DOCS-533 - Network sensor end-of-life

blog-cse/2024/12-31.md

@@ -209,7 +209,7 @@ Changes are enumerated below.
 
 #### Cloud SIEM network sensor end-of-life
 
-The Sumo Logic Product Team is discontinuing our on-premise network sensor feature for Sumo Logic Cloud SIEM. The feature will no longer receive updates as of November 8, 2024, and support ends as of April 30, 2025. We fully support a customer or partner managed [Zeek network sensor](/docs/cse/sensors/ingest-zeek-logs/) as a data source for our Cloud SIEM product that will provide equivalent monitoring of your network.
+The Sumo Logic Product Team is discontinuing our on-premise network sensor feature for Sumo Logic Cloud SIEM. The feature will no longer receive updates as of November 8, 2024, and support ends as of November 7, 2025. We fully support a customer or partner managed [Zeek network sensor](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek/) as a data source for our Cloud SIEM product that will provide equivalent monitoring of your network.
 
 Learn more [here](/docs/cse/sensors/network-sensor-end-of-life/).
 

blog-cse/2025-11-07-application.md

@@ -0,0 +1,15 @@
+---
+title: November 7, 2025 - Application Update
+image: https://help.sumologic.com/img/reuse/rss-image.jpg
+keywords:
+  - sensors
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+#### Cloud SIEM network sensor end-of-life
+
+As [previously announced](/release-notes-cse/2024/12/31/#november-8-2024---application-update), the Sumo Logic Product Team is discontinuing our on-premise network sensor feature for Sumo Logic Cloud SIEM. Support for the feature ends as of November 8, 2025. We fully support a customer or partner managed [Zeek network sensor](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek/) as a data source for our Cloud SIEM product that will provide equivalent monitoring of your network.
+
+Learn more [here](/docs/cse/sensors/network-sensor-end-of-life/).

cid-redirects.json

@@ -1722,7 +1722,7 @@
   "/cid/10144": "/docs/metrics/metrics-operators",
   "/cid/10145": "/docs/cse/records-signals-entities-insights/global-intelligence-security-insights",
   "/cid/16002": "/docs/integrations/microsoft-azure/opentelemetry/sql-server-linux-opentelemetry",
-  "/cid/10146": "/docs/cse/sensors",
+  "/cid/10146": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
   "/cid/10147": "/docs/cse/integrations",
   "/cid/10148": "/docs/cse/rules",
   "/cid/101481": "/docs/cse/rules/about-cse-rules",
@@ -3028,16 +3028,16 @@
   "/Cloud_SIEM_Enterprise/CSE_Schema/Parser_Editor/Parser_Troubleshooting_Tips": "/docs/cse/troubleshoot/troubleshoot-parsers",
   "/docs/cse/schema/parser-troubleshooting-tips": "/docs/cse/troubleshoot/troubleshoot-parsers",
   "/Cloud_SIEM_Enterprise/CSE_Schema/Username_and_Hostname_Normalization": "/docs/cse/schema/username-and-hostname-normalization",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors": "/docs/cse/sensors",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors/01_Sensor_Download_Locations": "/docs/cse/sensors/sensor-download-locations",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors/05_Windows_Sensor_Installation": "/docs/cse/sensors/sensor-download-locations",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors/11_Network_Sensor_Deployment_Guide": "/docs/cse/sensors/network-sensor-deployment-guide",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors/07_Network_Sensor_Deployment_Guide": "/docs/cse/sensors/network-sensor-deployment-guide",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors/07_Windows_Sensor_Health_Status_Messages": "/docs/cse/sensors/network-sensor-troubleshooting",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors/09_Windows_Sensor_Troubleshooting": "/docs/cse/sensors/network-sensor-troubleshooting",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors/13_Network_Sensor_Troubleshooting": "/docs/cse/sensors/network-sensor-troubleshooting",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors/17_Log_Sensor_Troubleshooting": "/docs/cse/sensors/log-sensor-troubleshooting",
-  "/Cloud_SIEM_Enterprise/CSE_Sensors/Ingest_Zeek_Logs": "/docs/cse/sensors/ingest-zeek-logs",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors/01_Sensor_Download_Locations": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors/05_Windows_Sensor_Installation": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors/11_Network_Sensor_Deployment_Guide": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors/07_Network_Sensor_Deployment_Guide": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors/07_Windows_Sensor_Health_Status_Messages": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors/09_Windows_Sensor_Troubleshooting": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors/13_Network_Sensor_Troubleshooting": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors/17_Log_Sensor_Troubleshooting": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
+  "/Cloud_SIEM_Enterprise/CSE_Sensors/Ingest_Zeek_Logs": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek",
   "/Cloud_SIEM_Enterprise/Ingestion_Guides": "/docs/cse/ingestion",
   "/Cloud_SIEM_Enterprise/Ingestion_Guides/00Products_with_Log_Mappings": "/docs/cse/ingestion/products-with-log-mappings",
   "/Cloud_SIEM_Enterprise/Ingestion_Guides/Cisco_Meraki": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/cisco-meraki",

docs/cse/index.md

@@ -49,12 +49,6 @@ This section contains the following topics:
   <p>Learn about Cloud SIEM Schema v3, schema attributes, and the Record processing pipeline.</p>
   </div>
 </div>
-<div className="box smallbox card">
-  <div className="container">
-  <a href="/docs/cse/sensors"><img src={useBaseUrl('img/icons/security/cloud-siem.png')} alt="Shield on a cloud icon" width="40"/><h4>Sensors</h4></a>
-  <p>Cloud SIEM Sensors collect log and event data from your infrastructure and applications.</p>
-  </div>
-</div>
 <div className="box smallbox card">
   <div className="container">
   <a href="/docs/cse/integrations"><img src={useBaseUrl('img/icons/security/cloud-siem.png')} alt="Shield on a cloud icon" width="40"/><h4>Integrations</h4></a>

docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek.md

@@ -22,4 +22,5 @@ To ingest Corelight Zeek data into Cloud SIEM:
 1. To verify that your logs are successfully making it into Cloud SIEM:
     1. [**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu select **Cloud SIEM**, and then under **Cloud SIEM Integrations** select **Log Mappings**. You can also click the **Go To...** menu at the top of the screen and select **Log Mappings**.  <br/>[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top Cloud SIEM menu select **Configuration**, and then under **Incoming Data** select **Log Mappings**. 
     1. On the **Log Mappings** tab search for "Zeek" and check the **Records** columns. <br/><img src={useBaseUrl('img/cse/corelight-record-volume.png')} alt="Corelight record volume" style={{border: '1px solid gray'}} width="800"/>
-    1. For a more granular look at the incoming records, you can also search the Sumo Logic platform for Corelight Zeek security records:<br/>`_index=sec_record* and metadata_product = "Zeek"`
+    1. For a more granular look at the incoming records, you can also search the Sumo Logic platform for Corelight Zeek security records:<br/>`_index=sec_record* and metadata_product = "Zeek"`
+

docs/cse/rules/import-yara-rules.md

@@ -13,7 +13,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
 
 This section has instructions for importing YARA rules from GitHub into Cloud SIEM.
 
-YARA rules are an open source framework for identifying malware. Cloud SIEM runs YARA rules against files uploaded by the [network sensor](/docs/cse/sensors/network-sensor-deployment-guide). When a file matches a YARA rule, Cloud SIEM creates a special record which results in a “file analysis” signal being created.  Once you’ve imported rules, Cloud SIEM will sync with the repository no less than every hour.
+YARA rules are an open source framework for identifying malware. Cloud SIEM runs YARA rules against files uploaded by the [network sensor](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/corelight-zeek/). When a file matches a YARA rule, Cloud SIEM creates a special record which results in a “file analysis” signal being created.  Once you’ve imported rules, Cloud SIEM will sync with the repository no less than every hour.
 
 To import YARA rules:
 

docs/cse/sensors/ingest-zeek-logs.md

@@ -6,18 +6,18 @@ description: Learn how to collect Zeek (Bro) logs and ingest them to Cloud SIEM.
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
-This topic has instructions for ingesting Zeek logs into Cloud SIEM. 
+This topic has instructions for ingesting Zeek logs into Cloud SIEM. 
 
 ## What is Zeek?
 
-Cloud SIEM uses [Zeek](https://zeek.org/) (formerly known as Bro) for network visibility. Zeek is an open source network analysis framework that organizes packets into flows, decodes common protocols, performs file extraction, SSL certificate validation, OS fingerprinting and more. Zeek can be extended through plugins for additional detection capabilities.
+Cloud SIEM uses [Zeek](https://zeek.org/) (formerly known as Bro) for network visibility. Zeek is an open source network analysis framework that organizes packets into flows, decodes common protocols, performs file extraction, SSL certificate validation, OS fingerprinting and more. Zeek can be extended through plugins for additional detection capabilities.
 
 ## Supported collection method: Sumo Logic Source
 
 If you already have a Zeek deployment, you can collect logs using a Sumo Logic Collector and Source.
 
 :::note
-This method requires that your Zeek logs are in JSON format. 
+This method requires that your Zeek logs are in JSON format. 
 :::
 
 ### Configure a Sumo Logic Source
@@ -30,7 +30,7 @@ After configuring the appropriate source, use one of the methods described in [E
 
 ### Enable parsing and mapping of Zeek logs
 
-This configuration step is required to ensure that Cloud SIEM knows how to parse incoming Zeek logs, correctly map the log fields to schema attributes, and create Cloud SIEM records. The most important bit of information is what type of data a particular log contains. Zeek has a variety of log types, for example `conn` for TCP/UDP/ICMP connections, `http` for HTTP requests and replies, and `ftp` for FTP activity.
+This configuration step is required to ensure that Cloud SIEM knows how to parse incoming Zeek logs, correctly map the log fields to schema attributes, and create Cloud SIEM records. The most important bit of information is what type of data a particular log contains. Zeek has a variety of log types, for example `conn` for TCP/UDP/ICMP connections, `http` for HTTP requests and replies, and `ftp` for FTP activity.
 
 So, how to determine whether a Zeek log is a `conn`, `http`, `ftp`, or some other log type? Zeek logs don’t contain a key that explicitly holds a value that is only the log type identifier. There are two options for dealing with this:
 
@@ -54,15 +54,15 @@ After installing the `json-streaming-logs` package, follow these instructions to
 
 ### Use FERs
 
-With this method, you use Sumo Logic Field Extraction Rules (FERs) to extract fields from each Zeek log. The fields you extract will provide the information necessary for Cloud SIEM to correctly parse and map the logs. 
+With this method, you use Sumo Logic Field Extraction Rules (FERs) to extract fields from each Zeek log. The fields you extract will provide the information necessary for Cloud SIEM to correctly parse and map the logs. 
 
-Here’s an example Bro log from the Security Onion platform. 
+Here’s an example Bro log from the Security Onion platform. 
 
 ```
 {"TAGS":".source.s_bro_conn","SOURCEIP":"127.0.0.1","PROGRAM":"bro_conn","PRIORITY":"notice","MESSAGE":"{\"ts\":\"2020-05-28T10:32:51.997054Z\",\"uid\":\"Cu3KVA2TbWqZm1Z0S6\",\"id.orig_h\":\"1.2.3.4\",\"id.orig_p\":16030,\"id.resp_h\":\"5.6.7.8\",\"id.resp_p\":161,\"proto\":\"udp\",\"duration\":30.000317811965942,\"orig_bytes\":258,\"resp_bytes\":0,\"conn_state\":\"S0\",\"local_orig\":true,\"local_resp\":true,\"missed_bytes\":0,\"history\":\"D\",\"orig_pkts\":6,\"orig_ip_bytes\":426,\"resp_pkts\":0,\"resp_ip_bytes\":0,\"sensorname\":\"test\"}","ISODATE":"2020-05-28T10:34:24+00:00","HOST_FROM":"somehost","HOST":"somehost","FILE_NAME":"/nsm/bro/logs/current/conn.log","FACILITY":"user"}
 ```
 
-In the log above, the content of the Bro log is the value of the `MESSAGE` key. Note that no key in the log explicitly states the log type, which is `conn`. 
+In the log above, the content of the Bro log is the value of the `MESSAGE` key. Note that no key in the log explicitly states the log type, which is `conn`. 
 
 To enable Cloud SIEM to successfully process the log, we need to create the following fields listed in the table below.
 
@@ -99,7 +99,7 @@ Perform these steps for each of the FERs.
 1. Click **Add Rule**.
 1. In the **Add Field Extraction Rule** pane:
    1. **Rule Name**. Enter a meaningful name for the rule.
-   1. **Applied At**. Click Ingest Time. 
+   1. **Applied At**. Click Ingest Time. 
    1. **Scope**. Click **Specific Data**.
    1. **Parse Expression**. Enter the parse expression shown in the table above for the field the rule will extract.
 1. Click **Save**.<br/><img src={useBaseUrl('img/cse/example-fer.png')} alt="Example FER" style={{border: '1px solid gray'}} width="400"/>
@@ -143,4 +143,4 @@ This section describes two methods you can use to filter the logs that the Netwo
 
     You can add additional Zeek log types to the list to exclude them.
 
-The BPF filter is applied before `skipped_log_types`. So, given the example BPF filter above, if you add `dns` to the `skipped_log_types` value, you won't ingest logs related to traffic involving hosts `a.b.c.com` or `d.e.f.com`, and you won't ingest DNS data.
+The BPF filter is applied before `skipped_log_types`. So, given the example BPF filter above, if you add `dns` to the `skipped_log_types` value, you won't ingest logs related to traffic involving hosts `a.b.c.com` or `d.e.f.com`, and you won't ingest DNS data.

docs/cse/sensors/log-sensor-troubleshooting.md

@@ -5,7 +5,7 @@ description: Learn how to collect Log Sensor status and data to support troubles
 ---
 
 :::warning end-of-life
-The Cloud SIEM Log Sensor has reached end of life and is no longer supported. Please migrate to a Sumo Logic Hosted Collector or Installed Collector. For more information, see the [end of life notice](https://app.getbeamer.com/cloudsiementerprise/en/end-of-life-notice-_-cloud-siem-enterprise-sensors). 
+The Cloud SIEM Log Sensor has reached end of life and is no longer supported. Please migrate to a Sumo Logic Hosted Collector or Installed Collector. For more information, see the [end of life notice](https://app.getbeamer.com/cloudsiementerprise/en/end-of-life-notice-_-cloud-siem-enterprise-sensors). 
 :::
 
 The Cloud SIEM Log Sensor collects log data and sends it to the legacy Cloud SIEM server. (The Log Sensor does not send log data to the Sumo Logic platform. Sumo Logic collectors serve that purpose.)
@@ -23,44 +23,44 @@ The following command restarts the sensor. You need to restart the sensor after
 This command returns the status of the Log Sensor.
 
 `$ systemctl status trident_log_sensor`  
- 
+ 
 
-## Show sensor listen ports
+## Show sensor listen ports
 
 The following command lists the sensor's listen ports, and state information for each.
 
-`$ ss -an | grep LIST | grep :::85.. `
+`$ ss -an | grep LIST | grep :::85.. `
 
 ## View sensor configuration file
 
-This command lists the sensor’s configuration file.
+This command lists the sensor’s configuration file.
 
 `$ cat /opt/trident/log-sensor/conf/trident-sensor.cfg`  
- 
+ 
 
 ## Edit sensor configuration file
 
 This command opens the sensor’s configuration file in the vi editor.
 
-`$ vi /opt/trident/log-sensor/conf/trident-sensor.cfg `
+`$ vi /opt/trident/log-sensor/conf/trident-sensor.cfg `
 
 ## View sensor log file
 
 This command tails the sensor’s log file, assuming that it is located in its default location.
 
 `$ tail -f /opt/trident/log-sensor/logs/trident-sensor.log`  
- 
+ 
 
-## View logs sent by the sensor to Cloud SIEM 
+## View logs sent by the sensor to Cloud SIEM 
 
 This command tails the sensor’s `output.log` file which contains logs that the sensor has sent to the Cloud SIEM server.
 
 `$ tail -f /opt/trident/log-sensor/output/log/output.log`
 
-## View count of logs sent by the sensor to Cloud SIEM 
+## View count of logs sent by the sensor to Cloud SIEM 
 
 This command returns a count of the logs sent by the sensor to the Cloud SIEM server.
 
 `$ ls -lh /opt/trident/log-sensor/output/log/`
 
- 
+