})
+
+We're excited to introduce the new Digital Guardian ARC app for Sumo Logic. This app leverages the Sumo Logic Cloud-to-Cloud Digital Guardian source that provides data protection through analytics, reporting, and workflows. This integration helps to improve real-time activity monitoring, pre-configure alerts for different events, analyze policy enforcements, provide geolocation insights to support targeted threat investigation and response, and identify potential tampering by closely monitoring digital signatures for files and applications.
+
+Explore our technical documentation [here](/docs/integrations/saas-cloud/digital-guardian-arc/) to learn how to set up and use the Digital Guardian ARC app for Sumo Logic.
diff --git a/blog-service/2024-12-02-apps2.md b/blog-service/2024-12-02-apps2.md
new file mode 100644
index 0000000000..0bd2479743
--- /dev/null
+++ b/blog-service/2024-12-02-apps2.md
@@ -0,0 +1,22 @@
+---
+title: Microsoft Defender for Cloud (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+ - microsoft-defender-for-cloud
+ - apps
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+
+
+We're excited to introduce the new Microsoft Defender for Cloud app for Sumo Logic. This app helps you to collect the alerts, security recommendation, and regulatory compliance logs using the Sumo Logic Cloud-to-Cloud Azure Event Hub Source and by configuring the continuous export using the Event Hub instance details in the Azure portal. Key features of the Microsoft Defender for Cloud app include:
+
+- Gain real-time visibility into security alerts across your Azure environment, categorized by severity (High, Medium, Low, and Informational).
+- Monitor trends in alert activity over time to identify spikes and recurring threats.
+- Leverage detailed alert summaries and remediation steps for effective threat mitigation.
+- Track compliance performance across critical standards, including FedRAMP, PCI DSS 4, CIS Azure Foundations, and Microsoft Cloud Security Benchmark.
+- Analyze threats by categories like data exfiltration, unauthorized access, and account breaches.
+
+Explore our technical documentation [here](/docs/integrations/microsoft-azure/microsoft-defender-for-cloud/) to learn how to set up and use the Microsoft Defender for Cloud app for Sumo Logic.
diff --git a/blog-service/2024-12-02-copilot.md b/blog-service/2024-12-02-copilot.md
new file mode 100644
index 0000000000..0a6be70a4b
--- /dev/null
+++ b/blog-service/2024-12-02-copilot.md
@@ -0,0 +1,25 @@
+---
+title: Sumo Logic Copilot (Search)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+ - copilot
+ - artificial intelligence
+ - ai
+ - machine learning
+ - ml
+hide_table_of_contents: true
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+
+
+We're excited to introduce Copilot, an AI-powered assistant that accelerates log investigations and troubleshooting. With natural language query capabilities and contextual suggestions, Copilot helps security first responders and on-call engineers resolve incidents quickly and efficiently. [Learn more](/docs/search/copilot).
+
+* Ask questions in plain English to generate actionable log insights.
+* Get tailored suggestions relevant to your troubleshooting and investigation context.
+* Leverage conversation history to save and resume sessions without losing context.
+* Auto-visualize charts from search results and add them directly to dashboards.
+* Use auto-complete for natural language queries to access insights faster.
+
+})
diff --git a/cid-redirects.json b/cid-redirects.json
index 9f0ff51625..e0b409a1a1 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -1573,6 +1573,7 @@
"/cid/10110": "/docs/integrations/app-development/jfrog-xray",
"/cid/10111": "/docs/integrations/app-development/jfrog-xray",
"/cid/10188": "/docs/integrations/saas-cloud/miro",
+ "/cid/10187": "/docs/integrations/saas-cloud/digital-guardian-arc",
"/cid/10208": "/docs/integrations/saas-cloud/cisco-meraki-c2c",
"/cid/10209": "/docs/integrations/security-threat-detection/cisco-meraki",
"/cid/10210": "/docs/integrations/saas-cloud/proofpoint-tap",
@@ -1824,6 +1825,7 @@
"/cid/1963": "/docs/integrations/sumo-apps/enterprise-audit",
"/cid/1964": "/docs/integrations/security-threat-detection/f5-big-ip-ltm",
"/cid/1965": "/docs/integrations/security-threat-detection/netskope",
+ "/cid/19665": "/docs/integrations/microsoft-azure/microsoft-defender-for-cloud",
"/cid/1966": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/carbon-black-cloud-source",
"/cid/1987": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/symantec-endpoint-security-source",
"/cid/1257": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/atlassian-source",
@@ -2021,6 +2023,7 @@
"/cid/10226": "/docs/integrations/containers-orchestration/opentelemetry/activemq-opentelemetry",
"/cid/25631": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/tenable-source",
"/cid/25632": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source",
+ "/cid/25633": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/universal-connector-source",
"/cid/25634": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source",
"/cid/25635": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-azure-ad-reporting-source",
"/cid/25636": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-identity-protection-source",
diff --git a/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql.md b/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql.md
index 0c3ade7bf3..844231740c 100644
--- a/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql.md
+++ b/docs/integrations/microsoft-azure/azure-cosmos-db-for-postgresql.md
@@ -15,7 +15,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
For Azure Cosmos DB for PostgreSQL, you can collect the following logs and metrics:
* **PostgreSQL Server Logs**. These logs are available for every node of a cluster and can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.
-* **Audit Logs**. Audit logging of database activities is available through [pgAudit](https://www.pgaudit.org/) extension. By default, pgAudit log statements are emitted along with your regular log statements by using Postgres's standard logging facility. To learn more about the audit log format, refer to the [pgAudit documentation](https://github.com/pgaudit/pgaudit/blob/master/README.md#format).
+* **Activity logs**. Provides insight into any subscription-level or management group level events that have occurred in Azure. To learn more, refer to the [Azure documentation](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log-schema).
* **Metrics**. These metrics are available for every node of a cluster, and in aggregate across the nodes. For more information on supported metrics, refer to the [Azure documentation](https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/concepts-monitoring#list-of-metrics).
## Setup
@@ -29,32 +29,262 @@ You must explicitly enable diagnostic settings for each Azure Cosmos DB for Post
When you configure the event hubs source or HTTP source, plan your source category to ease the querying process. A hierarchical approach allows you to make use of wildcards. For example: `Azure/CosmosDBforPostgreSQL/Logs`, `Azure/CosmosDBforPostgreSQL/Metrics`.
+
+### Configure field in field schema
+
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the main Sumo Logic menu, select **Manage Data > Logs > Fields**. })
+2. [Configure an HTTP Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/#step-1-configure-an-http-source).
2. [Configure and deploy the ARM Template](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/#step-2-configure-azure-resources-using-arm-template).
-3. [Export metrics to Event Hub](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/#step-3-export-metrics-for-a-particular-resource-to-event-hub). Perform below steps for each Azure Cosmos DB for PostgreSQL cluster that you want to monitor.
- * Choose `Stream to an event hub` as destination.
- * Select `AllMetrics`.
- * Use the Event hub namespace created by the ARM template in Step 2 above. You can create a new Event hub or use the one created by ARM template. You can use the default policy `RootManageSharedAccessKey` as the policy name.
+3. [Export metrics to Event Hub](/docs/send-data/collect-from-other-data-sources/azure-monitoring/collect-metrics-azure-monitor/#step-3-export-metrics-for-a-particular-resource-to-event-hub). Perform below steps for each Flexible PostgreSQL Server resource that you want to monitor.
+ 1. Choose `Stream to an event hub` as destination.
+ 1. Select `AllMetrics`.
+ 1. Use the Event hub namespace created by the ARM template in Step 2 above. You can create a new Event hub or use the one created by ARM template. You can use the default policy `RootManageSharedAccessKey` as the policy name. })
+1. Tag the location field in the source with right location value. })
### Configure logs collection
In this section, you will configure a pipeline for shipping diagnostic logs from Azure Monitor to an Event Hub.
-1. To enable audit logs perform below steps:
- * [Install the pgAudit extension](https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/how-to-enable-audit#installing-pgaudit).
- * [Configure audit logging](https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/how-to-enable-audit#pgaudit-settings).
-2. To set up the Azure Event Hubs source in Sumo Logic, refer to [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
-3. To create the Diagnostic settings in Azure portal, refer to the [Azure documentation](https://learn.microsoft.com/en-us/azure/cosmos-db/postgresql/howto-logging#capture-logs). Perform below steps for each Azure Cosmos DB for PostgreSQL cluster that you want to monitor.
- * Choose `Stream to an event hub` as the destination.
- * Select `allLogs`.
- * Use the Event hub namespace and Event hub name configured in previous step in destination details section. You can use the default policy `RootManageSharedAccessKey` as the policy name.
+1. To set up the Azure Event Hubs source in Sumo Logic, refer to the [Azure Event Hubs Source for Logs](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/).
+2. To create the diagnostic settings in Azure portal, refer to the [Azure documentation](https://learn.microsoft.com/en-gb/azure/data-factory/monitor-configure-diagnostics). Perform the steps below for each Azure Redis cache account that you want to monitor.
+ 1. Choose **Stream to an event hub** as the destination.
+ 1. Select `allLogs`.
+ 1. Use the Event Hub namespace and Event Hub name configured in the previous step in the destination details section. You can use the default policy `RootManageSharedAccessKey` as the policy name.})
+3. Set server parameters as below:
+ - `log_statement`. Select **DDL**.
+ - `log_lock_waits`. Set to **ON**. If required, you can also configure `deadlock_timeout`.
+ - `log_connections`. Set to **ON**.
+ - `log_disconnections`. Set to **ON**.
+ - `log_duration`. Set to **ON**. If required, you can also configure `log_min_duration_statement`.
+ - `log_hostname`. Set to **ON**.
+ - `log_min_error_statement`. Set to **INFO**.
+ - `log_min_messages`. Set to **INFO**.
+ - `log_line_prefix`. Set to `%m [%p][%v] : %q[app=%a]`.
+
+4. Tag the location field in the source with right location value.
+
+#### Activity Logs
+
+To collect activity logs, follow the instructions [here](/docs/integrations/microsoft-azure/audit). Skip this step if you are already collecting activity logs for a subscription.
+
+:::note
+Since this source contains logs from multiple regions, ensure that you do not tag this source with the location tag.
+:::
+
+## Installing the Azure Cosmos DB for PostgreSQL app
+
+Now that you have set up data collection, install the Azure Database for PostgreSQL Sumo Logic app to use the pre-configured dashboards that provide visibility into your environment for real-time analysis of overall usage.
+
+import AppInstallNoDataSourceV2 from '../../reuse/apps/app-install-index-apps-v2.md';
+
+})
+
+### Network
+
+The **Azure Cosmos DB for PostgreSQL - Network** dashboard provides insights on active connections, failed Ccnnections, and network activity including ingress and egress bytes.
+
+Use this dashboard to:
+
+* Quickly identify connection errors across clusters.
+* Monitor active connections, ingress, and egress trends across clusters.
+* Identify abnormally long sessions.
+
+
+})
+
+### Errors
+
+The **Azure Cosmos DB for PostgreSQL - Errors** dashboard provides insight into server error logs by specifically monitoring errors and database shutdown/start events.
+
+Use this dashboard to:
+
+* Quickly identify top errors across clusters and servers.
+* Monitor error trends and distribution across clusters and servers.
+* Identify unexpected database shutdown or start activity.
+
+})
+
+
+### Security
+
+The **Azure Cosmos DB for PostgreSQL - Security** dashboard provides insight into locations of incoming connections, failed authentications, and top database errors and warnings.
+
+Use this dashboard to:
+
+* Monitor incoming connections, failed authorization requests, and failed authentication requests.
+* Track the user performing failed authentication attempts across servers.
+
+})
+
+### Storage
+
+The **Azure Cosmos DB for PostgreSQL - Storage** dashboard provides details about data usage, document count, and physical partition size by database.
+
+Use this dashboard to:
+* Monitor the storage utilisation to decide on scaling up storage or scaling out the nodes if this metric exceeds 85 percent consistently.
+* Track total storage used across the clusters.
+
+})
+
+### Performance
+
+The **Azure Cosmos DB for PostgreSQL - Performance** dashboard provides insights into the performance of your Azure Cosmos DB for PostgreSQL databases. This includes metrics on query duration, server side latency, and failed queries.
+
+Use this dashboard to:
+* Track clusters approaching the maximum IOPS capacity, to decide on adding worker nodes.
+* Identify clusters using a high percentage of the clusters available memory to decide on scaling up the compute if this metric consistently exceeds 90 percent.
+* Monitor the CPU usage to decide on scaling up the compute if this metric exceeds 95 percent consistently.
+
+})
+
+### Queries
+
+The **Azure Cosmos DB for PostgreSQL - Queries** dashboard provides insights into the queries executed in your Azure Cosmos DB for PostgreSQL databases.
+
+Use this dashboard to:
+* Analyze query execution duration distribution across servers.
+* Identify query statements with errors.
+* Monitor spike in query duration.
+
+})
+
+### Health
+
+The **Azure Cosmos DB for PostgreSQL - Health** dashboard provides information of any service health incidents or resource health events associated with Azure Cosmos DB for PostgreSQL accounts in your azure account.
+
+Use this dashboard to:
+* View recent resource and service health incidents.
+* View distribution of service and resource health by incident type.
+* Monitor service availability.
+
+})
+
+### Administrative Operations
+
+The **Azure Cosmos DB for PostgreSQL - Administrative Operations** dashboard provides details on users performing admin operations.
+
+Use this dashboard to:
+* Identify top users performing administrative operations.
+* View top 10 operations that caused the most errors.
+* View recent diagnostic, network, and replication settings updates operations.
+
+})
+
+
+## Upgrade/Downgrade the Azure Cosmos DB for PostgreSQL app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+})
3. Set server parameters as below:
- `wal_level`. Set to **logical**.
- - `cron.log_statement`. Set to **ON**.
- `log_statement_stats`. Set to **ON**.
- - `pgaudit.log_statement_once`. Set to **ON**.
- `log_statement`. Select **ALL**.
- - `log_lock_waits`. Set to **ON**.
+ - `log_lock_waits`. Set to **ON**. Set `deadlock_timeout`
- `log_recovery_conflict_waits`. Set to **ON**.
+
+
4. Tag the location field in the source with right location value.
-#### Activity Logs
+#### Activity logs
To collect activity logs, follow the instructions [here](/docs/integrations/microsoft-azure/audit). Skip this step if you are already collecting activity logs for a subscription.
diff --git a/docs/integrations/microsoft-azure/index.md b/docs/integrations/microsoft-azure/index.md
index bb9004be5b..adac828efc 100644
--- a/docs/integrations/microsoft-azure/index.md
+++ b/docs/integrations/microsoft-azure/index.md
@@ -317,6 +317,12 @@ This guide has documentation for all of the apps that Sumo Logic provides for Mi
A guide to the Sumo Logic app for Azure Kubernetes Service Control Plane.
+})
Learn about the Sumo Logic collection process for the Microsoft Defender for Cloud service.
+})
diff --git a/docs/integrations/microsoft-azure/microsoft-defender-for-cloud.md b/docs/integrations/microsoft-azure/microsoft-defender-for-cloud.md
new file mode 100644
index 0000000000..57a74e4234
--- /dev/null
+++ b/docs/integrations/microsoft-azure/microsoft-defender-for-cloud.md
@@ -0,0 +1,399 @@
+---
+id: microsoft-defender-for-cloud
+title: Microsoft Defender for Cloud
+description: Learn about the Sumo Logic collection process for the Microsoft Defender for Cloud service.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+
+
+The Sumo Logic app for Microsoft Defender for Cloud is a powerful solution designed to provide Azure cloud security analysts with actionable insights into their cloud security posture. By integrating with Microsoft Defender for Cloud, this app delivers advanced monitoring, alerting, and compliance tracking capabilities through purpose-built dashboards tailored to meet the needs of security teams.
+
+Key features of the Microsoft Defender for Cloud app include:
+
+- Gain real-time visibility into security alerts across your Azure environment, categorized by severity (High, Medium, Low, and Informational).
+- Monitor trends in alert activity over time to identify spikes and recurring threats.
+- Geolocate alerts to identify suspicious activities from embargoed or high-risk regions.
+- Leverage detailed alert summaries and remediation steps for effective threat mitigation.
+- Address vulnerabilities proactively by monitoring security recommendations grouped by risk levels (High, Medium, and Low).
+- Visualize trends in recommendation volumes and focus on affected resources, such as Virtual Machines, Apps, and Containers.
+- Analyze threats by categories like data exfiltration, unauthorized access, and account breaches.
+- Follow step-by-step remediation plans to resolve high-priority risks and strengthen your overall security posture.
+- Track compliance performance across critical standards, including FedRAMP, PCI DSS 4, CIS Azure Foundations, and Microsoft Cloud Security Benchmark.
+- Understand pass, fail, and skip rates for specific compliance controls.
+- Identify areas requiring immediate action to ensure regulatory adherence for your Azure resources.
+
+:::info
+This app includes [built-in monitors](#microsoft-defender-for-cloud-monitors). For details on creating custom monitors, refer to [Create monitors for Microsoft Defender for Cloud app](#create-monitors-for-microsoft-defender-for-cloud-app).
+:::
+
+## Log types
+
+The Microsoft Defender for Cloud app uses the following logs:
+
+* [Alerts](https://learn.microsoft.com/en-us/azure/defender-for-cloud/managing-and-responding-alerts)
+* [Security recommendations](https://learn.microsoft.com/en-us/azure/defender-for-cloud/review-security-recommendations)
+* [Regulatory compliance](https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-regulatory-compliance-standards)
+
+## Collection configuration
+
+To forward Microsoft Defender events to Sumo Logic, you can set up an efficient pipeline: **Microsoft Defender** > **Event Hub** > **Sumo Logic (Hosted Collector)**. This setup ensures that security events from Microsoft Defender are seamlessly ingested into Sumo Logic for monitoring and analysis.
+
+1. **[Create a Sumo Logic Azure Event Hub Source](/docs/send-data/collect-from-other-data-sources/azure-monitoring/ms-azure-event-hubs-source/)**. Configure an Event Hub source to receive events from the Azure platform. This will act as the endpoint for the data pipeline.
+1. **[Set up continuous export in Azure](https://learn.microsoft.com/en-us/azure/defender-for-cloud/continuous-export)**. Within the Azure portal, configure the Microsoft Defender for Cloud to export its security events to the Event Hub instance created in the previous step. Continuous export ensures that the events such as alerts, recommendations, and regulatory compliance updates are forwarded in near real-time as shown below.
+
+## Sample log messages
+
+
+
+### Regulatory Compliance
+
+The **Microsoft Defender for Cloud - Regulatory Compliance** dashboard provides Azure security analysts with a comprehensive view of their organization's compliance status across key regulatory standards. It highlights overall compliance pass percentages for frameworks such as FedRAMP, CIS Azure Foundations, PCI DSS 4, and Microsoft Cloud Security Benchmark. Analysts can easily monitor adherence levels and quickly identify gaps in compliance through visually engaging summaries.
+
+The dashboard offers detailed breakdowns of passed, failed, and skipped controls for each framework, helping analysts pinpoint specific areas requiring remediation. For FedRAMP compliance, it provides insights into government workload readiness, while for PCI DSS 4, it focuses on safeguarding payment-related data. The CIS Azure Foundations section ensures alignment with security best practices, and the Microsoft Cloud Security Benchmark highlights adherence to recommended Azure configurations.
+
+This dashboard empowers teams to prioritize remediation efforts, track progress over time, and strengthen their cloud security posture. With actionable insights and a focus on simplifying regulatory alignment, the dashboard is an essential resource for achieving and maintaining compliance in Azure environments.
+
+
+
+### Security Recommendations
+
+The **Microsoft Defender for Cloud - Security Recommendations** dashboard helps Azure cloud security analysts identify, prioritize, and address security risks across Azure resources. It provides a clear breakdown of recommendations by risk level (High, Medium, and Low) to ensure focus on critical issues. Analysts can track recommendation trends over time to monitor recurring or escalating vulnerabilities.
+
+The dashboard highlights affected resources, such as Virtual Machines, Storage Accounts, and Apps, allowing quick action on impacted areas. It categorizes recommendations by threats, including data exfiltration, unauthorized access, and account breaches, helping teams understand attack patterns. Analysts can also view recommendations by resource type, such as Compute, Networking, or Containers, for efficient resource-specific remediation.
+
+Detailed remediation steps are included in the Top Action Plans, providing clear guidance for resolving high-risk vulnerabilities. This dashboard empowers security teams to proactively secure their Azure environment, streamline remediation workflows, and maintain compliance with organizational security goals.
+
+
+
+## Create monitors for Microsoft Defender for Cloud app
+
+import CreateMonitors from '../../reuse/apps/create-monitors.md';
+
+})
+1. In the **Data Explorer (preview)** page, click **Send event** and preview the sample events.})
+1. Verify if those events are being sent to the [Sumo Logic by Live Tailing](/docs/search/live-tail/about-live-tail/). If the data matches, then the Event Hub instance will successfully send data to Sumo Logic. })
+
+### Validate alerts at Event Hub
+
+If you are not receiving any alerts from the Microsoft Defender to the Event Hub instance, first make sure that the generated sample alerts are received in your configured Event Hub instance. This ensures the connection between Defender and Event Hub is functioning correctly. To test the pipeline by sending sample alerts from Microsoft Defender, follow the below steps:
+
+1. In the **Microsoft Defender** console, select **Security Alerts** under **General** section.
+1. In the **Security Alerts** page, select the **Sample Alerts** tab.
+1. Click on **Create sample alerts** to receive the sample alerts. This validates that the sample alerts are forwarded to the configured Event Hub instance.
+
+})
+
+:::info
+There may be a delay in forwarding alerts from Microsoft Defender to the Event Hub instance. If you experience significant delays, reach out to Azure Support for assistance.
+:::
+
+## Upgrade/Downgrade the Microsoft Defender for Cloud app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+})
| [Forcepoint Web Security](https://www.forcepoint.com/) | Automation integration: [Forcepoint Web Security](/docs/platform-services/automation-service/app-central/integrations/forcepoint-web-security/) })
| [Forescout eyeSight](https://www.forescout.com/products/eyesight/) | Automation integration: [Forescout eyeSight](/docs/platform-services/automation-service/app-central/integrations/forescout-eyesight/) |
| }){kind=logo}
| [Fortinet](https://www.fortinet.com/products/next-generation-firewall) | Automation integrations: })
| [Fortra](https://www.phishlabs.com/) | Automation integrations: | [Fortra](https://www.phishlabs.com/) | App: })
| [Freshworks](https://www.freshworks.com/) | Automation integrations: })
| [MaxMind](https://www.maxmind.com/en/home) | Automation integration: [MaxMind V2](/docs/platform-services/automation-service/app-central/integrations/maxmind-v2/) |
| })
| [McAfee](https://www.mcafee.com/) | Automation integrations: })
| [Memcached](https://memcached.org/) | Apps: }){kind=logo}
| [Microsoft](https://www.microsoft.com/) | Apps: | [Microsoft](https://www.microsoft.com/) | Apps: }){kind=logo}
| [Mimecast](https://www.mimecast.com/) | App: [Mimecast](/docs/integrations/saas-cloud/mimecast/) }){kind=logo}
| [Miro](https://miro.com/) | App: [Miro](/docs/integrations/saas-cloud/miro/) }){kind=logo}
| [MISP](https://www.misp-project.org/) | Automation integration: [MISP](/docs/platform-services/automation-service/app-central/integrations/misp/)})
| [Strimzi](https://strimzi.io/) | App: [Strimzi Kafka](/docs/integrations/containers-orchestration/strimzi-kafka/) |
| }){kind=logo}
| [Stripe](https://stripe.com/) | Webhook: [Stripe](/docs/integrations/webhooks/stripe/) |
| }){kind=logo}
| [Sucuri](https://sucuri.net/) | Cloud SIEM integration: [Sucuri](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/cdfd2ba0-77eb-4e11-b071-6f4d01fda607.md) |
-| })
| [Sumo Logic](https://www.sumologic.com/) | Apps: | [Sumo Logic](https://www.sumologic.com/) | Apps: }){kind=logo}
| [Superwise](https://superwise.ai/) | Webhook: [Superwise](/docs/integrations/webhooks/superwise/) |
| }){kind=logo}
| [Symantec](https://sep.securitycloud.symantec.com/v2/landing) | App: [Symantec Web Security Service](/docs/integrations/saas-cloud/symantec-web-security-service/) }){kind=logo}
| [Sysdig](https://sysdig.com/) | Cloud SIEM integration: [Sysdig](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/c4de0854-e718-45e1-a4c8-63623755aa43.md) |
diff --git a/docs/integrations/saas-cloud/digital-guardian-arc.md b/docs/integrations/saas-cloud/digital-guardian-arc.md
new file mode 100644
index 0000000000..7a2d175908
--- /dev/null
+++ b/docs/integrations/saas-cloud/digital-guardian-arc.md
@@ -0,0 +1,379 @@
+---
+id: digital-guardian-arc
+title: Digital Guardian ARC
+sidebar_label: Digital Guardian ARC
+description: The Sumo Logic app for Digital Guardian ARC provides a comprehensive suite of dashboards and alerts to help security analysts monitor, detect, and respond to critical events within their data protection environment.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+}){kind=logo}
+
+The Sumo Logic app for Digital Guardian ARC provides a comprehensive suite of dashboards and alerts to help security analysts monitor, detect, and respond to critical events within their data protection environment. Designed to integrate seamlessly with Digital Guardian's Advanced Reporting and Analytics (ARC), this app offers actionable insights into endpoint activities, user behavior, and policy violations to enhance data security.
+
+Key features of the Digital Guardian ARC app include:
+
+- **Real-time activity monitoring**. Gain visibility into activities such as file creations, modifications, and deletions, categorized by operation type, file types accessed, and protocols used.
+- **Risk-based alerts**. Pre-configured alerts for blocked events, failed login attempts, and user activities originating from high-risk locations allow analysts to detect and respond to potential threats in real-time.
+- **Policy enforcement analytics**. The app provides insights into rule violation events, helping organizations monitor adherence to security policies and identify areas for improvement.
+- **User and host analysis**. Interactive charts display the top users, applications, and systems contributing to security events, helping analysts pinpoint risky behaviors or potential insider threats.
+- **Geolocation insights**. Visualize sender and recipient activities from high-risk or suspicious locations with geolocation maps, enabling targeted threat investigation and response.
+- **Signature issuer intelligence**. Monitor digital signatures for files and applications to ensure authenticity and detect any potential tampering or unauthorized software.
+
+Use cases for the Digital Guardian ARC app include:
+
+- **Identify unauthorized activities**. Detect and investigate unauthorized file access, data exfiltration attempts, or suspicious behavior within the environment.
+- **Enforce compliance**. Track and address violations of security rules to maintain regulatory compliance and internal policy adherence.
+- **Monitor risky user behavior**. Proactively address risky activities, such as failed logins or data transfers to/from suspicious locations.
+- **Accelerate incident response**. Leverage real-time alerts and detailed activity logs to respond to potential threats or breaches quickly.
+
+The Sumo Logic app for Digital Guardian ARC is an essential tool for security teams. It provides the visibility and intelligence needed to safeguard sensitive data, enforce security policies, and mitigate risks in real-time.
+
+:::info
+This app also includes [built-in monitors](#digital-guardian-arc-monitors). For details on creating custom monitors, refer to [Create monitors for Digital Guardian ARC app](#create-monitors-for-digital-guardian-arc-app).
+:::
+
+## Log types
+
+This app uses Sumo Logic’s [Digital Guardian ARC Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/digital-guardian-source/) to collect event logs from Digital Guardian ARC.
+
+### Sample log messages
+
+
+
+## Create monitors for Digital Guardian ARC app
+
+import CreateMonitors from '../../reuse/apps/create-monitors.md';
+
+Gather real-time visibility into the vulnerabilities.
Monitor, detect, and respond to critical events.
+}){kind=icon}
})
-***Version: 1.10
-Updated: Oct 16, 2024***
+***Version: 1.12
+Updated: Nov 28, 2024***
The CrowdStrike Falcon integration allows you to pull and update Detections/Incidents, and search Incidents/Devices/Detections.
@@ -29,6 +29,9 @@ The CrowdStrike Falcon integration allows you to pull and update Detections/Inci
* **Search into Incidents** *(Enrichment)* - Search for incidents by providing an FQL filter, sorting, and paging
details.
* **Update Detections** *(Containment)* - Modify the state or assignee of Detections.
+* **Update Alerts** *(Containment)* - Perform actions on Alerts identified by composite ID(s) in request.
+* **Search into Alerts** *(Enrichment)* - Retrieves all Alerts IDs that match a given query.
+* **Alerts CrowdStrike Falcon Daemon** *(Daemon)* - Daemon to pull CrowdStrike Alerts.
## Category
@@ -56,3 +59,7 @@ EDR
* October 16, 2024 (v1.10) - Added new actions
+ Create Indicators
+ Get Indicators
+* November 28, 2024 (v1.12) - Added new actions
+ + Update Alerts
+ + Search into Alerts
+ + Alerts CrowdStrike Falcon Daemon
diff --git a/docs/platform-services/threat-intelligence-indicators.md b/docs/platform-services/threat-intelligence-indicators.md
index 1cc9b27cc8..b4b4c41c43 100644
--- a/docs/platform-services/threat-intelligence-indicators.md
+++ b/docs/platform-services/threat-intelligence-indicators.md
@@ -68,7 +68,7 @@ To access the **Threat Intelligence** tab, go to **Manage Data > Logs > Threat I
})
-1. **Add Indicators**. Click to upload files that [add threat intelligence indicators](#add-indicators-in-the-threat-intelligence-tab).
+1. **+ Add Indicators**. Click to upload files that [add threat intelligence indicators](#add-indicators-in-the-threat-intelligence-tab).
1. **Actions**. Select to perform additional actions:
* **Edit Retention Period**. Enter the length of time in days to retain expired threat intelligence indicator files. The maximum number of days is 180. See [Change the retention period for expired indicators](#change-the-retention-period-for-expired-indicators).
1. **Source Name**. The source of the threat intelligence indicator file.
@@ -89,7 +89,7 @@ You can also add threat intelligence indicators using the API or a collector. Se
:::
1. In Sumo Logic, go to **Manage Data > Logs > Threat Intelligence**.
-1. Click **Add Indicators**. The dialog displays. })
+1. Click **+ Add Indicators**. The dialog displays.
1. Select the format of the file to be uploaded:
* **Normalized JSON**. A normalized JSON file.
* **CSV**. A comma-separated value (CSV) file.
@@ -107,10 +107,7 @@ When you add indicators, the event is recorded in the Audit Event Index. See [Au
1. In Sumo Logic, go to **Manage Data > Logs > Threat Intelligence**.
1. Select a source in the list of sources. Details of the source appear in a sidebar.
-1. Click **Delete Indicators**. The following dialog appears. })
-1. Select indicators to delete from the source:
- * **Delete all indicators**. Remove all indicators from the source.
- * **Delete indicators matching the expression**. Enter the attribute and value to match. For example, if you want to delete indicators with certain "valid until" dates from **Sumo normalized JSON** files, for an attribute enter `validUntil` and for a value enter a date. The attributes and values you enter must match attributes and values in the indicators.
+1. Click **Delete Indicators**. The following message appears: **Delete all indicators for `})
-
-
#### Tips and tricks
* **Start with a broad query**. Begin with a query like `Show me the most recent logs` to understand the structure and available fields in your logs.
* **Disambiguate field names**. If fields have similar names and cause confusion, explicitly specify the field (e.g., `})
+1. Click in the code editor field and edit your search. New to Sumo Logic query language? Learn more in the [Search Query Language](/docs/search/search-query-language) guide.
1. When you're done, press Enter or click the search button.})
:::tip
@@ -196,13 +213,15 @@ If your log query contains a mix of JSON and non-JSON formatting (i.e., a log fi
#### History
-Often, users work on multiple incidents at the same time. To view Copilot interactions related to these incidents, click **History**.})
+Conversation History saves all previous queries and suggestions, allowing you to backtrack and refine your investigation. For example, if a status code analysis yields inconclusive results, revisit earlier queries to explore other hypotheses.
-You can resume a conversation in two ways:
+This functionality comes in handy when you're working on multiple incidents at the same time. To view Copilot interactions related to an incident, click **History**.
+
-First, the Resume conversation icon picks up from the last query in a conversation.})
+You can resume a conversation in two ways:
-Second, you can resume from a specific query in a conversation by clicking on the row in the conversation history and then clicking on the gray area on the right side, as shown below.})
+* Click the **Resume conversation** icon to pick up from the last query in a conversation.
+* Click on the row in the conversation history, and then click the gray area on the right side to resume from a specific query in a conversation.
#### New Conversation
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md
index 02f6f13390..fa5dd949d8 100644
--- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md
+++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/index.md
@@ -492,6 +492,12 @@ In this section, we'll introduce the following concepts:
}){kind=logo}
Learn how to collect alert details from Trend Micro platform.
Learn how to set up a Universal Connector to collect data into the Sumo Logic environment.
+