diff --git a/blog-service/2024-12-31-apps.md b/blog-service/2024-12-31-apps.md index 5559133e02..953d1bb27f 100644 --- a/blog-service/2024-12-31-apps.md +++ b/blog-service/2024-12-31-apps.md @@ -26,22 +26,8 @@ We’re excited to announce the release of new Azure Service Bus, Azure API Mana ### Enhancements -- We're excited to announce the release of the enhancements listed below for the Sumo Logic apps: - - **Cassandra - OpenTelemetry**. Added 9 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/databases/opentelemetry/cassandra-opentelemetry/#cassandra-alerts). - - **Couchbase - OpenTelemetry**. Added 6 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/databases/opentelemetry/couchbase-opentelemetry/#couchbase-alerts). - - **HAProxy - OpenTelemetry**. Added 5 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/opentelemetry/haproxy-opentelemetry/#haproxy-alerts). - - **IIS - OpenTelemetry**. Added 10 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/iis-10). - - **Linux - OpenTelemetry**. Added 7 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry/#sql-server-linux-alerts). - - **MariaDB - OpenTelemetry**. Added 5 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/databases/opentelemetry/mariadb-opentelemetry/#mariadb-alerts). - - **Memcached - OpenTelemetry**. Added 5 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/databases/opentelemetry/memcached-opentelemetry/#memcached-alerts). - - **MongoDB - OpenTelemetry**. Added 12 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/databases/opentelemetry/mongodb-opentelemetry/#mongodb-alerts). - - **Oracle - OpenTelemetry**. Added 12 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/#oracle-alerts). - - **RabbitMQ - OpenTelemetry**. Added 6 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/containers-orchestration/opentelemetry/rabbitmq-opentelemetry/#rabbitmq-alerts). - - **Redis - OpenTelemetry**. Added 6 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/databases/opentelemetry/redis-opentelemetry/#redis-alerts). - - **Squid Proxy - OpenTelemetry**. Added 4 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/opentelemetry/squid-proxy-opentelemetry/#squidproxy-alerts). - - **Varnish - OpenTelemetry**. Added 3 new monitors that will be triggered for different pre-defined conditions. [Learn more](/docs/integrations/web-servers/opentelemetry/varnish-opentelemetry/#varnish-alerts). - -- **Block Blob**. Updated the Block Blob collection to support collection for Network Flow logs. The Network Security Group (NSG) flow logs will be removed on 30 September 2027. **From 30 June 2025, you will no longer be able to generate new NSG flow logs as part of this retirement**. For more details, refer to the Azure [documentation](https://learn.microsoft.com/en-us/azure/network-watcher/flow-logs-read?tabs=nsg). +- **Added Monitors**. We have added new pre-configured monitors to the [Cassandra - OpenTelemetry](/docs/integrations/databases/opentelemetry/cassandra-opentelemetry/#cassandra-alerts), [Couchbase - OpenTelemetry](/docs/integrations/databases/opentelemetry/couchbase-opentelemetry/#couchbase-alerts), [HAProxy - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/haproxy-opentelemetry/#haproxy-alerts), [IIS - OpenTelemetry](/docs/integrations/web-servers/iis-10), [Linux - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry/#sql-server-linux-alerts), [MariaDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mariadb-opentelemetry/#mariadb-alerts), [Memcached - OpenTelemetry](/docs/integrations/databases/opentelemetry/memcached-opentelemetry/#memcached-alerts), [MongoDB - OpenTelemetry](/docs/integrations/databases/opentelemetry/mongodb-opentelemetry/#mongodb-alerts), [Oracle - OpenTelemetry](/docs/integrations/databases/opentelemetry/oracle-opentelemetry/#oracle-alerts), [RabbitMQ - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/rabbitmq-opentelemetry/#rabbitmq-alerts), [Redis - OpenTelemetry](/docs/integrations/databases/opentelemetry/redis-opentelemetry/#redis-alerts), [Squid Proxy - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/squid-proxy-opentelemetry/#squidproxy-alerts), [Varnish - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/varnish-opentelemetry/#varnish-alerts), [JFrog Artifactory - OpenTelemetry](/docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry), [VMWare - OpenTelemetry](/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry), and [Active Directory JSON - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry) apps. +- **Azure Blob Storage (block blobs) Collection**. Updated the Block Blob collection to support collection for Network Flow logs. The Network Security Group (NSG) flow logs will be removed on 30 September 2027. **From 30 June 2025, you will no longer be able to generate new NSG flow logs as part of this retirement**. For more details, refer to the Azure [documentation](https://learn.microsoft.com/en-us/azure/network-watcher/flow-logs-read?tabs=nsg). - The apps listed below have been updated, and as part of the app installation flow, you can now create Cloud-to-Cloud sources: - [1Password](/docs/integrations/saas-cloud/1password/#collection-configuration-and-app-installation) - [Abnormal Security](/docs/integrations/saas-cloud/abnormal-security/#collection-configuration-and-app-installation) diff --git a/docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry.md b/docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry.md index 1bc47a9563..46aeaa9bda 100644 --- a/docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry.md +++ b/docs/integrations/app-development/opentelemetry/jfrog-artifactory-opentelemetry.md @@ -15,11 +15,15 @@ The Sumo Logic app for Artifactory provides insight into your [JFrog Artifactory Artifactory-Schematics +:::info +This app includes [built-in monitors](#jfrog-artifactory-alerts). For details on creating custom monitors, refer to the [Create monitors for JFrog Artifactory app](#create-monitors-for-jfrog-artifactory-app). +::: + ## Fields creation in Sumo Logic for Artifactory Following are the Tags which will be created as part of Artifactory app install if not already present. -* `sumo.datasource`. Has fixed value of **artifactory** +* `sumo.datasource`. Has fixed value of **artifactory**. ## Prerequisites @@ -244,3 +248,21 @@ import JfrogReq from '../../../reuse/apps/jfrog/artifactory-request-access.md'; import JfrogTr from '../../../reuse/apps/jfrog/artifactory-traffic.md'; + +## Create monitors for JFrog Artifactory app + +import CreateMonitors from '../../../reuse/apps/create-monitors.md'; + + + +### JFrog Artifactory alerts + +| Name | Description | Alert Condition | Recover Condition | +|:--|:--|:--|:--| +| `Artifactory - Excessive Denied Login Attempts` | This alert is triggered when there are multiple denied login attempts from the same IP or user. | Count `>` 5 | Count `<=` 5 | +| `Artifactory - High 4xx Status Codes` | This alert is triggered when there's a high number of HTTP 4xx error responses. | Count `>` 10 | Count `<=` 10 | +| `Artifactory - High 5xx Status Codes` | This alert is triggered when there's a high number of HTTP 5xx error responses. | Count `>` 10 | Count `<=` 10 | +| `Artifactory - High Denied Deploys to Cached Repos` | This alert is triggered when there's a high number of denied deploy attempts to cached repositories. | Count `>` 5 | Count `<=` 5 | +| `Artifactory - High Denied Deploys to Non-Cached Repos` | This alert is triggered when there's a spike in denied deploy attempts to non-cached repositories. | Count `>` 5 | Count `<=` 5 | +| `Artifactory - High Denied Downloads` | This alert is triggered when there's a high number of denied download attempts. | Count `>` 5 | Count `<=` 5 | +| `Artifactory - Slow HTTP Response Times` | This alert is triggered when Artifactory response times are high. | Count `>` 5 | Count `<=` 5 | diff --git a/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry.md b/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry.md index fe7fca26af..eaa9c9f38d 100644 --- a/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry.md +++ b/docs/integrations/containers-orchestration/opentelemetry/vmware-opentelemetry.md @@ -21,7 +21,12 @@ See the [vSphere product page](https://www.vmware.com/products/vsphere.html) for Schematics +:::info +This app includes [built-in monitors](#vmware-alerts). For details on creating custom monitors, refer to the [Create monitors for JFrog Artifactory app](#create-monitors-for-vmware-app). +::: + ## Prerequisites + VMWare metrics are collected through the [vCenter Receiver](https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/vcenterreceiver) of OpenTelemetry. This receiver has been built to support ESXi and vCenter versions: @@ -276,3 +281,22 @@ The **VMWare - VM Details** dashboard provides a detailed analysis of VM metrics - **Top 25 VMs Network Packet Rate**. Top 25 VMs Network transmitted/received packet rate. - **Top 25 VMs Network Packet Drop Rate**. Top 25 VMs Network transmitted/received packet drop rate. - **Top 25 VMs Memory Swapped**. Top 25 VMs Memory swapped. + +## Create monitors for VMWare app + +import CreateMonitors from '../../../reuse/apps/create-monitors.md'; + + + +### VMWare alerts + +| Name | Description | Alert Condition | Recover Condition | +|:--|:--|:--|:--| +| `VMware - Datastore High Utilization` | This alert is triggered when datastore usage is approaching capacity. | Count `>=` 90 | Count `<` 90 | +| `VMware - High Virtual Disk Read Latency` | This alert gets triggered on high virtual datastore read latency indicating storage performance issues. | Count `>=` 20 | Count `<` 20 | +| `VMware - High Virtual Disk Write Latency` | This alert gets triggered on high virtual datastore write latency indicating storage performance issues. | Count `>=` 20 | Count `<` 20 | +| `VMware - Host CPU High Utilization` | This alert is triggered when host CPU utilization is consistently high, which may impact VM performance. | Count `>=` 90 | Count `<` 90 | +| `VMware - Host Memory Utilization` | This alert is triggered when host memory utilization is consistently high. | Count `>=` 95 | Count `<` 95 | +| `VMware - VM CPU Ready Time High` | This alert gets triggered when VMs are waiting too long for CPU resources, indicating CPU contention. | Count `>=` 10 | Count `<` 10 | +| `VMware - VM Memory Balloon Pressure` | This alert gets triggered when VMs are experiencing significant memory ballooning. | Count `>=` 1024 | Count `<` 1024 | + diff --git a/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry.md b/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry.md index 8413127725..5b3b6d1c1c 100644 --- a/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry.md +++ b/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry.md @@ -17,11 +17,15 @@ We recommend using the Active Directory JSON app in combination with the Windows Schematics +:::info +This app includes [built-in monitors](#active-directory-alerts). For details on creating custom monitors, refer to the [Create monitors for Active Directory app](#create-monitors-for-active-directory-app). +::: + ## Fields creation in Sumo Logic for Active Directory Following are the [fields](/docs/manage/fields/) which will be created as part of Active Directory App install if not already present. -**`sumo.datasource`** - Has fixed value of **activeDirectory** +**`sumo.datasource`** - Has fixed value of **activeDirectory**. ### Event logs used by Active Directory app @@ -180,3 +184,20 @@ The **Active Directory Service Activity** dashboard provides insights into overa The **Active Directory Service Failures** dashboard provides an at-a-glance view of success, failures, and audit failures overtime. Service Failures + +## Create monitors for Active Directory app + +import CreateMonitors from '../../../reuse/apps/create-monitors.md'; + + + +### Active Directory alerts + +| Name | Description | Alert Condition | Recover Condition | +|:--|:--|:--|:--| +| `Active Directory - Account Lockouts Spike` | This alert is triggered when there are multiple account lockouts in a short time period, indicating potential brute force attempts. | Count `>=` 5 | Count `<` 5 | +| `Active Directory - Directory Service Failures` | This alert is triggered when there are critical Directory Service failures that could impact AD functionality. | Count `>=` 3 | Count `<` 3 | +| `Active Directory - Mass User Account Deletions` | This alert triggers when multiple user accounts are deleted in a short time period, which could indicate malicious activity. | Count `>` 5 | Count `<=` 5 | +| `Active Directory - NTLM Authentication Failures` | This alert is triggered when there are multiple NTLM authentication failures, which could indicate credential theft attempts. | Count `>=` 5 | Count `<` 5 | +| `Active Directory - Replication Failures` | This alert triggers when AD replication failures occur, which can impact directory synchronization. | Count `>` 0 | Count `<=` 0 | +| `Active Directory - Schema Modifications` | This alert is triggered when changes are made to the AD schema, which are rare and potentially high-impact changes. | Count `>` 0 | Count `<=` 0 |