SumoLogic · jpipkin1 · Oct 9, 2025 · Oct 9, 2025 · Oct 9, 2025 · Oct 9, 2025
@@ -16,7 +16,7 @@ By assembling relevant context from prior alerts and by analyzing patterns in lo
 
 import Iframe from 'react-iframe';
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Learn how to use alert response.
 

@@ -97,7 +97,7 @@ Leverage machine learning to identify unusual behavior and suspicious patterns b
 * **Auto-diagnosis and recovery**. The Automation Service handles diagnosis and resolution, closing the loop from alert to recovery.
 * **Customizable detection**. Use advanced rules like "Cluster anomalies" to detect multiple data points exceeding thresholds within a set timeframe.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 Watch this micro lesson to learn about anomaly monitors.
 
 <Iframe url="https://fast.wistia.net/embed/iframe/8z9b2zqtc3?web_component=true&seo=true&videoFoam=false"

@@ -84,7 +84,7 @@ An anomaly monitor is triggered when unusual conditions are detected. Anomaly mo
 Weekly seasonality detection is turned off by default to optimize performance. [Contact Sumo Logic Customer Support](https://support.sumologic.com/support/s/contactsupport) to activate it for specific monitors. (*Weekly seasonality detection* is the optimization of baseline calculations to account for the variations of data flow that can occur in a work week.)
 :::
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 Watch this micro lesson to learn about anomaly monitors.
 
 <Iframe url="https://fast.wistia.net/embed/iframe/8z9b2zqtc3?web_component=true&seo=true&videoFoam=false"

@@ -261,6 +261,6 @@ Use the Sumo Logic Application Programming Interfaces (APIs) to interact with ou
 </div>
 </div>
 
-:::sumo Get Help
+:::note Get Help
 To connect with other Sumo Logic users, post feedback, or ask a question, visit the [Sumo Logic API and Apps Forum](https://support.sumologic.com/support/s/topic/0TO6Q000000gTC8WAM/apis?tabset-cabe3=2) and [Sumo Dojo](http://slack.sumologic.com/).
 :::
@@ -11,7 +11,7 @@ import Iframe from 'react-iframe';
 
 To collect [traces](/docs/apm/traces) and RUM metrics from a browser, you'll first need to create a RUM HTTP Traces Source. The source will have an endpoint URL that you'll put in a script that sends trace data in [OTLP/JSON over HTTP](https://github.com/open-telemetry/opentelemetry-specification/blob/master/specification/protocol/otlp.md#otlphttp) protocol. Alternatively, you can also use an intermediary OTel collector, if you require data to flow over your infrastructure rather than directly to Sumo Logic. Note however this will disable automatic geo-location recognition capabilities.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 Using the RUM HTTP Traces App for Manual Testing.
 
 <Iframe url="https://fast.wistia.net/embed/iframe/qmxk5wxqu5?web_component=true&seo=true&videoFoam=false"

@@ -23,7 +23,7 @@ This data is gathered directly from your end-user devices and displayed as indiv
 
 All data collected is compatible with OpenTelemetry and doesn't use proprietary vendor code. Real user monitoring supports document load actions as well as XHR communication and route changes for single-page app navigation. The full list of functionalities and configuration is available in the [Sumo Logic OpenTelemetry auto-instrumentation for JavaScript](https://github.com/SumoLogic/sumologic-opentelemetry-js) README file.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 See Real User Monitoring in action.
 
 <Iframe url="https://fast.wistia.net/embed/iframe/jfptjgwql1?web_component=true&seo=true&videoFoam=false"

@@ -31,7 +31,7 @@ Tracing must be enabled in your account to use this functionality. Contact your
 
 import Iframe from 'react-iframe';
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 This micro lesson provides an overview of Span Analytics, and describes the term *span* in the distributed tracing and the benefits of Span Analytics. It also explains how to perform Span Analytics in Sumo Logic UI.
 

@@ -9,7 +9,7 @@ Perhaps the most convenient way to start capturing telemetry from Java (or, gene
 
 import Iframe from 'react-iframe';
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 <Iframe url="https://fast.wistia.net/embed/iframe/p46o4kivj4?web_component=true&seo=true&videoFoam=false"
   width="854px"

@@ -24,7 +24,7 @@ You can access Traces if your Sumo Logic service package has been upgraded to in
 
 ## Micro lesson
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 This micro lesson can help you get started with Tracing.
 

@@ -44,7 +44,7 @@ You can configure what data is to be displayed on the **Incidents** screen by ad
 <img src={useBaseUrl('img/cloud-soar/filter-incidents.png')} alt="Filter incidents" width="800"/>
 
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 Watch this micro lesson to learn more about incidents in Cloud SOAR.
 
 <Iframe url="https://fast.wistia.net/embed/iframe/faxotvoq3j?web_component=true&seo=true&videoFoam=false"
@@ -449,7 +449,7 @@ To explore entities:
 
 Cloud SOAR's **Dashboards** section highlights the most important pieces of data to the user or investigator who is logged into the platform. This data is presented through the use of multiple widgets that you can add, remove, and customize to include all data relevant to your job functions and duties.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch the following micro lesson to learn about dashboards.
 

@@ -28,7 +28,7 @@ Before submitting an issue, you can browse our [existing GitHub issues](https://
 
 Submitting a minor fix, such as correcting a typo, is very easy and can be done quickly without having to clone or fork your GitHub repository locally. Check out the instructions below.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 Check out this brief tutorial on how to submit a basic change to our docs.
 
 <Iframe url="https://fast.wistia.net/embed/iframe/83p9f6qa6n?web_component=true&seo=true&videoFoam=false"

@@ -175,7 +175,7 @@ This could note important and problematic information.
 This action is dangerous and could result in data loss.
 :::
 
-:::sumo Best Practice
+:::note Best Practice
 Highlight specific info, best practices, links, [training links](https://www.sumologic.com/learn/training/), and other information from Sumo specialists. You can change the title based on the content.
 :::
 
@@ -204,7 +204,7 @@ This could note important and problematic information.
 This action is dangerous and could result in data loss.
 :::
 
-:::sumo Best Practice
+:::note Best Practice
 Highlight specific info, best practices, links, [training links](https://www.sumologic.com/learn/training/), and other information from Sumo specialists. You can change the title based on the content.
 :::
 
@@ -1538,7 +1538,7 @@ For clarity and search engine discoverability:
 * H3 and H4 headers do not impact SEO as much. Use short, meaningful titles for readability and search.
    * Example: _System architecture and monitoring_.
 
-:::sumo For internal contributors
+:::note For internal contributors
 * If you change a URL, set up a [redirect](/docs/contributing/remove-doc#step-1-create-a-301-redirect) so that users don’t get a 404 page.
 * Use Google Analytics to make data-driven decisions.
 :::

@@ -13,7 +13,7 @@ description: Learn about our doc translation process.
 
 All content in /docs folder is the English language documentation, the source of truth for all content. For full information on translations and commands, see [Docusaurus i18n](https://docusaurus.io/docs/i18n/introduction).
 
-:::sumo Doc Team Support
+:::note Doc Team Support
 The Sumo Logic documentation team will help with all translation efforts and tracking. Always make note of translation needs in the PR. These will be a source of truth for changes made, translations required, and updates completed in all supported languages.
 :::
 

@@ -30,7 +30,7 @@ You can use Cloud SIEM actions to issue a notification to another service when c
 
 An action can be configured for insight-related activity as described below in [Insight actions](#insight-actions). You can also configure an action to be run when a rule is automatically disabled, as described below in [Rule actions](#rule-actions).
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn how to configure an action.
 

@@ -36,7 +36,7 @@ In the screenshot below, context actions are listed below the built-in **Add to
 
 If an action name is shown in red font, that indicates that the action depends on a record field that doesn’t exist.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn more about how to use context actions.
 

@@ -22,7 +22,7 @@ Coverage data is updated on the page once a day. To determine your coverage, the
 * To run APIs to get information on coverage, see [MITRE ATT&CK coverage APIs](#mitre-attck-coverage-apis).
 :::
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn about the MITRE ATT&CK Threat Coverage Explorer.
 

@@ -239,7 +239,7 @@ In addition, the following can appear in the graph:
 * **Threat indicators**. Any entity with a threat indicator will have an additional icon in the upper right. If the threat indicator is Malicious or Suspicious, the entity will be highlighted in red or yellow accordingly. For more information about threat indicators, see [View threat indicator labels in the Cloud SIEM UI](/docs/security/threat-intelligence/threat-indicators-in-cloud-siem/#view-threat-indicator-labels-in-the-cloud-siem-ui).
 * **Hover**. If you hover over an entity, it and all connections to it will be highlighted in blue. If its value is not fully visible by default, the full value will be displayed.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn more about the entity relationship graph.
 

@@ -12,7 +12,7 @@ This page explains Cloud SIEM's insight generation process.
 
 The concept of an *entity* is central to the process Cloud SIEM uses to correlate signals and create insights. So, what is an entity? In Cloud SIEM, an entity is a actor, for example, a  hostname, username, or MAC address encountered in an incoming message. For more information about entities and entity types, see [View and Manage Entities](/docs/cse/records-signals-entities-insights/view-manage-entities).
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 Watch this micro lesson to learn how insights are created.
 
 <Iframe url="https://fast.wistia.net/embed/iframe/5un1z2hwoe?web_component=true&seo=true&videoFoam=false"

@@ -17,7 +17,7 @@ The summary is generated when an insight is created, and is regenerated whenever
 Help us refine the tool by using the thumbs-up or thumbs-down buttons to provide feedback on the effectiveness of the summary presented. Clicking the thumbs-down button gives you the opportunity to provide additional feedback.
 :::
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn more about Sumo Logic's Dojo AI Summary Agent.
 

@@ -14,7 +14,7 @@ This topic has instructions for creating a Cloud SIEM ingest mapping for a data
 The use of ingest mappings is recommended only if there is no Sumo Logic parser or Cloud-to-Cloud connector for the target data source. For more information, see [Cloud SIEM Ingestion Best Practices](/docs/cse/ingestion/cse-ingestion-best-practices/).
 :::
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn more about ingest mapping for Cloud SIEM:
 

@@ -9,7 +9,7 @@ import Iframe from 'react-iframe';
 
 This page describes Global Intelligence for security insights, implemented in Cloud SIEM as Global Confidence scores. This feature helps security analysts triage and prioritize insights.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn more about Global Intelligence for insights.
 

@@ -17,7 +17,7 @@ The **Entities** page is useful for monitoring entities that are close to having
 
 You can also update the [tags](/docs/cse/records-signals-entities-insights/tags-insights-signals-entities-rules/), [suppression](/docs/cse/records-signals-entities-insights/about-signal-suppression/) state, and [criticality](/docs/cse/records-signals-entities-insights/entity-criticality/) assigned to entities, as described below in the [Update multiple entities](#update-multiple-entities) section. 
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn more about entities.
 

@@ -14,7 +14,7 @@ A Cloud SIEM rule is logic that fires based on information in incoming records.
 For a complete list of out-of-the-box rules, see [Rules](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/rules/README.md) in the [Cloud SIEM Content Catalog](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/README.md).
 :::
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn more about rules.
 

@@ -14,7 +14,7 @@ import Iframe from 'react-iframe';
 
 [Cloud SIEM - Insight Trainer](/docs/integrations/sumo-apps/cse/#cloud-siem---insight-trainer) is a dashboard in the Enterprise Audit - Cloud SIEM app. Insight Trainer offers suggestions for making adjustments to rules, such as writing rule tuning expressions and changing severities. Implementing the recommendations causes rules to be more effective at creating high-fidelity signals, resulting in generation of more meaningful insights. 
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn how to use the Insight Trainer dashboard.
 

@@ -42,7 +42,7 @@ Here’s what the example tuning expression looks like in the Cloud SIEM UI.
 
 Writing a tuning expression is just like writing a rule expression. A tuning expression can use metadata, record fields, and Cloud SIEM [rules language](/docs/cse/rules/cse-rules-syntax) functions. For more information, see [About rule expressions](/docs/cse/rules/about-cse-rules#about-rule-expressions).
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn how to create a rule tuning expression.
 

@@ -38,7 +38,7 @@ The screenshot below shows the **If Triggered** configuration for the example ru
 
 <img src={useBaseUrl('img/cse/agg-rule.png')} alt="If Triggered section of an aggregation rule" style={{border: '1px solid gray'}} width="400"/>
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn how to create an aggregation rule.
 

@@ -20,7 +20,7 @@ If you are new to writing rules, see [About Cloud SIEM Rules](/docs/cse/rules/
 
 A chain rule is similar to a threshold rule. A threshold rule fires when one rule expression is matched at least a certain number times during a specified length of time. In a chain rule you configure two more rule expressions, and for each expression, the number of matches that are required for the rule to fire a signal. The interval you define within which the matches must occur applies to all of the rule expressions in the rule.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn how to create a chain rule.
 

@@ -28,7 +28,7 @@ First seen rules allow you to generate a signal when behavior by an entity (such
 * High severity EDR alert seen for the first time
 * MFA acceptance from first seen device
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn more about first seen rules.
 

@@ -29,7 +29,7 @@ metadata_vendor = 'Amazon AWS' AND metadata_product = 'CloudTrail' AND metadata_
 
 This rule fires a signal each time a UserPoolClient, which has permission to call unauthenticated API operations, is created.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn how to create a match rule.
 

@@ -31,7 +31,7 @@ For each outlier rule, you create a filter condition to look for out-of-the-ordi
 * Spike in EC2 instance creation
 * Abnormal volume of data sent to third-party storage
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn more about outlier rules.
 

@@ -17,7 +17,7 @@ If you are new to writing rules, see [About Cloud SIEM Rules](/docs/cse/rules/a
 
 A threshold rule fires when its rule expression is matched at least a certain number of times during a specified length of time. For example, if there are five or more failed login attempts for the same IP address within one hour. 
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch this micro lesson to learn how to create a threshold rule.
 

@@ -21,7 +21,7 @@ See additional articles for more information about the Sumo Logic Cloud SIEM par
 The instructions that follow assume that you have already written your parser code.
 :::
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch the following micro lesson to learn how to apply parsers to Cloud SIEM data sets.
 
@@ -230,7 +230,7 @@ We provide a number of parsers to extract data for normalization (see [Parsers](
 
 The parser templates cover common log formats and scenarios. Each template has two versions, one with verbose commentary on each component of the parser, and another without commentary that you can duplicate and use to quickly start creating a custom parser.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Watch the following video for a walkthrough of the parser templates.
 

@@ -11,7 +11,7 @@ This page demonstrates how to create a Dashboard, add a query, and then add the
 
 Dashboard allows you to view logs and metrics data on the same dashboard in an integrated and seamless view. This gives you the same control over how your metrics and log data are visualized. Dashboard template capabilities provide for easier data scoping and intuitive chart creation.
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Rather watch a short micro lesson video?
 

@@ -161,7 +161,7 @@ https://service.us2.sumologic.com/ui/#/explore/@1601092800000,1601389990282@clus
 
 Navigation capabilities allow you to quickly locate the object that needs debugging in a physical stack. This section walks you through a high-level troubleshooting scenario to illustrate the possibilities.
 
-:::sumo micro lesson
+:::note micro lesson
 
 <Iframe url="https://fast.wistia.net/embed/iframe/6kfzt3kzos?web_component=true&seo=true&videoFoam=false"
   width="854px"

@@ -11,7 +11,7 @@ Currently, you can only share a dashboard within your organization.
 
 import Iframe from 'react-iframe';
 
-:::sumo Micro Lesson
+:::note Micro Lesson
 
 Share a dashboard inside your organization.