From 161b06fc0a0353df772387f81673590afee0e98d Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Mon, 3 Jun 2024 14:25:10 +0530
Subject: [PATCH 01/24] V1 to V2 apps migration (release_2)
---
docs/integrations/microsoft-azure/teams.md | 43 ++--
.../microsoft-exchange-trace-logs.md | 28 ++-
.../threat-intel-quick-analysis.md | 212 +++++++++---------
3 files changed, 161 insertions(+), 122 deletions(-)
diff --git a/docs/integrations/microsoft-azure/teams.md b/docs/integrations/microsoft-azure/teams.md
index 6597bef39e..24db3f419d 100644
--- a/docs/integrations/microsoft-azure/teams.md
+++ b/docs/integrations/microsoft-azure/teams.md
@@ -2,14 +2,14 @@
id: teams
title: Microsoft Teams
sidebar_label: Microsoft Teams
-description: The Microsoft Teams app provides out-of-the-box dashboards to monitor users, teams, channels and permission changes.
+description: The Microsoft Teams app provides out-of-the-box dashboards to monitor users, teams, channels, and permission changes.
---
import useBaseUrl from '@docusaurus/useBaseUrl';
})
-The Microsoft Teams app provides out-of-the-box dashboards to monitor users, teams, channels and permission changes.
+The Microsoft Teams app provides out-of-the-box dashboards to monitor users, teams, channels, and permission changes.
## Log types
@@ -49,28 +49,43 @@ _sourceCategory="O365/General"
| count by operation
```
-## Collecting Logs
+## Collecting logs
-This section has instructions for collecting logs for the Sumo App for Teams.
+This section has instructions for collecting logs for the Sumo Logic app for Teams.
### Collection process overview
To collect logs for Microsoft Teams, please configure an Office 365 Audit Source. The Teams logs will be present in the “Office 365 General Logs” context. Note, that if you are already collecting logs for Office 365, you can simply make note of the source category configured for the aforementioned context.
+## Installing the Microsoft Teams app
-## Installing the Microsoft Teams App
+This section shows you how to install the Sumo Logic app for Microsoft Teams.
-This section shows you how to install the Sumo Logic App for Microsoft Teams.
+import AppInstall2 from '../../reuse/apps/app-install-v2.md';
-import AppInstall from '../../reuse/apps/app-install.md';
+
-
+## Upgrading the Microsoft Teams app (Optional)
-## Viewing Microsoft Teams Dashboards
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+
+
+## Uninstalling the Microsoft Teams app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+
+
+## Viewing Microsoft Teams dashboards
+
+import ViewDashboards from '../../reuse/apps/view-dashboards.md';
+
+
### Overview
-The Teams - Overview dashboard provides an at-a-glance view of the state of your Teams environment in terms of user sessions, teams and channel activity, and user role changes
+The **Teams - Overview** dashboard provides an at-a-glance view of the state of your Teams environment in terms of user sessions, teams and channel activity, and user role changes
Use this dashboard to:
* Identify user sessions relative to their locations.
@@ -82,7 +97,7 @@ Use this dashboard to:
### User Sessions
-The Teams - User Sessions dashboard provides an in depth view of the user logins and related statistics in your Teams environment
+The **Teams - User Sessions** dashboard provides an in depth view of the user logins and related statistics in your Teams environment
Use this dashboard to:
* Identify user sessions relative to their locations and compare login statistics over time.
@@ -93,7 +108,7 @@ Use this dashboard to:
### Team Statistics
-The Teams - Team Statistics dashboard offers complete details on the Team activity occurring in your organization.
+The **Teams - Team Statistics** dashboard offers complete details on the Team activity occurring in your organization.
Use this dashboard to:
* Gain insight into teams being added and removed.
@@ -105,7 +120,7 @@ Use this dashboard to:
### Channel Statistics
-The Teams - Channel Statistics dashboard offers complete visibility into the Channel activity occurring in your Teams.
+The **Teams - Channel Statistics** dashboard offers complete visibility into the Channel activity occurring in your Teams.
Use this dashboard to:
* Gain insight into the channels being added and removed.
@@ -118,7 +133,7 @@ Use this dashboard to:
### User and Role Changes
-The Teams - User and Role Changes dashboard provides insight on the user and role changes being applied in your environment.
+The **Teams - User and Role Changes** dashboard provides insight on the user and role changes being applied in your environment.
Use this dashboard to:
* Report on the users making role changes and the top object types being affected.
diff --git a/docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md b/docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md
index 2987cd8ca9..0384dccbe3 100644
--- a/docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md
+++ b/docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md
@@ -94,21 +94,33 @@ This section explains how to collect logs from Microsoft Exchange Trace logs Api
## Installing the Microsoft Exchange Trace Logs app
-import AppInstall from '../../reuse/apps/app-install.md';
+import AppInstall2 from '../../reuse/apps/app-install-v2.md';
-
+
-## Viewing Microsoft Exchange Trace Logs Dashboards
+## Upgrading the Microsoft Exchange Trace Logs app (Optional)
-* All dashboard have a set of filters that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.
-* You can use filters to drill down and examine the data on a granular level. Filters include client country, client device type, client IP, client request host, client request URI, client request user agent, edge response status, origin IP, and origin response status.
-* Each panel has a set of filters that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+
+
+## Uninstalling the Microsoft Exchange Trace Logs app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+
+
+## Viewing Microsoft Exchange Trace Logs dashboards
+
+import ViewDashboards from '../../reuse/apps/view-dashboards.md';
+
+
### Overview
-**Microsoft Exchange Trace Logs - Overview**. The Dashboard provides information on the delivery status of messages, including outliers, and a summary of the message size.
})
+The **Microsoft Exchange Trace Logs - Overview** dashboard provides information on the delivery status of messages, including outliers, and a summary of the message size.
### Message Monitoring
-**Microsoft Exchange Trace Logs - Message Monitoring**. The Dashboard mainly focuses on the message traffic, including the number of unique senders and receivers and their domains. It shows the geographical locations of senders, receivers, and failed messages, and performs security threat analysis on the senders. Additionally, it displays the top 10 senders.
})
+The **Microsoft Exchange Trace Logs - Message Monitoring** dashboard mainly focuses on the message traffic, including the number of unique senders and receivers and their domains. It shows the geographical locations of senders, receivers, and failed messages, and performs security threat analysis on the senders. Additionally, it displays the top 10 senders.
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index a1e563dd07..c297017f2a 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -14,10 +14,9 @@ The Threat Intel Quick Analysis App correlates [CrowdStrike's](https://www.crowd
## Log types
-The Threat Intel Quick Analysis App can be used for any type of logs, regardless of format. Ideal log sources should include **IP**, **URL**, **domain**, **Hash 256**, and/or **email** information.
+The Threat Intel Quick Analysis app can be used for any type of logs, regardless of format. Ideal log sources should include **IP**, **URL**, **domain**, **Hash 256**, and/or **email** information.
-
-## Installing the Threat Intel Quick Analysis App
+## Installing the Threat Intel Quick Analysis app
This app contains generic regex expressions and thus may not perform well at very large scale. Once you are familiar with Sumo Logic, you can apply performance optimization techniques as described in [Threat Intel Optimization](#threat-intel-optimization). Alternatively, you can run this app on smaller and more specific data streams.
@@ -27,7 +26,115 @@ import AppInstall from '../../reuse/apps/app-install.md';
-## Threat Intel Optimization
+## Upgrading the Threat Intel Quick Analysis app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+
+
+## Uninstalling the Threat Intel Quick Analysis app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+
+
+## Viewing Threat Intel Quick Analysis dashboards
+
+import ViewDashboards from '../../reuse/apps/view-dashboards.md';
+
+
+
+### Overview
+
+See the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+
+})
+
+* **Welcome to the Threat Intel Quick Analysis App.** Informational panel to help you find information on [optimization](/docs/integrations/security-threat-detection/threat-intel-quick-analysis#02_Threat-Intel-Optimization) and [FAQs](/docs/integrations/security-threat-detection/threat-intel-quick-analysis#threat-intel-faq) on working with the Threat Intel database.
+* **Number of Log Lines (Events) Scanned for Threats.** Count of log lines scanned across all selected sources for the last 15 minutes.
+* **IP Threat Count.** Count of threats related to malicious IPs, for the last 15 minutes.
+* **File Name Threat Count.** Count of threats related to malicious file names, for the last 15 minutes.
+* **URL Threat Count.** Count of threats related to malicious URLs, for the last 15 minutes.
+* **Email Threat Count.** Count of threats related to malicious email addresses, for the last 15 minutes.
+* **Domain Threat Count.** Count of threats related to malicious domains, for the last 15 minutes.
+* **Threats by Malicious Confidence.** Qualifies all threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
+
+
+### Domain
+
+See the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+
+})
+
+* **Threat Count.** Count of threats related to malicious domains, for the last 15 minutes.
+* **Threats by Malicious Confidence.** Qualifies domain threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
+* **Threats by Actor.** Count of threats related to malicious domains, broken by Actors, for the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
+* **Threats by Sources.** Count of threats related to malicious domains, broken by Sources, for the last 15 minutes.
+* **Threats Over Time.** Trends of domain threats over time for the last 60 minutes.
+* **Threats Over Time by Sources.** Trends of domain threats over time, broken by Sources for the last 60 minutes.
+* **Threats Table.** Listing of all domain threats, including Malicious Confidence, Actors and Sources.
+
+### Email
+
+See the frequency of Email threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+
+})
+
+* **Threat Count.** Count of threats related to malicious emails addresses, for the last 15 minutes.
+* **Threats by Malicious Confidence.** Qualifies email address threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
+* **Threat Breakdown by Sources.** Count of threats related to malicious email addresses, broken by Sources, for the last 15 minutes.
+* **Threats Over Time.** Trends of email address threats over time for the last 60 minutes.
+* **Threats Over Time by Sources.** Trends of email address threats over time, broken by Sources for the last 60 minutes.
+* **Threats by Actor.** Count of threats related to malicious email addresses, broken by Actors, for the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
+* **Threats Table.** Listing of all domain threats, including Malicious Confidence, Actors and Sources.
+
+
+### IP
+
+See the frequency of IP threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+
+})
+
+* **Threat Count.** Count of threats related to malicious IPs, for the last 15 minutes.
+* **Threats by Geo Location.** Count of threats related to malicious IPs, broken by geo location, for the last 15 minutes.
+* **Threat Breakdown by Sources.** Count of threats related to malicious IPs, broken by Sources, for the last 15 minutes.
+* **Threats by Malicious Confidence.** Qualifies IP threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
+* **Threats by Actors.** Count of threats related to malicious IPs, broken by Actors, for the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
+* **Threats Over Time.** Trends of IP threats over time for the last 60 minutes.
+* **Threats Table.** Listing of all IP threats, including Malicious Confidence, Actors and Sources.
+* **Threats Over Time by Sources.** Trends of IP threats over time, broken by Sources for the last 60 minutes.
+
+
+### URL
+
+See the frequency of URL threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+
+})
+
+* **Threat Count.** Count of threats related to malicious URLs, for the last 15 minutes.
+* **Threats by Sources.** Count of threats related to malicious URLs, broken by Sources, for the last 15 minutes.
+* **Threats by Actors.** Count of threats related to malicious URLs, broken by Actors, for the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
+* **Threats by Malicious Confidence.** Qualifies URLP threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
+* **Threats Over Time.** Trends of URL threats over time for the last 60 minutes.
+* **Threats Over Time by Sources.** Trends of URL threats over time, broken by Sources for the last 60 minutes.
+* **Threat Table.** Listing of threats identified by URL, including information on Malicious Confidence, Actors, Source, and count.
+
+
+### Hash 256
+
+See the frequency of Hash 256 threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+
+})
+
+* **Threat Count.** Count of total Hash 256 threats over the last 15 minutes.
+* **Threats by Malicious Confidence.** Qualifies Hash 256 threats for the last 60 minutes into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine and displayed as a pie chart.
+* **Threat Breakdown by Sources.** Pie chart of Hash 256 threats over the last 60 minutes broken down by source.
+* **Threats Over Time.** Line chart of the number of Hash 256 threats over the last 60 minutes.
+* **Threat Breakdown by Source.** Line chart of the number of Hash 256 threats over the last 60 minutes, broken down by source.
+* **Threats by Actor.** Identifies Actors, if any, that can be attributed to Hash 256 threats over the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
+* **Threat Table.** Aggregation Table of Hash 256 threats over the last 15 minutes.
+
+## Threat Intel optimization
The Threat Intel Quick Analysis App provides baseline queries. You can further optimize and enhance these queries for the log and events types being scanned for threats. Use the following guidelines to customize your Threat Intel queries:
@@ -88,7 +195,7 @@ Use scheduled views with the Threat Lookup operator to find threats. Scheduled V
_view=cylance_threat
| count by src_ip
```
-
+
## Threat Intel FAQ
#### What is the CrowdStrike Integration for Sumo Logic?
@@ -627,98 +734,3 @@ Once an indicator has been marked with a malicious confidence level, it continue
-## Viewing Threat Intel Quick Analysis Dashboards
-
-All Dashboards include filters that you can use in Interactive Mode for further analysis of your Threat Intel Quick Analysis data. Because the Threat Intel Quick Analysis has the most bearing on recent threats, most panels are set to the 15 minute time range. You can adjust time ranges as needed.
-
-Live mode and real-time queries are not supported for dashboards at this time.
-
-### Overview
-
-See the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.
-
-
-
-* **Welcome to the Threat Intel Quick Analysis App.** Informational panel to help you find information on [optimization](/docs/integrations/security-threat-detection/threat-intel-quick-analysis#02_Threat-Intel-Optimization) and [FAQs](/docs/integrations/security-threat-detection/threat-intel-quick-analysis#threat-intel-faq) on working with the Threat Intel database.
-* **Number of Log Lines (Events) Scanned for Threats.** Count of log lines scanned across all selected sources for the last 15 minutes.
-* **IP Threat Count.** Count of threats related to malicious IPs, for the last 15 minutes.
-* **File Name Threat Count.** Count of threats related to malicious file names, for the last 15 minutes.
-* **URL Threat Count.** Count of threats related to malicious URLs, for the last 15 minutes.
-* **Email Threat Count.** Count of threats related to malicious email addresses, for the last 15 minutes.
-* **Domain Threat Count.** Count of threats related to malicious domains, for the last 15 minutes.
-* **Threats by Malicious Confidence.** Qualifies all threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
-
-
-### Domain
-
-See the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.
-
-
-
-* **Threat Count.** Count of threats related to malicious domains, for the last 15 minutes.
-* **Threats by Malicious Confidence.** Qualifies domain threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
-* **Threats by Actor.** Count of threats related to malicious domains, broken by Actors, for the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
-* **Threats by Sources.** Count of threats related to malicious domains, broken by Sources, for the last 15 minutes.
-* **Threats Over Time.** Trends of domain threats over time for the last 60 minutes.
-* **Threats Over Time by Sources.** Trends of domain threats over time, broken by Sources for the last 60 minutes.
-* **Threats Table.** Listing of all domain threats, including Malicious Confidence, Actors and Sources.
-
-### Email
-
-See the frequency of Email threats by Actor, Log Source, Malicious Confidence, and view trends over time.
-
-
-
-* **Threat Count.** Count of threats related to malicious emails addresses, for the last 15 minutes.
-* **Threats by Malicious Confidence.** Qualifies email address threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
-* **Threat Breakdown by Sources.** Count of threats related to malicious email addresses, broken by Sources, for the last 15 minutes.
-* **Threats Over Time.** Trends of email address threats over time for the last 60 minutes.
-* **Threats Over Time by Sources.** Trends of email address threats over time, broken by Sources for the last 60 minutes.
-* **Threats by Actor.** Count of threats related to malicious email addresses, broken by Actors, for the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
-* **Threats Table.** Listing of all domain threats, including Malicious Confidence, Actors and Sources.
-
-
-### IP
-
-See the frequency of IP threats by Actor, Log Source, Malicious Confidence, and view trends over time.
-
-
-
-* **Threat Count.** Count of threats related to malicious IPs, for the last 15 minutes.
-* **Threats by Geo Location.** Count of threats related to malicious IPs, broken by geo location, for the last 15 minutes.
-* **Threat Breakdown by Sources.** Count of threats related to malicious IPs, broken by Sources, for the last 15 minutes.
-* **Threats by Malicious Confidence.** Qualifies IP threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
-* **Threats by Actors.** Count of threats related to malicious IPs, broken by Actors, for the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
-* **Threats Over Time.** Trends of IP threats over time for the last 60 minutes.
-* **Threats Table.** Listing of all IP threats, including Malicious Confidence, Actors and Sources.
-* **Threats Over Time by Sources.** Trends of IP threats over time, broken by Sources for the last 60 minutes.
-
-
-### URL
-
-See the frequency of URL threats by Actor, Log Source, Malicious Confidence, and view trends over time.
-
-
-
-* **Threat Count.** Count of threats related to malicious URLs, for the last 15 minutes.
-* **Threats by Sources.** Count of threats related to malicious URLs, broken by Sources, for the last 15 minutes.
-* **Threats by Actors.** Count of threats related to malicious URLs, broken by Actors, for the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
-* **Threats by Malicious Confidence.** Qualifies URLP threats into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine.
-* **Threats Over Time.** Trends of URL threats over time for the last 60 minutes.
-* **Threats Over Time by Sources.** Trends of URL threats over time, broken by Sources for the last 60 minutes.
-* **Threat Table.** Listing of threats identified by URL, including information on Malicious Confidence, Actors, Source, and count.
-
-
-### Hash 256
-
-See the frequency of Hash 256 threats by Actor, Log Source, Malicious Confidence, and view trends over time.
-
-
-
-* **Threat Count.** Count of total Hash 256 threats over the last 15 minutes.
-* **Threats by Malicious Confidence.** Qualifies Hash 256 threats for the last 60 minutes into High, Medium, Low, Unverified, according to CrowdStrike's machine learning engine and displayed as a pie chart.
-* **Threat Breakdown by Sources.** Pie chart of Hash 256 threats over the last 60 minutes broken down by source.
-* **Threats Over Time.** Line chart of the number of Hash 256 threats over the last 60 minutes.
-* **Threat Breakdown by Source.** Line chart of the number of Hash 256 threats over the last 60 minutes, broken down by source.
-* **Threats by Actor.** Identifies Actors, if any, that can be attributed to Hash 256 threats over the last 15 minutes. [Actors](https://www.crowdstrike.com/blog/meet-the-adversaries/) are identified individuals, groups or nation-states associated to threats.
-* **Threat Table.** Aggregation Table of Hash 256 threats over the last 15 minutes.
From a1b3572cf4a65b5e96ff8b51bcec0ff816524451 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Mon, 3 Jun 2024 14:28:29 +0530
Subject: [PATCH 02/24] minor fix
---
.../saas-cloud/gmail-tracelogs.md | 33 ++++++++++++-------
1 file changed, 22 insertions(+), 11 deletions(-)
diff --git a/docs/integrations/saas-cloud/gmail-tracelogs.md b/docs/integrations/saas-cloud/gmail-tracelogs.md
index 2034213050..ddd275e30c 100644
--- a/docs/integrations/saas-cloud/gmail-tracelogs.md
+++ b/docs/integrations/saas-cloud/gmail-tracelogs.md
@@ -19,7 +19,7 @@ The Sumo Logic App for Gmail Trace Logs uses [Gmail Logs via BigQuery](https://s
For details, see the [Schema for Gmail logs in BigQuery](https://support.google.com/a/answer/7230050?hl=en&ref_topic=7233311).
-### Sample Logs
+### Sample logs
```json
{
@@ -138,28 +138,39 @@ _sourceCategory=Labs/GmailTraceLogs
## Collecting Logs for Gmail Trace Logs app
-This section provides instructions for setting up [Cloud-to-Cloud-Integration for Gmail Trace Logs App](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md) to create the source and use the same source category while installing the app.
+This section provides instructions for setting up [Cloud-to-Cloud-Integration for Gmail Trace Logs app](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/gmail-tracelogs-source.md) to create the source and use the same source category while installing the app.
## Installing the Gmail Trace Logs app
-import AppInstall from '../../reuse/apps/app-install.md';
+import AppInstall2 from '../../reuse/apps/app-install-v2.md';
-
+
-## Viewing Gmail Trace Logs Dashboards
-**All dashboard have a set of filters** that you can apply to the entire dashboard, as shown in the following example. Click the funnel icon in the top dashboard menu bar to display a scrollable list of filters that are applied across the entire dashboard.
+## Upgrading the Microsoft Teams app (Optional)
-You can use filters to drill down and examine the data on a granular level. Filters include client country, client device type, client IP, client request host, client request URI, client request user agent, edge response status, origin IP, and origin response status.
+import AppUpdate from '../../reuse/apps/app-update.md';
-**Each panel has a set of filters** that are applied to the results for that panel only, as shown in the following example. Click the funnel icon in the top panel menu bar to display a list of panel-specific filters.
+
-### Security Overview Dashboard
+## Uninstalling the Microsoft Teams app (Optional)
-**Gmail Trace Logs - Security Overview**. This dashboard lets you monitor spam messages, malware threats, dropped messages, and rejected messages.
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+
+
+## Viewing Gmail Trace Logs dashboards
+
+import ViewDashboards from '../../reuse/apps/view-dashboards.md';
+
+
+
+### Security Overview
+
+The **Gmail Trace Logs - Security Overview** dashboard lets you monitor spam messages, malware threats, dropped messages, and rejected messages.
})
-**CrowdStrike Analysis**. To protect your organisation from threats, the app also scans the SHA256 hash of Gmail attachments with CrowdStrike's threat detection service.
+The **CrowdStrike Analysis**. To protect your organisation from threats, the app also scans the SHA256 hash of Gmail attachments with CrowdStrike's threat detection service.
})
From 7fac2b48412c03d8ee12e692801adabe46dd9f21 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:22:08 +0530
Subject: [PATCH 03/24] Update
docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
.../security-threat-detection/threat-intel-quick-analysis.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index c297017f2a..b7c89bad8c 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -122,7 +122,7 @@ See the frequency of URL threats by Actor, Log Source, Malicious Confidence, and
### Hash 256
-See the frequency of Hash 256 threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+The **Hash 256** dashboard displays the frequency of Hash 256 threats by Actor, Log Source, Malicious Confidence, and view trends over time.
From 7642d2513e70644f4efd6b1e676c868dbf18e3df Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:22:17 +0530
Subject: [PATCH 04/24] Update
docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
.../security-threat-detection/threat-intel-quick-analysis.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index b7c89bad8c..8122f6d5de 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -107,7 +107,7 @@ See the frequency of IP threats by Actor, Log Source, Malicious Confidence, and
### URL
-See the frequency of URL threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+The **URL** dashboard displays the frequency of URL threats by Actor, Log Source, Malicious Confidence, and view trends over time.
From ff617077b2a61f82eaa81cb929a3faf672799a74 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:22:30 +0530
Subject: [PATCH 05/24] Update
docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
.../security-threat-detection/threat-intel-quick-analysis.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index 8122f6d5de..b46883f122 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -91,7 +91,7 @@ See the frequency of Email threats by Actor, Log Source, Malicious Confidence, a
### IP
-See the frequency of IP threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+The **IP** dashboard displays the frequency of IP threats by Actor, Log Source, Malicious Confidence, and view trends over time.
From 85100cfe6425c94851fa69c2ea7d89dcd6a8a3ca Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:22:37 +0530
Subject: [PATCH 06/24] Update
docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
.../security-threat-detection/threat-intel-quick-analysis.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index b46883f122..8c1bee473f 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -76,7 +76,7 @@ See the frequency of Domain threats by Actor, Log Source, Malicious Confidence,
### Email
-See the frequency of Email threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+The **Email** dashboard displays the frequency of Email threats by Actor, Log Source, Malicious Confidence, and view trends over time.
From a3dfbbcdae510c4c398f48b1ea25071e6b2009fb Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:22:44 +0530
Subject: [PATCH 07/24] Update
docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
.../security-threat-detection/threat-intel-quick-analysis.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index 8c1bee473f..d8e25b5f36 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -62,7 +62,7 @@ See the frequency of Domain threats by Actor, Log Source, Malicious Confidence,
### Domain
-See the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+The **Domain** dashboard displays the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.
From 5d3e930ac298230d325f9bf6a6b453688ea6dce3 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:22:56 +0530
Subject: [PATCH 08/24] Update
docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
.../security-threat-detection/threat-intel-quick-analysis.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index d8e25b5f36..9676f5aff4 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -46,7 +46,7 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md';
### Overview
-See the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.
+The **Overview** dashboard shows you the frequency of Domain threats by Actor, Log Source, Malicious Confidence, and view trends over time.
From fb9f26fa4763bede10d87ffdb30e71e5412414a2 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:23:10 +0530
Subject: [PATCH 09/24] Update
docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
.../security-threat-detection/threat-intel-quick-analysis.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index 9676f5aff4..c06ed4e665 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -32,7 +32,7 @@ import AppUpdate from '../../reuse/apps/app-update.md';
-## Uninstalling the Threat Intel Quick Analysis app (Optional)
+## Uninstalling the Threat Intel Quick Analysis app (optional)
import AppUninstall from '../../reuse/apps/app-uninstall.md';
From c694176d498dc054ca644001cd8f5c4fbfe7c408 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:23:17 +0530
Subject: [PATCH 10/24] Update
docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md b/docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md
index 0384dccbe3..a71069c813 100644
--- a/docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md
+++ b/docs/integrations/saas-cloud/microsoft-exchange-trace-logs.md
@@ -98,7 +98,7 @@ import AppInstall2 from '../../reuse/apps/app-install-v2.md';
-## Upgrading the Microsoft Exchange Trace Logs app (Optional)
+## Upgrading the Microsoft Exchange Trace Logs app (optional)
import AppUpdate from '../../reuse/apps/app-update.md';
From 10413b98bd187b55197a0f7de427cabf1324cf7d Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:23:24 +0530
Subject: [PATCH 11/24] Update docs/integrations/saas-cloud/gmail-tracelogs.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
docs/integrations/saas-cloud/gmail-tracelogs.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/saas-cloud/gmail-tracelogs.md b/docs/integrations/saas-cloud/gmail-tracelogs.md
index ddd275e30c..b5f7b9f4ff 100644
--- a/docs/integrations/saas-cloud/gmail-tracelogs.md
+++ b/docs/integrations/saas-cloud/gmail-tracelogs.md
@@ -153,7 +153,7 @@ import AppUpdate from '../../reuse/apps/app-update.md';
-## Uninstalling the Microsoft Teams app (Optional)
+## Uninstalling the Microsoft Teams app (optional)
import AppUninstall from '../../reuse/apps/app-uninstall.md';
From 2a302c28e784d1568a783b0580e1e968e9899518 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:23:33 +0530
Subject: [PATCH 12/24] Update docs/integrations/saas-cloud/gmail-tracelogs.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
docs/integrations/saas-cloud/gmail-tracelogs.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/saas-cloud/gmail-tracelogs.md b/docs/integrations/saas-cloud/gmail-tracelogs.md
index b5f7b9f4ff..a197b27dd9 100644
--- a/docs/integrations/saas-cloud/gmail-tracelogs.md
+++ b/docs/integrations/saas-cloud/gmail-tracelogs.md
@@ -147,7 +147,7 @@ import AppInstall2 from '../../reuse/apps/app-install-v2.md';
-## Upgrading the Microsoft Teams app (Optional)
+## Upgrading the Microsoft Teams app (optional)
import AppUpdate from '../../reuse/apps/app-update.md';
From 0682681657e1bc430bdf98a9a317997bfeaa3b01 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:23:40 +0530
Subject: [PATCH 13/24] Update docs/integrations/microsoft-azure/teams.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
docs/integrations/microsoft-azure/teams.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/microsoft-azure/teams.md b/docs/integrations/microsoft-azure/teams.md
index 24db3f419d..e0f7c40834 100644
--- a/docs/integrations/microsoft-azure/teams.md
+++ b/docs/integrations/microsoft-azure/teams.md
@@ -71,7 +71,7 @@ import AppUpdate from '../../reuse/apps/app-update.md';
-## Uninstalling the Microsoft Teams app (Optional)
+## Uninstalling the Microsoft Teams app (optional)
import AppUninstall from '../../reuse/apps/app-uninstall.md';
From 501089334d2c1ebbfde10d4748208f857007ba1b Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Wed, 5 Jun 2024 10:23:46 +0530
Subject: [PATCH 14/24] Update docs/integrations/microsoft-azure/teams.md
Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
docs/integrations/microsoft-azure/teams.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/microsoft-azure/teams.md b/docs/integrations/microsoft-azure/teams.md
index e0f7c40834..37eeb3c383 100644
--- a/docs/integrations/microsoft-azure/teams.md
+++ b/docs/integrations/microsoft-azure/teams.md
@@ -65,7 +65,7 @@ import AppInstall2 from '../../reuse/apps/app-install-v2.md';
-## Upgrading the Microsoft Teams app (Optional)
+## Upgrading the Microsoft Teams app (optional)
import AppUpdate from '../../reuse/apps/app-update.md';
From 62e36fe953c49060fc4ca913559b08602983e36f Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Fri, 4 Apr 2025 11:20:09 +0530
Subject: [PATCH 15/24] Update docs/integrations/microsoft-azure/teams.md
---
docs/integrations/microsoft-azure/teams.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/microsoft-azure/teams.md b/docs/integrations/microsoft-azure/teams.md
index 37eeb3c383..3393033c1e 100644
--- a/docs/integrations/microsoft-azure/teams.md
+++ b/docs/integrations/microsoft-azure/teams.md
@@ -97,7 +97,7 @@ Use this dashboard to:
### User Sessions
-The **Teams - User Sessions** dashboard provides an in depth view of the user logins and related statistics in your Teams environment
+The **Teams - User Sessions** dashboard provides an in depth view of the user logins and related statistics in your Teams environment.
Use this dashboard to:
* Identify user sessions relative to their locations and compare login statistics over time.
From 4aa69f1e876c48b5219822671c509ecfc448828d Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Fri, 4 Apr 2025 11:20:18 +0530
Subject: [PATCH 16/24] Update docs/integrations/microsoft-azure/teams.md
---
docs/integrations/microsoft-azure/teams.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/microsoft-azure/teams.md b/docs/integrations/microsoft-azure/teams.md
index 3393033c1e..108dc35eff 100644
--- a/docs/integrations/microsoft-azure/teams.md
+++ b/docs/integrations/microsoft-azure/teams.md
@@ -85,7 +85,7 @@ import ViewDashboards from '../../reuse/apps/view-dashboards.md';
### Overview
-The **Teams - Overview** dashboard provides an at-a-glance view of the state of your Teams environment in terms of user sessions, teams and channel activity, and user role changes
+The **Teams - Overview** dashboard provides an at-a-glance view of the state of your Teams environment in terms of user sessions, teams and channel activity, and user role changes.
Use this dashboard to:
* Identify user sessions relative to their locations.
From 7b18650e9ce7df09ab94e087081205e9997a770e Mon Sep 17 00:00:00 2001
From: John Pipkin
Date: Tue, 8 Apr 2025 09:59:02 -0500
Subject: [PATCH 17/24] Fix broken anchor link
---
.../security-threat-detection/threat-intel-quick-analysis.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index c244a2923b..c38a7da046 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -49,7 +49,7 @@ The **Overview** dashboard shows you the frequency of Domain threats by Actor, L
-* **Welcome to the Threat Intel Quick Analysis App.** Informational panel to help you find information on [optimization](/docs/integrations/security-threat-detection/threat-intel-quick-analysis#02_Threat-Intel-Optimization) and [FAQs](/docs/integrations/security-threat-detection/threat-intel-quick-analysis#threat-intel-faq) on working with the Threat Intel database.
+* **Welcome to the Threat Intel Quick Analysis App.** Informational panel to help you find information on [optimization](#threat-intel-optimization) and [FAQs](#threat-intel-faq) on working with the Threat Intel database.
* **Number of Log Lines (Events) Scanned for Threats.** Count of log lines scanned across all selected sources for the last 15 minutes.
* **IP Threat Count.** Count of threats related to malicious IPs, for the last 15 minutes.
* **File Name Threat Count.** Count of threats related to malicious file names, for the last 15 minutes.
From 36e4af39ba632c82fde2ebbb54588d17c8554543 Mon Sep 17 00:00:00 2001
From: John Pipkin
Date: Tue, 8 Apr 2025 13:41:51 -0500
Subject: [PATCH 18/24] Remove FAQ section from Threat Intel Quick Analysis
article
---
.../threat-intel-quick-analysis.md | 35 ++-----------------
1 file changed, 2 insertions(+), 33 deletions(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index c38a7da046..0d6678d35e 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -49,7 +49,7 @@ The **Overview** dashboard shows you the frequency of Domain threats by Actor, L
-* **Welcome to the Threat Intel Quick Analysis App.** Informational panel to help you find information on [optimization](#threat-intel-optimization) and [FAQs](#threat-intel-faq) on working with the Threat Intel database.
+* **Welcome to the Threat Intel Quick Analysis App.** Informational panel to help you work with the app.
* **Number of Log Lines (Events) Scanned for Threats.** Count of log lines scanned across all selected sources for the last 15 minutes.
* **IP Threat Count.** Count of threats related to malicious IPs, for the last 15 minutes.
* **File Name Threat Count.** Count of threats related to malicious file names, for the last 15 minutes.
@@ -241,37 +241,6 @@ Use scheduled views with the threat lookup operator to find threats. Scheduled v
| lookup latitude, longitude, country_code, country_name, region, city, postal_code, area_code, metro_code from geo://default on ip = src_ip
| count as threat_count by src_ip, malicious_confidence, Actor, _source, label_name, city, country_name, raw
```
-2. Now, you can run your Threat Intel query on top of this view:
- ```sql
- _view=cylance_threat
- | count by src_ip
- ```
-
-## Threat Intel FAQ
-
-#### What is the CrowdStrike Integration for Sumo Logic?
-
-Sumo Logic has expanded its security offerings by allowing customers to analyze their logs for potential threats and indicators of compromise. In partnership with CrowdStrike, Sumo Logic maintains an updated Threat Intelligence database that can be correlated with log data through queries. The Sumo Logic / CrowdStrike integration has two parts:
-
-* Sumo Logic maintains an up-to-date copy of CrowdStrike’s threat database.
-* Sumo customers can now use the CrowdStrike database in threat analysis queries over their logs (through a new lookup operator).
-
-The Sumo Logic Threat Intel lookup database is only available with Sumo Logic Enterprise and Professional accounts, or during a 30-day trial period. The Threat Intel lookup database is not available for Sumo Logic Free accounts.
-
-
-
-#### What does the Threat Intel Quick Analysis App do?
-
-This App scans all Sumo logs and parses (using regex) IP/Email/URL/Domain/File Name fields for comparison against the threat feed from CrowdStrike. Think of it as an Inner Join between parsed fields and the threat table.
-
-This application can be slow to load depending on the volume of data you scan based on time, source category, etc. We **highly recommend** that you apply additional filter conditions as you screen your logs or run these types of searches on a schedule.
-
-
-
-#### How often do you refresh the threat feed from CrowdStrike?
-
-The database is updated once per day. We have implemented a multi-layer cache for performance enhancements rather than returning to the master database on each query.
-=======
-1. Now, you can run your Threat Intel query on top of this view:
+2. Now, you can run your Threat Intel query on top of this view:
```sql
_view=cylance_threat
| count by src_ip
From cc7f4889e5b6a5f9e54bc0a34d55b00bc79acd28 Mon Sep 17 00:00:00 2001
From: John Pipkin
Date: Mon, 14 Apr 2025 08:01:03 -0500
Subject: [PATCH 19/24] Update comments in threat intel quick analysis article
---
.../threat-intel-quick-analysis.md | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
index dee3db26c9..ebba2af4db 100644
--- a/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
+++ b/docs/integrations/security-threat-detection/threat-intel-quick-analysis.md
@@ -152,7 +152,7 @@ _sourceCategory=cylance "IP Address"
| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=ip_address
```
-
-## Viewing Threat Intel Quick Analysis dashboards
-
+## JSON configuration object
#### `malicious_confidence`
@@ -483,6 +405,8 @@ Once an indicator has been marked with a malicious confidence level, it continue
+## Viewing Threat Intel Quick Analysis dashboards
+
All dashboards include filters that you can use in Interactive Mode for further analysis of your Threat Intel Quick Analysis data. Because the Threat Intel Quick Analysis has the most bearing on recent threats, most panels are set to the 15 minute time range. You can adjust time ranges as needed.
Live mode and real-time queries are not supported for dashboards at this time.
@@ -573,3 +497,14 @@ See the frequency of SHA-256 threats by Actor, Log Source, Malicious Confidence,
* **Threats by Actor.** Identifies Actors, if any, that can be attributed to SHA-256 threats over the last 15 minutes. Actors are identified individuals, groups or nation-states associated to threats.
* **Threat Table.** Aggregation Table of SHA-256 threats over the last 15 minutes.
+## Upgrading the Threat Intel Quick Analysis app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+
+
+## Uninstalling the Threat Intel Quick Analysis app (optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+
\ No newline at end of file
From b906c598a7bb2220e658cf706a288609381b1709 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Fri, 2 May 2025 11:27:39 +0530
Subject: [PATCH 23/24] Update teams.md
---
docs/integrations/microsoft-azure/teams.md | 27 ++++++++++------------
1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/docs/integrations/microsoft-azure/teams.md b/docs/integrations/microsoft-azure/teams.md
index 3b6d5c5c9a..1a9f8f119c 100644
--- a/docs/integrations/microsoft-azure/teams.md
+++ b/docs/integrations/microsoft-azure/teams.md
@@ -23,7 +23,6 @@ The Teams app provides visibility into the logging that Microsoft exposes in the
For more information, see Microsoft’s [list of Teams Activities](https://docs.microsoft.com/en-us/microsoftteams/audit-log-events#teams-activities).
-
### Sample log messages
```json
@@ -65,18 +64,6 @@ import AppInstall2 from '../../reuse/apps/app-install-v2.md';
-## Upgrading the Microsoft Teams app (optional)
-
-import AppUpdate from '../../reuse/apps/app-update.md';
-
-
-
-## Uninstalling the Microsoft Teams app (optional)
-
-import AppUninstall from '../../reuse/apps/app-uninstall.md';
-
-
-
## Viewing Microsoft Teams dashboards
import ViewDashboards from '../../reuse/apps/view-dashboards.md';
@@ -117,7 +104,6 @@ Use this dashboard to:
})
-
### Channel Statistics
The **Teams - Channel Statistics** dashboard offers complete visibility into the Channel activity occurring in your Teams.
@@ -130,7 +116,6 @@ Use this dashboard to:
})
-
### User and Role Changes
The **Teams - User and Role Changes** dashboard provides insight on the user and role changes being applied in your environment.
@@ -140,3 +125,15 @@ Use this dashboard to:
* Understand how members are being added, removed, and changed by object name.
})
+
+## Upgrading the Microsoft Teams app (optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+
+
+## Uninstalling the Microsoft Teams app (optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+
From 2296a6405ffacb98972561a2a7d493b806d78cb7 Mon Sep 17 00:00:00 2001
From: Jagadisha V <129049263+JV0812@users.noreply.github.com>
Date: Fri, 2 May 2025 11:28:29 +0530
Subject: [PATCH 24/24] Update gmail-tracelogs.md
---
.../saas-cloud/gmail-tracelogs.md | 26 +++++++++----------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/docs/integrations/saas-cloud/gmail-tracelogs.md b/docs/integrations/saas-cloud/gmail-tracelogs.md
index 4925fbddc9..b3f94b3d00 100644
--- a/docs/integrations/saas-cloud/gmail-tracelogs.md
+++ b/docs/integrations/saas-cloud/gmail-tracelogs.md
@@ -21,7 +21,6 @@ For details, see the [Schema for Gmail logs in BigQuery](https://support.google.
### Sample log messages
-
```json
{
"event_info": {
@@ -162,18 +161,6 @@ import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md';
import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md';
-## Upgrading the Microsoft Teams app (optional)
-
-import AppUpdate from '../../reuse/apps/app-update.md';
-
-
-
-## Uninstalling the Microsoft Teams app (optional)
-
-import AppUninstall from '../../reuse/apps/app-uninstall.md';
-
-
-
## Viewing the Gmail Trace Logs dashboards
import ViewDashboards from '../../reuse/apps/view-dashboards.md';
@@ -189,3 +176,16 @@ The **Gmail Trace Logs - Security Overview** dashboard lets you monitor spam mes
The **CrowdStrike Analysis**. To protect your organisation from threats, the app also scans the SHA256 hash of Gmail attachments with CrowdStrike's threat detection service.
+
+## Upgrading the Microsoft Teams app (optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+
+
+## Uninstalling the Microsoft Teams app (optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+
+