Merge branch 'main' into docs-235-historical-baselines

Author: jpipkin1

blog-cse/2025-05-23-content.md

@@ -0,0 +1,51 @@
+---
+title: May 23, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes:
+- Rule update
+- New support for CommScope Ruckus SmartZone
+- Additional mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell
+- Updates for existing mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell
+    - Added normalizedAction and action fields to Windows PowerShell mappers
+- Changes to Windows PowerShell JSON parsing to support additional log formats
+
+Changes are enumerated below.
+
+
+### Rules
+- [Updated] MATCH-S00068 O365 - Users Password Changed
+    - Updated to use targetUser_username
+
+### Log mappers
+- [New] CommScope Ruckus SmartZone Default
+- [New] CrowdStrike FDR - DNSRequest
+- [New] Google G Suite - login - risky_sensitive_action_allowed
+- [New] Google G Suite - login challange
+- [New] Windows - Windows PowerShell
+- [Updated] CrowdStrike Falcon Host API DetectionSummaryEvent (CNC)
+    - Added alternate field for threat_name
+- [Updated] CrowdStrike Falcon Host API IdpDetectionSummaryEvent (CNC)
+    - Added alternate field for threat_name
+- [Updated] Google G Suite - login - password_change/recovery_info_change
+    - Added additional mapped fields
+- [Updated] Google G Suite - login.login
+    - Added additional mapped fields
+- [Updated] Google G Suite - logout
+    - Added additional mapped fields
+- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4103
+- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4104
+- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4105
+- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4106
+
+### Parsers
+- [New] /Parsers/System/CommScope/CommScope Ruckus SmartZone
+- [Updated] /Parsers/System/Microsoft/Windows PowerShell-JSON

blog-service/2025-05-21-apps.md

@@ -0,0 +1,12 @@
+---
+title: Kaltura (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - kaltura
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new Kaltura app for Sumo Logic. This app enables you to gain valuable insights into the critical aspects of your platform operations, such as total entries, user activity trends, and event distributions, helping you monitor, secure, and optimize your content management strategies effectively. [Learn more](/docs/integrations/saas-cloud/kaltura).

blog-service/2025-05-29-manage.md

@@ -0,0 +1,15 @@
+---
+title: Access Key Rotation (Manage)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - manage
+  - organizations
+  - mssps
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're happy to introduce a new way to rotate access keys, as well as a new access keys expiration policy. Together these help to make your account more secure by encouraging regular API key updates.
+
+[Learn more](/docs/manage/security/access-keys/#access-keys-expiration-policy).

cid-redirects.json

@@ -440,7 +440,6 @@
   "/05Search/Get-Started-with-Search/Visualizations/Group-By-Operator": "/docs/search/search-query-language/search-operators",
   "/05Search/Live-Tail": "/docs/search/live-tail",
   "/05Search/Live-Tail/About-Live-Tail": "/docs/search/live-tail/about-live-tail",
-  "/Search": "/docs/search",
   "/Search/Anomaly_Detection": "/docs/alerts/monitors/create-monitor",
   "/Search/Live-Tail": "/docs/search/live-tail/about-live-tail",
   "/Search/Live-Tail/About-Live-Tail": "/docs/search/live-tail/about-live-tail",
@@ -1640,6 +1639,7 @@
   "/cid/6026": "/docs/integrations/saas-cloud/sumo-collection",
   "/cid/6027": "/docs/integrations/saas-cloud/sysdig-secure",
   "/cid/6028": "/docs/integrations/saas-cloud/bitwarden",
+  "/cid/6029": "/docs/integrations/saas-cloud/kaltura",
   "/cid/6030": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/snowflake-logs-source",
   "/cid/10112": "/docs/integrations/app-development/jfrog-xray",
   "/cid/10113": "/docs/observability/root-cause-explorer",
@@ -3115,6 +3115,8 @@
   "/Manage/Collection/Processing-Rules/Metrics_Include_and_Exclude_Rules": "/docs/send-data/collection/processing-rules/metrics-include-and-exclude-rules",
   "/Manage/Collection/Restart_Collectors": "/docs/send-data/collection/restart-collectors",
   "/Manage/Collectors_and_Sources/Processing_Rules": "/docs/send-data/collection/processing-rules",
+  "/Manage/Collectors_and_Sources/Manage_Collectors/Edit_a_Collector": "/docs/send-data/collection/edit-collector",
+  "/Manage/Collectors_and_Sources/Manage_Sources": "/docs/send-data/collection",
   "/Manage/Connections-and-Integrations": "/docs/alerts/webhook-connections",
   "/docs/manage/connections-integrations/webhook-connections": "/docs/alerts/webhook-connections",
   "/docs/manage/connections-integrations/webhook-connections/set-up-webhook-connections": "/docs/alerts/webhook-connections/set-up-webhook-connections",
@@ -3308,6 +3310,7 @@
   "/Manage/Security/Access_Keys": "/docs/manage/security/access-keys",
   "/Manage/Security/Access_Keys/Create_Access_Keys": "/docs/manage/security/access-keys",
   "/Manage/Security/Audit_Event_Index": "/docs/manage/security/audit-indexes/audit-event-index",
+  "/docs/audit/audit-events": "/docs/manage/security/audit-indexes",
   "/Manage/Security/Audit-Index": "/docs/manage/security/audit-indexes/audit-index",
   "/Manage/Security/Create-an-Allowlist-for-IP-or-CIDR-Addresses": "/docs/manage/security/create-allowlist-ip-cidr-addresses",
   "/Manage/Security/Create-a-Whitelist-for-IP-or-CIDR-Addresses": "/docs/manage/security/create-allowlist-ip-cidr-addresses",
@@ -3581,6 +3584,7 @@
   "/Send_Data/Sources/Script_Source/Cron_Examples_and_Reference": "/docs/send-data/installed-collectors/sources/script-source/cron-examples-reference",
   "/Send_Data/Sources/Source_timestamp_and_time_zone_options/Timestamp_conventions": "/docs/send-data/reference-information/time-reference",
   "/Send_Data/Sources/AWS_S3_Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
+  "/Send_Data/Sources/Amazon_S3_Audit_Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
   "/Send_Data/01_Design_Your_Deployment/Best_Practices:_Good_Source_Category,_Bad_Source_Category": "/docs/send-data/best-practices",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services": "/docs/send-data/hosted-collectors/amazon-aws",
   "/03Send-Data/Sources/02Sources-for-Hosted-Collectors/Amazon_Web_Services/AWS_S3_Source": "/docs/send-data/hosted-collectors/amazon-aws/aws-s3-source",
@@ -3873,6 +3877,7 @@
   "/Beta/Installation_Tokens": "/docs/manage/security/installation-tokens",
   "/Beta/Metadata_Ingest_Budgets": "/docs/manage/ingestion-volume/ingest-budgets/daily-volume",
   "/Beta/Metrics-Rules": "/docs/metrics/metric-rules-editor",
+  "/Beta/Monitors": "/docs/alerts/monitors",
   "/Beta/Saved_beta_content/Beta---Library/Apps_in_Sumo_Logic/01_Sumo_Logic_Apps": "/docs/integrations",
   "/Beta/SLO_Reliability_Management": "/docs/observability/reliability-management-slo",
   "/Beta/SLO_Reliability_Management/Access_and_Create_SLOs": "/docs/observability/reliability-management-slo",
@@ -3887,6 +3892,7 @@
   "/Dashboards_and_Alerts/Alerts/Create_a_Real_Time_Alert": "/docs/alerts/scheduled-searches/create-real-time-alert",
   "/Dashboards_and_Alerts/Alerts/Save_to_Index": "/docs/alerts/scheduled-searches/save-to-index",
   "/Dashboards-and-Alerts/Alerts": "/docs/alerts",
+  "/Dashboards-and-Alerts/Alerts/01-Scheduled-Searches": "/docs/alerts/scheduled-searches",
   "/Dashboards-and-Alerts/Alerts/02-Schedule-a-Search": "/docs/alerts/scheduled-searches/schedule-search",
   "/Dashboards-and-Alerts/Alerts/Create-an-Email-Alert": "/docs/alerts/scheduled-searches/create-email-alert",
   "/Dashboards-and-Alerts/Alerts/04-Create-an-Email-Alert": "/docs/alerts/scheduled-searches/create-email-alert",

docs/api/getting-started.md

@@ -87,7 +87,7 @@ Sumo Logic has several deployments that are assigned depending on the geographic
 
 Sumo Logic redirects your browser to the correct login URL and also redirects Collectors to the correct endpoint. However, if you're using an API you'll need to manually direct your API client to the correct Sumo Logic API URL.
 
-<table><small>
+<table>
   <tr>
    <td>Deployment</td>
    <td>Service Endpoint (login URL)</td>
@@ -183,7 +183,6 @@ https://endpoint9.collection.us2.sumologic.com/</td>
    <td>syslog.collection.us2.sumologic.com</td>
    <td>https://open-collectors.us2.sumologic.com</td>
   </tr>
-  </small>
   </table>
 
 ### Which endpoint should I should use?

docs/apm/traces/search-query-language-support-for-traces.md

@@ -39,7 +39,7 @@ A Keyword Search Expression defines the scope of data for the query. You need to
 
 In scenarios where users are not familiar with the schema and would like to search across all the fields, `_any` modifier provides a means to search for a specified value from all of the Ingest Time Fields in your data. For example, to search for data with any field that has a value of success you would put `_any=success` in the scope of your query.
 
-Syntax: `_any<value>`
+Syntax: `_any=<value>`
 
 The `_any` option is not supported outside of the scope of a query. This is supported for the Security and Tracing tiers.
 

docs/cse/get-started-with-cloud-siem/intro-for-administrators.md

@@ -59,7 +59,7 @@ As a Cloud SIEM admin, you'll use both the Sumo Logic UI and the Cloud SIEM UI.
 
 | Sumo Logic UI | Cloud SIEM UI |
 | :-- | :-- |
-| <ul><li>Add collectors and data sources.</li><li>Write field extraction rues.</li><li>Configure partitions and data tiers</li><li>Forward data to Cloud SIEM.</li><li>Configure RBAC controls.</li></ul> | <ul><li>Configure log and ingest mappings.</li><li>Create custom content, such as rules, match lists, and insights.</li><li>Customize actions, context actions, and other workflows.</li></ul>|
+| <ul><li>Add collectors and data sources.</li><li>Write field extraction rules.</li><li>Configure partitions and data tiers</li><li>Forward data to Cloud SIEM.</li><li>Configure RBAC controls.</li></ul> | <ul><li>Configure log and ingest mappings.</li><li>Create custom content, such as rules, match lists, and insights.</li><li>Customize actions, context actions, and other workflows.</li></ul>|
 
 In the Sumo Logic UI, you'll add the collectors and data sources that will be used in Cloud SIEM. You can write field extraction rules, which help parse your logs so they can be better used as records in Cloud SIEM. You can also configure partitions and data tiers in Sumo Logic, and decide which data gets forwarded to Cloud SIEM. Finally, you configure users and roles for both Sumo Logic and Cloud SIEM using the Sumo Logic interface. 
 

docs/integrations/amazon-aws/aws-privatelink.md

@@ -37,7 +37,7 @@ With the NLB-created and ALB-registered as a target, requests over AWS PrivateL
 
 Sumo Logic exposes AWS PrivateLink endpoints to different [regions that depend on your Sumo Logic deployment](/docs/api/getting-started/#sumo-logic-endpoints-by-deployment-and-firewall-security). If you're using the VPC in a different region where the Sumo Logic PrivateLink endpoint service is set up, you need to set up VPC peering. Either way, you need to create an endpoint.
 
-<table><small>
+<table>
   <tr>
     <td><strong>Deployment</strong></td>
     <td><strong>Collection Endpoint</strong></td>
@@ -107,7 +107,7 @@ https://endpoint9.collection.us2.sumologic.com</td>
     <td>https://open-collectors.us2.sumologic.com</td>
     <td>us-west-2</td>
   </tr>
-</small></table>
+</table>
 
 
 ### Create an endpoint to connect with the Sumo Logic endpoint service

docs/integrations/amazon-aws/global-intelligence-cloudtrail-secops.md

@@ -51,7 +51,7 @@ This application relies on 45 Scheduled Searches that Save to two different Inde
 <details>
 <summary>View the list of Scheduled Searches (<strong>click to expand</strong>)</summary>
 
-<table><small>
+<table>
   <tr>
     <td><strong>Folder</strong></td>
     <td><strong>Scheduled Search Name (prefixed with gis_benchmarks)</strong></td>
@@ -282,7 +282,7 @@ This application relies on 45 Scheduled Searches that Save to two different Inde
     <td>S3_ListBuckets</td>
     <td>Counts S3 events related to listing buckets.</td>
   </tr>
-</small></table>
+</table>
 
 * To reduce false positives, the benchmarks and application filter out AWS CloudTrail events from legitimate cloud services including AWS itself and CloudHealth by VMware.
 * Security posture requirements may vary between AWS accounts for a given customer. For example, development accounts might have less strict controls than production accounts. The app supports filtering findings by AWS account ID to facilitate AWS account level posture assessment.

docs/integrations/app-development/jfrog-artifactory.md

@@ -114,7 +114,7 @@ In this step, you configure four local file sources, one for each log source lis
 
 The following suffixes are required. For example, you could use `_sourceCategory=<Foo>/artifactory/console`, but the suffix **artifactory/console** must be used.
 
-<table><small>
+<table>
   <tr>
    <td><strong>Log source</strong></td>
    <td><strong>File Path</strong></td>
@@ -139,7 +139,7 @@ The following suffixes are required. For example, you could use `_sourceCategory
    <td>Traffic</td>
    <td>$JFROG_HOME/&#60;product&#62;/var/log/artifactory-traffic.*.log</td>
    <td>artifactory/traffic</td>
-  </tr></small>
+  </tr>
 </table>
 
 :::note