Merge branch 'main' into macro-operator-docs

Author: JV0812

.clabot

@@ -5,13 +5,9 @@
     "JV0812",
     "jpipkin1",
     "JainM6",
-    "swiatekm-sumo",
     "docsSeema",
-    "@dependabot[bot]",
-    "dependabot[bot]",
     "angadrandhawa1",
     "kkujawa-sumo",
-    "open-source-collection-team",
     "mat-rumian",
     "perk-sumo",
     "jmartini-sumo",
@@ -28,12 +24,10 @@
     "agaur",
     "bhargavisumo",
     "ravipadala-sumo",
-    "jd-sumo",
     "davidcarltonsumo",
     "pkazmir-sumo",
     "dkarabin-sumo",
     "kevin-sumo",
-    "mgol-sumo",
     "crm6718",
     "mvirga-sumo",
     "tarunk2",
@@ -173,9 +167,10 @@
     "Misterjohnson87",
     "lol3909",
     "Hellfire4959",
-    "antonymartinsumo"
+    "antonymartinsumo",
+    "amee-sumo"
   ],
-  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we'll add you to our approved list of contributors.",
+  "message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
   "label": "cla-signed",
   "recheckComment": "The GitHub CLA Bot is rechecking to see that you have signed our CLA."
 }

.github/CODEOWNERS

@@ -1,14 +1,16 @@
+# More details: https://help.github.com/articles/about-codeowners
+
 # Default owners for everything in the repo.
-* @kimsauce @jpipkin1 @JV0812 @mafsumo
+* @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
-# Owners of all files in the `/docs` directory and its subdirectories.
-/docs/   @kimsauce @jpipkin1 @JV0812 @mafsumo
+# Owners of all files in the `/docs/integrations` directory.
+/docs/integrations/ @SumoLogic/sumoappdev @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/kubernetes` directory.
-/docs/send-data/kubernetes/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @JV0812 @mafsumo
+/docs/send-data/kubernetes/ @SumoLogic/open-source-collection-team @SumoLogic/k8s-developers @kimsauce @jpipkin1 @JV0812 @mafsumo @amee-sumo
 
 # Owners of all files in the `/docs/send-data/opentelemetry-collector` directory and its subdirectories.
-/docs/send-data/opentelemetry-collector/  @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812
+/docs/send-data/opentelemetry-collector/ @SumoLogic/open-source-collection-team @kimsauce @jpipkin1 @mafsumo @JV0812 @amee-sumo
 
 # GitHub workflow owners
 /.github/workflows/ @SumoLogic/open-source-collection-team @kimsauce

blog-collector/2024-11-26.md

@@ -0,0 +1,25 @@
+---
+title: Version 19.516-1
+hide_table_of_contents: true
+image: https://help.sumologic.com/img/sumo-square.png
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-collector/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+In this release, we've enhanced the security and stability of the Collector with added support for security patches.
+		
+### Security Fixes
+		
+- Upgraded `Tanuki version` to version 3.5.60 to fix the collector intermittently crashing issue.
+- Upgraded collector JRE to **Amazon Corretto Version 8.432.06.1**.
+		
+### Troubleshooting
+		
+When upgrading this collector version, the collector running as a non-root user (run as mode) or on a Mac operating system cannot be upgraded through the API/Web UI. To resolve these issue, follow the respective steps below:
+	- **Collector running as a non-root user.** An error message will be displayed indicating that the upgrade is not possible. The upgrade must be performed manually on your machine. Refer to [Upgrade Collectors in Sumo Logic](/docs/send-data/collection/upgrade-collectors/#upgrade-collectors-using-the-command-line) to upgrade the collector manually.
+	- **Collector running on Mac.** The process will stop while upgrading, and the collector will need to be restarted manually on your machine. Use the code below to restart manually.
+        ```
+        sudo ./collector start
+        ```

blog-cse/2023/12-31.md

@@ -247,8 +247,6 @@ The new index is automatically generated and retained for a period of 2 years at
 
 As a result, the optional legacy Signal Forwarding feature in Cloud SIEM will be deprecated on **November 15, 2023**. Existing data will not be deleted, but new Signals generated after that date will no longer be forwarded using that feature and the option will no longer be available. (Signals will continue to be forwarded automatically to `sec_signal`.) Customers leveraging data forwarded using the legacy feature to generate dashboards (or for other use cases) will need to modify those applications to use the new `sec_signal` index before then. Note that the content of the `sec_signal` index is not identical to the content in data forwarded using the legacy option.
 
-For more information about this change, and the differences between the two data sets, refer to our [2023 Cloud SIEM Signal Index Migration FAQ](/docs/cse/records-signals-entities-insights/signal-index-migration-faq/).
-
 
 
 ---

blog-cse/2024-11-22-content.md

@@ -0,0 +1,61 @@
+---
+title: November 22, 2024 - Content Release
+hide_table_of_contents: true
+keywords:
+  - log mappers
+  - log parsers
+  - detection rules
+  - tag schemas
+image: https://help.sumologic.com/img/sumo-square.png  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+* New mapping support for: Qumulo Core, and Teramind Teraserver.
+* Updates to existing parsers for: Code42 Incydr, Palo Alto, and Okta.
+* Updates to the existing Okta log mappings to support a new HTTP source log formatting.
+* Updates to Code42 Incydr Alerts C2C mapping to support new alert log format.
+
+Changes are enumerated below.
+
+### Rules
+* [Deleted] FIRST-S00031 First Seen IP Address Associated with User for a Successful Azure AD Sign In Event
+   * Consider using FIRST-S00047 (First Seen ASN Associated with User for a Successful Azure AD Sign In Event) in its place.
+* [New] THRESHOLD-S00116 Password Attack from IP
+   * This is a fork of THRESHOLD-S00095 Password Attack to address a bug with null values causing backend issues with detection rules. Rule has been forked to ensure no null values are considered in the entity grouping.
+* [Updated] FIRST-S00095 Password Attack from Host
+   * Updates rule to remove IP entity (now handled in THRESHOLD-S00116) and ensure no null values are considered for the host entity.
+* [Updated] FIRST-S00068 Okta - First Seen User Accessing Admin Application
+   * Baseline retention window size increased from 35 days to the standard 90 day retention.
+   * Modified the summary description to read as follows: "User: `{{user_username}}` has successfully accessed the Okta Admin Application".
+
+### Log Mappers
+* [New] Palo Alto Threat DLP non File - Custom Parser
+   * Mapping support added for event id pattern: threat-dlp-non-file.
+* [New] Qumulo Core - Catch All
+* [New] Qumulo Core - Login
+* [New] Teramind Authentication
+* [New] Teramind Catch All
+* [New] Teramind Email
+* [Updated] Code42 Incydr Alerts C2C
+* [Updated] Okta Authentication - auth_via_AD_agent
+* [Updated] Okta Authentication - auth_via_mfa
+* [Updated] Okta Authentication - auth_via_radius
+* [Updated] Okta Authentication - sso
+* [Updated] Okta Authentication Events
+* [Updated] Okta Catch All
+* [Updated] Okta Security Threat Events
+
+### Parsers
+* [New] /Parsers/System/Qumulo/Qumulo Core
+* [New] /Parsers/System/Salesforce/Salesforce
+* [New] /Parsers/System/Teramind/Teramind Teraserver
+* [Updated] /Parsers/System/Code42/Code42 Incydr
+   * Transform update for a new alert log format for tenantId.
+* [Updated] /Parsers/System/Okta/Okta
+   * Modified event_id from eventType to event_type.
+* [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV
+   * Additional parsing support for a new Palo Alto Threat event format.

blog-csoar/2024-11-15-application-update.md

@@ -0,0 +1,39 @@
+---
+title: November 15, 2024 - Application Update
+keywords:
+  - sumo logic
+  - cloud soar
+  - automation service
+image: https://help.sumologic.com/img/sumo-square.png
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-csoar/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+### Changes and Enhancements
+
+#### Platform
+
+* Playbooks
+   * Improvement - Disabled Cartesian Product flag on all new nodes by default.
+
+#### Automation Bridge
+
+We are happy to announce a beta version of the [Automation Bridge](/docs/platform-services/automation-service/automation-service-bridge/) that includes the following:
+* Support for new CentOS version
+    * The CentOS docker image version has been upgraded from CentOS 7 to CentOS 8.
+* Security fixes
+
+### Bug Fixes
+
+* Playbooks
+   * Fixed Playbook nodes rendering issue on Safari browser.
+   * Fixed issue related to use of underscore within playbooks input fields.
+   * Fixed issue with using authorizer value from playbook input variables in user choice node.
+* Integrations
+   * Resolved an issue where the 'Close Insight' trigger action was not functioning as expected.
+* Incidents
+   * Improved Incident templates page load time.
+   * Fixed issues while trying to update Incident templates.

blog-csoar/2024-11-20-content.md

@@ -0,0 +1,46 @@
+---
+title: November 20, 2024 - Content Release
+hide_table_of_contents: true
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - automation service
+  - cloud soar
+  - soar
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-csoar/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This release introduces new integrations, new playbooks, and several updates.
+
+### Integrations
+
+* [New] [Google Chat](/docs/platform-services/automation-service/app-central/integrations/google-chat)
+* [New] [Malwarebytes Oneview](/docs/platform-services/automation-service/app-central/integrations/malwarebytes-oneview)
+* [New] [Silent Push](/docs/platform-services/automation-service/app-central/integrations/silent-push)
+* [New] [Sumo Logic Automation Tools](/docs/platform-services/automation-service/app-central/integrations/sumo-logic-automation-tools)
+* [New] [VirusTotal V3](/docs/platform-services/automation-service/app-central/integrations/virustotal-v3)
+* [Updated] [APIVoid](/docs/platform-services/automation-service/app-central/integrations/apivoid)
+* [Updated] [Atlassian Jira V2](/docs/platform-services/automation-service/app-central/integrations/atlassian-jira-v2)
+* [Updated] [Atlassian Opsgenie](/docs/platform-services/automation-service/app-central/integrations/atlassian-opsgenie)
+* [Updated] [AWS EC2](/docs/platform-services/automation-service/app-central/integrations/aws-ec2)
+* [Updated] [AWS EKS](/docs/platform-services/automation-service/app-central/integrations/aws-eks)
+* [Updated] [Azure AD](/docs/platform-services/automation-service/app-central/integrations/azure-ad)
+* [Updated] [Cloudflare](/docs/platform-services/automation-service/app-central/integrations/cloudflare)
+* [Updated] [ConnectWise Manage](/docs/platform-services/automation-service/app-central/integrations/connectwise-manage)
+* [Updated] [Cortex XDR](/docs/platform-services/automation-service/app-central/integrations/cortex-xdr)
+* [Updated] [CrowdStrike Falcon](/docs/platform-services/automation-service/app-central/integrations/crowdstrike-falcon)
+* [Updated] [Freshservice](/docs/platform-services/automation-service/app-central/integrations/freshservice)
+* [Updated] [Gmail](/docs/platform-services/automation-service/app-central/integrations/gmail)
+* [Updated] [HTTP Tools](/docs/platform-services/automation-service/app-central/integrations/http-tools)
+* [Updated] [IBM X-Force Exchange](/docs/platform-services/automation-service/app-central/integrations/ibm-x-force-exchange)
+* [Updated] [Microsoft EWS](/docs/platform-services/automation-service/app-central/integrations/microsoft-ews)
+* [Updated] [Microsoft OneDrive](/docs/platform-services/automation-service/app-central/integrations/microsoft-onedrive)
+* [Updated] [Microsoft Sentinel](/docs/platform-services/automation-service/app-central/integrations/microsoft-sentinel)
+* [Updated] [Netskope V2](/docs/platform-services/automation-service/app-central/integrations/netskope-v2)
+* [Updated] [Slack](/docs/platform-services/automation-service/app-central/integrations/slack)
+* [Updated] [Sumo Logic Cloud SIEM](/docs/platform-services/automation-service/app-central/integrations/sumo-logic-cloud-siem)
+* [Updated] [Sumo Logic Notifications by Gmail](/docs/platform-services/automation-service/app-central/integrations/sumo-logic-notifications-by-gmail)
+* [Updated] [URLScan.io](/docs/platform-services/automation-service/app-central/integrations/urlscan.io)
+* [Updated] [VirusTotal](/docs/platform-services/automation-service/app-central/integrations/virustotal)

blog-service/2024-11-13-manage.md

@@ -0,0 +1,20 @@
+---
+title: Kickstart Data Onboarding
+image: https://help.sumologic.com/img/sumo-square.png
+hide_table_of_contents: true  
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We know that getting started with new tools can be challenging. To simplify your onboarding, we’ve introduced Kickstart Data with preloaded sample data and prebuilt dashboards designed to streamline your trial experience with Sumo Logic. With this sample data, you can jump right in, explore dashboards, and understand Sumo Logic's value without needing to set up your own data first.
+
+### Key benefits
+
+* **Immediate insights**. Begin with sample data and dashboards to experience Sumo Logic’s capabilities instantly.
+* **Quick setup**. No need to configure firewall settings or security permissions—get started right away.
+* **Guided trial**. Pre-built dashboards and reports demonstrate real-world scenarios, allowig secure and insightful exploration.
+* **Easy transition**. Start ingesting your own data anytime. Kickstart deactivated at the trial’s end.
+
+See how Kickstart Data can simplify your onboarding, helping you focus on monitoring and troubleshooting. For more details, visit our [Quickstart Guide](/docs/get-started/quickstart/#getting-started-with-kickstart-data-in-your-trial).

blog-service/2024-11-22-collection.md

@@ -0,0 +1,14 @@
+---
+title: Trend Micro C2C Source (Collection)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - collection
+  - trend-micro
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-service/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+We're excited to announce the release of our new cloud-to-cloud source for Trend Micro. This source helps you to collect alert details from the Trend Micro platform, and ingest them into Sumo Logic for streamlined analysis. [Learn more](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/trend-micro-source).