learn how to use Automation Service playbooks with monitors.
 ---
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
+import Iframe from 'react-iframe';
 
 This article describes how to configure automated playbooks in monitors. An *automated playbook* is a [playbook in the Automation Service](/docs/platform-services/automation-service/automation-service-playbooks/), and is a predefined set of actions and conditional statements that run in an automated workflow to respond to an event. For example, suppose that a monitor detects suspicious behavior that could indicate a security problem. When the monitor sends the alert, it could also run an automated playbook to respond to the event.
 
@@ -83,21 +84,34 @@ An anomaly monitor is triggered when unusual conditions are detected. Anomaly mo
 Weekly seasonality detection is turned off by default to optimize performance. [Contact Sumo Logic Customer Support](https://support.sumologic.com/support/s/contactsupport) to activate it for specific monitors. (*Weekly seasonality detection* is the optimization of baseline calculations to account for the variations of data flow that can occur in a work week.)
 :::
 
+:::sumo Micro Lesson
 Watch this micro lesson to learn about anomaly monitors.
 
+<Iframe url="https://fast.wistia.net/embed/iframe/8z9b2zqtc3?web_component=true&seo=true&videoFoam=false"
+  width="854px"
+  height="480px"
+  title="Micro Lesson: AI-driven Alerting Video"
+  id="wistiaVideo"
+  className="video-container"
+  display="initial"
+  position="relative"
+  allow="autoplay; fullscreen"
+  allowfullscreen
+/>
+
+<!-- old
 <Iframe url="https://www.youtube.com/embed/nMRoYb1YCfg?rel=0"
-     width="854px"
-     height="480px"
-     id="myId"
-     className="video-container"
-     display="initial"
-     position="relative"
-     allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
-     allowfullscreen
-     />
-
-import Iframe from 'react-iframe';
-
+        width="854px"
+        height="480px"
+        id="myId"
+        className="video-container"
+        display="initial"
+        position="relative"
+        allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
+        allowfullscreen
+        />
+-->
+:::
 
 To create an anomaly monitor that runs an automated playbook in response to an alert:
 

docs/apm/real-user-monitoring/configure-data-collection.md

@@ -14,6 +14,19 @@ To collect [traces](/docs/apm/traces) and RUM metrics from a browser, you'll fir
 :::sumo Micro Lesson
 Using the RUM HTTP Traces App for Manual Testing.
 
+<Iframe url="https://fast.wistia.net/embed/iframe/qmxk5wxqu5?web_component=true&seo=true&videoFoam=false"
+  width="854px"
+  height="480px"
+  title="Using the RUM HTTP Traces App for Manual Testing Video"
+  id="wistiaVideo"
+  className="video-container"
+  display="initial"
+  position="relative"
+  allow="autoplay; fullscreen"
+  allowfullscreen
+/>
+
+<!-- old 
 <Iframe url="https://www.youtube.com/embed/CduT1sqSPmE?rel=0"
         width="854px"
         height="480px"
@@ -24,7 +37,7 @@ Using the RUM HTTP Traces App for Manual Testing.
         allow="accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
         allowfullscreen
         />
-
+--> 
 :::
 
 ## Prerequisites