CSIEM Content Release Notes 2025-01-28 (#5003)

* CSIEM Content Release Notes 2025-01-28

* Update 2025-01-14-content.md

* Update blog-cse/2025/01-28.md

Co-authored-by: Kim (Sumo Logic) <[email protected]>

* Updates from review

---------

Co-authored-by: Kim (Sumo Logic) <[email protected]>
Co-authored-by: John Pipkin (Sumo Logic) <[email protected]>

Author: 3 people

blog-cse/2025-01-14-content.md

@@ -20,7 +20,7 @@ This content release includes:
 In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted Location" will be deleted from the out-of-the-box Cloud SIEM rules due to unmanageable deny list logic and low adoption. To retain this rule, a duplicate must be made prior to the deletion.
 :::
 
-## Log Mappers
+### Log Mappers
 - [New] Azure DevOps Auditing Catch All
 - [New] Check Point Application Control URL Filtering
 - [New] Cisco ISE Radius Diagnostics
@@ -40,15 +40,15 @@ In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted
 - [Updated] Cloudflare - Logpush
     - Adds mapping for `dns_query`, `http_hostname`, `http_response_contentLength`, `http_response_contentType`, and an alternative value for `ipProtocol`.
 - [Updated] Linux OS Syslog - Process sshd - SSH Session Closed|disconnect
-    - Adds mapping for `normalizedActio`n
+    - Adds mapping for `normalizedAction`
 - [Updated] Linux OS Syslog - Process systemd - Systemd Session Start and Systemd File Configuration
     - Added support for additional events and mapping of `file_path`
 
-## Parsers
+### Parsers
 - [New] /Parsers/System/Pfsense/Pfsense Firewall
 - [Updated] /Parsers/System/Check Point/Check Point Firewall JSON
 - [Updated] /Parsers/System/Cisco/Cisco ISE
 - [Updated] /Parsers/System/Cloudflare/Cloudflare Logpush
 - [Updated] /Parsers/System/Linux/Linux OS Syslog
 - [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers
-- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers
+- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers

blog-cse/2025-01-28-content.md

@@ -0,0 +1,26 @@
+---
+title: January 28, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
+
+This content release includes:
+- Fix to Azure DevOps Auditing mapper to ensure only Azure DevOps logs are mapped by it when ingested via Event Hubs C2C.
+- Adds parsing and mapping support for additional OpenVPN events.
+- Adds additional timestamp format handling to Azure JSON log parsing.
+
+### Log Mappers
+- [Updated] Azure DevOps Auditing Catch All
+- [Updated] OpenVPN Audit Event
+- [Updated] OpenVPN Network Event
+
+### Parsers
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/OpenVPN/OpenVPN Syslog