From dedcf21b1eb94510943a369622788e22d0b48d65 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 18:26:42 +0530
Subject: [PATCH 01/29] Release note for AWS CloudTrail update

---
 blog-service/2025-06-17-apps.md | 70 +++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)
 create mode 100644 blog-service/2025-06-17-apps.md

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
new file mode 100644
index 0000000000..e418153896
--- /dev/null
+++ b/blog-service/2025-06-17-apps.md
@@ -0,0 +1,70 @@
+---
+title: AWS CloudTrail (Apps)
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - apps
+  - aws-cloudtrail
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+AWS is streamlining [CloudTrail](https://aws.amazon.com/cloudtrail/) events for [IAM Identity Center](https://aws.amazon.com/iam/identity-center/) by keeping only the essential fields needed for workflows like audit and incident response. These changes make it easier to identify users in IAM Identity Center CloudTrail events, based on customer feedback. They also improve the ability to match users between IAM Identity Center and external directories like Okta Universal Directory or Microsoft Active Directory. These updates do not impact CloudTrail events from other AWS services.
+
+To learn more, see [Important changes to CloudTrail events for AWS IAM Identity Center](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/).
+
+### Impact and required actions for Sumo Logic users following AWS CloudTrail updates
+
+#### Overview of required updates
+
+AWS is updating CloudTrail events for IAM Identity Center, affecting how user identity data is structured. So, if you are using the updated fields in your Cloud SIEM content or across the Sumo Logic platform, you need to update any saved queries, dashboards, or detection rules to reflect these changes and ensure continued functionality.
+
+**Key updates**:
+- Sumo Logic-provided apps must be manually reinstalled to incorporate the updated event field mappings.
+- Cloud SIEM parsers have already been automatically updated and require no customer intervention.
+
+#### Action plan for Sumo Logic users
+
+**Step 1: Reinstall relevant Sumo Logic apps**
+
+To reinstall the apps, follow the steps below:
+
+1. Navigate to the **App Catalog**.
+1. Search for the relevant app.
+
+    If you're using any of the following apps that consume CloudTrail data, you must reinstall them:
+    - Amazon CloudTrail – Cloud Security Monitoring and Analytics
+    - AWS CloudTrail
+    - CIS AWS Foundations Benchmark
+    - PCI Compliance for AWS CloudTrail
+    - Threat Intel for AWS
+    - Cloud Infrastructure Security for AWS
+    :::info
+    These are v1 apps, and reinstalling them will create a new folder in your Content Library with updated dashboards that reflect the field structure changes.
+    :::
+3. Install to deploy updated content under a new folder.
+
+**Step 2: Update custom saved searches and dashboards**
+
+If you’ve created custom content based on CloudTrail fields, manual updates will be necessary to accommodate the new schema.
+
+**Field mapping changes**
+| Fields | New Location |
+|:--|:--|
+| `UserName` | Added under `additionalEventData` |
+| `principalId` | Removed |
+| `userId`<br/>`identityStoreArn`<br/>`credentialId` | Added under `userIdentity` |
+
+For more information on field changes, see [AWS Security Blog](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=How%20to%20prepare%20your%20workflows%20for%20the%20upcoming%20changes%20to%20IAM%20Identity%20Center%20user%20identification%20in%20CloudTrail)
+
+#### Timeline for implementation
+
+AWS plans to implement these changes on [July 14, 2025](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=Effective%20July%2014%2C%202025).
+
+Sumo Logic apps are backward-compatible, so you can safely reinstall updated apps before the AWS changes go live.
+
+For any custom content outside of Sumo Logic’s managed apps or parsers, ensure your changes are backward compatible and deploy updates before July 14, 2025.
+
+#### Consequences of not updating
+
+Failure to update your apps, saved searches, or dashboards will result in user-related fields not being parsed correctly. Consequently, visualizations and panels relying on those fields will appear empty or display inaccurate data.
\ No newline at end of file

From 2c304fc816d20889273843343d8242184d867a29 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:09:08 +0530
Subject: [PATCH 02/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index e418153896..7a58887459 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -1,5 +1,5 @@
 ---
-title: AWS CloudTrail (Apps)
+title: AWS CloudTrail Updates (Apps)
 image: https://help.sumologic.com/img/sumo-square.png
 keywords:
   - apps

From 4f306a5a7e7d09d3a0aba6bcd23768c3a210db6b Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:09:30 +0530
Subject: [PATCH 03/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 7a58887459..5c9f0b1724 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -21,7 +21,7 @@ AWS is updating CloudTrail events for IAM Identity Center, affecting how user id
 
 **Key updates**:
 - Sumo Logic-provided apps must be manually reinstalled to incorporate the updated event field mappings.
-- Cloud SIEM parsers have already been automatically updated and require no customer intervention.
+- Cloud SIEM parsers have auto updated and require no customer intervention.
 
 #### Action plan for Sumo Logic users
 

From 6b0abd76b511bc185e9199f2395f798bff67fac7 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:09:38 +0530
Subject: [PATCH 04/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 5c9f0b1724..d811a45351 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -20,7 +20,7 @@ To learn more, see [Important changes to CloudTrail events for AWS IAM Identity
 AWS is updating CloudTrail events for IAM Identity Center, affecting how user identity data is structured. So, if you are using the updated fields in your Cloud SIEM content or across the Sumo Logic platform, you need to update any saved queries, dashboards, or detection rules to reflect these changes and ensure continued functionality.
 
 **Key updates**:
-- Sumo Logic-provided apps must be manually reinstalled to incorporate the updated event field mappings.
+- Sumo Logic provided apps must be manually reinstalled to incorporate the updated event field mappings.
 - Cloud SIEM parsers have auto updated and require no customer intervention.
 
 #### Action plan for Sumo Logic users

From f45521fabf1768421478611d736be641d1c2140c Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:09:46 +0530
Subject: [PATCH 05/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index d811a45351..d86a17ef67 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -40,7 +40,7 @@ To reinstall the apps, follow the steps below:
     - Threat Intel for AWS
     - Cloud Infrastructure Security for AWS
     :::info
-    These are v1 apps, and reinstalling them will create a new folder in your Content Library with updated dashboards that reflect the field structure changes.
+    These are v1 apps, and reinstalling them will create a new folder in your Content Library with updated dashboards.
     :::
 3. Install to deploy updated content under a new folder.
 

From 7f9e1bb90c8ba28f605a1f7c4f4454b52b9439f4 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:09:57 +0530
Subject: [PATCH 06/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index d86a17ef67..f5fd2514e1 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -57,7 +57,6 @@ If you’ve created custom content based on CloudTrail fields, manual updates wi
 
 For more information on field changes, see [AWS Security Blog](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=How%20to%20prepare%20your%20workflows%20for%20the%20upcoming%20changes%20to%20IAM%20Identity%20Center%20user%20identification%20in%20CloudTrail)
 
-#### Timeline for implementation
 
 AWS plans to implement these changes on [July 14, 2025](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=Effective%20July%2014%2C%202025).
 

From 9fbe7e1f8a9758114b436d4605b88e9371df7d3a Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:10:12 +0530
Subject: [PATCH 07/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index f5fd2514e1..47673bb9ca 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -58,7 +58,11 @@ If you’ve created custom content based on CloudTrail fields, manual updates wi
 For more information on field changes, see [AWS Security Blog](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=How%20to%20prepare%20your%20workflows%20for%20the%20upcoming%20changes%20to%20IAM%20Identity%20Center%20user%20identification%20in%20CloudTrail)
 
 
-AWS plans to implement these changes on [July 14, 2025](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=Effective%20July%2014%2C%202025).
+:::note
+AWS plans to implement these enhancements on [July 14, 2025](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=Effective%20July%2014%2C%202025).
+
+Sumo Logic apps are backward-compatible, allowing you to update the apps ahead of time. For any custom content outside of Sumo Logic’s apps or parsers, ensure your changes are backward compatible and deploy updates before July 14, 2025.
+:::
 
 Sumo Logic apps are backward-compatible, so you can safely reinstall updated apps before the AWS changes go live.
 

From c90aca5c3afa4c8e8efbfa3aaf52a240e2900fd9 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:10:22 +0530
Subject: [PATCH 08/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 47673bb9ca..e603ffb197 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -64,7 +64,6 @@ AWS plans to implement these enhancements on [July 14, 2025](https://aws.amazon.
 Sumo Logic apps are backward-compatible, allowing you to update the apps ahead of time. For any custom content outside of Sumo Logic’s apps or parsers, ensure your changes are backward compatible and deploy updates before July 14, 2025.
 :::
 
-Sumo Logic apps are backward-compatible, so you can safely reinstall updated apps before the AWS changes go live.
 
 For any custom content outside of Sumo Logic’s managed apps or parsers, ensure your changes are backward compatible and deploy updates before July 14, 2025.
 

From f6c7e338aabad88190feef5209407c2c4423203a Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:10:31 +0530
Subject: [PATCH 09/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index e603ffb197..b31054289d 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -65,7 +65,6 @@ Sumo Logic apps are backward-compatible, allowing you to update the apps ahead o
 :::
 
 
-For any custom content outside of Sumo Logic’s managed apps or parsers, ensure your changes are backward compatible and deploy updates before July 14, 2025.
 
 #### Consequences of not updating
 

From 2b9ae2f29d979017597afa0583d1f8e9aae7709b Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:10:40 +0530
Subject: [PATCH 10/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index b31054289d..9911f044aa 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -66,6 +66,8 @@ Sumo Logic apps are backward-compatible, allowing you to update the apps ahead o
 
 
 
-#### Consequences of not updating
+## FAQ
+
+### What happens if I don’t update my applications or searches?
 
 Failure to update your apps, saved searches, or dashboards will result in user-related fields not being parsed correctly. Consequently, visualizations and panels relying on those fields will appear empty or display inaccurate data.
\ No newline at end of file

From ce3d9a688d07fb7e9defbaf18b981933082ba625 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:10:49 +0530
Subject: [PATCH 11/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 9911f044aa..496aeb700d 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -13,7 +13,7 @@ AWS is streamlining [CloudTrail](https://aws.amazon.com/cloudtrail/) events for
 
 To learn more, see [Important changes to CloudTrail events for AWS IAM Identity Center](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/).
 
-### Impact and required actions for Sumo Logic users following AWS CloudTrail updates
+## Impact following the AWS CloudTrail updates
 
 #### Overview of required updates
 

From 1c0f0636e8393b2b5d31fa0d9e14bee4fdd913d1 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:10:59 +0530
Subject: [PATCH 12/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 496aeb700d..9492c3d5d6 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -15,7 +15,6 @@ To learn more, see [Important changes to CloudTrail events for AWS IAM Identity
 
 ## Impact following the AWS CloudTrail updates
 
-#### Overview of required updates
 
 AWS is updating CloudTrail events for IAM Identity Center, affecting how user identity data is structured. So, if you are using the updated fields in your Cloud SIEM content or across the Sumo Logic platform, you need to update any saved queries, dashboards, or detection rules to reflect these changes and ensure continued functionality.
 

From 2593b3dcd34a4597376c0b17b622105384141e9b Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:11:15 +0530
Subject: [PATCH 13/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 9492c3d5d6..a286f76c7b 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -18,7 +18,7 @@ To learn more, see [Important changes to CloudTrail events for AWS IAM Identity
 
 AWS is updating CloudTrail events for IAM Identity Center, affecting how user identity data is structured. So, if you are using the updated fields in your Cloud SIEM content or across the Sumo Logic platform, you need to update any saved queries, dashboards, or detection rules to reflect these changes and ensure continued functionality.
 
-**Key updates**:
+Key actions required while updating the AWS CloudTrail include:
 - Sumo Logic provided apps must be manually reinstalled to incorporate the updated event field mappings.
 - Cloud SIEM parsers have auto updated and require no customer intervention.
 

From 8446859d03f875bdbf70aa17cc3dd4cbc7cc5097 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:11:31 +0530
Subject: [PATCH 14/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index a286f76c7b..5f31c3a779 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -22,7 +22,7 @@ Key actions required while updating the AWS CloudTrail include:
 - Sumo Logic provided apps must be manually reinstalled to incorporate the updated event field mappings.
 - Cloud SIEM parsers have auto updated and require no customer intervention.
 
-#### Action plan for Sumo Logic users
+## Action plan for Sumo Logic users
 
 **Step 1: Reinstall relevant Sumo Logic apps**
 

From 5c5b8e68edcc75f8770c7c49615f165fa07c8f71 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:11:41 +0530
Subject: [PATCH 15/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 5f31c3a779..7fdc641fe6 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -24,7 +24,7 @@ Key actions required while updating the AWS CloudTrail include:
 
 ## Action plan for Sumo Logic users
 
-**Step 1: Reinstall relevant Sumo Logic apps**
+### Step 1: Reinstall the relevant Sumo Logic apps
 
 To reinstall the apps, follow the steps below:
 

From 6c77443bcca44f8a5c0673951f57eb1aa14e1bd0 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:14:34 +0530
Subject: [PATCH 16/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 7fdc641fe6..54f30d4015 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -43,7 +43,7 @@ To reinstall the apps, follow the steps below:
     :::
 3. Install to deploy updated content under a new folder.
 
-**Step 2: Update custom saved searches and dashboards**
+### Step 2: Update the custom saved searches and dashboards
 
 If you’ve created custom content based on CloudTrail fields, manual updates will be necessary to accommodate the new schema.
 

From 1d28a2b5287f3453964e42d2e55ed341d5b46dc1 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:20:19 +0530
Subject: [PATCH 17/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 54f30d4015..e1d837c24e 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -54,7 +54,7 @@ If you’ve created custom content based on CloudTrail fields, manual updates wi
 | `principalId` | Removed |
 | `userId`<br/>`identityStoreArn`<br/>`credentialId` | Added under `userIdentity` |
 
-For more information on field changes, see [AWS Security Blog](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=How%20to%20prepare%20your%20workflows%20for%20the%20upcoming%20changes%20to%20IAM%20Identity%20Center%20user%20identification%20in%20CloudTrail)
+For more information on field changes, see [AWS Security Blog](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=How%20to%20prepare%20your%20workflows%20for%20the%20upcoming%20changes%20to%20IAM%20Identity%20Center%20user%20identification%20in%20CloudTrail).
 
 
 :::note

From 32a50291285a020f26d378da48c4da0ee8f33523 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:20:44 +0530
Subject: [PATCH 18/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index e1d837c24e..244d28abf7 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -45,7 +45,7 @@ To reinstall the apps, follow the steps below:
 
 ### Step 2: Update the custom saved searches and dashboards
 
-If you’ve created custom content based on CloudTrail fields, manual updates will be necessary to accommodate the new schema.
+If you’ve created custom content based on CloudTrail fields, manual updates as shown in the below table will be required to accommodate the new schema.
 
 **Field mapping changes**
 | Fields | New Location |

From b708ceec7dabc5b64994f6ab35557239fa2dbc26 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:27:17 +0530
Subject: [PATCH 19/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 244d28abf7..118c03700a 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -48,7 +48,6 @@ To reinstall the apps, follow the steps below:
 If you’ve created custom content based on CloudTrail fields, manual updates as shown in the below table will be required to accommodate the new schema.
 
 **Field mapping changes**
-| Fields | New Location |
 |:--|:--|
 | `UserName` | Added under `additionalEventData` |
 | `principalId` | Removed |

From 70e9cd42018e79639815a98b8b0bcd3b5a8ccc38 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:27:42 +0530
Subject: [PATCH 20/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 118c03700a..bb30fde767 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -48,7 +48,7 @@ To reinstall the apps, follow the steps below:
 If you’ve created custom content based on CloudTrail fields, manual updates as shown in the below table will be required to accommodate the new schema.
 
 **Field mapping changes**
-|:--|:--|
+- Shifting the `userName` from the `userIdentity` element to `additionalEventData` element.
 | `UserName` | Added under `additionalEventData` |
 | `principalId` | Removed |
 | `userId`<br/>`identityStoreArn`<br/>`credentialId` | Added under `userIdentity` |

From 7cc68275746064f9189a6d5cb58ed9f7579cedfb Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 20:27:56 +0530
Subject: [PATCH 21/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index bb30fde767..94345ed31f 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -47,7 +47,6 @@ To reinstall the apps, follow the steps below:
 
 If you’ve created custom content based on CloudTrail fields, manual updates as shown in the below table will be required to accommodate the new schema.
 
-**Field mapping changes**
 - Shifting the `userName` from the `userIdentity` element to `additionalEventData` element.
 | `UserName` | Added under `additionalEventData` |
 | `principalId` | Removed |

From 0b804b4ce58b9bb386be16007252cc29e690cca3 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 21:53:23 +0530
Subject: [PATCH 22/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 94345ed31f..6788f3c427 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -48,7 +48,6 @@ To reinstall the apps, follow the steps below:
 If you’ve created custom content based on CloudTrail fields, manual updates as shown in the below table will be required to accommodate the new schema.
 
 - Shifting the `userName` from the `userIdentity` element to `additionalEventData` element.
-| `UserName` | Added under `additionalEventData` |
 | `principalId` | Removed |
 | `userId`<br/>`identityStoreArn`<br/>`credentialId` | Added under `userIdentity` |
 

From 23e08674f8bfb0c43b10578c5f75838104c2aaf4 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 21:53:41 +0530
Subject: [PATCH 23/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 6788f3c427..885f7dddae 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -48,7 +48,6 @@ To reinstall the apps, follow the steps below:
 If you’ve created custom content based on CloudTrail fields, manual updates as shown in the below table will be required to accommodate the new schema.
 
 - Shifting the `userName` from the `userIdentity` element to `additionalEventData` element.
-| `principalId` | Removed |
 | `userId`<br/>`identityStoreArn`<br/>`credentialId` | Added under `userIdentity` |
 
 For more information on field changes, see [AWS Security Blog](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=How%20to%20prepare%20your%20workflows%20for%20the%20upcoming%20changes%20to%20IAM%20Identity%20Center%20user%20identification%20in%20CloudTrail).

From cbf5c28b6e02aa2919fff294b43909dc632b3700 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 21:53:56 +0530
Subject: [PATCH 24/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 885f7dddae..17c352195d 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -48,7 +48,6 @@ To reinstall the apps, follow the steps below:
 If you’ve created custom content based on CloudTrail fields, manual updates as shown in the below table will be required to accommodate the new schema.
 
 - Shifting the `userName` from the `userIdentity` element to `additionalEventData` element.
-| `userId`<br/>`identityStoreArn`<br/>`credentialId` | Added under `userIdentity` |
 
 For more information on field changes, see [AWS Security Blog](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=How%20to%20prepare%20your%20workflows%20for%20the%20upcoming%20changes%20to%20IAM%20Identity%20Center%20user%20identification%20in%20CloudTrail).
 

From 4fad1d62000a41690f761f5bf69c18825e4380e6 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 21:54:16 +0530
Subject: [PATCH 25/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 17c352195d..179dc07365 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -30,7 +30,11 @@ To reinstall the apps, follow the steps below:
 
 1. Navigate to the **App Catalog**.
 1. Search for the relevant app.
+1. Install to deploy updated content under a new folder.
 
+:::info
+These are Classic apps (V1), and reinstalling them will create a new folder in your Content Library with updated dashboards. 
+:::
     If you're using any of the following apps that consume CloudTrail data, you must reinstall them:
     - Amazon CloudTrail – Cloud Security Monitoring and Analytics
     - AWS CloudTrail

From 3df8b0fd352d1ab7e3766745a5c845f4520388ad Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 21:58:20 +0530
Subject: [PATCH 26/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Jagadisha V <129049263+JV0812@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 179dc07365..b2d2caa930 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -26,7 +26,15 @@ Key actions required while updating the AWS CloudTrail include:
 
 ### Step 1: Reinstall the relevant Sumo Logic apps
 
-To reinstall the apps, follow the steps below:
+If you're using any of the following apps that consume CloudTrail data, you must reinstall them:
+- Amazon CloudTrail – Cloud Security Monitoring and Analytics
+- AWS CloudTrail
+- CIS AWS Foundations Benchmark
+- PCI Compliance for AWS CloudTrail
+- Threat Intel for AWS
+- Cloud Infrastructure Security for AWS
+
+To reinstall any of the above apps, follow the steps below:
 
 1. Navigate to the **App Catalog**.
 1. Search for the relevant app.

From 816b621618c5bdd5e61008033f387531a8e397e0 Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 22:46:48 +0530
Subject: [PATCH 27/29] Update 2025-06-17-apps.md

---
 blog-service/2025-06-17-apps.md | 38 +++++++++++----------------------
 1 file changed, 12 insertions(+), 26 deletions(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index b2d2caa930..7b00f17b0e 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -15,24 +15,23 @@ To learn more, see [Important changes to CloudTrail events for AWS IAM Identity
 
 ## Impact following the AWS CloudTrail updates
 
-
 AWS is updating CloudTrail events for IAM Identity Center, affecting how user identity data is structured. So, if you are using the updated fields in your Cloud SIEM content or across the Sumo Logic platform, you need to update any saved queries, dashboards, or detection rules to reflect these changes and ensure continued functionality.
 
 Key actions required while updating the AWS CloudTrail include:
 - Sumo Logic provided apps must be manually reinstalled to incorporate the updated event field mappings.
-- Cloud SIEM parsers have auto updated and require no customer intervention.
+- Cloud SIEM parsers have auto-updated and require no customer intervention.
 
 ## Action plan for Sumo Logic users
 
 ### Step 1: Reinstall the relevant Sumo Logic apps
 
 If you're using any of the following apps that consume CloudTrail data, you must reinstall them:
-- Amazon CloudTrail – Cloud Security Monitoring and Analytics
-- AWS CloudTrail
-- CIS AWS Foundations Benchmark
-- PCI Compliance for AWS CloudTrail
-- Threat Intel for AWS
-- Cloud Infrastructure Security for AWS
+- [Amazon CloudTrail – Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/aws-cloudtrail/)
+- [AWS CloudTrail](/docs/integrations/amazon-aws/cloudtrail/)
+- [CIS AWS Foundations Benchmark](/docs/integrations/amazon-aws/cis-aws-foundations-benchmark/)
+- [PCI Compliance for AWS CloudTrail](/docs/integrations/amazon-aws/cloudtrail-pci-compliance/)
+- [Threat Intel for AWS](/docs/integrations/amazon-aws/threat-intel/)
+- [Cloud Infrastructure Security for AWS](/docs/security/additional-security-features/cloud-infrastructure-security/cloud-infrastructure-security-for-aws/)
 
 To reinstall any of the above apps, follow the steps below:
 
@@ -43,37 +42,24 @@ To reinstall any of the above apps, follow the steps below:
 :::info
 These are Classic apps (V1), and reinstalling them will create a new folder in your Content Library with updated dashboards. 
 :::
-    If you're using any of the following apps that consume CloudTrail data, you must reinstall them:
-    - Amazon CloudTrail – Cloud Security Monitoring and Analytics
-    - AWS CloudTrail
-    - CIS AWS Foundations Benchmark
-    - PCI Compliance for AWS CloudTrail
-    - Threat Intel for AWS
-    - Cloud Infrastructure Security for AWS
-    :::info
-    These are v1 apps, and reinstalling them will create a new folder in your Content Library with updated dashboards.
-    :::
-3. Install to deploy updated content under a new folder.
 
 ### Step 2: Update the custom saved searches and dashboards
 
-If you’ve created custom content based on CloudTrail fields, manual updates as shown in the below table will be required to accommodate the new schema.
-
-- Shifting the `userName` from the `userIdentity` element to `additionalEventData` element.
+If you’ve created custom content based on CloudTrail fields, manual field updates as given below will be required to accommodate the new schema:
+- Move the `userName` field from the `userIdentity` element to the `additionalEventData` element.
+- Remove the `principalId` field from the schema.
+- Move the `userId`, `identityStoreArn`, and `credentialId` fields to the `userIdentity` element.
 
 For more information on field changes, see [AWS Security Blog](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=How%20to%20prepare%20your%20workflows%20for%20the%20upcoming%20changes%20to%20IAM%20Identity%20Center%20user%20identification%20in%20CloudTrail).
 
-
 :::note
 AWS plans to implement these enhancements on [July 14, 2025](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/#:~:text=Effective%20July%2014%2C%202025).
 
 Sumo Logic apps are backward-compatible, allowing you to update the apps ahead of time. For any custom content outside of Sumo Logic’s apps or parsers, ensure your changes are backward compatible and deploy updates before July 14, 2025.
 :::
 
-
-
 ## FAQ
 
 ### What happens if I don’t update my applications or searches?
 
-Failure to update your apps, saved searches, or dashboards will result in user-related fields not being parsed correctly. Consequently, visualizations and panels relying on those fields will appear empty or display inaccurate data.
\ No newline at end of file
+Failure to update your apps, saved searches, or dashboards will result in user-related fields not being parsed correctly. Consequently, visualizations and panels relying on those fields will appear empty or display inaccurate data.

From 1533f79e576dc3a5d407332516521c17ec17a63e Mon Sep 17 00:00:00 2001
From: Amee Lepcha <amee.lepcha.ctr@sumologic.com>
Date: Fri, 13 Jun 2025 22:52:09 +0530
Subject: [PATCH 28/29] Update blog-service/2025-06-17-apps.md

Co-authored-by: Kim (Sumo Logic) <56411016+kimsauce@users.noreply.github.com>
---
 blog-service/2025-06-17-apps.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-17-apps.md
index 7b00f17b0e..a477b23164 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-17-apps.md
@@ -9,7 +9,9 @@ hide_table_of_contents: true
 
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
-AWS is streamlining [CloudTrail](https://aws.amazon.com/cloudtrail/) events for [IAM Identity Center](https://aws.amazon.com/iam/identity-center/) by keeping only the essential fields needed for workflows like audit and incident response. These changes make it easier to identify users in IAM Identity Center CloudTrail events, based on customer feedback. They also improve the ability to match users between IAM Identity Center and external directories like Okta Universal Directory or Microsoft Active Directory. These updates do not impact CloudTrail events from other AWS services.
+AWS is streamlining [CloudTrail](https://aws.amazon.com/cloudtrail/) events for [IAM Identity Center](https://aws.amazon.com/iam/identity-center/) to retain only the essential fields needed for audit and incident response workflows. These changes improve user identification and integration with directories like Okta and Microsoft Active Directory, and do not impact CloudTrail events from other AWS services.
+
+To support this update, Sumo Logic has revised several AWS apps and Cloud SIEM parsers. If you use CloudTrail data in saved searches, dashboards, or detection rules, you may need to reinstall affected apps or update custom content before AWS enforces the changes on July 14, 2025.
 
 To learn more, see [Important changes to CloudTrail events for AWS IAM Identity Center](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/).
 

From c455e464467b22c28392f7504ed1d96418a89ff5 Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Mon, 16 Jun 2025 08:48:36 -0500
Subject: [PATCH 29/29] Change release note date to June 16 2025

---
 .../{2025-06-17-apps.md => 2025-06-16-apps.md}       | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)
 rename blog-service/{2025-06-17-apps.md => 2025-06-16-apps.md} (93%)

diff --git a/blog-service/2025-06-17-apps.md b/blog-service/2025-06-16-apps.md
similarity index 93%
rename from blog-service/2025-06-17-apps.md
rename to blog-service/2025-06-16-apps.md
index a477b23164..80d0d1d07f 100644
--- a/blog-service/2025-06-17-apps.md
+++ b/blog-service/2025-06-16-apps.md
@@ -15,7 +15,7 @@ To support this update, Sumo Logic has revised several AWS apps and Cloud SIEM p
 
 To learn more, see [Important changes to CloudTrail events for AWS IAM Identity Center](https://aws.amazon.com/blogs/security/modifications-to-aws-cloudtrail-event-data-of-iam-identity-center/).
 
-## Impact following the AWS CloudTrail updates
+### Impact following the AWS CloudTrail updates
 
 AWS is updating CloudTrail events for IAM Identity Center, affecting how user identity data is structured. So, if you are using the updated fields in your Cloud SIEM content or across the Sumo Logic platform, you need to update any saved queries, dashboards, or detection rules to reflect these changes and ensure continued functionality.
 
@@ -23,9 +23,9 @@ Key actions required while updating the AWS CloudTrail include:
 - Sumo Logic provided apps must be manually reinstalled to incorporate the updated event field mappings.
 - Cloud SIEM parsers have auto-updated and require no customer intervention.
 
-## Action plan for Sumo Logic users
+### Action plan for Sumo Logic users
 
-### Step 1: Reinstall the relevant Sumo Logic apps
+#### Step 1: Reinstall the relevant Sumo Logic apps
 
 If you're using any of the following apps that consume CloudTrail data, you must reinstall them:
 - [Amazon CloudTrail – Cloud Security Monitoring and Analytics](/docs/integrations/cloud-security-monitoring-analytics/aws-cloudtrail/)
@@ -45,7 +45,7 @@ To reinstall any of the above apps, follow the steps below:
 These are Classic apps (V1), and reinstalling them will create a new folder in your Content Library with updated dashboards. 
 :::
 
-### Step 2: Update the custom saved searches and dashboards
+#### Step 2: Update the custom saved searches and dashboards
 
 If you’ve created custom content based on CloudTrail fields, manual field updates as given below will be required to accommodate the new schema:
 - Move the `userName` field from the `userIdentity` element to the `additionalEventData` element.
@@ -60,8 +60,8 @@ AWS plans to implement these enhancements on [July 14, 2025](https://aws.amazon.
 Sumo Logic apps are backward-compatible, allowing you to update the apps ahead of time. For any custom content outside of Sumo Logic’s apps or parsers, ensure your changes are backward compatible and deploy updates before July 14, 2025.
 :::
 
-## FAQ
+### FAQ
 
-### What happens if I don’t update my applications or searches?
+#### What happens if I don’t update my applications or searches?
 
 Failure to update your apps, saved searches, or dashboards will result in user-related fields not being parsed correctly. Consequently, visualizations and panels relying on those fields will appear empty or display inaccurate data.