From f421721224c4e93fb6655ee6e13d650e7c81c569 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 12:53:24 +0530
Subject: [PATCH 01/19] Update Configuration part for AWS security apps

---
 docs/integrations/amazon-aws/guardduty.md    | 55 ++++++++++++++++----
 docs/integrations/amazon-aws/inspector.md    | 53 ++++++++++++++++---
 docs/integrations/amazon-aws/security-hub.md | 51 +++++++++++++-----
 3 files changed, 130 insertions(+), 29 deletions(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index 2c06f15040..b59beccf94 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -176,18 +176,56 @@ _sourceCategory=aws/guardduty
 
 </details>
 
-## Collecting logs for the Amazon GuardDuty App
+## Collecting logs for the Amazon GuardDuty app
 
-This section has instructions for collecting logs for the Amazon GuardDuty App.
+You can collect the Amazon GuardDuty logs using two methods: 
 
-1. Amazon GuardDuty sends notifications based on CloudWatch events when new findings, or new occurrences of existing findings, are generated.
-2. A CloudWatch events rule enables CloudWatch to send events for the GuardDuty findings to the Sumo CloudWatchEventFunction Lambda function.
-3. The Lambda function sends the events to an HTTP source on a Sumo hosted collector.
+- [Method 1: Collecting Amazon GuardDuty logs using EventBridge](#method-1-collecting-amazon-guardduty-logs-using-eventbridge)
+- (Optional) [Method 2: Collecting Amazon GuardDuty logs using Sumo Logic HTTP endpoint](#method-2-collecting-amazon-guardduty-logs-using-sumo-logic-http-endpoint)
 
-This configuration is defined in a [AWS Serverless Application Model (SAM) specification](https://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html) published in the [AWS Serverless Application Repository](https://aws.amazon.com/serverless/serverlessrepo/). You do not need to manually create the necessary AWS resources. You simply deploy the configuration, as described in Step 2 below.
+### Method 1: Collecting Amazon GuardDuty logs using EventBridge
+
+This method leverages AWS EventBridge to streamline the logging process by sending data directly to Sumo Logic via an HTTP endpoint. By eliminating intermediary services such as Lambda, it offers a more straightforward and cost-effective solution.
+
+#### Step 1: Create an HTTP source in Sumo Logic
+
+To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs/send-data/hosted-collectors/http-source/logs-metrics/#configure-an-httplogs-and-metrics-source).
+
+#### Step 2: Configure EventBridge API destination
+
+1. Open your Amazon EventBridge Console.
+1. In the navigation bar, click **API destinations**.
+1. Click **Create destination**.
+1. Enter a name for the API Destination.
+1. Provide the HTTP Source URL from Sumo Logic.
+1. Click **Create a new connection** to create a connection for the API destination.
+  1. Provide a connection name.
+  1. Keep the API Type as **Public**.
+  1. Select **Basic (Username/Password)** in the **Authorization type**.
+  1. Add any random values for **Username** and **Password**.
+1. Create the connection.
+
+#### Step 3: Create the EventBridge rule
 
+1. Click **Rules** and then click **Create rule**.
+1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
+1. Select **All Events** in Event Type.
+1. Under **Select targets**, choose **EventBridge API destination**.
+1. Select the API Destination created in Step 2.
+1. Select **Create a new role for this specific resource** in the **Execution role**.
+1. Click **Create** to activate the rule.
 
-### Step 1: Configure an HTTP source
+### Method 2: Collecting Amazon GuardDuty logs using Sumo Logic HTTP endpoint
+
+This method uses an AWS Lambda function to process, store, and forward logs to Sumo Logic. While it offers a robust solution, it introduces additional AWS resources, such as Lambda, which can increase both cost and complexity.
+
+- Amazon GuardDuty sends notifications based on CloudWatch events when new findings, or new occurrences of existing findings, are generated.
+- A CloudWatch events rule enables CloudWatch to send events for the GuardDuty findings to the Sumo CloudWatchEventFunction Lambda function.
+- The Lambda function sends the events to an HTTP source on a Sumo hosted collector.
+
+This configuration is defined in a [AWS Serverless Application Model (SAM) specification](https://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html) published in the [AWS Serverless Application Repository](https://aws.amazon.com/serverless/serverlessrepo/). You do not need to manually create the necessary AWS resources. You simply deploy the configuration, as described in Step 2 below.
+
+#### Step 1: Configure an HTTP source
 
 1. In Sumo Logic, configure a [Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector).
 2. In Sumo Logic, configure an [HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics). When you configure the source:
@@ -198,8 +236,7 @@ This configuration is defined in a [AWS Serverless Application Model (SAM) speci
 
 When you configure the HTTP Source, make a note of the HTTP Source Address URL. You will need it in the next step.  
 
-
-### Step 2: Deploy Sumo GuardDuty events processor
+#### Step 2: Deploy Sumo GuardDuty events processor
 
 In this step, you deploy the events processor. This will create the AWS resources described in [Collection overview](#collecting-logs-for-the-amazon-guardduty-app).
 
diff --git a/docs/integrations/amazon-aws/inspector.md b/docs/integrations/amazon-aws/inspector.md
index 65d7cdfa00..7dbe1db4f0 100644
--- a/docs/integrations/amazon-aws/inspector.md
+++ b/docs/integrations/amazon-aws/inspector.md
@@ -16,18 +16,53 @@ For information about integrating Amazon Inspector with Security Hub, see [Integ
 
 ## Collecting findings for the Amazon Inspector app
 
-Sumo Logic provides a serverless solution for creating a CloudWatch events rule and a Lambda function (SecurityHubCollector) to extract findings from AWS Security Hub.
+You can collect Security Hub logs using three methods:
 
-Findings from AWS services (AWS Security Hub) are delivered to CloudWatch Events as events in near real time. The Lambda function parses those events and sends them to an S3 bucket. Sumo Logic then collects the findings data using an S3 bucket source on a Sumo Logic hosted collector. The Lambda function setup is defined using Serverless Application Model (SAM) specifications and is published in AWS Serverless Application Repository.
+- [Method 1: Collecting Security Hub logs using EventBridge](#method-1-collecting-security-hub-logs-using-eventbridge)
+- (Optional) [Method 2: Collect Security Hub logs using Sumo Logic HTTP endpoint](#method-2-collect-security-hub-logs-using-sumo-logic-http-endpoint)
+- (Optional) [Method 3: Collect Security Hub logs using Amazon S3 source](#method-3-collect-security-hub-logs-using-amazon-s3-source)
 
-You can collect Security Hub logs using two methods:
+### Method 1: Collecting Security Hub logs using EventBridge
 
-- [Method 1: Collect Security Hub logs using Sumo Logic HTTP endpoint](#method-1-collect-security-hub-logs-using-sumo-logic-http-endpoint)
-- [Method 2: Collect Security Hub logs using Amazon S3 source](#method-2-collect-security-hub-logs-using-amazon-s3-source)
+This method leverages AWS EventBridge to streamline the logging process by sending data directly to Sumo Logic via an HTTP endpoint. By eliminating intermediary services such as Lambda, it offers a more straightforward and cost-effective solution.
 
-You do not have to manually create the AWS resources. Simply deploy the solution, as described in the [Step 2: Deploy an AWS Security Hub app collector](/docs/integrations/amazon-aws/inspector/#step-2-deploy-an-aws-security-hub-app-collector) for HTTP endpoint and [Step 2: Deploy an AWS Security Hub app collector](/docs/integrations/amazon-aws/inspector/#step-2-deploy-an-aws-security-hub-app-collector-1) for Amazon S3 source.
+#### Step 1: Create an HTTP source in Sumo Logic
+
+To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs/send-data/hosted-collectors/http-source/logs-metrics/#configure-an-httplogs-and-metrics-source).
+
+#### Step 2: Configure EventBridge API destination
+
+1. Open your Amazon EventBridge Console.
+1. In the navigation bar, click **API destinations**.
+1. Click **Create destination**.
+1. Enter a name for the API Destination.
+1. Provide the HTTP Source URL from Sumo Logic.
+1. Click **Create a new connection** to create a connection for the API destination.
+  1. Provide a connection name.
+  1. Keep the API Type as **Public**.
+  1. Select **Basic (Username/Password)** in the **Authorization type**.
+  1. Add any random values for **Username** and **Password**.
+1. Create the connection.
+
+#### Step 3: Create the EventBridge rule
+
+1. Click **Rules** and then click **Create rule**.
+1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
+1. Select **All Events** in Event Type.
+1. Under **Select targets**, choose **EventBridge API destination**.
+1. Select the API Destination created in Step 2.
+1. Select **Create a new role for this specific resource** in the **Execution role**.
+1. Click **Create** to activate the rule.
 
-### Method 1: Collect Security Hub logs using Sumo Logic HTTP endpoint
+### Method 2: Collect Security Hub logs using Sumo Logic HTTP endpoint
+
+This method uses an AWS Lambda function to process, store, and forward logs to Sumo Logic. While it offers a robust solution, it introduces additional AWS resources, such as Lambda, which can increase both cost and complexity.
+
+Sumo Logic provides a serverless solution for creating a CloudWatch events rule and a Lambda function (SecurityHubCollector) to extract findings from AWS Security Hub.
+
+Findings from AWS services (AWS Security Hub) are delivered to CloudWatch Events as events in near real time. The Lambda function parses those events and sends them to an S3 bucket. Sumo Logic then collects the findings data using an S3 bucket source on a Sumo Logic hosted collector. The Lambda function setup is defined using Serverless Application Model (SAM) specifications and is published in AWS Serverless Application Repository.
+
+You do not have to manually create the AWS resources. Simply deploy the solution, as described in the [Step 2: Deploy an AWS Security Hub app collector](/docs/integrations/amazon-aws/inspector/#step-2-deploy-an-aws-security-hub-app-collector) for HTTP endpoint and [Step 2: Deploy an AWS Security Hub app collector](/docs/integrations/amazon-aws/inspector/#step-2-deploy-an-aws-security-hub-app-collector-1) for Amazon S3 source.
 
 #### Step 1: Add a hosted collector and Sumo Logic HTTP source
 
@@ -57,7 +92,9 @@ To deploy an AWS Security Hub app collector:
 5. In the **AWS Lambda > Functions > Application Settings** panel, enter the endpoint **HTTP endpoint** of the source that you configured.
 6. Scroll to the bottom of the window and click **Deploy**.
 
-### Method 2: Collect Security Hub logs using Amazon S3 source
+### Method 3: Collect Security Hub logs using Amazon S3 source
+
+This method uses a Lambda function to process findings, store them in an S3 bucket, and retrieve them through Sumo Logic's S3 Source. It is ideal for scenarios that require data archiving.
 
 #### Step 1: Add a hosted collector and Amazon S3 source
 
diff --git a/docs/integrations/amazon-aws/security-hub.md b/docs/integrations/amazon-aws/security-hub.md
index ae82202d6f..56b68e9202 100644
--- a/docs/integrations/amazon-aws/security-hub.md
+++ b/docs/integrations/amazon-aws/security-hub.md
@@ -37,15 +37,12 @@ The **AWS Security Hub CSPM forwarder** sends scheduled search results and alert
 
 To complete the following tasks, Security Hub must be enabled on your AWS account. For more information, see the AWS Security Hub CSPM documentation for [Setting Up AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html).
 
-
 #### Overview
 
 AWS Security Hub CSPM forwarder creates a Lambda function along with an [Identity Access and Management (IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html) authentication secured API Gateway endpoint. A Sumo Logic scheduled search then sends the results to the endpoint using [Webhook for Lambda](/docs/alerts/webhook-connections/aws-lambda.md) The triggered Lambda function parses the search results, transforming them into [Amazon Finding Format](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) (AFF). Each of the rows of the AFF data is sent as a finding to AWS Security Hub CSPM.
 
 The configuration is defined using [SAM specification](https://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html) and published in [AWS Serverless Application Repository](https://aws.amazon.com/serverless/serverlessrepo/).
 
-
-
 #### Step 1: Enable Sumo Logic as a Finding Provider
 
 AWS Security Hub CSPM detects and consolidates those security findings from the supported AWS services that are generated after Security Hub is enabled in your AWS accounts. This section demonstrates how to enable Sumo Logic as an AWS Finding Provider (FP) to communicate with AWS Security Hub CSPM.
@@ -55,7 +52,6 @@ To enable Sumo Logic for AWS Security Hub CSPM, do the following:
 1. Open the Security Hub console at [https://console.aws.amazon.com/securityhub](https://console.aws.amazon.com/securityhub), and choose **Settings > Providers**.
 2. Search for “Sumo Logic” and click **Subscribe** for Sumo Logic Machine Data Analytics.
 
-
 #### Step 2: Deploy the AWS Security Hub CSPM forwarder
 
 This section demonstrates how to deploy the AWS Security Hub CSPM forwarder, a serverless application based on [AWS SAM specification](https://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html).
@@ -67,7 +63,6 @@ To deploy the AWS Security Hub CSPM forwarder, do the following:
 3. Select the **Show apps that create custom IAM roles or resource policies** checkbox, click the **sumo-logic-securityhub-forwarder** app link, and then click **Deploy**.
 4. After the stack is deployed, go to **CloudFormation > Stacks > Stack details > Outputs** and copy the value of **SecurityHubForwarderApiUrl**. This is the API Gateway endpoint.
 
-
 #### Step 3: Create a Webhook connection
 
 This section demonstrates how to create a Webhook connection to trigger an AWS Lambda function.
@@ -91,7 +86,6 @@ To create a Webhook connection, do the following:
    * For `"Types"`, `"Description"`, `"SourceUrl"`, `"GeneratorID"`, `"Severity"`, and `"ComplianceStatus"`, status are mapped to corresponding fields specified in Amazon Finding Format.
 3. Ensure that the IAM role or IAM user (whose credentials are used) has permissions to invoke the API in API Gateway, as described in [Control Access for Invoking an API](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html) Amazon documentation. You can use the payload in troubleshooting tips section to test the connection.
 
-
 #### Step 4: Create scheduled searches
 
 When you save a search, you can add a schedule to run it at a regularly scheduled time, and add alerts. This section demonstrates how to write a query and then create a scheduled search for AWS Security Hub CSPM.
@@ -146,7 +140,6 @@ To write a query and create a scheduled search, do the following:
 
 The `aws_account_id` defaults to the account in which Lambda is running.
 
-
 #### Troubleshooting tips
 
 In the case of a problem, perform the following tasks to discover the cause.
@@ -170,15 +163,50 @@ In the case of a problem, perform the following tasks to discover the cause.
   ```
 4. Check the CloudWatch logs for the Lambda function. Sumo saves Lambda function logs to CloudWatch in a log group: `/aws/lambda/<function_name>`. Check this log for any errors during lambda execution.
 
-
 ## Collecting findings for the AWS Security Hub CSPM app
 
-This section shows you how to add a hosted collector and Amazon S3 Source and deploy an AWS Security Hub CSPM collector.
+You can collect the AWS Security Hub CSPM logs using two methods:
 
-To complete the following tasks, Security Hub must be enabled on your AWS account. For more information, see the AWS Security Hub CSPM documentation for [Setting Up AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html).
+- [Method 1: Collecting AWS Security Hub CSPM Logs using EventBridge](#method-1-collecting-aws-security-hub-cspm-logs-using-eventbridge)
+- (Optional) [Method 2: Collecting Security Hub CSPM Logs using Sumo Logic HTTP endpoint](#method-2-collecting-security-hub-cspm-logs-using-sumo-logic-http-endpoint)
+
+Before collecting logs, ensure that Security Hub is enabled on your AWS account. For more information, see the AWS Security Hub CSPM documentation for [Setting Up AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html).
 
+### Method 1: Collecting AWS Security Hub CSPM logs using EventBridge
 
-#### Overview  
+This method leverages AWS EventBridge to streamline the logging process by sending data directly to Sumo Logic via an HTTP endpoint. By eliminating intermediary services such as Lambda, it offers a more straightforward and cost-effective solution.
+
+#### Step 1: Create an HTTP source in Sumo Logic
+
+To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs/send-data/hosted-collectors/http-source/logs-metrics/#configure-an-httplogs-and-metrics-source).
+
+#### Step 2: Configure EventBridge API destination
+
+1. Open your Amazon EventBridge Console.
+1. In the navigation bar, click **API destinations**.
+1. Click **Create destination**.
+1. Enter a name for the API Destination.
+1. Provide the HTTP Source URL from Sumo Logic.
+1. Click **Create a new connection** to create a connection for the API destination.
+  1. Provide a connection name.
+  1. Keep the API Type as **Public**.
+  1. Select **Basic (Username/Password)** in the **Authorization type**.
+  1. Add any random values for **Username** and **Password**.
+1. Create the connection.
+
+#### Step 3: Create the EventBridge rule
+
+1. Click **Rules** and then click **Create rule**.
+1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
+1. Select **All Events** in Event Type.
+1. Under **Select targets**, choose **EventBridge API destination**.
+1. Select the API Destination created in Step 2.
+1. Select **Create a new role for this specific resource** in the **Execution role**.
+1. Click **Create** to activate the rule.
+
+### Method 2: Collecting Security Hub CSPM Logs using Sumo Logic HTTP endpoint
+
+This method uses an AWS Lambda function to process, store, and forward logs to Sumo Logic. While it offers a robust solution, it introduces additional AWS resources, such as Lambda, which can increase both cost and complexity.
 
 Sumo Logic provides a serverless solution for creating a CloudWatch events rule and a Lambda function (SecurityHubCollector) to extract findings from AWS Security Hub CSPM.
 
@@ -186,7 +214,6 @@ Findings from AWS services (AWS Security Hub CSPM) are delivered to CloudWatch E
 
 You do not have to manually create the AWS resources. Simply deploy the solution, as described in the [Step 2: Deploy an AWS Security Hub CSPM App collector](#step-2-deploy-an-aws-security-hub-cspm-app-collector).
 
-
 #### Step 1: Add a hosted collector and Amazon S3 source
 
 This section demonstrates how to add a hosted Sumo Logic collector and AWS source, to collect events for  the AWS Security Hub CSPM App.

From 59d218df0f97b91773d0f60e0835a23bf8928356 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:14:03 +0530
Subject: [PATCH 02/19] Update docs/integrations/amazon-aws/guardduty.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 docs/integrations/amazon-aws/guardduty.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index b59beccf94..251b7209dc 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -192,7 +192,7 @@ This method leverages AWS EventBridge to streamline the logging process by sendi
 To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs/send-data/hosted-collectors/http-source/logs-metrics/#configure-an-httplogs-and-metrics-source).
 
 #### Step 2: Configure EventBridge API destination
-
+Follow the below steps to configure the EventBridge API destination:
 1. Open your Amazon EventBridge Console.
 1. In the navigation bar, click **API destinations**.
 1. Click **Create destination**.

From e4a659d5eb214abf70b2e03bd5dac9c79a88242a Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:16:21 +0530
Subject: [PATCH 03/19] Update docs/integrations/amazon-aws/guardduty.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 docs/integrations/amazon-aws/guardduty.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index 251b7209dc..a891391995 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -203,7 +203,6 @@ Follow the below steps to configure the EventBridge API destination:
   1. Keep the API Type as **Public**.
   1. Select **Basic (Username/Password)** in the **Authorization type**.
   1. Add any random values for **Username** and **Password**.
-1. Create the connection.
 
 #### Step 3: Create the EventBridge rule
 

From f1f1e33adc5a5d07749d4f3c2c5ad95f60683057 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:16:31 +0530
Subject: [PATCH 04/19] Update docs/integrations/amazon-aws/guardduty.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 docs/integrations/amazon-aws/guardduty.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index a891391995..66a71cdeab 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -202,7 +202,7 @@ Follow the below steps to configure the EventBridge API destination:
   1. Provide a connection name.
   1. Keep the API Type as **Public**.
   1. Select **Basic (Username/Password)** in the **Authorization type**.
-  1. Add any random values for **Username** and **Password**.
+  1. Add any value of your choice for **Username** and **Password**.
 
 #### Step 3: Create the EventBridge rule
 

From a8db374737ab9a57d2ace4fd0fa7a5b348dc4966 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:16:38 +0530
Subject: [PATCH 05/19] Update docs/integrations/amazon-aws/guardduty.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 docs/integrations/amazon-aws/guardduty.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index 66a71cdeab..b7ee048c4b 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -205,7 +205,7 @@ Follow the below steps to configure the EventBridge API destination:
   1. Add any value of your choice for **Username** and **Password**.
 
 #### Step 3: Create the EventBridge rule
-
+Follow the below steps to create the EventBridge rule:
 1. Click **Rules** and then click **Create rule**.
 1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
 1. Select **All Events** in Event Type.

From f9d8f519acd6b8d0bf42780f00ffa9841a2c14cd Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:17:20 +0530
Subject: [PATCH 06/19] Update docs/integrations/amazon-aws/guardduty.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 docs/integrations/amazon-aws/guardduty.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index b7ee048c4b..2b369e78a5 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -219,7 +219,7 @@ Follow the below steps to create the EventBridge rule:
 This method uses an AWS Lambda function to process, store, and forward logs to Sumo Logic. While it offers a robust solution, it introduces additional AWS resources, such as Lambda, which can increase both cost and complexity.
 
 - Amazon GuardDuty sends notifications based on CloudWatch events when new findings, or new occurrences of existing findings, are generated.
-- A CloudWatch events rule enables CloudWatch to send events for the GuardDuty findings to the Sumo CloudWatchEventFunction Lambda function.
+- A CloudWatch events rule enables CloudWatch to send events for the GuardDuty findings to the Sumo `CloudWatchEventFunction` Lambda function.
 - The Lambda function sends the events to an HTTP source on a Sumo hosted collector.
 
 This configuration is defined in a [AWS Serverless Application Model (SAM) specification](https://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html) published in the [AWS Serverless Application Repository](https://aws.amazon.com/serverless/serverlessrepo/). You do not need to manually create the necessary AWS resources. You simply deploy the configuration, as described in Step 2 below.

From 5e9df9559434949e798a333397a96f9eb1d4d261 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:17:32 +0530
Subject: [PATCH 07/19] Update docs/integrations/amazon-aws/guardduty.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 docs/integrations/amazon-aws/guardduty.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index 2b369e78a5..bbf33d1c62 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -220,7 +220,7 @@ This method uses an AWS Lambda function to process, store, and forward logs to S
 
 - Amazon GuardDuty sends notifications based on CloudWatch events when new findings, or new occurrences of existing findings, are generated.
 - A CloudWatch events rule enables CloudWatch to send events for the GuardDuty findings to the Sumo `CloudWatchEventFunction` Lambda function.
-- The Lambda function sends the events to an HTTP source on a Sumo hosted collector.
+- The Lambda function sends the events to an HTTP source on a Sumo Logic hosted collector.
 
 This configuration is defined in a [AWS Serverless Application Model (SAM) specification](https://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html) published in the [AWS Serverless Application Repository](https://aws.amazon.com/serverless/serverlessrepo/). You do not need to manually create the necessary AWS resources. You simply deploy the configuration, as described in Step 2 below.
 

From 0ad7bcec87fe8268941ce3305cf3c4778b8bcdd4 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:18:11 +0530
Subject: [PATCH 08/19] Update docs/integrations/amazon-aws/guardduty.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 docs/integrations/amazon-aws/guardduty.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index bbf33d1c62..8fca595302 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -235,7 +235,7 @@ This configuration is defined in a [AWS Serverless Application Model (SAM) speci
 
 When you configure the HTTP Source, make a note of the HTTP Source Address URL. You will need it in the next step.  
 
-#### Step 2: Deploy Sumo GuardDuty events processor
+#### Step 2: Deploy Sumo Logic GuardDuty events processor
 
 In this step, you deploy the events processor. This will create the AWS resources described in [Collection overview](#collecting-logs-for-the-amazon-guardduty-app).
 

From dcad1cd922432f6520ee6f33f71aab484d8ff8b7 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:35:02 +0530
Subject: [PATCH 09/19] Update guardduty.md

---
 docs/integrations/amazon-aws/guardduty.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index 8fca595302..18bc66351a 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -192,8 +192,8 @@ This method leverages AWS EventBridge to streamline the logging process by sendi
 To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs/send-data/hosted-collectors/http-source/logs-metrics/#configure-an-httplogs-and-metrics-source).
 
 #### Step 2: Configure EventBridge API destination
-Follow the below steps to configure the EventBridge API destination:
-1. Open your Amazon EventBridge Console.
+Follow the steps below to configure the EventBridge API destination:
+1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **API destinations**.
 1. Click **Create destination**.
 1. Enter a name for the API Destination.
@@ -205,8 +205,9 @@ Follow the below steps to configure the EventBridge API destination:
   1. Add any value of your choice for **Username** and **Password**.
 
 #### Step 3: Create the EventBridge rule
-Follow the below steps to create the EventBridge rule:
-1. Click **Rules** and then click **Create rule**.
+Follow the steps below to create the EventBridge rule:
+1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
+1. In the navigation bar, click on **Rules**.
 1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
 1. Select **All Events** in Event Type.
 1. Under **Select targets**, choose **EventBridge API destination**.

From 6152df46a3151c714cbe21e41836474088917fe3 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:43:03 +0530
Subject: [PATCH 10/19] Update inspector.md

---
 docs/integrations/amazon-aws/inspector.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/docs/integrations/amazon-aws/inspector.md b/docs/integrations/amazon-aws/inspector.md
index 7dbe1db4f0..214722e8fb 100644
--- a/docs/integrations/amazon-aws/inspector.md
+++ b/docs/integrations/amazon-aws/inspector.md
@@ -32,7 +32,8 @@ To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs
 
 #### Step 2: Configure EventBridge API destination
 
-1. Open your Amazon EventBridge Console.
+Follow the steps below to configure the EventBridge API destination:
+1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **API destinations**.
 1. Click **Create destination**.
 1. Enter a name for the API Destination.
@@ -41,12 +42,13 @@ To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs
   1. Provide a connection name.
   1. Keep the API Type as **Public**.
   1. Select **Basic (Username/Password)** in the **Authorization type**.
-  1. Add any random values for **Username** and **Password**.
-1. Create the connection.
+  1. Add any value of your choice for **Username** and **Password**.
 
 #### Step 3: Create the EventBridge rule
 
-1. Click **Rules** and then click **Create rule**.
+Follow the steps below to create the EventBridge rule:
+1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
+1. In the navigation bar, click **Rules**.
 1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
 1. Select **All Events** in Event Type.
 1. Under **Select targets**, choose **EventBridge API destination**.
@@ -224,4 +226,4 @@ import AppUpdate from '../../reuse/apps/app-update.md';
 
 import AppUninstall from '../../reuse/apps/app-uninstall.md';
 
-<AppUninstall/>
\ No newline at end of file
+<AppUninstall/>

From fac8d165631d7dfd04da847b5ac13c86bfb6cbbb Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:51:17 +0530
Subject: [PATCH 11/19] Update security-hub.md

---
 docs/integrations/amazon-aws/security-hub.md | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/docs/integrations/amazon-aws/security-hub.md b/docs/integrations/amazon-aws/security-hub.md
index 56b68e9202..4faa8e920e 100644
--- a/docs/integrations/amazon-aws/security-hub.md
+++ b/docs/integrations/amazon-aws/security-hub.md
@@ -136,7 +136,7 @@ To write a query and create a scheduled search, do the following:
      | ComplianceStatus | Results of a compliance check. This is an optional field and its value should be one of the following: PASSED/WARNING/FAILED/NOT_AVAILABLE.      |
 1. The `aws_account_id` field in the search results.
 1. `AWS_ACCOUNT_ID` set as a Lambda environment variable.
-1. The `account_id` where the lambda function is running.
+1. The `account_id` where the Lambda function is running.
 
 The `aws_account_id` defaults to the account in which Lambda is running.
 
@@ -157,11 +157,11 @@ In the case of a problem, perform the following tasks to discover the cause.
   }
   ```
 2. Check for `status code 200` in the response body to verify whether the API Gateway and Lambda integration is working correctly. For more information on how to test API Gateway with console refer these [docs](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-test-method.html).
-3. Monitor scheduled search logs using following query in Sumo Logic. This verifies whether the scheduled search was triggered or not.
+3. Monitor scheduled search logs using the following query in Sumo Logic. This verifies whether the scheduled search was triggered or not.
   ```json
   _view=sumologic_audit "Scheduled search alert triggered" <webhook_name>
   ```
-4. Check the CloudWatch logs for the Lambda function. Sumo saves Lambda function logs to CloudWatch in a log group: `/aws/lambda/<function_name>`. Check this log for any errors during lambda execution.
+4. Check the CloudWatch logs for the Lambda function. Sumo Logic saves Lambda function logs to CloudWatch in a log group: `/aws/lambda/<function_name>`. Check this log for any errors during lambda execution.
 
 ## Collecting findings for the AWS Security Hub CSPM app
 
@@ -182,7 +182,8 @@ To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs
 
 #### Step 2: Configure EventBridge API destination
 
-1. Open your Amazon EventBridge Console.
+Follow the steps below to configure the EventBridge API destination:
+1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **API destinations**.
 1. Click **Create destination**.
 1. Enter a name for the API Destination.
@@ -191,12 +192,13 @@ To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs
   1. Provide a connection name.
   1. Keep the API Type as **Public**.
   1. Select **Basic (Username/Password)** in the **Authorization type**.
-  1. Add any random values for **Username** and **Password**.
-1. Create the connection.
+  1. Add any value of your choice for **Username** and **Password**.
 
 #### Step 3: Create the EventBridge rule
 
-1. Click **Rules** and then click **Create rule**.
+Follow the steps below to configure the EventBridge rule:
+1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
+1. In the navigation bar, click **Rules**.
 1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
 1. Select **All Events** in Event Type.
 1. Under **Select targets**, choose **EventBridge API destination**.
@@ -357,4 +359,4 @@ Use this dashboard to:
 * Analyze how they are distributed across AWS accounts.
 * Filter on Finding Type, Resource Type, Provider, AWS Account, Title, Category, Resource Type with the Finding details panel.
 
-<img src={useBaseUrl('https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/AWS+Security+Hub+CSPM/AWS+Security+Hub+CSPM+-+Resources+Affected+1.png')} alt="AWS Security Hub CSPM dashboard" />
\ No newline at end of file
+<img src={useBaseUrl('https://sumologic-app-data-v2.s3.us-east-1.amazonaws.com/dashboards/AWS+Security+Hub+CSPM/AWS+Security+Hub+CSPM+-+Resources+Affected+1.png')} alt="AWS Security Hub CSPM dashboard" />

From c777f4d3826a360d76b8e8b7b703b8da8a7ba352 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 15:51:45 +0530
Subject: [PATCH 12/19] Update guardduty.md

---
 docs/integrations/amazon-aws/guardduty.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index 18bc66351a..04e8b125d3 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -192,6 +192,7 @@ This method leverages AWS EventBridge to streamline the logging process by sendi
 To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs/send-data/hosted-collectors/http-source/logs-metrics/#configure-an-httplogs-and-metrics-source).
 
 #### Step 2: Configure EventBridge API destination
+
 Follow the steps below to configure the EventBridge API destination:
 1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **API destinations**.
@@ -205,9 +206,10 @@ Follow the steps below to configure the EventBridge API destination:
   1. Add any value of your choice for **Username** and **Password**.
 
 #### Step 3: Create the EventBridge rule
+
 Follow the steps below to create the EventBridge rule:
 1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
-1. In the navigation bar, click on **Rules**.
+1. In the navigation bar, click **Rules**.
 1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
 1. Select **All Events** in Event Type.
 1. Under **Select targets**, choose **EventBridge API destination**.

From a9a8ca8e8dd8270e3b588123c935b8af7688be1e Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 17:02:54 +0530
Subject: [PATCH 13/19] Update guardduty.md

---
 docs/integrations/amazon-aws/guardduty.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index 04e8b125d3..7e3b8212cb 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -194,7 +194,7 @@ To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs
 #### Step 2: Configure EventBridge API destination
 
 Follow the steps below to configure the EventBridge API destination:
-1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
+1. Sign in to your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **API destinations**.
 1. Click **Create destination**.
 1. Enter a name for the API Destination.
@@ -208,7 +208,7 @@ Follow the steps below to configure the EventBridge API destination:
 #### Step 3: Create the EventBridge rule
 
 Follow the steps below to create the EventBridge rule:
-1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
+1. Sign in to your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **Rules**.
 1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
 1. Select **All Events** in Event Type.

From 4d63ca1dbbfadcf32e1fcab9e93ec3a291e4bfc6 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 17:03:16 +0530
Subject: [PATCH 14/19] Update inspector.md

---
 docs/integrations/amazon-aws/inspector.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/integrations/amazon-aws/inspector.md b/docs/integrations/amazon-aws/inspector.md
index 214722e8fb..773ca5ffaf 100644
--- a/docs/integrations/amazon-aws/inspector.md
+++ b/docs/integrations/amazon-aws/inspector.md
@@ -33,7 +33,7 @@ To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs
 #### Step 2: Configure EventBridge API destination
 
 Follow the steps below to configure the EventBridge API destination:
-1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
+1. Sign in to your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **API destinations**.
 1. Click **Create destination**.
 1. Enter a name for the API Destination.
@@ -47,7 +47,7 @@ Follow the steps below to configure the EventBridge API destination:
 #### Step 3: Create the EventBridge rule
 
 Follow the steps below to create the EventBridge rule:
-1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
+1. Sign in to your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **Rules**.
 1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
 1. Select **All Events** in Event Type.

From e9a05b2bd2104c43dd275702cb360593b7804085 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 25 Jul 2025 17:03:52 +0530
Subject: [PATCH 15/19] Update security-hub.md

---
 docs/integrations/amazon-aws/security-hub.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/integrations/amazon-aws/security-hub.md b/docs/integrations/amazon-aws/security-hub.md
index 4faa8e920e..e89c7fc0fd 100644
--- a/docs/integrations/amazon-aws/security-hub.md
+++ b/docs/integrations/amazon-aws/security-hub.md
@@ -183,7 +183,7 @@ To create an HTTP source in Sumo Logic, see [HTTP Logs and Metrics Source](/docs
 #### Step 2: Configure EventBridge API destination
 
 Follow the steps below to configure the EventBridge API destination:
-1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
+1. Sign in to your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **API destinations**.
 1. Click **Create destination**.
 1. Enter a name for the API Destination.
@@ -197,7 +197,7 @@ Follow the steps below to configure the EventBridge API destination:
 #### Step 3: Create the EventBridge rule
 
 Follow the steps below to configure the EventBridge rule:
-1. Open your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
+1. Sign in to your [Amazon EventBridge Console](https://us-east-1.console.aws.amazon.com/events/home?region=us-east-1#/).
 1. In the navigation bar, click **Rules**.
 1. Set the event source to **AWS services** and then select **Security Hub** as the AWS service.
 1. Select **All Events** in Event Type.

From 17ef52009d421a4b248e7fbaaebd97b27cd6a8b6 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Mon, 28 Jul 2025 10:07:20 +0530
Subject: [PATCH 16/19] Update docs/integrations/amazon-aws/guardduty.md

Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
 docs/integrations/amazon-aws/guardduty.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/guardduty.md b/docs/integrations/amazon-aws/guardduty.md
index 7e3b8212cb..7fbc0bb0dd 100644
--- a/docs/integrations/amazon-aws/guardduty.md
+++ b/docs/integrations/amazon-aws/guardduty.md
@@ -181,7 +181,7 @@ _sourceCategory=aws/guardduty
 You can collect the Amazon GuardDuty logs using two methods: 
 
 - [Method 1: Collecting Amazon GuardDuty logs using EventBridge](#method-1-collecting-amazon-guardduty-logs-using-eventbridge)
-- (Optional) [Method 2: Collecting Amazon GuardDuty logs using Sumo Logic HTTP endpoint](#method-2-collecting-amazon-guardduty-logs-using-sumo-logic-http-endpoint)
+- [Method 2: Collecting Amazon GuardDuty logs using Sumo Logic HTTP endpoint](#method-2-collecting-amazon-guardduty-logs-using-sumo-logic-http-endpoint)
 
 ### Method 1: Collecting Amazon GuardDuty logs using EventBridge
 

From 193ac47deb5fce925601d9a7f9c67c95976c9510 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Mon, 28 Jul 2025 10:07:28 +0530
Subject: [PATCH 17/19] Update docs/integrations/amazon-aws/inspector.md

Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
 docs/integrations/amazon-aws/inspector.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/integrations/amazon-aws/inspector.md b/docs/integrations/amazon-aws/inspector.md
index 773ca5ffaf..efda4fdde0 100644
--- a/docs/integrations/amazon-aws/inspector.md
+++ b/docs/integrations/amazon-aws/inspector.md
@@ -19,8 +19,8 @@ For information about integrating Amazon Inspector with Security Hub, see [Integ
 You can collect Security Hub logs using three methods:
 
 - [Method 1: Collecting Security Hub logs using EventBridge](#method-1-collecting-security-hub-logs-using-eventbridge)
-- (Optional) [Method 2: Collect Security Hub logs using Sumo Logic HTTP endpoint](#method-2-collect-security-hub-logs-using-sumo-logic-http-endpoint)
-- (Optional) [Method 3: Collect Security Hub logs using Amazon S3 source](#method-3-collect-security-hub-logs-using-amazon-s3-source)
+- [Method 2: Collect Security Hub logs using Sumo Logic HTTP endpoint](#method-2-collect-security-hub-logs-using-sumo-logic-http-endpoint)
+-[Method 3: Collect Security Hub logs using Amazon S3 source](#method-3-collect-security-hub-logs-using-amazon-s3-source)
 
 ### Method 1: Collecting Security Hub logs using EventBridge
 

From a0a0331a00730bd175552edbf5bf308460601dbb Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Mon, 28 Jul 2025 10:07:37 +0530
Subject: [PATCH 18/19] Update docs/integrations/amazon-aws/security-hub.md

Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
 docs/integrations/amazon-aws/security-hub.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/integrations/amazon-aws/security-hub.md b/docs/integrations/amazon-aws/security-hub.md
index e89c7fc0fd..a11a0fc4df 100644
--- a/docs/integrations/amazon-aws/security-hub.md
+++ b/docs/integrations/amazon-aws/security-hub.md
@@ -168,7 +168,7 @@ In the case of a problem, perform the following tasks to discover the cause.
 You can collect the AWS Security Hub CSPM logs using two methods:
 
 - [Method 1: Collecting AWS Security Hub CSPM Logs using EventBridge](#method-1-collecting-aws-security-hub-cspm-logs-using-eventbridge)
-- (Optional) [Method 2: Collecting Security Hub CSPM Logs using Sumo Logic HTTP endpoint](#method-2-collecting-security-hub-cspm-logs-using-sumo-logic-http-endpoint)
+- [Method 2: Collecting Security Hub CSPM Logs using Sumo Logic HTTP endpoint](#method-2-collecting-security-hub-cspm-logs-using-sumo-logic-http-endpoint)
 
 Before collecting logs, ensure that Security Hub is enabled on your AWS account. For more information, see the AWS Security Hub CSPM documentation for [Setting Up AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html).
 

From b0bc33dffa0d40b798ef09df16a91452db638dab Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Mon, 28 Jul 2025 15:49:01 -0500
Subject: [PATCH 19/19] Fix broken link

---
 .../ingestion/ingestion-sources-for-cloud-siem/aws-guardduty.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-guardduty.md b/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-guardduty.md
index 42d64e0b0a..3bb3742a72 100644
--- a/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-guardduty.md
+++ b/docs/cse/ingestion/ingestion-sources-for-cloud-siem/aws-guardduty.md
@@ -11,7 +11,7 @@ To ingest AWS GuardDuty data into Cloud SIEM:
 1. [Configure an HTTP source for GuardDuty](/docs/integrations/amazon-aws/guardduty/#step-1-configure-an-http-source) on a collector. When you configure the source, do the following:
     1. Select the **Forward to SIEM** option in the source configuration UI. This will ensure all logs for this source are forwarded to Cloud SIEM.
     1. Click the **+Add** link to add a field whose name is `_parser` with value */Parsers/System/AWS/GuardDuty*. This ensures that the GuardDuty logs are parsed and normalized into structured records in Cloud SIEM.
-1. [Deploy the Sumo Logic GuardDuty events processor](/docs/integrations/amazon-aws/guardduty/#step-2-deploy-sumo-guardduty-events-processor).
+1. [Deploy the Sumo Logic GuardDuty events processor](/docs/integrations/amazon-aws/guardduty/#step-2-deploy-sumo-logic-guardduty-events-processor).
 1. To verify that your logs are successfully making it into Cloud SIEM:
     1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Incoming Data** select **Log Mappings**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Log Mappings**. You can also click the **Go To...** menu at the top of the screen and select **Log Mappings**.  
     1. On the **Log Mappings** tab search for "GuardDuty" and check the **Records** columns.