SumoLogic · jpipkin1 · Nov 25, 2024 · Nov 26, 2024 · Dec 2, 2024 · Dec 3, 2024
@@ -4072,6 +4072,8 @@
   "/docs/cse/records-signals-entities-insights/cse-heads-up-display": "/docs/cse/get-started-with-cloud-siem/cse-heads-up-display",
   "/docs/cse/records-signals-entities-insights/insight-generation-process": "/docs/cse/get-started-with-cloud-siem/insight-generation-process",
   "/docs/cse/get-started-with-cloud-siem/introduction-to-cloud-siem": "/docs/cse/get-started-with-cloud-siem",
+  "/docs/cse/cloud-siem-content-catalog": "/docs/cse/get-started-with-cloud-siem/cloud-siem-content-catalog",
+  "/docs/cse/introduction-to-cloud-sie": "/docs/cse/get-started-with-cloud-siem",
   "/docs/integrations/sumo-apps/security-foundations": "/docs/integrations/sumo-apps/security-analytics",
   "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-amazon-kinesis": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",
   "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs/collect-with-collector-script": "/docs/send-data/collect-from-other-data-sources/amazon-cloudwatch-logs",

@@ -21,7 +21,7 @@ For more information about tags in Cloud SIEM, see [Using Tags with Insights, Si
 
 ## Define a custom tag schema
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Workflow** select **Tag Schemas**.<br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Tag Schemas**. You can also click the **Go To...** menu at the top of the screen and select **Tag Schemas**. 
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Workflow** select **Tag Schemas**.<br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Tag Schemas**. You can also click the **Go To...** menu at the top of the screen and select **Tag Schemas**. 
 1. On the **Tag Schemas** page, click **Create**. <br/><img src={useBaseUrl('img/cse/tag-schema-empty.png')} alt="Create tag schema" style={{border: '1px solid gray'}} width="400"/>
 1. The **Tag Schema** popup appears. 
     1. **Key**. Enter an identifier for the tag you’re defining. It won’t appear in the UI for assigning tags to a content item, unless you leave the **Label** field blank.

@@ -72,7 +72,7 @@ The notification sent by a Rule Action contains the name of the rule and the re
 
 ## Create an Action
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Actions**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Actions**. You can also click the **Go To...** menu at the top of the screen and select **Actions**. 
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Integrations** select **Actions**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Actions**. You can also click the **Go To...** menu at the top of the screen and select **Actions**. 
 1. On the **Actions** page, click **Create**.
 1. The **Create Action** popup appears. <br/><img src={useBaseUrl('img/cse/create-action-empty.png')} alt="Create Action dialog" style={{border: '1px solid gray'}} width="500" />
 1. **Name**. Enter a name that communicates what the Action does.

@@ -57,7 +57,7 @@ import Iframe from 'react-iframe';
 
 ## Configure a Context Action
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Context Actions**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Context Actions**. You can also click the **Go To...** menu at the top of the screen and select **Context Actions**.  
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Integrations** select **Context Actions**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Context Actions**. You can also click the **Go To...** menu at the top of the screen and select **Context Actions**.  
 1. On the **Context Actions** page click **Create**.
 1. Create the context action.  <br/><img src={useBaseUrl('img/cse/configured-action.png')} alt="Configure action" style={{border: '1px solid gray'}} width="500"/>
     1. **Enter Context Action Name**. Enter a name for the Context Action. 

@@ -41,7 +41,7 @@ Rule authors can also write rules that look for threat intelligence information
 
 ### Create a threat intelligence source from Cloud SIEM UI
 
-1.  [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Content > Threat Intelligence**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the main Sumo Logic menu, select **Cloud SIEM > Threat Intelligence**. You can also click the **Go To...** menu at the top of the screen and select **Threat Intelligence**.  
+1.  [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Threat Intelligence**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Threat Intelligence**. You can also click the **Go To...** menu at the top of the screen and select **Threat Intelligence**.  
 1. Click **Add Source** on the **Threat Intelligence** page. 
 1. Click **Custom** on the **Add Source** popup.
 1. On the **Add New Source** popup, enter a name, and if desired, a description for the source. 

@@ -65,7 +65,7 @@ When Cloud SIEM looks for the Network Block address `10.128.0.1`, it will ret
 
 Follow these instructions to create a Network Block using the Cloud SIEM UI. For information about creating multiple Network Blocks by file upload, see [Upload a CSV file of Network Blocks](#upload-a-csv-file-of-network-blocks).
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Content > Network Blocks**.  <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the main Sumo Logic menu, select **Cloud SIEM > Network Blocks**. You can also click the **Go To...** menu at the top of the screen and select **Network Blocks**. 
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Content > Network Blocks**.  <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the main Sumo Logic menu, select **Cloud SIEM > Network Blocks**. You can also click the **Go To...** menu at the top of the screen and select **Network Blocks**. 
 1. On the **Create Network Block** popup:
     1. **Address Block**. Enter a CIDR block that identifies a contiguous range of IP addresses.
     1. **Label**. Enter a meaningful name for the Network Block.

@@ -22,7 +22,7 @@ You can define custom *sub-resolutions* for any of the built-in resolutions. Thi
 
 ## Create a custom sub-resolution
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Workflow** select **Resolutions**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Insight Resolutions**. You can also click the **Go To...** menu at the top of the screen and select **Insight Resolutions**.  
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Workflow** select **Resolutions**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Insight Resolutions**. You can also click the **Go To...** menu at the top of the screen and select **Insight Resolutions**.  
 1. On the **Insight Resolutions** page, click **Create**. 
 1. The **Create Insight Resolution** page appears.
     1. **Name**. Enter a meaningful name for the new resolution.

@@ -13,7 +13,7 @@ This page has information about creating and managing custom Insight statuses.
 
 To view Insight statuses:
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Workflow** select **Statuses**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Insight Statuses**. You can also click the **Go To...** menu at the top of the screen and select **Insight Statuses**. 
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Workflow** select **Statuses**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Insight Statuses**. You can also click the **Go To...** menu at the top of the screen and select **Insight Statuses**. 
 1. This screenshot of the **Statuses** page shows the three Insight statuses that are preconfigured:
     * **New**. Insights that have not been worked on yet.
     * **In Progress**. Insights that are being investigated. If you want to create custom statuses to represent different types of "in progress" states, you can click the **Enabled** toggle to disable the default **In Progress** status to reduce confusion.
@@ -25,7 +25,7 @@ Preconfigured Insight statuses cannot be edited or deleted. You can however crea
 
 To create a custom Insight status:
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui).  In the top menu select **Configuration**, and then under **Workflow** select **Statuses**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Insight Statuses**. You can also click the **Go To...** menu at the top of the screen and select **Insight Statuses**. 
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic).  In the top menu select **Configuration**, and then under **Workflow** select **Statuses**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Insight Statuses**. You can also click the **Go To...** menu at the top of the screen and select **Insight Statuses**. 
 1. On the **Statuses** page, click **Create Status**.
 1. On the **New Status** popup, enter a name and description for the status. 
 1. Click **Color** to select a color for the status. The color will appear on the status on the [Heads Up Display](/docs/cse/get-started-with-cloud-siem/cse-heads-up-display).
@@ -41,7 +41,7 @@ To change the order that the statuses appear in the **Status** dropdown, you can
 To change the order of Insight statuses:
 
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Workflow** select **Statuses**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Insight Statuses**. You can also click the **Go To...** menu at the top of the screen and select **Insight Statuses**.  
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Workflow** select **Statuses**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Workflow** select **Insight Statuses**. You can also click the **Go To...** menu at the top of the screen and select **Insight Statuses**.  
 1. On the **Statuses** page, each status that can be moved has a handle to the left of its name.  <br/><img src={useBaseUrl('img/cse/reorder-icons.png')} alt="Reorder icons" style={{border: '1px solid gray'}} width="200"/>
 1. To move a status to a different location on the list, use your mouse to drag it to the desired location.
 

@@ -37,9 +37,9 @@ Watch this micro lesson to learn about the MITRE ATT&CK Threat Coverage Explorer
 
 ## User interface 
 
-[**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). To open the MITRE ATT&CK Threat Coverage Explorer, in the top menu select **Content > MITRE ATT&CK Coverage**.
+[**Classic UI**](/docs/get-started/sumo-logic-ui-classic). To open the MITRE ATT&CK Threat Coverage Explorer, in the top menu select **Content > MITRE ATT&CK Coverage**.
 
-[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). To open the MITRE ATT&CK Threat Coverage Explorer, in the main Sumo Logic menu select **Cloud SIEM > MITRE ATT&CK Coverage**. You can also click the **Go To...** menu at the top of the screen and select **MITRE ATT&CK Coverage**. 
+[**New UI**](/docs/get-started/sumo-logic-ui). To open the MITRE ATT&CK Threat Coverage Explorer, in the main Sumo Logic menu select **Cloud SIEM > MITRE ATT&CK Coverage**. You can also click the **Go To...** menu at the top of the screen and select **MITRE ATT&CK Coverage**. 
 
 <img src={useBaseUrl('img/cse/mitre-coverage-page.png')} alt="MITRE Coverage page" style={{border: '1px solid gray'}} width="900"/>
 

@@ -46,7 +46,7 @@ Before you can access the Automation Service from Cloud SIEM, you must first [co
 :::
 
 1. To access the Automation Service from Cloud SIEM:
-   1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**. <br/>The list of available Cloud SIEM automations appears. Each automation runs a playbook.<br/><img src={useBaseUrl('img/cse/automations-automations-list.png')} alt="Automations list" style={{border: '1px solid gray'}} width="800"/>
+   1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**. <br/>The list of available Cloud SIEM automations appears. Each automation runs a playbook.<br/><img src={useBaseUrl('img/cse/automations-automations-list.png')} alt="Automations list" style={{border: '1px solid gray'}} width="800"/>
    1. At the top of the screen, click **Manage Playbooks**.<br/><img src={useBaseUrl('img/cse/automations-manage-playbooks.png')} alt="Manage Playbooks menu option" width="400"/> <br/>The Automation Service screen displays: <br/><img src={useBaseUrl('img/cse/automations-playbook-list.png')} alt="Automation Playbook list" style={{border: '1px solid gray'}} width="800"/>
      :::note
      You can also launch the Automation Service by selecting **Automation** from the main menu: <br/><img src={useBaseUrl('img/cse/automation-menu-in-nav-bar.png')} alt="Automation menu option in the nav bar" style={{border: '1px solid gray'}} width="200"/> <br/>If you also have Cloud SOAR installed, a **Cloud SOAR** option appears instead, since all automation services are provided by Cloud SOAR when it installed in conjunction with Cloud SIEM.

@@ -82,7 +82,7 @@ If you configured the automation to [run manually](#run-an-automation-manually),
 
 ## View automations
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**. 
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**. 
 1. View the list of available automations. (If no automations display, you must first [create an automation](#create-an-automation)).<br/><img src={useBaseUrl('img/cse/automations-automations-list.png')} alt="Automations list" style={{border: '1px solid gray'}} width="800"/>
 
 To view the automations that have run on Insights or Entities, see [View results of an automation](#view-results-of-an-automation).
@@ -91,7 +91,7 @@ To view the automations that have run on Insights or Entities, see [View results
 
 The following procedure provides a brief introduction to how to create an automation. For detailed examples, see [Cloud SIEM Automation Examples](/docs/cse/automation/cloud-siem-automation-examples/).
 
-1. [**Classic UI**](/docs/cse/introduction-to-cloud-siem/#classic-ui). In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/cse/introduction-to-cloud-siem/#new-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**. 
+1. [**Classic UI**](/docs/get-started/sumo-logic-ui-classic). In the top menu select **Configuration**, and then under **Integrations** select **Automation**. <br/>[**New UI**](/docs/get-started/sumo-logic-ui). In the top menu select **Configuration**, and then under **Cloud SIEM Integrations** select **Automation**. You can also click the **Go To...** menu at the top of the screen and select **Automation**. 
 1. At the top of the automations screen, click **Create**.  (To modify an existing automation, click on the edit icon for the corresponding automation.)<br/><img src={useBaseUrl('img/cse/automations-automations-list.png')} alt="Automations list" style={{border: '1px solid gray'}} width="800"/>
 1. In the **New Automation** dialog, select a **Playbook** from the drop-down list. The playbook must be defined before associating it with an automation. <br/><img src={useBaseUrl('img/cse/automations-new.png')} alt="New Automation" style={{border: '1px solid gray'}} width="400"/>
 1. In **Expects attributes for** select whether the playbook will run on an **Entity** or **Insight**. This defines what data payload will be sent to the playbook from Cloud SIEM.