diff --git a/docs/cloud-soar/incidents-triage.md b/docs/cloud-soar/incidents-triage.md
index e1a958fedb..d3cd66b68e 100644
--- a/docs/cloud-soar/incidents-triage.md
+++ b/docs/cloud-soar/incidents-triage.md
@@ -503,3 +503,7 @@ With the **Report** option, you can create incident reports to share with others
1. Click **Save**.
})
1. Click **Export** to export the report to PDF.
1. Click **Open** to open available reports.
+
+## Additional resources
+
+Blog: [Want to improve collaboration and reduce incident response time? Try Cloud SOAR War Room](https://www.sumologic.com/blog/want-to-improve-collaboration-and-reduce-incident-response-time-try-cloud-soar-war-room)
\ No newline at end of file
diff --git a/docs/cloud-soar/introduction.md b/docs/cloud-soar/introduction.md
index de45eab1c7..867b89e690 100644
--- a/docs/cloud-soar/introduction.md
+++ b/docs/cloud-soar/introduction.md
@@ -663,3 +663,15 @@ Let's create a custom automation rule. This rule will pull information from Clou
1. Leave the other fields as their defaults, then click **Save**.
1. As a best practice, you can enable and test the new rule, but then disable it, since it can disrupt your environment. Continue testing your rule until their behavior is expected before deciding to enable it.
+## Additional resources
+
+* Blogs:
+ * [Why you need both SIEM and SOAR to improve SOC efficiencies and increase effectiveness](https://www.sumologic.com/blog/why-you-need-siem-and-soar-to-improve-soc-efficiencies)
+ * [Cloud-native SOAR and SIEM solutions pave the road to the modern SOC](https://www.sumologic.com/blog/cloud-native-soar-and-siem-solutions-pave-the-road-to-the-modern-soc)
+ * [SIEM vs SOAR: Evaluating security tools for the modern SOC](https://www.sumologic.com/blog/soar-vs-siem)
+ * [Overwhelmed: Why SOAR solutions are a game changer](https://www.sumologic.com/blog/overwhelmed-why-soar-solutions-are-a-game-changer)
+ * [How to improve MTTD and MTTR with SOAR](https://www.sumologic.com/blog/how-to-improve-mttd-and-mttr-with-soar)
+ * [How to implement cybersecurity automation in SecOps with SOAR (7 simple steps)](https://www.sumologic.com/blog/how-to-implement-cyber-security-automation-in-secops-with-soar-7-simple-steps)
+* Briefs
+ * [Sumo Logic Cloud SOAR Solutions Brief](https://www.sumologic.com/briefs/sumo-logic-cloud-soar-solutions-brief)
+ * [How to calculate the ROI of Cloud SOAR](https://www.sumologic.com/briefs/how-to-calculate-roi-of-cloud-soar)
\ No newline at end of file
diff --git a/docs/cse/administration/mitre-coverage.md b/docs/cse/administration/mitre-coverage.md
index 2a181395be..6434c69dcf 100644
--- a/docs/cse/administration/mitre-coverage.md
+++ b/docs/cse/administration/mitre-coverage.md
@@ -201,7 +201,9 @@ To find the Cloud SIEM API documentation for your endpoint, see [Cloud SIEM APIs
## Additional resources
-* Blog: [Enhance your cloud security with MITRE ATT&CK and Sumo Logic Cloud SIEM](https://www.sumologic.com/blog/cloud-siem-mitre-attack/)
+* Blogs:
+ * [Enhance your cloud security with MITRE ATT&CK and Sumo Logic Cloud SIEM](https://www.sumologic.com/blog/cloud-siem-mitre-attack/)
+ * [Unique approaches to MITRE ATT&CK—make the most of its potential](https://www.sumologic.com/blog/mitre-attack-how-sumo-logic-makes-it-work-for-you)
* Glossary: [MITRE ATT&CK - definition & overview](https://www.sumologic.com/glossary/mitre-attack/)
* Demo: [MITRE ATT&CK Coverage Explorer](https://www.sumologic.com/demo/cloud-siem-mitre-attack-coverage-explorer/)
* Cloud SIEM Content Catalog: [Vendors](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/README.md)
\ No newline at end of file
diff --git a/docs/cse/automation/about-automation-service-and-cloud-siem.md b/docs/cse/automation/about-automation-service-and-cloud-siem.md
index f7d426690f..a06b7289ce 100644
--- a/docs/cse/automation/about-automation-service-and-cloud-siem.md
+++ b/docs/cse/automation/about-automation-service-and-cloud-siem.md
@@ -96,3 +96,6 @@ The Automation Service uses the [Cloud SOAR API](/docs/api/cloud-soar/).
Cloud SIEM automation data is retained in accordance with Sumo Logic's policies. For more information, see [Cloud SIEM Data Retention](/docs/cse/administration/cse-data-retention).
+## Additional resources
+
+Blog: [Faster security investigation with Cloud SIEM playbooks](https://www.sumologic.com/blog/faster-security-investigation-siem-playbooks)
\ No newline at end of file
diff --git a/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md b/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md
index 43cada3f04..a0ad520d72 100644
--- a/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md
+++ b/docs/cse/get-started-with-cloud-siem/about-cse-insight-ui.md
@@ -272,3 +272,9 @@ When you select an entity on the page, the right pane displays details about tha
You can access related entity information using the Cloud SIEM API. For more information, see [Cloud SIEM APIs](/docs/cse/administration/cse-apis).
+## Additional resources
+
+Demos:
+* [Cloud SIEM: Complete threat detection, investigation and response demo](https://www.sumologic.com/demo/complete-threat-detection-investigation-and-response-demo)
+* [Cloud SIEM: Insight investigation](https://www.sumologic.com/demo/insight-investigation)
+* [Cloud SIEM: Cloud insights triaging and investigation](https://www.sumologic.com/demo/cloud-insights)
diff --git a/docs/cse/get-started-with-cloud-siem/cse-heads-up-display.md b/docs/cse/get-started-with-cloud-siem/cse-heads-up-display.md
index 37b012dd02..c03b5d9cd8 100644
--- a/docs/cse/get-started-with-cloud-siem/cse-heads-up-display.md
+++ b/docs/cse/get-started-with-cloud-siem/cse-heads-up-display.md
@@ -80,3 +80,7 @@ The card at the top of the pane provides key information about the latest new in
* **Global Confidence**. [Global Confidence](/docs/cse/records-signals-entities-insights/global-intelligence-security-insights/) for the insight, if available.
* **Most Active Entities**. [Entities](/docs/cse/records-signals-entities-insights/view-manage-entities/) that are currently appearing the most in activity. Hover your mouse over an entity and click **View Timeline** to see the [entity timeline](/docs/cse/records-signals-entities-insights/view-manage-entities#about-the-entity-timeline-tab).
* **Today**. Shows changes made today, such as insights created, status changes, and comments. Items are listed in chronological order, with the newest first.
+
+## Additional resources
+
+Demo: [Cloud SIEM: Heads up display (HUD)](https://www.sumologic.com/demo/heads-up-display-hud)
diff --git a/docs/cse/get-started-with-cloud-siem/intro-for-administrators.md b/docs/cse/get-started-with-cloud-siem/intro-for-administrators.md
index 96c9745ca1..2f2c1c02b3 100644
--- a/docs/cse/get-started-with-cloud-siem/intro-for-administrators.md
+++ b/docs/cse/get-started-with-cloud-siem/intro-for-administrators.md
@@ -507,4 +507,16 @@ In this section, you'll create a custom automation using the playbook you create
1. While still on the insight details screen, click on the **Automations** tab on the top of the screen to see the results of executing your automation. This view will show the status of the automations run on that insight, such as "Running", "Success" or "Completed with errors". 1.
1. If errors occur, you can click the **View Playbook** link on the right side to see the Playbook view, along with any execution errors that occurred. For help, see [Troubleshoot playbooks](/docs/platform-services/automation-service/automation-service-playbooks/#troubleshoot-playbooks).
-You now have a custom automation that can be manually run or attached to an insight upton creation or closing.
\ No newline at end of file
+You now have a custom automation that can be manually run or attached to an insight upton creation or closing.
+
+## Additional resources
+
+* Blogs:
+ * [Securing IaaS, PaaS and SaaS with a Cloud SIEM](https://www.sumologic.com/blog/securing-iaas)
+ * [How using Cloud SIEM dashboards and metrics for daily standups improves SOC efficiency](https://www.sumologic.com/blog/how-using-cloud-siem-dashboards-and-metrics-for-daily-standups-improves-soc-efficiency)
+ * [Weaponizing paranoia: developing a threat detection strategy](https://www.sumologic.com/blog/weaponizing-paranoia-developing-a-threat-detection-strategy)
+ * [Fine-tuning Cloud SIEM detections through machine learning](https://www.sumologic.com/blog/tuning-cloud-siem-machine-learning)
+* Briefs
+ * [8 reasons why you need Sumo Logic for your Cloud SIEM](https://www.sumologic.com/briefs/cloud-siem-8-reasons)
+ * [How to evolve your security with a Cloud SIEM](https://www.sumologic.com/briefs/cloud-siem-enabling-greater-security-maturity-at-every-level)
+* Demo: [Cloud SIEM: MITRE ATT&CK™ coverage explorer](https://www.sumologic.com/demo/mitre-attack-coverage-explorer)
\ No newline at end of file
diff --git a/docs/cse/get-started-with-cloud-siem/intro-for-analysts.md b/docs/cse/get-started-with-cloud-siem/intro-for-analysts.md
index 9c6e872bbd..a8075ad04d 100644
--- a/docs/cse/get-started-with-cloud-siem/intro-for-analysts.md
+++ b/docs/cse/get-started-with-cloud-siem/intro-for-analysts.md
@@ -440,4 +440,19 @@ Rule tuning, custom rules, and custom insights are just a taste of what you can
* [Log mappings](/docs/cse/schema/create-structured-log-mapping/)
* [Match lists](/docs/cse/match-lists-suppressed-lists/)
* [APIs](/docs/cse/administration/cse-apis/) and other [plugins](/docs/cse/integrations/)
-* How much data Cloud SIEM [ingests](/docs/cse/ingestion/)
\ No newline at end of file
+* How much data Cloud SIEM [ingests](/docs/cse/ingestion/)
+
+## Additional resources
+
+* Blogs:
+ * [Protecting identities with the Sumo Logic platform](https://www.sumologic.com/blog/protecting-identities-sumo-platform)
+ * [Hunt for cloud session anomalies with Cloud SIEM](https://www.sumologic.com/blog/hunt-cloud-session-anomalies)
+ * [Why your security analytics needs proactive threat hunting](https://www.sumologic.com/blog/why-proactive-threat-hunting-is-a-necessity)
+ * [Threat hunting with Sumo Logic: The Command Line](https://www.sumologic.com/blog/threat-hunting-command-line)
+ * [Responding to remote service appliance vulnerabilities with Sumo Logic](https://www.sumologic.com/blog/appliance-vulnerabilities-sumo)
+ * [Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world](https://www.sumologic.com/blog/threat-hunting-hybrid-cloud-environment)
+* Demos:
+ * [Cloud SIEM: Complete threat detection, investigation and response demo](https://www.sumologic.com/demo/complete-threat-detection-investigation-and-response-demo)
+ * [Cloud SIEM: Heads up display (HUD)](https://www.sumologic.com/demo/heads-up-display-hud)
+ * [Cloud SIEM: Insight investigation](https://www.sumologic.com/demo/insight-investigation)
+ * [Cloud SIEM: Cloud insights triaging and investigation](https://www.sumologic.com/demo/cloud-insights)
diff --git a/docs/cse/records-signals-entities-insights/create-an-entity-group.md b/docs/cse/records-signals-entities-insights/create-an-entity-group.md
index 128cd1c7d5..7b1938844d 100644
--- a/docs/cse/records-signals-entities-insights/create-an-entity-group.md
+++ b/docs/cse/records-signals-entities-insights/create-an-entity-group.md
@@ -122,3 +122,7 @@ array_contains(fieldTags["srcDevice_ip"], "DB Server")
## API support
You can use the `/entity-group-configuration` API to create, read, update, and delete entity groups. For more information, see [Cloud SIEM APIs](/docs/cse/administration/cse-apis).
+
+## Additional resources
+
+Blog: [Use new Cloud SIEM Entity Groups to make threat response more efficient](https://www.sumologic.com/blog/cloud-siem-entity-groups)
\ No newline at end of file
diff --git a/docs/cse/rules/insight-trainer.md b/docs/cse/rules/insight-trainer.md
index a221f17b91..e5efea937e 100644
--- a/docs/cse/rules/insight-trainer.md
+++ b/docs/cse/rules/insight-trainer.md
@@ -125,3 +125,7 @@ Following is the suggested workflow to use the Insight Trainer dashboard:
1. Adjust rule severities if needed.
We suggest adjusting rule severities to the recommended levels only after you have written rule tuning expressions and seen how they result in lowering false positives. The algorithm adjusts its recommendations continuously. So if at first you do not see your false positives change much, wait a few days, and you will notice new recommendations.
+
+## Additional resources
+
+Blog: [Fine-tuning Cloud SIEM detections through machine learning](https://www.sumologic.com/blog/tuning-cloud-siem-machine-learning)
\ No newline at end of file
diff --git a/docs/cse/rules/rule-tuning-expressions.md b/docs/cse/rules/rule-tuning-expressions.md
index 622315b362..257b47e653 100644
--- a/docs/cse/rules/rule-tuning-expressions.md
+++ b/docs/cse/rules/rule-tuning-expressions.md
@@ -103,4 +103,6 @@ When you test a [rule expression](/docs/cse/rules/about-cse-rules#about-rule-exp
})
-
+## Additional resources
+
+Blog: [Rule tuning – supercharge Cloud SIEM for better alerts](https://www.sumologic.com/blog/rule-tuning-cloud-siem-alert-fatigue)
diff --git a/docs/cse/rules/write-first-seen-rule.md b/docs/cse/rules/write-first-seen-rule.md
index 54dbfadda9..244776ec5f 100644
--- a/docs/cse/rules/write-first-seen-rule.md
+++ b/docs/cse/rules/write-first-seen-rule.md
@@ -151,3 +151,8 @@ With a per-entity baseline, and the default baseline retention period of the las
:::tip
If you are unsure whether to use a per-entity or a global baseline, consider your use case. If you’re inclined to select `user_username` in the **Has a new value for the field(s)** prompt, you’re better off creating a global baseline for that behavior. Alternatively, if you want to track a new value for a non-entity record field, a per-entity baseline is appropriate.
:::
+
+## Additional resources
+
+Blog: [From weeks to minutes: How Sumo Logic’s historic baselining supercharges UEBA](https://www.sumologic.com/blog/sumo-logic-historic-baselining)
+* Glossary: [User entity behavior analytics (UEBA)](https://www.sumologic.com/glossary/ueba)
\ No newline at end of file
diff --git a/docs/cse/rules/write-outlier-rule.md b/docs/cse/rules/write-outlier-rule.md
index 1be0e14c26..d4733ae50a 100644
--- a/docs/cse/rules/write-outlier-rule.md
+++ b/docs/cse/rules/write-outlier-rule.md
@@ -160,3 +160,8 @@ This section shows how an outlier rule would function with a daily baseline.
:::tip
If you are unsure what to set the minimum count value to from the default value of 1, consider providing the value which is beyond the normal acceptable behavior for a given time window for a particular entity. The **Minimum Count Value** is geared towards false positive reduction and improving the fidelity of signals generated, and will vary based upon the use case and type of logs collected.
:::
+
+## Additional resources
+
+* Blog: [From weeks to minutes: How Sumo Logic’s historic baselining supercharges UEBA](https://www.sumologic.com/blog/sumo-logic-historic-baselining)
+* Glossary: [User entity behavior analytics (UEBA)](https://www.sumologic.com/glossary/ueba)
\ No newline at end of file
diff --git a/docs/cse/schema/username-and-hostname-normalization.md b/docs/cse/schema/username-and-hostname-normalization.md
index d615bf2afe..f13a25b75c 100644
--- a/docs/cse/schema/username-and-hostname-normalization.md
+++ b/docs/cse/schema/username-and-hostname-normalization.md
@@ -180,3 +180,6 @@ Following is an example configuration for a case where the customer has a domain
})
+## Additional resources
+
+Blog: [What’s going on? The power of normalization in Cloud SIEM](https://www.sumologic.com/blog/whats-going-on-normalization-cloud-siem)
\ No newline at end of file
diff --git a/docs/platform-services/automation-service/integration-framework/about-integration-framework.md b/docs/platform-services/automation-service/integration-framework/about-integration-framework.md
index efe7894480..4429847761 100644
--- a/docs/platform-services/automation-service/integration-framework/about-integration-framework.md
+++ b/docs/platform-services/automation-service/integration-framework/about-integration-framework.md
@@ -755,4 +755,10 @@ hook:
- webhook
```
-For another example YAML file of a webhook trigger, see [Trigger webhook definition file](/docs/platform-services/automation-service/integration-framework/example-files-integration-framework/#trigger-webhook-definition-file).
\ No newline at end of file
+For another example YAML file of a webhook trigger, see [Trigger webhook definition file](/docs/platform-services/automation-service/integration-framework/example-files-integration-framework/#trigger-webhook-definition-file).
+
+## Additional resources
+
+Blogs:
+* [Uncovering the power of Cloud SOAR’s Open Integration Framework](https://www.sumologic.com/blog/uncovering-the-powers-of-cloud-soars-open-integration-framework)
+* [Daemons in Cloud SOAR: proactively enhancing SecOps](https://www.sumologic.com/blog/daemons-in-cloud-soar-proactively-enhancing-secops)
\ No newline at end of file
diff --git a/docs/security/additional-security-features/audit-and-compliance.md b/docs/security/additional-security-features/audit-and-compliance.md
index e3db4a7427..4feb332d80 100644
--- a/docs/security/additional-security-features/audit-and-compliance.md
+++ b/docs/security/additional-security-features/audit-and-compliance.md
@@ -180,4 +180,5 @@ To use Sumo Logic to start an audit of AWS root for compliance, perform these st
## Additional resources
* Blog: [What to expect when you’re expecting a cybersecurity audit for compliance](https://www.sumologic.com/blog/what-to-expect-when-youre-expecting-a-cybersecurity-audit-for-compliance/)
-* Guide: [NIS2 compliance guide](https://www.sumologic.com/brief/nis2-compliance-guide/)
\ No newline at end of file
+* Guide: [NIS2 compliance guide](https://www.sumologic.com/brief/nis2-compliance-guide/)
+* Brief: [PCI DSS Compliance](https://www.sumologic.com/briefs/pci-dss-compliance-solution)
\ No newline at end of file
diff --git a/docs/security/additional-security-features/introduction-to-additional-security-features.md b/docs/security/additional-security-features/introduction-to-additional-security-features.md
index 131d9f4080..c9c08bf4a4 100644
--- a/docs/security/additional-security-features/introduction-to-additional-security-features.md
+++ b/docs/security/additional-security-features/introduction-to-additional-security-features.md
@@ -68,4 +68,7 @@ Queries are the core of Sumo Logic's data processing platform. With queries, you
* Blogs:
* [Why your security analytics needs proactive threat hunting](https://www.sumologic.com/blog/why-proactive-threat-hunting-is-a-necessity/)
* [Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world](https://www.sumologic.com/blog/threat-hunting-hybrid-cloud-environment/)
+ * [Why your DevSecOps team needs a log management solution](https://www.sumologic.com/blog/log-management-tool)
+ * [How log management protects your security stack](https://www.sumologic.com/blog/log-management-security)
+ * [Cloud security vs. traditional security](https://www.sumologic.com/blog/cloud-security-why-its-different)
* Glossary: [Threat detection and response (TDR) - definition & overview](https://www.sumologic.com/glossary/threat-detection-response/)
\ No newline at end of file
diff --git a/docs/security/index.md b/docs/security/index.md
index c6b5bf56b5..f1ee2290a9 100644
--- a/docs/security/index.md
+++ b/docs/security/index.md
@@ -50,3 +50,15 @@ Following are features available with our security solutions. If you have any qu
| Progressive automation | | | ✓ |
| Highly customizable dashboards and KPIs | | | ✓ |
| Automatic incident reports | | | ✓ |
+
+## Additional resources
+
+* Blogs:
+ * [Lessons from the 2025 Security Operations Insights report](https://www.sumologic.com/blog/lessons-from-2025-security-operations-insights-report)
+ * [Balancing act: Sumo Logic vs. Splunk in the high-wire world of modern security](https://www.sumologic.com/blog/sumo-logic-cloud-siem-vs-splunk-es)
+* Demos:
+ * [Cloud SIEM: Complete threat detection, investigation and response demo](https://www.sumologic.com/demo/complete-threat-detection-investigation-and-response-demo)
+ * [Cloud SIEM: Heads up display (HUD)](https://www.sumologic.com/demo/heads-up-display-hud)
+ * [Cloud SIEM: Insight investigation](https://www.sumologic.com/demo/insight-investigation)
+ * [Cloud SIEM: Cloud insights triaging and investigation](https://www.sumologic.com/demo/cloud-insights)
+ * [Cloud SIEM: MITRE ATT&CK™ coverage explorer](https://www.sumologic.com/demo/mitre-attack-coverage-explorer)
diff --git a/docs/security/threat-intelligence/about-threat-intelligence.md b/docs/security/threat-intelligence/about-threat-intelligence.md
index 48d76e7c65..3f397c483b 100644
--- a/docs/security/threat-intelligence/about-threat-intelligence.md
+++ b/docs/security/threat-intelligence/about-threat-intelligence.md
@@ -113,3 +113,7 @@ Use a search like the following:
_index=sumologic_audit_events _sourceCategory=threatIntelligence
```
+## Additional resources
+
+* Blog: [Threat intelligence feeds: essential arsenal in cybersecurity](https://www.sumologic.com/blog/threat-intelligence-feeds-cybersecurity)
+* Glossary: [Threat intelligence](https://www.sumologic.com/glossary/threat-intelligence)
\ No newline at end of file