From 7c4c71bf6426428f5836d2e00d1473c9701d9ae8 Mon Sep 17 00:00:00 2001
From: Julian Crowley <jcrowley@sumologic.com>
Date: Thu, 30 Jan 2025 17:15:09 -0700
Subject: [PATCH 1/2] CSIEM Content 2025-01-31

---
 blog-cse/2025-01-31-content.md | 42 ++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 blog-cse/2025-01-31-content.md

diff --git a/blog-cse/2025-01-31-content.md b/blog-cse/2025-01-31-content.md
new file mode 100644
index 0000000000..08c8d96cb8
--- /dev/null
+++ b/blog-cse/2025-01-31-content.md
@@ -0,0 +1,42 @@
+### January 31, 2025 - Content Release
+
+This content release includes:
+- Removal and updates to CSIEM Rules
+- Parsing and mapping support for new products
+- Updates to existing parsing and mappers to support additional events and field mappings
+- Changes are enumerated below
+
+## Rules
+- [Deleted] MATCH-S00604 OneLogin - API Credentials - Key Used from Untrusted Location
+- [Updated] FIRST-S00044 First Seen AppID Generating MailItemsAccessed Event from User
+    - Corrected typo in "MailItemsAccessed"
+- [Updated] FIRST-S00046 First Seen Client Generating MailItemsAccessed Event from User
+    - Corrected typo in "MailItemsAccessed"
+
+## Log Mappers
+- [New] Crowdstrike FileVantage Catch All
+- [New] Dragos Communication
+- [New] Dragos Indicator
+- [New] Dragos System|Asset
+- [New] Extrahop JSON Catch All
+- [New] F5 TMM Http Request|TMM Network|TMM Connection error
+- [New] F5 TMSH - Custom Parser
+- [New] Zendesk - Login events
+### Updated Field Mappings
+- [Updated] Code42 Incydr Alerts C2C
+- [Updated] Cyber Ark EPM AggregateEvent
+- [Updated] Google G Suite - meet
+- [Updated] Palo Alto GlobalProtect - Custom Parser
+- [Updated] Palo Alto GlobalProtect Auth - Custom Parser
+- [Updated] Zendesk Catch All
+
+## Parsers
+- [New] /Parsers/System/CrowdStrike/CrowdStrike Filevantage
+- [New] /Parsers/System/Extrahop/Extrahop JSON
+### Updated parsers to handle additional events and field parsing
+- [Updated] /Parsers/System/Code42/Code42 Incydr
+- [Updated] /Parsers/System/Dragos/Dragos
+- [Updated] /Parsers/System/F5/F5 Syslog
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/Microsoft/Office 365
+- [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV
\ No newline at end of file

From 9153b01a7f29e0973e223f398bedac0e8b870481 Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Fri, 31 Jan 2025 11:32:07 -0600
Subject: [PATCH 2/2] Updates from review

---
 blog-cse/2025-01-31-content.md | 36 ++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/blog-cse/2025-01-31-content.md b/blog-cse/2025-01-31-content.md
index 08c8d96cb8..d679c0192d 100644
--- a/blog-cse/2025-01-31-content.md
+++ b/blog-cse/2025-01-31-content.md
@@ -1,19 +1,31 @@
-### January 31, 2025 - Content Release
+---
+title: January 31, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
 
 This content release includes:
-- Removal and updates to CSIEM Rules
-- Parsing and mapping support for new products
-- Updates to existing parsing and mappers to support additional events and field mappings
-- Changes are enumerated below
+- Removal and updates to Cloud SIEM rules.
+- Parsing and mapping support for new products.
+- Updates to existing parsing and mappers to support additional events and field mappings.
+
+Changes are enumerated below.
 
-## Rules
+### Rules
 - [Deleted] MATCH-S00604 OneLogin - API Credentials - Key Used from Untrusted Location
 - [Updated] FIRST-S00044 First Seen AppID Generating MailItemsAccessed Event from User
-    - Corrected typo in "MailItemsAccessed"
+    - Corrected typo in "MailItemsAccessed".
 - [Updated] FIRST-S00046 First Seen Client Generating MailItemsAccessed Event from User
-    - Corrected typo in "MailItemsAccessed"
+    - Corrected typo in "MailItemsAccessed".
 
-## Log Mappers
+### Log Mappers
 - [New] Crowdstrike FileVantage Catch All
 - [New] Dragos Communication
 - [New] Dragos Indicator
@@ -22,7 +34,7 @@ This content release includes:
 - [New] F5 TMM Http Request|TMM Network|TMM Connection error
 - [New] F5 TMSH - Custom Parser
 - [New] Zendesk - Login events
-### Updated Field Mappings
+#### Updated Field Mappings
 - [Updated] Code42 Incydr Alerts C2C
 - [Updated] Cyber Ark EPM AggregateEvent
 - [Updated] Google G Suite - meet
@@ -30,10 +42,10 @@ This content release includes:
 - [Updated] Palo Alto GlobalProtect Auth - Custom Parser
 - [Updated] Zendesk Catch All
 
-## Parsers
+### Parsers
 - [New] /Parsers/System/CrowdStrike/CrowdStrike Filevantage
 - [New] /Parsers/System/Extrahop/Extrahop JSON
-### Updated parsers to handle additional events and field parsing
+#### Updated parsers to handle additional events and field parsing
 - [Updated] /Parsers/System/Code42/Code42 Incydr
 - [Updated] /Parsers/System/Dragos/Dragos
 - [Updated] /Parsers/System/F5/F5 Syslog