SumoLogic
diff --git a/‎.clabot‎
Lines changed: 2 additions & 1 deletion b/‎.clabot‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎blog-cse/2025-01-14-content.md‎
Lines changed: 4 additions & 4 deletions b/‎blog-cse/2025-01-14-content.md‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎blog-cse/2025-01-28-content.md‎
Lines changed: 26 additions & 0 deletions b/‎blog-cse/2025-01-28-content.md‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎blog-service/2023/12-31.md‎
Lines changed: 1 addition & 1 deletion b/‎blog-service/2023/12-31.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎blog-service/2024/12-31.md‎
Lines changed: 3 additions & 3 deletions b/‎blog-service/2024/12-31.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎blog-service/2025-01-28-apps.md‎
Lines changed: 14 additions & 0 deletions b/‎blog-service/2025-01-28-apps.md‎
Lines changed: 14 additions & 0 deletions
diff --git a/‎cid-redirects.json‎
Lines changed: 16 additions & 6 deletions b/‎cid-redirects.json‎
Lines changed: 16 additions & 6 deletions
diff --git a/‎docs/api/search-job.md‎
Lines changed: 1 addition & 1 deletion b/‎docs/api/search-job.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md‎
Lines changed: 3 additions & 3 deletions b/‎docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/integrations/amazon-aws/index.md‎
Lines changed: 7 additions & 0 deletions b/‎docs/integrations/amazon-aws/index.md‎
Lines changed: 7 additions & 0 deletions
@@ -173,7 +173,8 @@
     "JamoCA",
     "darshan-sumo",
     "mahendrak-sumo",
-    "chvik"
+    "chvik",
+    "Apoorvkudesia-sumologic"
   ],
   "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",
 
@@ -20,7 +20,7 @@ This content release includes:
 In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted Location" will be deleted from the out-of-the-box Cloud SIEM rules due to unmanageable deny list logic and low adoption. To retain this rule, a duplicate must be made prior to the deletion.
 :::
 
-## Log Mappers
+### Log Mappers
 - [New] Azure DevOps Auditing Catch All
 - [New] Check Point Application Control URL Filtering
 - [New] Cisco ISE Radius Diagnostics
@@ -40,15 +40,15 @@ In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted
 - [Updated] Cloudflare - Logpush
     - Adds mapping for `dns_query`, `http_hostname`, `http_response_contentLength`, `http_response_contentType`, and an alternative value for `ipProtocol`.
 - [Updated] Linux OS Syslog - Process sshd - SSH Session Closed|disconnect
-    - Adds mapping for `normalizedActio`n
+    - Adds mapping for `normalizedAction`
 - [Updated] Linux OS Syslog - Process systemd - Systemd Session Start and Systemd File Configuration
     - Added support for additional events and mapping of `file_path`
 
-## Parsers
+### Parsers
 - [New] /Parsers/System/Pfsense/Pfsense Firewall
 - [Updated] /Parsers/System/Check Point/Check Point Firewall JSON
 - [Updated] /Parsers/System/Cisco/Cisco ISE
 - [Updated] /Parsers/System/Cloudflare/Cloudflare Logpush
 - [Updated] /Parsers/System/Linux/Linux OS Syslog
 - [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers
-- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers
+- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers
@@ -0,0 +1,26 @@
+---
+title: January 28, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+- Fix to Azure DevOps Auditing mapper to ensure only Azure DevOps logs are mapped by it when ingested via Event Hubs C2C.
+- Adds parsing and mapping support for additional OpenVPN events.
+- Adds additional timestamp format handling to Azure JSON log parsing.
+
+### Log Mappers
+- [Updated] Azure DevOps Auditing Catch All
+- [Updated] OpenVPN Audit Event
+- [Updated] OpenVPN Network Event
+
+### Parsers
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/OpenVPN/OpenVPN Syslog
@@ -57,7 +57,7 @@ Here are some of the key features the new solution offers:
 * **Misconfigurations**. See areas in your environment that need to be addressed because they fail best practice security controls.
 * **Suspicious activity assessment**. See suspicious activity across users, web interactions, networks, and Identity Access Management (IAM).
 
-To learn how you can set up and use Cloud Infrastructure Security for AWS, and for preview limitations, check out our technical documentation [here](/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
+To learn how you can set up and use Cloud Infrastructure Security for AWS, and for preview limitations, check out our technical documentation [here](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
 
 :::note
 To use the solution, you are required to sign up and activate Amazon GuardDuty and AWS Security Hub.
 
@@ -401,7 +401,7 @@ You can now more easily configure sources on a simplified screen, allowing you t
 
 <img src={useBaseUrl('img/integrations/amazon-aws/cis-for-aws-install-0.png')} alt="Configure Sources screen" style={{border: '1px solid gray'}} width="700"/>
 
-[Learn more](/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
+[Learn more](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
 
 ### October 21, 2024 (Apps)
 
@@ -807,7 +807,7 @@ We're excited to announce increased visibility into your AWS Cloud environment w
 
 This functionality is in preview. To participate, reach out to your Sumo Logic account executive.
 
-[Learn more](/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
+[Learn more](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
 
 :::note
 As part of the preview, you can use CloudQuery logs with Cloud Infrastructure Security for AWS. To use the logs, configure the CloudQuery source when you deploy the solution.
@@ -1077,7 +1077,7 @@ Here are some of the key features the new solution offers:
 * **Misconfigurations**. See areas in your environment that need to be addressed because they fail best practice security controls.
 * **Suspicious activity assessment**. See suspicious activity across users, web interactions, networks, and Identity Access Management (IAM).
 
-To learn how you can set up and use Cloud Infrastructure Security for AWS, check out our [technical documentation](/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
+To learn how you can set up and use Cloud Infrastructure Security for AWS, check out our [technical documentation](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/).
 
 
 :::note Action Required
 
@@ -0,0 +1,14 @@
+---
+title: VMware Workspace ONE (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - vmware-workspace-one
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to introduce the new VMware Workspace ONE app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud VMware Workspace ONE source that collects audit logs data from the VMware Workspace ONE platform. This app helps security analysts monitor device compliance, encryption, and overall security status, offering a powerful solution for effective risk analysis, policy enforcement, and device security. [Learn more](/docs/integrations/saas-cloud/vmware-workspace-one/).
@@ -362,6 +362,7 @@
   "/docs/send-data/sumo-distribution-opentelemetry": "/docs/send-data/opentelemetry-collector",
   "/03Send-Data/Sources/03Use-JSON-to-Configure-Sources/Local-Configuration-File-Management/Local-File-Configuration-Management-for-New-Collectors-and-Sources": "/docs/send-data/use-json-configure-sources/local-configuration-file-management/new-collectors-and-sources",
   "/03Search/Search-Query-Language/01Introduction-to-Search-Query-Language": "/docs/search/search-query-language",
+  "/03Sumo-Logic-Applications/Cloud_SIEM": "/docs/integrations/sumo-apps/cse",
   "/05Search": "/docs/search",
   "/05Search/Library": "/docs/get-started/library",
   "/05Search/Library/Apps-in-Sumo-Logic": "/docs/integrations",
@@ -1324,6 +1325,7 @@
   "/07Sumo-Logic-Apps/Cloud_Security_Monitoring_and_Analytics/AWS_CloudTrail_-_Cloud_Security_Monitoring_and_Analytics/Collect_Logs_for_the_AWS_CloudTrail_-_Cloud_Security_Monitoring_and_Analytics": "/docs/integrations/cloud-security-monitoring-analytics/aws-cloudtrail",
   "/07Sumo-Logic-Apps/Cloud_Security_Monitoring_and_Analytics/AWS_CloudTrail_-_Cloud_Security_Monitoring_and_Analytics/Install_the_Cloud_Security_Monitoring_and_Analytics_for_AWS_CloudTrail_App_and_view_the_Dashboards": "/docs/integrations/cloud-security-monitoring-analytics/aws-cloudtrail",
   "/07Sumo-Logic-Apps/Cloud_Security_Monitoring_and_Analytics/Amazon_CloudTrail_-_Cloud_Security_Monitoring_and_Analytics": "/docs/integrations/cloud-security-monitoring-analytics/aws-cloudtrail",
+  "/07Sumo-Logic-Apps/Cloud_Security_Monitoring_and_Analytics/Amazon_CloudTrail_-_Cloud_Security_Monitoring_and_Analytics/Collect_Logs_for_the_Amazon_CloudTrail_-_Cloud_Security_Monitoring_and_Analytics": "/docs/integrations/cloud-security-monitoring-analytics/aws-cloudtrail",
   "/07Sumo-Logic-Apps/Cloud_Security_Monitoring_and_Analytics/AWS_Security_Hub_-_Cloud_Security_Monitoring_and_Analytics": "/docs/integrations/cloud-security-monitoring-analytics/aws-security-hub",
   "/07Sumo-Logic-Apps/Cloud_Security_Monitoring_and_Analytics/AWS_Security_Hub_-_Cloud_Security_Monitoring_and_Analytics/Collect_findings_for_the_AWS_Security_Hub_-_Cloud_Security_Monitoring_and_Analytics_App": "/docs/integrations/cloud-security-monitoring-analytics/aws-security-hub",
   "/07Sumo-Logic-Apps/Cloud_Security_Monitoring_and_Analytics/AWS_Security_Hub_-_Cloud_Security_Monitoring_and_Analytics/Install_the_AWS_Security_Hub_App_-_Cloud_Security_Monitoring_and_Analytics%2C_and_view_the_Dashboards": "/docs/integrations/cloud-security-monitoring-analytics/aws-security-hub",
@@ -1602,6 +1604,7 @@
   "/cid/10207": "/docs/integrations/saas-cloud/symantec-endpoint-security-service",
   "/cid/10197": "/docs/integrations/saas-cloud/symantec-web-security-service",
   "/cid/6016": "/docs/integrations/saas-cloud/trend-micro-vision-one",
+  "/cid/6024": "/docs/integrations/saas-cloud/vmware-workspace-one",
   "/cid/10112": "/docs/integrations/app-development/jfrog-xray",
   "/cid/10113": "/docs/observability/root-cause-explorer",
   "/cid/10116": "/docs/manage/fields",
@@ -1793,7 +1796,7 @@
   "/cid/1094": "/docs/dashboards/share-dashboard-outside-org",
   "/cid/1095": "/docs/integrations/amazon-aws/cis-aws-foundations-benchmark",
   "/cid/1096": "/docs/dashboards/explore-view",
-  "/cid/1097": "/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws",
+  "/cid/1097": "/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws",
   "/cid/1100": "/docs/integrations/amazon-aws/vpc-flow-logs-pci-compliance",
   "/cid/1101": "/docs/search/search-query-language/math-expressions/floor",
   "/cid/1102": "/docs/search/search-query-language/math-expressions/ceil",
@@ -2981,9 +2984,11 @@
   "/Internal_Writers/Topic_Archive/Parse_by_Data_Type/Parse_Apache_Logs/Parse_Apache_Access_Logs": "/docs/search/get-started-with-search/suggested-searches/apache-access-parser",
   "/Internal_Writers/Topic_Archive/Parse_by_Data_Type/Parse_Apache_Logs/Parse_Apache_Error_Logs": "/docs/search/get-started-with-search/suggested-searches/apache-errors-parser",
   "/Internal_Writers/Topic_Archive/Parse_by_Data_Type/Parse_Cisco_ASA_Logs": "/",
+  "/Knowledge_Base/APIs": "/docs/api",
   "/Knowledge_Base/Apps": "/docs/integrations",
   "/Knowledge_Base/Parsing/Using_line_breaks_as_an_anchor_within_parse": "/docs/search/search-query-language/parse-operators/parse-predictable-patterns-using-an-anchor",
   "/Knowledge_Base/Search/How_to_Prevent_your_Scheduled_Search_from_Timing_Out": "/docs/alerts/scheduled-searches/faq",
+  "/Limited_Availability/Lookup_Tables": "/docs/search/search-query-language/search-operators/lookupcontains",
   "/Limited_Availability/Lookup_Tables/lookupContains_Operator": "/docs/search/search-query-language/search-operators/lookupcontains",
   "/Manage": "/docs/manage",
   "/Manage/01Manage_Subscription": "/docs/manage/manage-subscription",
@@ -3137,6 +3142,7 @@
   "/Manage/Connections-and-Integrations/Webhook-Connections/Webhook_Connection_for_PagerDuty": "/docs/alerts/webhook-connections/pagerduty",
   "/Manage/Connections-and-Integrations/Webhook-Connections/Webhook_Connection_for_Slack": "/docs/alerts/webhook-connections/slack",
   "/Manage/Connections-and-Integrations/Webhook-Connections/Webhook_Connections_for_Jira": "/docs/alerts/webhook-connections/jira-server",
+  "/Manage/Connections-and-Integrations/Webhook-Connections/Webhook_Connections_for_Jira/Webhook_Connection_for_Jira_Cloud": "/docs/alerts/webhook-connections/jira-cloud",
   "/Manage/Content_Sharing": "/docs/manage/content-sharing",
   "/Manage/Content_Sharing/Share_Content": "/docs/manage/content-sharing",
   "/Manage/Content_Sharing/Admin_Mode": "/docs/manage/content-sharing/admin-mode",
@@ -4029,6 +4035,7 @@
   "/Start-Here": "/docs/get-started/account-settings-preferences",
   "/Start-Here/02Getting-Started/01-How-to-Sign-Up-for-Sumo-Logic": "/docs/get-started/account-settings-preferences",
   "/Start-Here/03Welcome-to-the-New-Sumo-Logic-UI": "/docs/get-started/sumo-logic-ui",
+  "/Start-Here/01About-Sumo-Logic/Sumo-Logic-Support-Terms-and-Conditions": "/docs/get-started/help",
   "/Start-Here/01About-Sumo-Logic/System-Requirements/Supported-Browsers": "/docs/get-started/system-requirements",
   "/Start-Here/01About-Sumo-Logic/System-Requirements/Installed-Collector-Requirements": "/docs/get-started/system-requirements",
   "/Traces/02Working_with_Tracing_data/Spans": "/docs/apm/traces/spans",
@@ -4151,15 +4158,18 @@
   "/cid/-1": "/",
   "/docs/api/beta": "/docs/api",
   "/docs/api/dashboard-data": "/docs/api/dashboard",
-  "/docs/cloud-security-analytics": "/docs/security/cloud-infrastructure-security",
-  "/docs/cloud-security-analytics/introduction-to-cloud-security-analytics": "/docs/security/cloud-infrastructure-security/introduction",
+  "/docs/cloud-security-analytics": "/docs/security/additional-security-features/cloud-infrastructure-security",
+  "/docs/cloud-security-analytics/introduction-to-cloud-security-analytics": "/docs/security/additional-security-features/cloud-infrastructure-security/introduction",
   "/docs/cloud-security-analytics/data-lake": "/docs/security/additional-security-features/data-lake",
   "/docs/cloud-security-analytics/audit-and-compliance": "/docs/security/additional-security-features/audit-and-compliance",
   "/docs/cloud-security-analytics/threat-detection-and-investigation": "/docs/security/additional-security-features/threat-detection-and-investigation",
   "/docs/cloud-security-analytics/application-security": "/docs/security/additional-security-features/application-security",
-  "/docs/integrations/amazon-aws/cloud-infrastructure-security-for-aws": "/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws",
-  "/docs/cloud-infrastructure-security": "/docs/security/cloud-infrastructure-security",
-  "/docs/cloud-infrastructure-security/introduction-to-cloud-infrastructure-security": "/docs/security/cloud-infrastructure-security/introduction",
+  "/docs/integrations/amazon-aws/cloud-infrastructure-security-for-aws": "/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws",
+  "/docs/cloud-infrastructure-security": "/docs/security/additional-security-features/cloud-infrastructure-security",
+  "/docs/cloud-infrastructure-security/introduction-to-cloud-infrastructure-security": "/docs/security/additional-security-features/cloud-infrastructure-security/introduction",
+  "/docs/security/cloud-infrastructure-security": "/docs/security/additional-security-features/cloud-infrastructure-security",
+  "/docs/security/cloud-infrastructure-security/introduction": "/docs/security/additional-security-features/cloud-infrastructure-security/introduction",
+  "/docs/security/cloud-infrastructure-security/cloud-infrastructure-security-for-aws": "/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws",
   "/docs/cloud-infrastructure-security/data-lake": "/docs/security/additional-security-features/data-lake",
   "/docs/cloud-infrastructure-security/audit-and-compliance": "/docs/security/additional-security-features/audit-and-compliance",
   "/docs/cloud-infrastructure-security/threat-detection-and-investigation": "/docs/security/additional-security-features/threat-detection-and-investigation",
 
@@ -620,7 +620,7 @@ The metadata fields `_sourceHost`, `_sourceName`, and `_sourceCategory`, which a
 ### Page through the records found by a Search Job
 
 <details>
-<summary><span className="api get">GET</span><code>/v1/search/jobs/&#123;SEARCH_JOB_ID&#125;/records?offset=&#123;OFFSET]&limit=&#123;LIMIT&#125;</code></summary>
+<summary><span className="api get">GET</span><code>/v1/search/jobs/&#123;SEARCH_JOB_ID&#125;/records?offset=&#123;OFFSET&#125;&limit=&#123;LIMIT&#125;</code></summary>
 <p/>
 
 The search job status informs the user as to the number of produced records, if the query performs an aggregation. Those records can be requested using a paging API call (step 6 in the process flow), just as the message can be requested.
 
@@ -76,11 +76,11 @@ You can use the **Filters** area near the top of the page to narrow down the ins
 
 ### Multi-insights list page
 
-We offer an insights list page where you can see a list of all insights across multiple child organizations. This is useful if your company is a large enterprise with many organizations or is a Managed Security Service Provider (MSSP), and you'd like to see all insights across all areas in a single page.
+If you are logged in to a parent organization with child organizations that also use Cloud SIEM, the insights list page shows all insights across all your child organizations. This is useful if your company is a large enterprise with many organizations or is a Managed Security Service Provider (MSSP), and you'd like to see all insights across all areas in a single page.
 
-This multi-insights list page (also known as a "federated" page) shows insights just as in a normal [insights list page](#insights-list-page). However, when you click an insight on the page, it opens the insight's details in the child organization's UI. You can use also use the [board view](#board-view) on the multi-insights page to move insights to different statuses.
+This multi-insights list page (also known as a "federated" page) shows insights just as in a normal [insights list page](#insights-list-page). However, when you click an insight on the page, it opens the insight's details in the child organization's UI. You can also use the [board view](#board-view) on the multi-insights page to move insights to different statuses.
 
-The multi-insights list page requires a special environment be set up for it. To have a multi-insights list page set up for your company, contact your Sumo Logic account representative, or contact [Sumo Logic Support](https://support.sumologic.com/support/s/).
+To be able to see insights in child organizations, [add child organizations](/docs/manage/manage-subscription/create-manage-orgs/) that use Cloud SIEM. Then when the parent organization user goes to their Cloud SIEM insights list page, all the child organizations' insights appear in the list. 
 
 ## Insight details page
 
 
@@ -379,5 +379,12 @@ This guide has documentation for all of the apps that Sumo provides for Amazon a
     <h4><a href="/docs/integrations/amazon-aws/threat-intel">AWS Foundations Benchmark App</a></h4>
     <p>A guide to the Sumo Logic app for AWS Threat Intel.</p>
 </div>    
+</div>
+  <div className="box smallbox card">
+    <div className="container">
+    <img src={useBaseUrl('img/integrations/amazon-aws/cis-for-aws-logo.png')} alt="Thumbnail icon" width="50"/>
+    <h4><a href="/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws">Cloud Infrastructure Security for AWS</a></h4>
+    <p>A guide to our Cloud Infrastructure Security for AWS app.</p>
+  </div>    
 </div>
 </div>