| Log source | -File Path | -Source Category | -
| Artifactory Server | -/var/opt/jfrog/artifactory/logs/artifactory.log | -artifactory/console | -
| Access | -/var/opt/jfrog/artifactory/logs/access.log | -artifactory/access | -
| Request | -/var/opt/jfrog/artifactory/logs/request.log | -artifactory/request | -
| Traffic | -/var/opt/jfrog/artifactory/logs/traffic.*.log | -artifactory/traffic | -
}){kind=small}
-
-The Sumo Logic app for Active Directory Legacy (2008+) allows you to analyze Windows Active Directory logs and gain insight into your deployment. Using the app, you can identify user activity across your network and security administration systems. The app uses predefined searches and Dashboards that provide visibility into your environment for real-time analysis of overall usage.
-
-We recommend using the Active Directory App in combination with the Windows App.
-
-## Log types
-
-Active Directory diagnostic log files are described in more detail in [Microsoft help](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961809(v=technet.10)).
-
-
-### Sample log messages
-
-```json title="Domain Controller"
-DomainController DName=="DC=local" DomainName=="local" Forest=="local" NetBIOSName=="LOCAL" ControllerHostName=="HOST1DC01.local" IP=="102.240.30.12" Site=="DC1"
-```
-
-
-```json title="AD Domain"
-UserMembership SearchBase=="DC=local" DistinguishedName=="NN=Service My-Service,OU=DC=local" Name=="My-Service" ObjectGUID=="c1234249-6401-40e7-18a8-289fbb2faf26" Parent=="DC=local"
-```
-
-
-```js title="Windows Event"
-instance of Win32_NTLogEvent
-{
- Computer = "HOSTDC01";
- EventCode = 4634;
- EventIdentifier = 4634;
- Logfile = "Security";
- RecordNumber = 184879601;
- SourceName = "Microsoft-Windows-Security-Auditing";
- TimeGenerated = "20170213222816.000000-000";
- TimeWritten = "20170213222816.000000-000";
- Type = "Audit Success";
- EventType = 4;
- Category = 12545;
- CategoryString = "Logoff";
- Message = "An account was logged off.
-
-Subject:
- Security ID: HOST1DC01$ (S-1-5-21-3123024953-243645673-3382258605-1103)
- Account Name: HOST1DC01$
- Account Domain: Local
- Logon ID: 0x6C367A5
-
-Logon Type: 3
-
-This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.";
- InsertionStrings = {"S-1-5-21-3123024953-2436456723-3382258605-1103", "HOST1DC01$", "HOSTING", "0x6c488a5", "3"};
-};
-```
-
-
-## Sample queries
-
-```sql title="Directory Service Object Changes (from Active Directory App)"
-_sourceCategory=delete_test _sourceName=Security "Directory Service Changes"
-| parse "EventCode = *;" as event_id nodrop | parse "Computer = \"*\";" as host nodrop | parse "ComputerName = \"*\";" as host nodrop | parse regex "Message = \"(?})
-
-
-### Service Activity
-
-})
-
-**Top 10 Messages.** Displays the top 10 messages reported in your system with message text and count in a table for the past 24 hours.
-
-**Rights Management.** Reports the events for rights assigned or removed in timeslices of one hour for the past 24 hours using a combination line chart.
-
-**Messages Over Time by Category.** Provides details on the messages reported by your system by category in timeslices of one hour over the last 24 hours, displayed in a combination line chart.
-
-**Logon/off Activity.** Displays details on remote and interactive logon and logoff activity in timeslices of one hour for the past 24 hours using a stacked column chart.
-
-**Object Creation.** Reports on creation events for users, computers, groups, and objects in timeslices of one hour for the past 24 hours using a stacked column chart.
-
-**Object Deletion.** Reports on deletion events for users, computers, groups, and objects in timeslices of one hour for the past 24 hours using a combination line chart.
-
-
-### Service Failures
-
-})
-
-**Successes vs Failures.** Displays the number of messages generated by your system for success vs failure in timeslices of one hour over the past 24 hours, in a stacked column chart.
-
-**Admin Activity by Category.** Shows the administrator activity by category and count for the past 24 hours in a table.
-
-**Audit Failures Over Time.** Displays the type and number of failures in timeslices of one hour for the past 24 hours in a stacked column chart.
-
-**All Failures by IP.** Provides the IP addresses where failures have occurred along with the number of failures over the last 24 hours in a table.
diff --git a/docs/integrations/microsoft-azure/index.md b/docs/integrations/microsoft-azure/index.md
index 2722bccc8a..af51fed138 100644
--- a/docs/integrations/microsoft-azure/index.md
+++ b/docs/integrations/microsoft-azure/index.md
@@ -387,13 +387,6 @@ This guide has documentation for all of the apps that Sumo Logic provides for Mi
A guide to the Sumo Logic app for Microsoft Teams.
-
-
- })
-
-
- PCI Compliance for Windows Legacy
-A guide to the Sumo Logic app for PCI Compliance for Windows Legacy.
-
diff --git a/docs/integrations/microsoft-azure/windows-legacy-pci-compliance.md b/docs/integrations/microsoft-azure/windows-legacy-pci-compliance.md
deleted file mode 100644
index c1f2b61568..0000000000
--- a/docs/integrations/microsoft-azure/windows-legacy-pci-compliance.md
+++ /dev/null
@@ -1,150 +0,0 @@
----
-id: windows-legacy-pci-compliance
-title: PCI Compliance for Windows Legacy
-sidebar_label: PCI Compliance For Windows (Legacy)
-description: The Sumo Logic App for Payment Card Industry (PCI) Compliance for Windows offers dashboards to monitor systems, account and users activity to ensure that login activity and privileged users are within the expected ranges.
----
-
-import useBaseUrl from '@docusaurus/useBaseUrl';
-
-}){kind=logo}
-
-This guide helps you set up Sumo Logic Collectors, and install the PCI Compliance for Windows Legacy application, so you can begin monitoring your usage and determine if you are meeting Compliance benchmarks.
-
-## Log types
-
-The PCI Compliance For Windows Legacy App uses Windows Security Event and System Event logs. It does not work with third-party logs.
-
-### Sample log messages
-
-```
-instance of Win32_NTLogEvent
-{
- Category = 13571;
- CategoryString = "MPSSVC Rule-Level Policy Change";
- ComputerName = "aphrodite.sumolab.org";
- EventCode = 4957;
- EventIdentifier = 4957;
- EventType = 5;
- InsertionStrings = {"CoreNet-IPHTTPS-In", "Core Networking - IPHTTPS (TCP-In)", "Local Port"};
- Logfile = "Security";
- Message = "Windows Firewall did not apply the following rule:
-
- Rule Information:
- ID: CoreNet-IPHTTPS-In
- Name: Core Networking - IPHTTPS (TCP-In)
-
- Error Information:
- Reason: Local Port resolved to an empty set.";
- RecordNumber = 1441653878;
- SourceName = "Microsoft-Windows-Security-Auditing";
- TimeGenerated = "20130411232352.140400-000";
- TimeWritten = "20130411232352.140400-000";
- Type = "Audit Failure";
-};
-```
-
-
-### Sample queries
-
-```sql title="Recent Policy Changes"
-_sourceCategory=OS/Windows/Events "Policy Change"
-| parse regex "CategoryString = \"(?})
-
-* **User Account Created.** Aggregation table of the number of user accounts created in the last 24 hours.
-* **User Account Deleted.** Aggregation table of the number of user accounts deleted in the last 24 hours.
-* **User Account Enabled.** Aggregation table of the number of user accounts enabled in the last 24 hours.
-* **User Account Disabled.** Aggregation table of the number of user accounts disabled in the last 24 hours.
-* **User Account Locked.** Aggregation table of the number of user accounts locked in the last 24 hours.
-* **Actions by Privileged Accounts.** Aggregation table of the number of actions taken by privileged accounts over the last 24 hours.
-
-* **Tampering Audit Logs.** Aggregation table of the number of destination hosts whose logs were modified or cleared in the last 24 hours.
-* **System Time Change.** Aggregation table of the number of services with a change to their system time over the last 24 hours.
-* **Policy Changes.** Aggregation table of the number of services with policy changes over the last 24 hours.
-* **System Restarted.** Aggregation table of the number of services started over the last 24 hours.
-* **Service Stopped.** Aggregation table of the number of services stopped over the last 24 hours.
-* **Service Execution Trend.** Trend of the different services being executed over time.
-
-
-### Windows - PCI Req 02, 10 - Login Activity
-
-Track login successes and failures.
-
-})
-
-* **Failed Logins.** Count of failed logins over the last 24 hours.
-* **Failed Logins.** Aggregation table of the date,
-* **Successful logins.** Total number of successful logins over the last 24 hours. Compare to Failed Logins to determine if the number of failed logins to successful logins is consistent with normal behavior or indicative of an attack.
-* **Successful logins.** Aggregation table of successful logins, including date, time, event code, error code, and count.
-
-* **Default Login-Failure.** Aggregation table of failed default logins.
-* **Default Login-Success.** Aggregation table of successful default logins.
-
-
-### Windows - PCI Req 08 - Other User Activity
-
-
-Track user activities such as password changes, password resets, excessive failed access attempts, unlocked accounts, and disabled accounts.
-
-})
-
-* **User Account Password Changes.** Displays an aggregation table of the times passwords were changed, the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.
-* **User Account Password Reset.** Displays an aggregation table of the times passwords were reset, the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.
-* **Excessive Failed Access Attempts.** Displays an aggregation table of the excessive failed access attempts, the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.
-* **User Account Unlocked.** Displays an aggregation table of the times a user account was unlocked the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.
-* **User Account Disabled but not deleted.** Displays an aggregation table of the times a user account was unlocked, the destination host, destination user, source host, and source user, source domain, error message, error code, and the number of events that occurred.
-
-
-### Windows - PCI Req 06 - Windows Updates Activity
-
-Track your Windows Update activities.
-
-})
-
-* **All Windows Updates.** Aggregation table displaying all updated hosts in the past 24 hours, success/failure of that update, and any relevant error codes.
-* **Recent Windows Update Failures.** Aggregation table displaying all update failures in the last 7 days, update that failed, time of failure, and current status.
-* **Windows Update Trend.** Bar chart that displays 7-day trend of updates success and failure time sliced by hour.
-* **Windows Update Summary by Host.** Aggregation table of the hosts and a count of that host’s update success or failure for the past 7 days.
-* **Windows Update Summary.** Aggregation table of the latest Windows updates for the last 7 days and a count of their successes and failures
diff --git a/docs/integrations/pci-compliance/index.md b/docs/integrations/pci-compliance/index.md
index a36d7af29b..83e089d771 100644
--- a/docs/integrations/pci-compliance/index.md
+++ b/docs/integrations/pci-compliance/index.md
@@ -71,11 +71,4 @@ With the Sumo Logic apps for PCI Compliance, you can meet evolving PCI requireme
A guide to the Sumo Logic app for PCI Compliance for Windows JSON.
-
diff --git a/docs/integrations/product-list.md b/docs/integrations/product-list.md
index 3fb58b7c72..29f4d37b7c 100644
--- a/docs/integrations/product-list.md
+++ b/docs/integrations/product-list.md
@@ -27,7 +27,7 @@ Types of integrations:
| Logo | Vendors and Products | Integrations |
| :-- | :-- | :-- |
|
-
-
-
- PCI Compliance for Windows Legacy
-A guide to the Sumo Logic app for PCI Compliance for Windows Legacy.
-})
| [Acquia](https://www.acquia.com/) | App: [Acquia](/docs/integrations/saas-cloud/acquia/) |
-| | [Active Directory](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961809(v=technet.10)) | Apps: - [Active Directory 2008+ (Legacy)](/docs/integrations/microsoft-azure/active-directory-legacy/)
- [Active Directory 2012+ (JSON)](/docs/integrations/microsoft-azure/active-directory-json/)
- [Active Directory JSON - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry/)
Automation integrations:
- [Active Directory](/docs/platform-services/automation-service/app-central/integrations/active-directory/)
- [Active Directory v2](/docs/platform-services/automation-service/app-central/integrations/active-directory-v2/)
Collectors:
- [Microsoft Azure AD Inventory Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source/)
- [Windows Active Directory Inventory Source](/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source/) | +|
| [Active Directory](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961809(v=technet.10)) | Apps: - [Active Directory 2012+ (JSON)](/docs/integrations/microsoft-azure/active-directory-json/)
- [Active Directory JSON - OpenTelemetry](/docs/integrations/microsoft-azure/opentelemetry/active-directory-json-opentelemetry/)
Automation integrations:
- [Active Directory](/docs/platform-services/automation-service/app-central/integrations/active-directory/)
- [Active Directory v2](/docs/platform-services/automation-service/app-central/integrations/active-directory-v2/)
Collectors:
- [Microsoft Azure AD Inventory Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source/)
- [Windows Active Directory Inventory Source](/docs/send-data/installed-collectors/sources/windows-active-directory-inventory-source/) | |
}){kind=logo}
| [Abnormal Security](https://abnormalsecurity.com/) | Automation integration: [Abnormal Security](/docs/platform-services/automation-service/app-central/integrations/abnormal-security/)Collector: [Abnormal Security Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/abnormal-security-source/) | |
})
| [Abuse.ch](https://abuse.ch/) | Automation integrations: - [Abuse.ch SSLBL Feed](/docs/platform-services/automation-service/app-central/integrations/abuse.ch-sslbl-feed/)
- [Malware Bazaar](/docs/platform-services/automation-service/app-central/integrations/malware-bazaar/)
- [URLhaus Abuse](/docs/platform-services/automation-service/app-central/integrations/urlhaus-abuse/) | |
})
| [AbuseIPDB](https://www.abuseipdb.com/) | Automation integration: [AbuseIPDB](/docs/platform-services/automation-service/app-central/integrations/abuseipdb/) |
@@ -466,7 +466,7 @@ Types of integrations:
| })
| [Netskope](https://www.netskope.com/) | Apps: - [Netskope](/docs/integrations/security-threat-detection/netskope/)
- [Netskope Legacy](/docs/integrations/security-threat-detection/netskope-legacy-collection/)
Automation integrations:
- [Netskope](/docs/platform-services/automation-service/app-central/integrations/netskope/)
- [Netskope V2](/docs/platform-services/automation-service/app-central/integrations/netskope-v2/)
Collectors:
- [Netskope Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-source/)
- [Netskope WebTx Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/netskope-webtx-source/) | |
})
| [Neustar](https://www.home.neustar/) | Automation integration: [Neustar IP GeoPoint](/docs/platform-services/automation-service/app-central/integrations/neustar-ip-geopoint/) |
| }){kind=logo}
| [New Relic](https://newrelic.com/) | Webhook: [Webhook Connection for New Relic](/docs/alerts/webhook-connections/new-relic/) |
-| })
| [Nginx](https://www.nginx.com/) | Apps: - [Nginx](/docs/integrations/web-servers/nginx/)
- [Nginx (Legacy)](/docs/integrations/web-servers/nginx-legacy/)
- [Nginx Ingress](/docs/integrations/web-servers/nginx-ingress/)
- [Nginx - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/nginx-opentelemetry/)
- [Global Intelligence for Nginx](/docs/integrations/global-intelligence/nginx)
Collector: [Nginx Access Logs - Cloud SIEM](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/nginx-access-logs/) | +|
| [Nginx](https://www.nginx.com/) | Apps: - [Nginx](/docs/integrations/web-servers/nginx/)
- [Nginx Ingress](/docs/integrations/web-servers/nginx-ingress/)
- [Nginx - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/nginx-opentelemetry/)
- [Global Intelligence for Nginx](/docs/integrations/global-intelligence/nginx)
Collector: [Nginx Access Logs - Cloud SIEM](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/nginx-access-logs/) | |
})
| [Nginx Plus](https://www.nginx.com/products/nginx/) | Apps: - [Nginx Plus](/docs/integrations/web-servers/nginx-plus/)
- [Nginx Plus Ingress](/docs/integrations/web-servers/nginx-plus-ingress/) | |
})
| [Nmap](https://nmap.org/) | Automation integration: [Nmap](/docs/platform-services/automation-service/app-central/integrations/nmap/) |
| }){kind=logo}
| [Nobl9](https://www.nobl9.com/) | Webhook: [Nobl9](/docs/integrations/webhooks/nobl9/) |
@@ -497,7 +497,7 @@ Types of integrations:
| Logo | Vendors and Products | Integrations |
| :-- | :-- | :-- |
| })
| [PagerDuty](https://www.pagerduty.com/) | Apps: - [PagerDuty V2](/docs/integrations/saas-cloud/pagerduty-v2/)
- [PagerDuty V3](/docs/integrations/saas-cloud/pagerduty-v3/)
Automation integration: [PagerDuty](/docs/platform-services/automation-service/app-central/integrations/pagerduty/)
Webhook: [Webhook Connection for PagerDuty](/docs/alerts/webhook-connections/pagerduty/) | -|
})
| [Palo Alto Networks](https://www.paloaltonetworks.com/) | Apps: - [Palo Alto Firewall 9](/docs/integrations/cloud-security-monitoring-analytics/palo-alto-firewall-9/)
- [Palo Alto Firewall 10](/docs/integrations/cloud-security-monitoring-analytics/palo-alto-firewall-10/)
- [Palo Alto Networks 6](/docs/integrations/security-threat-detection/palo-alto-networks-6/)
- [Palo Alto Networks 8](/docs/integrations/security-threat-detection/palo-alto-networks-8/)
- [Palo Alto Networks 9](/docs/integrations/security-threat-detection/palo-alto-networks-9/)
- [PCI Compliance for Palo Alto Networks 9](/docs/integrations/pci-compliance/palo-alto-networks-9/)
- [PCI Compliance for Palo Alto Networks 10](/docs/integrations/pci-compliance/palo-alto-networks-10/)
- [Palo Alto Cortex XDR](/docs/integrations/saas-cloud/palo-alto-cortex-xdr/)
Automation integrations:
- [Cortex XDR](/docs/platform-services/automation-service/app-central/integrations/cortex-xdr/)
- [Palo Alto AutoFocus](/docs/platform-services/automation-service/app-central/integrations/palo-alto-autofocus/)
- [Palo Alto Networks NGFW](/docs/platform-services/automation-service/app-central/integrations/palo-alto-networks-ngfw/)
- [Palo Alto Networks Panorama V2](/docs/platform-services/automation-service/app-central/integrations/palo-alto-networks-panorama-v2/)
Collectors:
- [Collect Logs from Palo Alto Networks Cortex Data Lake](/docs/send-data/collect-from-other-data-sources/collect-logs-palo-alto-networks-cortex/)
- [Palo Alto Cortex XDR Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source/)
- [Palo Alto Firewall - Cloud SIEM](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/palo-alto-firewall/)
Partner integration: [Cortex XSOAR](https://xsoar.pan.dev/docs/reference/integrations/sumo-logic) | +|
| [Palo Alto Networks](https://www.paloaltonetworks.com/) | Apps: - [Palo Alto Firewall 9](/docs/integrations/cloud-security-monitoring-analytics/palo-alto-firewall-9/)
- [Palo Alto Firewall 10](/docs/integrations/cloud-security-monitoring-analytics/palo-alto-firewall-10/)
- [Palo Alto Networks 9](/docs/integrations/security-threat-detection/palo-alto-networks-9/)
- [PCI Compliance for Palo Alto Networks 9](/docs/integrations/pci-compliance/palo-alto-networks-9/)
- [PCI Compliance for Palo Alto Networks 10](/docs/integrations/pci-compliance/palo-alto-networks-10/)
- [Palo Alto Cortex XDR](/docs/integrations/saas-cloud/palo-alto-cortex-xdr/)
Automation integrations:
- [Cortex XDR](/docs/platform-services/automation-service/app-central/integrations/cortex-xdr/)
- [Palo Alto AutoFocus](/docs/platform-services/automation-service/app-central/integrations/palo-alto-autofocus/)
- [Palo Alto Networks NGFW](/docs/platform-services/automation-service/app-central/integrations/palo-alto-networks-ngfw/)
- [Palo Alto Networks Panorama V2](/docs/platform-services/automation-service/app-central/integrations/palo-alto-networks-panorama-v2/)
Collectors:
- [Collect Logs from Palo Alto Networks Cortex Data Lake](/docs/send-data/collect-from-other-data-sources/collect-logs-palo-alto-networks-cortex/)
- [Palo Alto Cortex XDR Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/palo-alto-cortex-xdr-source/)
- [Palo Alto Firewall - Cloud SIEM](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/palo-alto-firewall/)
Partner integration: [Cortex XSOAR](https://xsoar.pan.dev/docs/reference/integrations/sumo-logic) | |
}){kind=logo}
| [Palo Alto Networks Prisma Cloud (formerly Evident.io ESP)](https://www.paloaltonetworks.com/prisma/cloud) | App: [Evident.io ESP](/docs/integrations/security-threat-detection/evident-security-platform/) Automation integration: [Prisma Cloud](/docs/platform-services/automation-service/app-central/integrations/prisma-cloud/) | |
}){kind=logo}
| [PaperTrail](https://www.papertrail.com/) | Webhook: [PaperTrail](/docs/integrations/webhooks/papertrail/) |
| })
| [Phantombuster](https://phantombuster.com/) | Automation integration: [Phantombuster](/docs/platform-services/automation-service/app-central/integrations/phantombuster/) |
@@ -616,7 +616,7 @@ Types of integrations:
| :-- | :-- | :-- |
| })
| [Watchguard](https://www.watchguard.com/) | Automation integration: [Panda EDR](/docs/platform-services/automation-service/app-central/integrations/panda-edr/) |
| })
| [WhoisXML](https://main.whoisxmlapi.com/) | Automation integration: [WhoisXML](/docs/platform-services/automation-service/app-central/integrations/whoisxml/) |
-| | [Windows](https://www.microsoft.com/en-us/windows) | Apps: - [Windows Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/windows/)
- [Windows - Cloud Security Monitoring and Analytics - OpenTelemetry](/docs/integrations/cloud-security-monitoring-analytics/opentelemetry/windows-opentelemetry/)
- [Windows JSON](/docs/integrations/microsoft-azure/windows-json/)
- [Windows - OpenTelemetry](/docs/integrations/hosts-operating-systems/opentelemetry/windows-opentelemetry/)
- [Windows Performance](/docs/integrations/microsoft-azure/performance/)
- [Windows Legacy](/docs/integrations/microsoft-azure/windows-legacy/)
- [PCI Compliance For Windows (JSON)](/docs/integrations/microsoft-azure/windows-json-pci-compliance/)
- [PCI Compliance for Windows JSON - OpenTelemetry](/docs/integrations/pci-compliance/opentelemetry/windows-json-opentelemetry/)
- [PCI Compliance For Windows (Legacy)](/docs/integrations/microsoft-azure/windows-legacy-pci-compliance/)
Automation integration: [PowerShell Tools](/docs/platform-services/automation-service/app-central/integrations/powershell-tools/)
Collectors:
- [Add a Collector to a Windows Machine Image](/docs/send-data/installed-collectors/collector-installation-reference/add-collector-windows-machine-image/)
- [Install a Collector on Windows](/docs/send-data/installed-collectors/windows/)
- [Install OpenTelemetry Collector on Windows](/docs/send-data/opentelemetry-collector/install-collector/windows/)
- [Local Windows Event Log Source](/docs/send-data/installed-collectors/sources/local-windows-event-log-source/)
- [Local Windows Performance Monitor Log Source](/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source/)
- [Microsoft Windows - Cloud SIEM](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/microsoft-windows/)
- [Preconfigure a Machine to Collect Remote Windows Events](/docs/send-data/installed-collectors/sources/preconfigure-machine-collect-remote-windows-events/)
- [Preconfigure a Machine to Collect Remote Windows Performance Monitoring Logs](/docs/send-data/installed-collectors/sources/preconfigure-machine-collect-remote-windows-performance-monitoring-logs/)
- [Remote Windows Event Log Source](/docs/send-data/installed-collectors/sources/remote-windows-event-log-source/)
- [Remote Windows Performance Monitor Log Source](/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source/)
- [Windows Event Source Custom Channels](/docs/send-data/installed-collectors/sources/windows-event-source-custom-channels/)| +|
| [Windows](https://www.microsoft.com/en-us/windows) | Apps: - [Windows Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/windows/)
- [Windows - Cloud Security Monitoring and Analytics - OpenTelemetry](/docs/integrations/cloud-security-monitoring-analytics/opentelemetry/windows-opentelemetry/)
- [Windows JSON](/docs/integrations/microsoft-azure/windows-json/)
- [Windows - OpenTelemetry](/docs/integrations/hosts-operating-systems/opentelemetry/windows-opentelemetry/)
- [Windows Performance](/docs/integrations/microsoft-azure/performance/)
- [Windows Legacy](/docs/integrations/microsoft-azure/windows-legacy/)
- [PCI Compliance For Windows (JSON)](/docs/integrations/microsoft-azure/windows-json-pci-compliance/)
- [PCI Compliance for Windows JSON - OpenTelemetry](/docs/integrations/pci-compliance/opentelemetry/windows-json-opentelemetry/)
-
Automation integration: [PowerShell Tools](/docs/platform-services/automation-service/app-central/integrations/powershell-tools/)
Collectors:
- [Add a Collector to a Windows Machine Image](/docs/send-data/installed-collectors/collector-installation-reference/add-collector-windows-machine-image/)
- [Install a Collector on Windows](/docs/send-data/installed-collectors/windows/)
- [Install OpenTelemetry Collector on Windows](/docs/send-data/opentelemetry-collector/install-collector/windows/)
- [Local Windows Event Log Source](/docs/send-data/installed-collectors/sources/local-windows-event-log-source/)
- [Local Windows Performance Monitor Log Source](/docs/send-data/installed-collectors/sources/local-windows-performance-monitor-log-source/)
- [Microsoft Windows - Cloud SIEM](/docs/cse/ingestion/ingestion-sources-for-cloud-siem/microsoft-windows/)
- [Preconfigure a Machine to Collect Remote Windows Events](/docs/send-data/installed-collectors/sources/preconfigure-machine-collect-remote-windows-events/)
- [Preconfigure a Machine to Collect Remote Windows Performance Monitoring Logs](/docs/send-data/installed-collectors/sources/preconfigure-machine-collect-remote-windows-performance-monitoring-logs/)
- [Remote Windows Event Log Source](/docs/send-data/installed-collectors/sources/remote-windows-event-log-source/)
- [Remote Windows Performance Monitor Log Source](/docs/send-data/installed-collectors/sources/remote-windows-performance-monitor-log-source/)
- [Windows Event Source Custom Channels](/docs/send-data/installed-collectors/sources/windows-event-source-custom-channels/)| |
})
| [WithSecure](https://www.withsecure.com/en/home) | Automation integrations: - [WithSecure Elements](/docs/platform-services/automation-service/app-central/integrations/withsecure-elements/)
- [WithSecure Endpoint Protection](/docs/platform-services/automation-service/app-central/integrations/withsecure-endpoint-protection/) | |
})
| [Wittra](https://www.wittra.io/) | Automation integration: [Wittra](/docs/platform-services/automation-service/app-central/integrations/wittra/) |
| })
| [Workday](https://www.workday.com/) | App: [Workday](/docs/integrations/saas-cloud/workday/) Collector: [Workday Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/workday-source/) | diff --git a/docs/integrations/security-threat-detection/index.md b/docs/integrations/security-threat-detection/index.md index a36bf306e3..0469699d73 100644 --- a/docs/integrations/security-threat-detection/index.md +++ b/docs/integrations/security-threat-detection/index.md @@ -105,18 +105,6 @@ Sumo Logic provides a variety of apps for security products and platforms, from
A guide to the Sumo Logic app for Observable Networks.
-
-
-
-
-Palo Alto Networks 6
-A guide to the Sumo Logic app for Palo Alto Networks 6.
-
-
- })
-Palo Alto Networks 8
-A guide to the Sumo Logic app for Palo Alto Networks 8.
-})
Palo Alto Networks 9
diff --git a/docs/integrations/security-threat-detection/palo-alto-networks-6.md b/docs/integrations/security-threat-detection/palo-alto-networks-6.md deleted file mode 100644 index 3bf9a3e94c..0000000000 --- a/docs/integrations/security-threat-detection/palo-alto-networks-6.md +++ /dev/null @@ -1,163 +0,0 @@ ---- -id: palo-alto-networks-6 -title: Palo Alto Networks 6 -sidebar_label: Palo Alto Networks 6 -description: The Palo Alto Networks 6 app provides four dashboards, giving you several ways to discover threats, consumption, traffic patterns, and other security-driven issues, providing additional insight for investigations. ---- - -import useBaseUrl from '@docusaurus/useBaseUrl'; - -
-
-The Palo Alto Networks 6 app provides four dashboards, giving you several ways to discover threats, consumption, traffic patterns, and other security-driven issues, providing additional insight for investigations.
-
-## Log types
-
-Parsing in the Palo Alto Networks 6 app for PAN 6 is based on the [PAN-OS Syslog integration](https://live.paloaltonetworks.com/t5/forums/searchpage/tab/message?q=PAN-OS+Syslog+integration&filter=labels&search_type=thread).
-
-
-### Sample log messages
-
-```json
-<12>Dec 22 13:22:14 PA-5050 1,2016/12/22 13:22:14,002201002211,THREAT,vulnerability,1,2016/12/22 13:22:14,77.200.181.165,208.74.205.51,0.0.0.0,0.0.0.0,Alert Logging,,,web-browsing,vsys1,IDS,IDS,ethernet1/21,ethernet1/21,Sumo_Logic,2016/12/22 13:22:14,34403128,1,59305,80,0,0,0x80000000,tcp,alert,"1794",HTTP SQL Injection Attempt(38195),any,medium,client-to-server,128764886,0x0,NL,US,0,,1345817091864062106,,,1,,,,,,,,0
-
-<11>Dec 22 13:08:28 PA-5050 1,2016/12/22 13:08:28,002201002211,THREAT,vulnerability,1,2016/12/22 13:08:28,46.148.24.108,208.74.205.51,0.0.0.0,0.0.0.0,Alert Logging,,,web-browsing,vsys1,IDS,IDS,ethernet1/21,ethernet1/21,Sumo_Logic,2016/12/22 13:08:28,34645066,1,38899,80,0,0,0x80000000,tcp,alert,"message",HTTP /etc/passwd Access Attempt(30852),any,high,client-to-server,128763724,0x0,UA,US,0,,1345817091864061211,,,1,,,,,,,,0
-<14>Dec 22 16:24:05 AO-PA500-01.domain.local 1,2016/12/22 16:24:04,009401007189,TRAFFIC,drop,1,2016/12/22 16:24:04,45.55.255.28,184.18.215.26,0.0.0.0,0.0.0.0,deny untrust - logging,,,not-applicable,vsys1,untrust,untrust,ethernet1/1,,Log-Forwarding-01,2016/12/22 16:24:04,0,1,29272,2083,0,0,0x0,tcp,deny,92,92,0,1,2016/12/22 16:24:04,0,any,0,372320422,0x0,US,US,0,1,0,policy-deny,0,0,0,0,,AO-PA500-01,from-policy
-```
-
-
-
-### Sample queries
-
-```sql title="Threat Type by Severity"
-_sourceCategory=palo_alto_network | parse "*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*" as f1,recvTime,serialNum,type,subtype,f2,genTime,src_ip,dest_ip,natsrc_ip,natdest_ip,ruleName,src_user,dest_user,app,vsys,src_zone,dest_zone,ingress_if,egress_if,logProfile,f3,sessionID,repeatCnt,src_port,dest_port,natsrc_port,natdest_port,flags,protocol,action,misc,threatID,cat,severity,direction,seqNum,action_flags,src_loc,dest_loc,f4,content_type | count as count by subtype,severity | transpose row severity column subtype
-```
-
-
-## Collecting Logs for the Palo Alto Networks 6 app
-
-This section provides instructions on how to collect logs for the Palo Alto Networks 6 app, as well as log and query samples.
-
-
-### Prerequisites
-
-* Configure Syslog Monitoring for your Palo Alto Networks device, as described in [Configure Syslog Monitoring](https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/monitoring/use-syslog-for-monitoring/configure-syslog-monitoring) in Palo Alto Networks help.
-* This app supports Palo Alto Networks v6.
-
-
-### Configure a Collector
-
-Configure an [Installed Collector](/docs/send-data/installed-collectors) or a Hosted source for Syslog-ng or Rsyslog.
-
-
-### Configure a Source
-
-For Syslog, configure the Source fields:
-
-1. **Name**. (Required) A name is required.
-2. **Description.** Optional.
-3. **Protocol**. UDP or TCP
-4. **Port**. Port number.
-5. **Source Category**. (Required) The Source Category metadata field is a fundamental building block to organize and label Sources. For details, see [Best Practices](/docs/send-data/best-practices).
-6. Click **Save**.
-
-For a Hosted source, use advanced settings as necessary, but save the endpoint URL associated in order to configure Palo Alto Networks.
-
-
-### Field Extraction Rules
-
-When creating a Field Extraction Rule, you have the option to select from a template for Palo Alto Networks.
-
-It is recommended that you add **THREAT** as a keyword in the scope for the rule.
-
-```sql
-parse "*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*"
-as f1,recvTime,serialNum,type,subtype,f2,genTime,src_ip,dest_ip,natsrc_ip,natdest_ip,
-ruleName,src_user,dest_user,app,vsys,src_zone,dest_zone,ingress_if,egress_if,logProfile,
-f3,sessionID,repeatCnt,src_port,dest_port,natsrc_port,natdest_port,flags,protocol,action,
-misc,threatID,cat,severity,direction,seqNum,action_flags,src_loc,dest_loc,f4,content_type
-```
-
-
-## Installing the Palo Alto Networks 6 app
-
-Now that you have set up collection for Palo Alto Networks, install the Sumo Logic app for Palo Alto Networks to use the preconfigured searches and dashboards that provide insight into your data.
-
-import AppInstall from '../../reuse/apps/app-install.md';
-
-})
-
-**Source Host Locations.** Using a geolocation query, this Panel maps the location of source hosts using their IP addresses.
-
-**Threat Type by Severity.** Breaks down the number of threats, ranked by severity; threat types are divided into separate categories (such as Vulnerabilities and URL). Threat types displayed in this Panel include Low, Informational, High, and Critical.
-
-**Bandwidth Consumption (Bytes) by Virtual System.** Displays the bandwidth of virtual systems, making it easy to see which systems are consuming the most bandwidth.
-
-**Bandwidth Consumption (Percentage) by App.** Each app deployed by your organization is represented in an overall breakdown of how apps are consuming bandwidth.
-
-
-### Threat Analysis
-
-})
-
-**Threat Type.** Get an idea of the number of threats as well as the type of threats detected by Palo Alto Networks. Top Destination IPs. Shows the top 10 destination IPs (the IPs that have made the most attempts).
-
-Top Destination IPs. Ranks the top 10 destination IPs as a bar chart.
-
-**Severity by Protocol.** View the number of threats sorted by severity (Critical, High, Low, or Informational).
-
-**App by Severity.** Shows the breakdown of threats per app, sorted by threat level (Critical, High, Informational, and Low).
-
-**Top Source IPs.** Ranks the top 10 source IPs hitting your firewall as a bar chart.
-
-**Threat by Category.** The query behind this Panel parses the threat ID and category from your Palo Alto Network logs, then returns the number of threats sorted by category.
-
-
-### Traffic Monitoring
-
-The Traffic Monitoring Dashboard includes several Panels that display information about incoming and outgoing traffic, including bytes sent and received.
-
-})
-
-**Events by Protocol.** Displays the breakdown of events, sorted by protocol (ICMP, TCP, UDP, HOPOPT).
-
-**Top Destination IPs by Events.** Using a geolocation query, this Panel maps which IPs are being accessed outside the network for all event types.
-
-**Top 10 Apps by Bytes Sent.** Shows which apps are being sent the most bytes.
-
-**Apps by Action.** This Panel queries all traffic types and then displays each app per drop, denial, and success.
-
-**Top Source IPs by Events.** Displays the top 10 IPs generating events.
-
-**Top 10 Apps by Bytes Received.** Traffic from the 10 most active apps is shown, making unexpected upticks in traffic easy to identify.
-
-**Bytes Sent/Received Overtime.** Keep an eye on the overall inbound and outbound traffic in your deployment.
-
-**Triggered Rules by Virtual System.** Including all existing trigger rules, this Panel displays traffic from each virtual system in your deployment.
-
-
-### Generic
-
-This advanced Dashboard includes specialized, targeted Panels that are typically used by IT Admins.
-
-})
-
-**Top 10 Source IPs by Byte.** Watch for unexpected spikes in traffic from the top 10 Source IP addresses.
-
-**High Severity Threat Distribution.** Displays the severity of threats over the past hour.
-
-**High Severity Threats by Destination & ID.** Counted by the number of threats coming from specific destinations and IP addresses, Critical and High severity threats are shown.
-
-**Bandwidth Consumption by App.** View the total bandwidth consumed by each app in one place.
-
-**Threat Distribution.** Displays the source of threats as well as the number of threats over the past 24 hours.
-
-**High Severity Threats by Source & ID.** No need to guess where Critical and High threats are coming from. This Panel displays each threat source.
diff --git a/docs/integrations/security-threat-detection/palo-alto-networks-8.md b/docs/integrations/security-threat-detection/palo-alto-networks-8.md
deleted file mode 100644
index ffd0d31768..0000000000
--- a/docs/integrations/security-threat-detection/palo-alto-networks-8.md
+++ /dev/null
@@ -1,316 +0,0 @@
----
-id: palo-alto-networks-8
-title: Palo Alto Networks 8
-sidebar_label: Palo Alto Networks 8
-description: The Palo Alto Networks 8 app gives you visibility into firewall and traps activity, including information about firewall configuration changes, details about rejected and accepted firewall traffic, traffic events that match the Correlation Objects and Security Profiles you have configured in PAN, and events logged by the Traps Endpoint Security Manager.
----
-
-import useBaseUrl from '@docusaurus/useBaseUrl';
-
-
-
-Palo Alto Networks (PAN) 8 provides a next generation firewall and the Traps Endpoint Security Manager. The Palo Alto Networks 8 app gives you visibility into firewall and traps activity, including information about firewall configuration changes, details about rejected and accepted firewall traffic, traffic events that match the Correlation Objects and Security Profiles you have configured in PAN, and events logged by the Traps Endpoint Security Manager.
-
-## Log types
-
-Parsing in the Sumo Logic app for PAN 8 is based on the [PAN-OS Syslog Integration](https://live.paloaltonetworks.com/t5/Tech-Note-Articles/PAN-OS-Syslog-Integration/ta-p/55323) and uses the following log types:
-
-| Log type | -Description | -Supported log format | -For more information | -
| Traffic | -Entries for the start and end of each session, including date and time; source and destination zones, addresses and ports; application name; security rule applied to the traffic flow; rule action (allow, deny, or drop); ingress and egress interface; number of bytes; and session end reason. | -Syslog | -Traffic Logs | -
| Threat | -Events logged when traffic matches one of the Security Profiles attached to a security rule on the firewall. | -Syslog | -Threat Logs | -
| System | -Information about system events on the Palo Alto Networks Device. | -Syslog | -System Logs | -
| Config Logs | -Information about Palo Alto Networks Device configuration changes. | -Syslog | -Configuration | -
| Correlation | -Events logged by firewall when patterns and thresholds defined in a Correlation Object match the traffic patterns on your network. | -Syslog | -Correlation Logs | -
| TrapsV4 | -Events logged by the Traps Endpoint Security component. | -Common Event Format (CEF) | -CEF Format | -
})
-
-### Configuration Analysis
-
-**Description:** See information about changes to your firewall configurations, including a breakdown of submitted, succeeded, and failed configuration updates; the trend of configuration update statuses; the top 10 IPs used for configuration changes; the top 10 admin users; and the top 10 commands executed.
-
-**Use case:** Use this dashboard to learn about firewall configuration changes. You can identify who performed a configuration change, and the system from which the configuration change was made. The dashboard also helps you identify failed and successful configurations changes. If you observe a sudden change in device behavior, you can check this dashboard to investigate whether a configuration change might be to blame.
-
-})
-
-### Correlation Analysis
-
-**Description:** See information about correlated events, including breakdowns of correlated events by severity, category, source user, and object; events by source IP; and recent correlation feeds.
-
-**Use case:** Use this dashboard to identify hosts that are compromised, very likely compromised, likely compromised, or possibly compromised, based on correlation events.
-
-})
-
-### High Severity Threats
-
-**Description:** See information about the top 10 source IPs by bytes; high and critical severity threats by destination ID, and by Source ID; threat distribution by severity; bandwidth consumption by app; and outlier analysis of allowed and rejected requests.
-
-**Use case:** Use this dashboard to identify the impact of high severity threats, including the most involved source and destination IPs. You can identify threats affecting multiple IPs, IPs affected by multiple threats, and identify source IPs or users which are responsible for generating high severity threats or are impacted by high severity threats.
-
-})
-
-### System Monitoring
-
-**Description:** See breakdowns of events by subtype, module, severity, and EventID; objects by severity level and event type; and recent logs to the system feed.
-
-**Use case:** Use this dashboard to identify system issues like hardware failures, HA failures, link down status, dropped connections with external devices, firmware / software upgrades, password change notifications, log in/log off, administrator name or password change, any configuration change, and other minor events.
-
-})
-
-### Threat Overview
-
-**Description:** See breakdowns of each threat type by severity; threat analytics, including threat outliers and a time comparison of current threats versus threats in the previous hour, day, and previous week; threats affecting the most destination IPs; IPs generating multiple threats; and IPs observing multiple threats.
-
-**Use case:** Use this dashboard to identify threat subtypes. Based on what you learn, you can drill down for additional detail in the “Threat Analysis” dashboard. You can also use this dashboard to identify threats that affect multiple IPs, IPs affected by multiple threats, and narrow in on source IPs or users that are responsible for generating threats or are impacted by threats.
-
-})
-
-### Threat Analysis
-
-**Description:** See analytics and details about threats, including the count of threats whose severity is greater that “Informational”; breakdowns of threats by subtype and severity; and recent critical and non-critical threat feeds.
-
-**Use case:** Use this dashboard to get detailed information on threats identified, rules fired, actions, trends, threat outliers, and threat directions.
-
-})
-
-
-### Traffic Monitoring
-
-**Description:** See information about firewall traffic, including protocol usage; top source IPs, apps, destination IPs, source users, and destination ports; and outlier analysis of rejected and accepted traffic.
-
-**Use case:** Use this dashboard to detect sudden changes in allowed or rejected traffic in the outlier panels. To investigate outliers, look for a corresponding change in rules configuration on the Configuration Analysis dashboard.
-
-You can also monitor the types of content being accessed by various apps and virtual systems. You can track the bandwidth consumed by specific apps and take corrective action as necessary. Using the geolocation map, you can track source and destination locations and determine whether a location is expected, and block it, as appropriate.
-
-})
-
-### Traffic Insight - File Activity
-
-**Description:** See information about firewall requests that involved file uploads or downloads, including upload/download event counts; top file types, file names, and apps; and time comparison and outlier analysis of download and upload traffic.
-
-**Use case:** Use this dashboard to monitor end users’ file upload and download activities. You can track suspicious file types being uploaded or downloaded through various apps. It also provides insight into sudden changes in activities though outliers. You can compare the current activity trend with the the previous hour, the same time yesterday, and the same time last week with the time compare panel.
-
-})
-
-### Traffic Insight - Web Activity
-
-**Description:** See information about firewall requests that involved web browsing activities, including event count; top content types, apps, and URLs; and time comparison and outlier analysis of web browsing activity.
-
-**Use case:** Use this dashboard to monitor end users’ file web browsing activities. You can track URLs and the content being browsed using various apps. It also provides insight into sudden changes in activities though outliers. You can compare the current activity trend with the the previous hour, the same time yesterday, and the same time last week with the time compare panel.
-
-})
-
-### Traps V4 Monitoring
-
-**Description:** See information about trap events, including a count of trap events, a breakdown of trap events by severity, and a breakdown by Traps ESM and Traps Agent.
-
-**Use case:** Use this dashboard to identify how end points have been attacked. You can monitor ransomware threats and new exploits. You can also track agent installs/uninstalls, upgrades, service statuses, access violations, and prevention events.
-
-})
diff --git a/docs/integrations/web-servers/index.md b/docs/integrations/web-servers/index.md
index 62ac5efb78..4939e61c60 100644
--- a/docs/integrations/web-servers/index.md
+++ b/docs/integrations/web-servers/index.md
@@ -50,13 +50,6 @@ This guide has documentation for Sumo apps for web servers.
Nginx Ingress
The Nginx Ingress app is a unified logs and metrics app that helps you monitor the availability, performance, health, and resource utilization of your Nginx Ingress web servers.
-
- })
-
- Nginx (Legacy)
-The Sumo Logic App for Nginx (Legacy) support logs for Open Source Nginx, Nginx Plus, as well as Metrics for Open Source Nginx.
-
diff --git a/docs/integrations/web-servers/nginx-ingress.md b/docs/integrations/web-servers/nginx-ingress.md
index 1a334eaf15..92bae37683 100644
--- a/docs/integrations/web-servers/nginx-ingress.md
+++ b/docs/integrations/web-servers/nginx-ingress.md
@@ -92,7 +92,7 @@ It’s assumed that you are using the latest helm chart version if not please up
## Installing Nginx Ingress Monitors
-After [setting up collection](/docs/integrations/web-servers/nginx-legacy), you can proceed to installing the Nginx Ingress monitors, app, and view examples of each of dashboard.
+After [setting up collection](/docs/integrations/web-servers/nginx), you can proceed to installing the Nginx Ingress monitors, app, and view examples of each of dashboard.
* To install these alerts, you need to have the Manage Monitors role capability.
* Alerts can be installed by either importing a JSON file or a Terraform script.
diff --git a/docs/integrations/web-servers/nginx-legacy.md b/docs/integrations/web-servers/nginx-legacy.md
deleted file mode 100644
index 85622e37c4..0000000000
--- a/docs/integrations/web-servers/nginx-legacy.md
+++ /dev/null
@@ -1,275 +0,0 @@
----
-id: nginx-legacy
-title: Nginx (Legacy)
-sidebar_label: Nginx (Legacy)
-description: The Sumo Logic app for Nginx (Legacy) helps you monitor webserver activity in Nginx.
----
-
-import useBaseUrl from '@docusaurus/useBaseUrl';
-import Tabs from '@theme/Tabs';
-import TabItem from '@theme/TabItem';
-
-
-
-Nginx (Legacy) is a web server that can be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. The Sumo Logic app for Nginx (Legacy) support logs for Open Source Nginx, Nginx Plus, as well as Metrics for Open Source Nginx.
-
-The Sumo Logic app for Nginx (Legacy) helps you monitor webserver activity in Nginx. The preconfigured dashboards provide information about site visitors, including the location of visitors, devices/operating systems, and browsers used; and information about server activity, including bots observed and error information.
-
-## Log and Metrics Types
-
-The Sumo Logic app for Nginx assumes the NCSA extended/combined log file format for Access logs and the default Nginx error log file format for error logs.
-
-All Dashboards (except the Error logs Analysis dashboard) assume the Access log format. The Error logs Analysis Dashboard assumes both Access and Error log formats, so as to correlate information between the two. For more details on Nginx logs, see [Module ngx_http_log_module](https://nginx.org/en/docs/http/ngx_http_log_module.html).
-
-The Sumo Logic app for Nginx assumes Prometheus format Metrics for Requests and Connections. For Nginx Server metrics, Stub_Status Module from Nginx Configuration is used. For more details on Nginx Metrics, see https://nginx.org/libxslt/en/docs/http/ngx_http_stub_status_module.html.
-
-
-### Sample log messages
-
-```txt title="Access Log Example"
-50.1.1.1 - example [23/Sep/2016:19:00:00 +0000] "POST /api/is_individual HTTP/1.1" 200 58 "-"
-"python-requests/2.7.0 CPython/2.7.6 Linux/3.13.0-36-generic"
-```
-
-```txt title="Error Log Example"
-2016/09/23 19:00:00 [error] 1600#1600: *61413 open() "/srv/core/client/dist/client/favicon.ico"
-failed (2: No such file or directory), client: 101.1.1.1, server: _, request: "GET /favicon.ico
-HTTP/1.1", host: "example.com", referrer: "https://abc.example.com/"
-```
-
-### Sample queries
-
-This sample query is from the **Requests by Clients** panel of the **Nginx (Legacy) - Overview** dashboard.
-
-```
-_sourceCategory = Labs/Nginx/Logs
-| json field=_raw "log" as nginx_log_message nodrop
-| if (isEmpty(nginx_log_message), _raw, nginx_log_message) as nginx_log_message
-| parse regex field=nginx_log_message "(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
-| parse regex field=nginx_log_message "(?[A-Z]+)\s(?\S+)\sHTTP/[\d\.]+\"\s(?\d+)\s(?[\d-]+)\s\"(?.*?)\"\s\"(?.+?)\".*"
-| where _sourceHost matches "{{Server}}" and Client_Ip matches "{{Client_Ip}}" and Method matches "{{Method}}" and URL matches "{{URL}}" and Status_Code matches "{{Status_Code}}"
-| count as count by Client_Ip
-| sort count
-```
-
-## Collecting Logs and Metrics for Nginx (Legacy)
-
-This section provides instructions for configuring log and metrics collection for the Sumo Logic app for Nginx (Legacy), which is for non-Kubernetes environment.
-
-### Collecting Logs
-
-Nginx (Legacy) app supports the default access logs and error logs format.
-
-#### Step 1. Configure logging in Nginx
-
-Before you can configure Sumo Logic to ingest logs, you must configure the logging of errors and processed requests in NGINX Open Source and NGINX Plus. For instructions, refer to [this documentation](https://www.nginx.com/resources/admin-guide/logging-and-monitoring/).
-
-#### Step 2. Configure a Collector
-
-Use one of the following Sumo Logic Collector options:
-
-1. To collect logs directly from the Nginx machine, configure an [Installed Collector](/docs/send-data/installed-collectors).
-2. If you're using a service like Fluentd, or you would like to upload your logs manually, [Create a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector).
-
-
-#### Step 3. Configure a Source
-
-
-
-
-
-To collect logs directly from your Nginx machine, use an Installed Collector and a Local File Source.
-
-1. Add a [Local File Source](/docs/send-data/installed-collectors/sources/local-file-source).
-2. Configure the Local File Source fields as follows:
- * **Name.** (Required)
- * **Description.** (Optional)
- * **File Path (Required).** Enter the path to your error.log or access.log. The files are typically located in /var/log/nginx/error.log. If you're using a customized path, check the nginx.conf file for this information. If you're using Passenger, you may have instructed Passenger to log to a specific log using the passenger_log_file option.
- * **Source Host.** Sumo Logic uses the hostname assigned by the OS unless you enter a different hostname.
- * **Source Category.** Enter any string to tag the output collected from this Source, such as **Nginx/Access** or **Nginx/Error**. (The Source Category metadata field is a fundamental building block to organize and label Sources. For details, see [Best Practices](/docs/send-data/best-practices).)
-3. Configure the **Advanced** section:
- * **Enable Timestamp Parsing.** Select Extract timestamp information from log file entries.
- * **Time Zone.** Automatically detect.
- * **Timestamp Format.** The timestamp format is automatically detected.
- * **Encoding.** Select UTF-8 (Default).
- * **Enable Multiline Processing.**
- * **Error logs.** Select **Detect messages spanning multiple lines** and **Infer Boundaries - Detect message boundaries automatically**.
- * **Access** logs. These are single-line logs, uncheck **Detect messages spanning multiple lines**.
-4. Click **Save**.
-
-
-
-
-If you're using a service like Fluentd, or you would like to upload your logs manually, use a Hosted Collector and an HTTP Source.
-
-1. Add an [HTTP Source](/docs/send-data/hosted-collectors/http-source/logs-metrics).
-2. Configure the HTTP Source fields as follows:
- * **Name.** (Required)
- * **Description.** (Optional)
- * **Source Host.** Sumo Logic uses the hostname assigned by the OS unless you enter a different hostname.
- * **Source Category.** Enter any string to tag the output collected from this Source, such as **Nginx/Access** or **Nginx/Error**. (The Source Category metadata field is a fundamental building block to organize and label Sources. For details, see [Best Practices](/docs/send-data/best-practices).)
-3. Configure the **Advanced** section:
- * **Enable Timestamp Parsing.** Select **Extract timestamp information from log file entries**.
- * **Time Zone.** For Access logs, use the time zone from the log file. For Error logs, make sure to select the correct time zone.
- * **Timestamp Format.** The timestamp format is automatically detected.
- * **Enable Multiline Processing.**
- * **Error** **logs**: Select **Detect messages spanning multiple lines** and **Infer Boundaries - Detect message boundaries automatically**.
- * **Access** **logs**: These are single-line logs, uncheck **Detect messages spanning multiple lines**.
-4. Click **Save**.
-5. When the URL associated with the HTTP Source is displayed, copy the URL so you can add it to the service you are using, such as Fluentd.
-
-
-
-
-### Field Extraction Rules
-
-Field Extraction Rules (FERs) tell Sumo Logic which fields to parse out automatically. For instructions, see [Create a Field Extraction Rule](/docs/manage/field-extractions/create-field-extraction-rule).
-
-Nginx assumes the NCSA extended/combined log file format for Access logs and the default Nginx error log file format for error logs.
-
-Both the parse expressions can be used for logs collected from Nginx Server running on Local or container-based systems.
-
-For **FER for Access Logs**, use the following Parse Expression:
-
-```
-| json field=_raw "log" as nginx_log_message nodrop
-| if (isEmpty(nginx_log_message), _raw, nginx_log_message) as nginx_log_message
-| parse regex field=nginx_log_message "(?\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"
-| parse regex field=nginx_log_message "(?[A-Z]+)\s(?\S+)\sHTTP/[\d\.]+\
-"\s(?\d+)\s(?[\d-]+)\s\"(?.*?)\"\s\"(?.+?)\".*"
-```
-
-For **FER for Error Logs**, use the following Parse Expression:
-
-```
-| json field=_raw "log" as nginx_log_message nodrop
-| if (isEmpty(nginx_log_message), _raw, nginx_log_message) as nginx_log_message
-| parse regex field=nginx_log_message "\s\[(?\S+)\]\s\d+#\d+:\s(?:\*\d+\s|)(?[A-Za-z][^,]+)(?:,|$)"
-| parse field=nginx_log_message "client: *, server: *, request: \"* * HTTP/1.1\", host:
-\"*\"" as Client_Ip, Server, Method, URL, Host nodrop
-```
-
-## Installing the Nginx (Legacy) app
-
-This section has instructions for installing the Sumo app for Nginx (Legacy). These instructions assume you have already set up the collection as described above.
-
-import AppInstall from '../../reuse/apps/app-install.md';
-
-})
-
-### Error Logs Analysis
-
-The **Nginx (Legacy) - Error Logs Analysis** dashboard provides a high-level view of log level breakdowns, comparisons, and trends. The panels also show the geographic locations of clients and clients with critical messages, new connections and outliers, client requests, request trends, and request outliers.
-
-Use this dashboard to:
-* Track requests from clients. A request is a message asking for a resource, such as a page or an image.
-* Track and view client geographic locations generating errors.
-* Track critical alerts and emergency error alerts.
-
-})
-
-### Logs Timeline Analysis
-
-The **Nginx (Legacy) - Logs Timeline Analysis** dashboard provides a high-level view of the activity and health of Nginx servers on your network. Dashboard panels display visual graphs and detailed information on traffic volume and distribution, responses over time, as well as time comparisons for visitor locations and server hits.
-
-Use this dashboard to:
-* To understand the traffic distribution across servers, provide insights for resource planning by analyzing data volume and bytes served.
-* Gain insights into originated traffic location by region. This can help you allocate compute resources to different regions according to their needs.
-
-})
-
-### Outlier Analysis
-
-The **Nginx (Legacy) - Outlier Analysis** dashboard provides a high-level view of Nginx server outlier metrics for bytes served, number of visitors, and server errors. You can select the time interval over which outliers are aggregated, then hover the cursor over the graph to display detailed information for that point in time.
-
-Use this dashboard to:
-* Detect outliers in your infrastructure with Sumo Logic’s machine learning algorithm.
-* To identify outliers in incoming traffic and the number of errors encountered by your servers.
-
-You can use schedule searches to send alerts to yourself whenever there is an outlier detected by Sumo Logic.
-
-})
-
-### Threat Intel
-
-The **Nginx (Legacy) - Threat Intel** dashboard provides an at-a-glance view of threats to Nginx servers on your network. Dashboard panels display the threat count over a selected time period, geographic locations where threats occurred, source breakdown, actors responsible for threats, severity, and a correlation of IP addresses, method, and status code of threats.
-
-Use this dashboard to:
-* To gain insights and understand threats in incoming traffic and discover potential IOCs. Incoming traffic requests are analyzed using the [Sumo - Crowdstrikes](/docs/integrations/security-threat-detection/threat-intel-quick-analysis#threat-intel-faq) threat feed.
-
-})
-
-### Web Server Operations
-
-The **Nginx (Legacy) - Web Server Operations** dashboard provides a high-level view combined with detailed information on the top ten bots, geographic locations, and data for clients with high error rates, server errors over time, and non 200 response code status codes. Dashboard panels also show information on server error logs, error log levels, error responses by a server, and the top URIs responsible for 404 responses.
-
-Use this dashboard to:
-* Gain insights into Client, Server Responses on Nginx Server. This helps you identify errors in Nginx Server.
-* To identify geo locations of all Client errors. This helps you identify client location causing errors and helps you to block client IPs.
-
-})
-
-### Visitor Access Types
-
-The **Nginx (Legacy) - Visitor Access Types** dashboard provides insights into visitor platform types, browsers, and operating systems, as well as the most popular mobile devices, PC and Mac versions used.
-
-Use this dashboard to:
-* Understand which platform and browsers are used to gain access to your infrastructure.
-* These insights can be useful for planning in which browsers, platforms, and operating systems (OS) should be supported by different software services.
-
-})
-
-### Visitor Locations
-
-The **Nginx (Legacy)- Visitor Locations** dashboard provides a high-level view of Nginx visitor geographic locations both worldwide and in the United States. Dashboard panels also show graphic trends for visits by country over time and visits by US region over time.
-
-Use this dashboard to:
-* Gain insights into geographic locations of your user base. This is useful for resource planning in different regions across the globe.
-
-})
-
-### Visitor Traffic Insight
-
-The **Nginx (Legacy) - Visitor Traffic Insight** dashboard provides detailed information on the top documents accessed, top referrers, top search terms from popular search engines, and the media types served.
-
-Use this dashboard to:
-* Understand the type of content that is frequently requested by users.
-* Help in allocating IT resources according to the content types.
-
-})
-
-
-## Nginx (Legacy) Alerts
-
-Sumo Logic has provided out-of-the-box alerts available through [Sumo Logic monitors](/docs/alerts/monitors) to help you quickly determine if the Nginx server is available and performing as expected. These alerts are built based on logs and metrics datasets and have preset thresholds based on industry best practices and recommendations. They are as follows:
-
-| Alert Name | Alert Description | Alert Condition | Recover Condition |
-|:---|:---|:---|:---|
-| Nginx - Dropped Connections | This alert fires when we detect dropped connections for a given Nginx server. | > 0 | < = 0 |
-| Nginx - Critical Error Messages | This alert fires when we detect critical error messages for a given Nginx server. | > 0 | < = 0 |
-| Nginx - Access from Highly Malicious Sources | This alert fires when an Nginx is accessed from highly malicious IP addresses. | > 0 | < = 0 |
-| Nginx - High Client (HTTP 4xx) Error Rate | This alert fires when there are too many HTTP requests (>5%) with a response status of 4xx. | > 0 | < = 0 |
-| Nginx - High Server (HTTP 5xx) Error Rate | This alert fires when there are too many HTTP requests (>5%) with a response status of 5xx. | > 0 | < = 0 |
diff --git a/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/telegraf-collection-architecture.md b/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/telegraf-collection-architecture.md
index 86a0f1a77b..03c44d5649 100644
--- a/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/telegraf-collection-architecture.md
+++ b/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/telegraf-collection-architecture.md
@@ -30,7 +30,7 @@ The metrics collection pipeline for using Telegraf in a non-Kubernetes environme
#### For applications that do not expose metrics
Some applications may not expose their metrics for another system to access, in which case you'll need to configure the application to expose the metrics so that Telegraf can collect them. Some examples:
-* To collect metrics from Nginx, you'd need to configure it to expose metrics in the Nginx configuration file. For more information, see [Collecting Logs and Metrics for Nginx (Legacy)](/docs/integrations/web-servers/nginx-legacy/#collecting-logs-and-metrics-for-nginx-legacy).
+* To collect metrics from Nginx, you'd need to configure it to expose metrics in the Nginx configuration file. For more information, see [Collecting Logs and Metrics for Nginx](/docs/integrations/web-servers/nginx).
* To collect JMX metrics from a Java application, you'd need to configure the application to use [Jolokia](https://jolokia.org/agent.html), a JMX-HTTP bridge. For more information, see [Collecting Metrics for JMX](/docs/integrations/app-development/jmx/#collecting-metrics-for-jmx).
You select an existing HTTP Source on a Hosted Collection as the destination for the Telegraf-collected metrics, or configure a new collector and source, as desired.
diff --git a/sidebars.ts b/sidebars.ts
index 9cf318b630..e8c421cb57 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -1922,7 +1922,6 @@ integrations: [
],
},
'integrations/microsoft-azure/active-directory-json',
- 'integrations/microsoft-azure/active-directory-legacy',
'integrations/microsoft-azure/active-directory-azure',
'integrations/microsoft-azure/audit',
'integrations/microsoft-azure/arm-integration-faq',
@@ -1975,7 +1974,6 @@ integrations: [
'integrations/microsoft-azure/office-365',
'integrations/microsoft-azure/sql-server',
'integrations/microsoft-azure/teams',
- 'integrations/microsoft-azure/windows-legacy-pci-compliance',
'integrations/microsoft-azure/windows-json-pci-compliance',
'integrations/microsoft-azure/windows-json',
'integrations/microsoft-azure/windows-legacy',
@@ -2244,7 +2242,6 @@ integrations: [
'integrations/pci-compliance/palo-alto-networks-9',
'integrations/pci-compliance/palo-alto-networks-10',
'integrations/microsoft-azure/windows-json-pci-compliance',
- 'integrations/microsoft-azure/windows-legacy-pci-compliance',
],
},
{
@@ -2333,8 +2330,6 @@ integrations: [
'integrations/security-threat-detection/netskope-legacy-collection',
'integrations/security-threat-detection/netskope',
'integrations/security-threat-detection/observable-networks',
- 'integrations/security-threat-detection/palo-alto-networks-6',
- 'integrations/security-threat-detection/palo-alto-networks-8',
'integrations/security-threat-detection/palo-alto-networks-9',
'integrations/security-threat-detection/sailpoint',
'integrations/security-threat-detection/threat-intel-quick-analysis',
@@ -2431,7 +2426,6 @@ integrations: [
'integrations/web-servers/iis-10',
'integrations/web-servers/nginx',
'integrations/web-servers/nginx-ingress',
- 'integrations/web-servers/nginx-legacy',
'integrations/web-servers/nginx-plus',
'integrations/web-servers/nginx-plus-ingress',
'integrations/web-servers/squid-proxy',
From 70abb320d8f538508087df918138e22f3e92cff2 Mon Sep 17 00:00:00 2001
From: Kim Pohas
Date: Tue, 14 May 2024 15:27:56 -0700
Subject: [PATCH 2/3] cid-redirects fix
---
cid-redirects.json | 14 +++++++-------
.../app-development/jfrog-artifactory.md | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/cid-redirects.json b/cid-redirects.json
index 61aa1317d0..05f6b5f3c7 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -1904,7 +1904,7 @@
"/cid/2324": "/docs/integrations/saas-cloud/workday",
"/cid/23433": "/docs/search/search-query-language/search-operators/topk",
"/cid/24000": "/docs/send-data/installed-collectors/sources/preconfigure-machine-collect-remote-windows-events",
- "/cid/24841": "/docs/integrations/security-threat-detection/palo-alto-networks-8",
+ "/cid/24841": "/docs/integrations/security-threat-detection/palo-alto-networks-9",
"/cid/25611": "/docs/integrations/saas-cloud/akamai-cloud-monitor",
"/cid/25612": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/azure-event-hubs-source",
"/cid/25613": "/docs/cse/ingestion/ingestion-sources-for-cloud-siem/carbon-black",
@@ -2053,9 +2053,9 @@
"/cid/5010": "/",
"/cid/5011": "/docs/manage/users-roles/users/multi-account-access",
"/cid/5012": "/docs/search/search-query-language/math-expressions/acos",
- "/cid/5013": "/docs/integrations/microsoft-azure/active-directory-legacy",
- "/cid/5014": "/docs/integrations/microsoft-azure/active-directory-legacy",
- "/cid/5015": "/docs/integrations/microsoft-azure/active-directory-legacy",
+ "/cid/5013": "/docs/integrations/microsoft-azure/active-directory-json",
+ "/cid/5014": "/docs/integrations/microsoft-azure/active-directory-json",
+ "/cid/5015": "/docs/integrations/microsoft-azure/active-directory-json",
"/cid/5016": "/docs/send-data/choose-collector-source",
"/cid/5017": "/docs/send-data/hosted-collectors/microsoft-source/ms-office-audit-source",
"/cid/5018": "/docs/send-data/hosted-collectors/amazon-aws/amazon-s3-audit-source",
@@ -2218,7 +2218,7 @@
"/cid/5252": "/docs/integrations/web-servers/nginx",
"/cid/5253": "/docs/integrations/web-servers/nginx",
"/cid/5254": "/docs/dashboards/panels/single-value-charts",
- "/cid/5255": "/docs/integrations/security-threat-detection/palo-alto-networks-6",
+ "/cid/5255": "/docs/integrations/security-threat-detection/palo-alto-networks-9",
"/cid/5256": "/docs/integrations/security-threat-detection/palo-alto-networks-6",
"/cid/5262": "/docs/search/get-started-with-search/suggested-searches/apache-access-parser",
"/cid/52621": "/docs/integrations/amazon-aws/redshift-ulm",
@@ -2243,7 +2243,7 @@
"/cid/5283": "/docs/integrations/pci-compliance",
"/cid/5284": "/docs/integrations/pci-compliance",
"/cid/5286": "/docs/get-started/library",
- "/cid/5287": "/docs/integrations/microsoft-azure/windows-legacy-pci-compliance",
+ "/cid/5287": "/docs/integrations/microsoft-azure/windows-json-pci-compliance",
"/cid/5289": "/docs/get-started/library",
"/cid/5294": "/docs/get-started/library",
"/cid/5301": "/docs/manage/partitions/data-tiers",
@@ -3898,5 +3898,5 @@
"/docs/integrations/security-threat-detection/palo-alto-networks-8":"/docs/integrations/security-threat-detection/palo-alto-networks-9",
"/docs/integrations/microsoft-azure/windows-legacy-pci-compliance": "/docs/integrations/microsoft-azure/windows-json-pci-compliance",
"/docs/integrations/web-servers/nginx-legacy": "/docs/integrations/web-servers/nginx",
- "/docs/integrations/microsoft-azure/active-directory-legacy/": "/docs/integrations/microsoft-azure/active-directory-json"
+ "/docs/integrations/microsoft-azure/active-directory-legacy": "/docs/integrations/microsoft-azure/active-directory-json"
}
diff --git a/docs/integrations/app-development/jfrog-artifactory.md b/docs/integrations/app-development/jfrog-artifactory.md
index 811dd45a40..1f5f5c6291 100644
--- a/docs/integrations/app-development/jfrog-artifactory.md
+++ b/docs/integrations/app-development/jfrog-artifactory.md
@@ -9,7 +9,7 @@ import useBaseUrl from '@docusaurus/useBaseUrl';
})
-JFrog Artifactory is a universal artifact repository manager that integrates with CI/CD and DevOps tools to provide artifact tracking. The Sumo Logic apps for Artifactory 7 provide insight into your JFrog Artifactory binary repository. Our preconfigured dashboards provide an overview of your system as well as Traffic, Requests and Access, Download Activity, Cache Deployment Activity, and Non-Cached Deployment Activity.
+JFrog Artifactory is a universal artifact repository manager that integrates with CI/CD and DevOps tools to provide artifact tracking. The Sumo Logic app for Artifactory 7 provides insight into your JFrog Artifactory binary repository. Our preconfigured dashboards provide an overview of your system as well as Traffic, Requests and Access, Download Activity, Cache Deployment Activity, and Non-Cached Deployment Activity.
If you _do not_ have a Sumo Logic account and want to get up and running quickly, the [JFrog Artifactory Sumo Logic integration](#if-you-do-not-have-a-sumo-logic-account) is the most convenient way to get started. It allows you to access Sumo Logic directly from Artifactory.
From 50a98c6c97c03ab6f60f326ef7c140a21fcda9ee Mon Sep 17 00:00:00 2001
From: Kim Pohas
Date: Tue, 14 May 2024 15:39:22 -0700
Subject: [PATCH 3/3] minor fix
---
cid-redirects.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cid-redirects.json b/cid-redirects.json
index 05f6b5f3c7..6fd7d031d5 100644
--- a/cid-redirects.json
+++ b/cid-redirects.json
@@ -2219,7 +2219,7 @@
"/cid/5253": "/docs/integrations/web-servers/nginx",
"/cid/5254": "/docs/dashboards/panels/single-value-charts",
"/cid/5255": "/docs/integrations/security-threat-detection/palo-alto-networks-9",
- "/cid/5256": "/docs/integrations/security-threat-detection/palo-alto-networks-6",
+ "/cid/5256": "/docs/integrations/security-threat-detection/palo-alto-networks-9",
"/cid/5262": "/docs/search/get-started-with-search/suggested-searches/apache-access-parser",
"/cid/52621": "/docs/integrations/amazon-aws/redshift-ulm",
"/cid/5263": "/docs/search/get-started-with-search/suggested-searches/apache-errors-parser",
-
-Nginx (Legacy) is a web server that can be used as a reverse proxy, load balancer, mail proxy, and HTTP cache. The Sumo Logic app for Nginx (Legacy) support logs for Open Source Nginx, Nginx Plus, as well as Metrics for Open Source Nginx.
-
-The Sumo Logic app for Nginx (Legacy) helps you monitor webserver activity in Nginx. The preconfigured dashboards provide information about site visitors, including the location of visitors, devices/operating systems, and browsers used; and information about server activity, including bots observed and error information.
-
-## Log and Metrics Types
-
-The Sumo Logic app for Nginx assumes the NCSA extended/combined log file format for Access logs and the default Nginx error log file format for error logs.
-
-All Dashboards (except the Error logs Analysis dashboard) assume the Access log format. The Error logs Analysis Dashboard assumes both Access and Error log formats, so as to correlate information between the two. For more details on Nginx logs, see [Module ngx_http_log_module](https://nginx.org/en/docs/http/ngx_http_log_module.html).
-
-The Sumo Logic app for Nginx assumes Prometheus format Metrics for Requests and Connections. For Nginx Server metrics, Stub_Status Module from Nginx Configuration is used. For more details on Nginx Metrics, see https://nginx.org/libxslt/en/docs/http/ngx_http_stub_status_module.html.
-
-
-### Sample log messages
-
-```txt title="Access Log Example"
-50.1.1.1 - example [23/Sep/2016:19:00:00 +0000] "POST /api/is_individual HTTP/1.1" 200 58 "-"
-"python-requests/2.7.0 CPython/2.7.6 Linux/3.13.0-36-generic"
-```
-
-```txt title="Error Log Example"
-2016/09/23 19:00:00 [error] 1600#1600: *61413 open() "/srv/core/client/dist/client/favicon.ico"
-failed (2: No such file or directory), client: 101.1.1.1, server: _, request: "GET /favicon.ico
-HTTP/1.1", host: "example.com", referrer: "https://abc.example.com/"
-```
-
-### Sample queries
-
-This sample query is from the **Requests by Clients** panel of the **Nginx (Legacy) - Overview** dashboard.
-
-```
-_sourceCategory = Labs/Nginx/Logs
-| json field=_raw "log" as nginx_log_message nodrop
-| if (isEmpty(nginx_log_message), _raw, nginx_log_message) as nginx_log_message
-| parse regex field=nginx_log_message "(?
-
-### Error Logs Analysis
-
-The **Nginx (Legacy) - Error Logs Analysis** dashboard provides a high-level view of log level breakdowns, comparisons, and trends. The panels also show the geographic locations of clients and clients with critical messages, new connections and outliers, client requests, request trends, and request outliers.
-
-Use this dashboard to:
-* Track requests from clients. A request is a message asking for a resource, such as a page or an image.
-* Track and view client geographic locations generating errors.
-* Track critical alerts and emergency error alerts.
-
-
-
-### Logs Timeline Analysis
-
-The **Nginx (Legacy) - Logs Timeline Analysis** dashboard provides a high-level view of the activity and health of Nginx servers on your network. Dashboard panels display visual graphs and detailed information on traffic volume and distribution, responses over time, as well as time comparisons for visitor locations and server hits.
-
-Use this dashboard to:
-* To understand the traffic distribution across servers, provide insights for resource planning by analyzing data volume and bytes served.
-* Gain insights into originated traffic location by region. This can help you allocate compute resources to different regions according to their needs.
-
-
-
-### Outlier Analysis
-
-The **Nginx (Legacy) - Outlier Analysis** dashboard provides a high-level view of Nginx server outlier metrics for bytes served, number of visitors, and server errors. You can select the time interval over which outliers are aggregated, then hover the cursor over the graph to display detailed information for that point in time.
-
-Use this dashboard to:
-* Detect outliers in your infrastructure with Sumo Logic’s machine learning algorithm.
-* To identify outliers in incoming traffic and the number of errors encountered by your servers.
-
-You can use schedule searches to send alerts to yourself whenever there is an outlier detected by Sumo Logic.
-
-
-
-### Threat Intel
-
-The **Nginx (Legacy) - Threat Intel** dashboard provides an at-a-glance view of threats to Nginx servers on your network. Dashboard panels display the threat count over a selected time period, geographic locations where threats occurred, source breakdown, actors responsible for threats, severity, and a correlation of IP addresses, method, and status code of threats.
-
-Use this dashboard to:
-* To gain insights and understand threats in incoming traffic and discover potential IOCs. Incoming traffic requests are analyzed using the [Sumo - Crowdstrikes](/docs/integrations/security-threat-detection/threat-intel-quick-analysis#threat-intel-faq) threat feed.
-
-
-
-### Web Server Operations
-
-The **Nginx (Legacy) - Web Server Operations** dashboard provides a high-level view combined with detailed information on the top ten bots, geographic locations, and data for clients with high error rates, server errors over time, and non 200 response code status codes. Dashboard panels also show information on server error logs, error log levels, error responses by a server, and the top URIs responsible for 404 responses.
-
-Use this dashboard to:
-* Gain insights into Client, Server Responses on Nginx Server. This helps you identify errors in Nginx Server.
-* To identify geo locations of all Client errors. This helps you identify client location causing errors and helps you to block client IPs.
-
-
-
-### Visitor Access Types
-
-The **Nginx (Legacy) - Visitor Access Types** dashboard provides insights into visitor platform types, browsers, and operating systems, as well as the most popular mobile devices, PC and Mac versions used.
-
-Use this dashboard to:
-* Understand which platform and browsers are used to gain access to your infrastructure.
-* These insights can be useful for planning in which browsers, platforms, and operating systems (OS) should be supported by different software services.
-
-
-
-### Visitor Locations
-
-The **Nginx (Legacy)- Visitor Locations** dashboard provides a high-level view of Nginx visitor geographic locations both worldwide and in the United States. Dashboard panels also show graphic trends for visits by country over time and visits by US region over time.
-
-Use this dashboard to:
-* Gain insights into geographic locations of your user base. This is useful for resource planning in different regions across the globe.
-
-
-
-### Visitor Traffic Insight
-
-The **Nginx (Legacy) - Visitor Traffic Insight** dashboard provides detailed information on the top documents accessed, top referrers, top search terms from popular search engines, and the media types served.
-
-Use this dashboard to:
-* Understand the type of content that is frequently requested by users.
-* Help in allocating IT resources according to the content types.
-
-
-
-
-## Nginx (Legacy) Alerts
-
-Sumo Logic has provided out-of-the-box alerts available through [Sumo Logic monitors](/docs/alerts/monitors) to help you quickly determine if the Nginx server is available and performing as expected. These alerts are built based on logs and metrics datasets and have preset thresholds based on industry best practices and recommendations. They are as follows:
-
-| Alert Name | Alert Description | Alert Condition | Recover Condition |
-|:---|:---|:---|:---|
-| Nginx - Dropped Connections | This alert fires when we detect dropped connections for a given Nginx server. | > 0 | < = 0 |
-| Nginx - Critical Error Messages | This alert fires when we detect critical error messages for a given Nginx server. | > 0 | < = 0 |
-| Nginx - Access from Highly Malicious Sources | This alert fires when an Nginx is accessed from highly malicious IP addresses. | > 0 | < = 0 |
-| Nginx - High Client (HTTP 4xx) Error Rate | This alert fires when there are too many HTTP requests (>5%) with a response status of 4xx. | > 0 | < = 0 |
-| Nginx - High Server (HTTP 5xx) Error Rate | This alert fires when there are too many HTTP requests (>5%) with a response status of 5xx. | > 0 | < = 0 |
diff --git a/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/telegraf-collection-architecture.md b/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/telegraf-collection-architecture.md
index 86a0f1a77b..03c44d5649 100644
--- a/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/telegraf-collection-architecture.md
+++ b/docs/send-data/collect-from-other-data-sources/collect-metrics-telegraf/telegraf-collection-architecture.md
@@ -30,7 +30,7 @@ The metrics collection pipeline for using Telegraf in a non-Kubernetes environme
#### For applications that do not expose metrics
Some applications may not expose their metrics for another system to access, in which case you'll need to configure the application to expose the metrics so that Telegraf can collect them. Some examples:
-* To collect metrics from Nginx, you'd need to configure it to expose metrics in the Nginx configuration file. For more information, see [Collecting Logs and Metrics for Nginx (Legacy)](/docs/integrations/web-servers/nginx-legacy/#collecting-logs-and-metrics-for-nginx-legacy).
+* To collect metrics from Nginx, you'd need to configure it to expose metrics in the Nginx configuration file. For more information, see [Collecting Logs and Metrics for Nginx](/docs/integrations/web-servers/nginx).
* To collect JMX metrics from a Java application, you'd need to configure the application to use [Jolokia](https://jolokia.org/agent.html), a JMX-HTTP bridge. For more information, see [Collecting Metrics for JMX](/docs/integrations/app-development/jmx/#collecting-metrics-for-jmx).
You select an existing HTTP Source on a Hosted Collection as the destination for the Telegraf-collected metrics, or configure a new collector and source, as desired.
diff --git a/sidebars.ts b/sidebars.ts
index 9cf318b630..e8c421cb57 100644
--- a/sidebars.ts
+++ b/sidebars.ts
@@ -1922,7 +1922,6 @@ integrations: [
],
},
'integrations/microsoft-azure/active-directory-json',
- 'integrations/microsoft-azure/active-directory-legacy',
'integrations/microsoft-azure/active-directory-azure',
'integrations/microsoft-azure/audit',
'integrations/microsoft-azure/arm-integration-faq',
@@ -1975,7 +1974,6 @@ integrations: [
'integrations/microsoft-azure/office-365',
'integrations/microsoft-azure/sql-server',
'integrations/microsoft-azure/teams',
- 'integrations/microsoft-azure/windows-legacy-pci-compliance',
'integrations/microsoft-azure/windows-json-pci-compliance',
'integrations/microsoft-azure/windows-json',
'integrations/microsoft-azure/windows-legacy',
@@ -2244,7 +2242,6 @@ integrations: [
'integrations/pci-compliance/palo-alto-networks-9',
'integrations/pci-compliance/palo-alto-networks-10',
'integrations/microsoft-azure/windows-json-pci-compliance',
- 'integrations/microsoft-azure/windows-legacy-pci-compliance',
],
},
{
@@ -2333,8 +2330,6 @@ integrations: [
'integrations/security-threat-detection/netskope-legacy-collection',
'integrations/security-threat-detection/netskope',
'integrations/security-threat-detection/observable-networks',
- 'integrations/security-threat-detection/palo-alto-networks-6',
- 'integrations/security-threat-detection/palo-alto-networks-8',
'integrations/security-threat-detection/palo-alto-networks-9',
'integrations/security-threat-detection/sailpoint',
'integrations/security-threat-detection/threat-intel-quick-analysis',
@@ -2431,7 +2426,6 @@ integrations: [
'integrations/web-servers/iis-10',
'integrations/web-servers/nginx',
'integrations/web-servers/nginx-ingress',
- 'integrations/web-servers/nginx-legacy',
'integrations/web-servers/nginx-plus',
'integrations/web-servers/nginx-plus-ingress',
'integrations/web-servers/squid-proxy',
From 70abb320d8f538508087df918138e22f3e92cff2 Mon Sep 17 00:00:00 2001
From: Kim Pohas
-JFrog Artifactory is a universal artifact repository manager that integrates with CI/CD and DevOps tools to provide artifact tracking. The Sumo Logic apps for Artifactory 7 provide insight into your JFrog Artifactory binary repository. Our preconfigured dashboards provide an overview of your system as well as Traffic, Requests and Access, Download Activity, Cache Deployment Activity, and Non-Cached Deployment Activity.
+JFrog Artifactory is a universal artifact repository manager that integrates with CI/CD and DevOps tools to provide artifact tracking. The Sumo Logic app for Artifactory 7 provides insight into your JFrog Artifactory binary repository. Our preconfigured dashboards provide an overview of your system as well as Traffic, Requests and Access, Download Activity, Cache Deployment Activity, and Non-Cached Deployment Activity.
If you _do not_ have a Sumo Logic account and want to get up and running quickly, the [JFrog Artifactory Sumo Logic integration](#if-you-do-not-have-a-sumo-logic-account) is the most convenient way to get started. It allows you to access Sumo Logic directly from Artifactory.
From 50a98c6c97c03ab6f60f326ef7c140a21fcda9ee Mon Sep 17 00:00:00 2001
From: Kim Pohas