SumoLogic
diff --git a/‎docs/cse/rules/cse-rules-syntax.md‎
Lines changed: 1 addition & 6 deletions b/‎docs/cse/rules/cse-rules-syntax.md‎
Lines changed: 1 addition & 6 deletions
diff --git a/‎docs/integrations/microsoft-azure/azure-database-for-mysql.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/integrations/microsoft-azure/azure-database-for-mysql.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry.md‎
Lines changed: 15 additions & 11 deletions b/‎docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry.md‎
Lines changed: 15 additions & 11 deletions
@@ -645,16 +645,11 @@ When an entity is processed by a rule using the `hasThreatMatch` function and is
 Parameters:
 * **`<fields>`**. A list of comma-separated [field names](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/schema/full_schema.md). At least one field name is required.
 * **`<filters>`**. A logical expression using [indicator attributes](/docs/security/threat-intelligence/upload-formats/#normalized-json-format). Allowed in the filtering are parentheses `()`; `OR` and `AND` boolean operators; and comparison operators `=`, `<`, `>`, `=<`, `>=`, `!=`. <br/>You can filter on the following indicator attributes:
-   * `actors`. An identified threat actor such as an individual, organization, or group. 
    * `confidence` Confidence that the data represents a valid threat, where 100 is highest.  Malicious confidence scores from different sources are normalized and mapped to a 0-100 numerical value.
-   * `id`. ID of the indicator.
    * `indicator`. Value of the indicator, such as an IP address, file name, email address, etc. 
-   * `killChain`. The various phases an attacker may undertake to achieve their objectives (for example, `reconnaissance`, `weaponization`, `delivery`, `exploitation`, `installation`, `command-and-control`, `actions-on-objectives`).
    * `source`. The source in the Sumo Logic datastore displayed in the **Threat Intelligence** tab.
-   * `threatType`. The threat type of the indicator (for example, `anomalous-activity`, `anonymization`, `benign`, `compromised`, `malicious-activity`, `attribution`, `unknown`).
+   * `threat_type`. The threat type of the indicator (for example, `anomalous-activity`, `anonymization`, `benign`, `compromised`, `malicious-activity`, `attribution`, `unknown`).
    * `type`. The indicator type (for example, `ipv4-addr`, `domain-name`, `'file:hashes`, etc.)
-   * `validFrom`. Beginning time this indicator is valid.
-   * `validUntil`. Ending time this indicator is valid. 
 * **`<indicators>`**. An optional case insensitive option that describes how indicators should be matched with regard to their validity. Accepted values are:
    * `active_indicators`. Match active indicators only (default).
    * `expired_indicators`. Match expired indicators only.
 
@@ -184,7 +184,7 @@ import CreateMonitors from '../../reuse/apps/create-monitors.md';
 
 <CreateMonitors/>
 
-## Azure Database for MySQL alerts
+### Azure Database for MySQL alerts
 
 These alerts are metric based and will work for all Azure Database for MySQL.
 
 
@@ -11,6 +11,10 @@ import TabItem from '@theme/TabItem';
 
 <img src={useBaseUrl('img/integrations/microsoft-azure/sql.png')} alt="thumbnail icon" width="50"/> <img src={useBaseUrl('img/send-data/otel-color.svg')} alt="Thumbnail icon" width="45"/>
 
+:::note logs only
+This is a logs-only app. For collecting metrics and enabling comprehensive monitoring on both Linux and Windows, use the [Microsoft SQL Server - OpenTelemetry App](/docs/integrations/microsoft-azure/opentelemetry/sql-server-opentelemetry).
+:::
+
 The Sumo Logic app for Microsoft SQL Server is a logs-based app that provides insight into your SQL Server for Linux. The app consists of predefined dashboards, providing visibility into your environment for real-time or historical analysis on backup, restore mirroring, general health and operations of your system.
 
 This app has been tested with following SQL Server versions:
@@ -142,7 +146,7 @@ Following is the query from **Error and warning count** panel from the **SQL Ser
 
 ### Overview
 
-The **SQL Server - Overview** dashboard provides a snapshot overview of your SQL Server instance. Use this dashboard to understand CPU, memory, and disk utilization of your SQL Server(s) deployed in your cluster. This dashboard also provides login activities and methods by users.
+The **SQL Server Linux - Overview** dashboard provides a snapshot overview of your SQL Server instance. Use this dashboard to understand CPU, memory, and disk utilization of your SQL Server(s) deployed in your cluster. This dashboard also provides login activities and methods by users.
 
 Use this dashboard to:
 -   Keep track of deadlocks, errors, backup failures, mirroring errors, and insufficient space issue counts.
@@ -152,7 +156,7 @@ Use this dashboard to:
 
 ### General Health
 
-The **SQL Server - General Health** dashboard provides you the overall health of SQL Server. Use this dashboard to analyze server events including stopped/up servers and its corresponding down/uptime, monitor disk space percentage utilization, wait time trend, and app-domain issues by SQL server.
+The **SQL Server Linux - General Health** dashboard provides you the overall health of SQL Server. Use this dashboard to analyze server events including stopped/up servers and its corresponding down/uptime, monitor disk space percentage utilization, wait time trend, and app-domain issues by SQL server.
 
 Use this dashboard to:
 
@@ -164,7 +168,7 @@ Use this dashboard to:
 
 ### Backup Restore Mirroring
 
-The **SQL Server - Backup Restore Mirroring** dashboard provides information about:
+The **SQL Server Linux - Backup Restore Mirroring** dashboard provides information about:
 
 -   Transaction log backup events
 -   Database backup events
@@ -176,7 +180,7 @@ The **SQL Server - Backup Restore Mirroring** dashboard provides information abo
 
 ### Operations
 
-The **SQL Server - Operations** dashboard displays recent server configuration changes, number and type of configuration updates, error and warnings, high severity error, and warning trends.
+The **SQL Server Linux - Operations** dashboard displays recent server configuration changes, number and type of configuration updates, error and warnings, high severity error, and warning trends.
 
 Use this dashboard to:
 
@@ -195,10 +199,10 @@ import CreateMonitors from '../../../reuse/apps/create-monitors.md';
 
 | Name | Description | Alert Condition | Recover Condition |
 |:--|:--|:--|:--|
-| `SQL Server - AppDomain` | This alert is triggered when AppDomain-related issues are detected in your SQL Server instance. | Count `>=` 1 | Count `<` 1 |
-| `SQL Server - Backup Fail` | This alert is triggered when the SQL Server backup fails. | Count `>=` 1 | Count `<` 1 |
-| `SQL Server - Deadlock` | This alert is triggered when deadlocks are detected in a SQL Server instance. | Count `>` 5 | Count `<=` 5 |
-| `SQL Server - Instance Down` | This alert is triggered when the SQL Server instance is down for 5 minutes. | Count `>` 0 | Count `<=` 0 |
-| `SQL Server - Insufficient Space` | This alert is triggered when the SQL Server instance cannot allocate a new page for the database due to insufficient disk space in the filegroup. | Count `>` 0 | Count `<=` 0 |
-| `SQL Server - Login Fail` | This alert is triggered when the user is unable to login to the SQL Server. | Count `>=` 1 | Count `<` 1 |
-| `SQL Server - Mirroring Error` | This alert is triggered when an error occurs in SQL Server mirroring. | Count `>=` 1 | Count `<` 1 |
+| `SQL Server Linux - AppDomain` | This alert is triggered when AppDomain-related issues are detected in your SQL Server instance. | Count `>=` 1 | Count `<` 1 |
+| `SQL Server Linux - Backup Fail` | This alert is triggered when the SQL Server backup fails. | Count `>=` 1 | Count `<` 1 |
+| `SQL Server Linux - Deadlock` | This alert is triggered when deadlocks are detected in a SQL Server instance. | Count `>` 5 | Count `<=` 5 |
+| `SQL Server Linux - Instance Down` | This alert is triggered when the SQL Server instance is down for 5 minutes. | Count `>` 0 | Count `<=` 0 |
+| `SQL Server Linux - Insufficient Space` | This alert is triggered when the SQL Server instance cannot allocate a new page for the database due to insufficient disk space in the filegroup. | Count `>` 0 | Count `<=` 0 |
+| `SQL Server Linux - Login Fail` | This alert is triggered when the user is unable to login to the SQL Server. | Count `>=` 1 | Count `<` 1 |
+| `SQL Server Linux - Mirroring Error` | This alert is triggered when an error occurs in SQL Server mirroring. | Count `>=` 1 | Count `<` 1 |