├── .github
└── pull_request_template.md
├── .gitignore
├── .gitmodules
├── Amazon_Web_Services
├── AWS_CloudSearch
│ ├── Amazon-CloudSearch-ULM.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshot-Amazon-CloudSearch-ULM.png
├── AWS_CloudTrail
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Dashboard & FERs
│ │ ├── CloudTrail_FERS.txt
│ │ ├── README.md
│ │ ├── cloudtrail_user_activity_dashboard.json
│ │ └── cloudtrail_user_activity_dashboard_FERs.json
│ ├── README.md
│ └── Screenshots
│ │ └── AWSUserActivity.png
├── AWS_EC2
│ ├── Host_Metrics_OTEL
│ │ ├── Comments
│ │ │ ├── Comments.json
│ │ │ └── README.md
│ │ ├── Host_Metrics_Open_Telemetry.json
│ │ └── README.md
│ └── README.md
├── AWS_Health
│ ├── Cloudformation_Templates
│ │ ├── 1-aws-health-events-to-sumo-logic-iam-role.yaml
│ │ └── 2-aws-health-events-to-sumo-logic-event-rule.yaml
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ └── README.md
├── AWS_RDS
│ └── Enhanced-Monitoring
│ │ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ │ ├── RDS-Enhanced-Monitoring.json
│ │ ├── README.md
│ │ ├── Screenshots
│ │ ├── RDS-Enhanced-Monitoring-CPU-Utilization.png
│ │ ├── RDS-Enhanced-Monitoring-Disk.png
│ │ ├── RDS-Enhanced-Monitoring-File-System.png
│ │ ├── RDS-Enhanced-Monitoring-Memory.png
│ │ ├── RDS-Enhanced-Monitoring-Network.png
│ │ ├── RDS-Enhanced-Monitoring-Overview.png
│ │ ├── RDS-Enhanced-Monitoring-Processes.png
│ │ └── RDS-Enhanced-Monitoring-Tasks.png
│ │ └── rds_enhanced_lambda.js
└── README.md
├── Aruba_Wireless
├── ArubaWireless_Controller
│ ├── ArubaWireless-Controller-AuthMgr_and_WMS_Modules.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshots
│ │ ├── ArubaWireless-Controller-AuthMgr.png
│ │ └── ArubaWireless-Controller-WMSModule.png
├── ArubaWireless_TACACS
│ ├── ArubaWireless-TACACS.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshots
│ │ └── ArubaWireless-TACACS.png
└── README.md
├── CODEOWNERS
├── CSPM
├── CloudQuery
│ ├── AWS
│ │ ├── readme.md
│ │ ├── results
│ │ │ └── example_cis_v1.5.csv
│ │ └── screenshots
│ │ │ ├── cloudquery_execute.png
│ │ │ ├── data_in_sumo.png
│ │ │ ├── example_CIS_Framework_Dashboard.png
│ │ │ ├── local_file_source.png
│ │ │ └── query_parse_data.png
│ ├── Azure
│ │ ├── azure.yml
│ │ ├── readme.md
│ │ ├── results
│ │ │ └── hipaa_hitrust_v9.2.csv
│ │ └── screenshots
│ │ │ ├── cloudquery_execute.png
│ │ │ ├── data_in_sumo.png
│ │ │ ├── example_HIPAA_Hi-trust.png
│ │ │ ├── local_file_source.png
│ │ │ └── query_parse_data.png
│ ├── GCP
│ │ └── readme.md
│ └── readme.md
└── readme.md
├── Centrify
├── Centrify_NoSpecProduct_Logs.json
├── Comments
│ ├── Comments.json
│ └── README.md
├── README.md
└── Screenshots
│ └── Centrify_NoSpecProduct_Logs.png
├── Checkpoint
├── Checkpoint_Logs.json
├── Comments
│ ├── Comments.json
│ └── README.md
├── README.md
└── Screenshots
│ └── Checkpoint_Logs.png
├── Chef
├── Chef.json
├── Comments
│ ├── Comments.json
│ └── README.md
└── README.md
├── Cisco
├── README.md
└── Sourcefire
│ ├── Cisco-Sourcefire.json
│ ├── Comments
│ ├── Comments.json
│ └── README.md
│ ├── README.md
│ └── Screenshots
│ ├── Cisco-Sourcefire-Allowed-Traffic.png
│ ├── Cisco-Sourcefire-Blocked-Traffic.png
│ └── Cisco-Sourcefire-Overview.png
├── Citrix
├── README.md
├── VPN
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Netscaler_VPN_Monitoring.json
│ └── README.md
└── XenServer
│ ├── Applications_and_Dashboards
│ └── Citrix_XenServer_Logs.json
│ ├── Comments
│ ├── Comments.json
│ └── README.md
│ ├── README.md
│ └── Screenshots
│ └── Citrix_XenServer_Logs.png
├── CloudSIEM
├── Alerts
│ ├── CreatedInsights_Monitor.json
│ └── README.md
├── CSE_Vendor_Content
│ ├── Cribl Generic JSON Parser Template
│ └── README.md
└── README.md
├── CloudSOAR
├── Dashboards
│ ├── CSOAR_Playbook_Monitoring.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshots
│ │ └── playbook_monitoring_screenshot.png
├── Integrations
│ ├── Armorblox
│ │ ├── Armorblox.yaml
│ │ ├── README.md
│ │ └── actions
│ │ │ ├── Armorblox Incidents Daemon.yaml
│ │ │ ├── Get App Restrictions.yaml
│ │ │ ├── Get Incident Senders.yaml
│ │ │ ├── Get Incident.yaml
│ │ │ ├── List Incidents.yaml
│ │ │ └── Update Incident Action.yaml
│ ├── Automation-Tools
│ │ ├── Automation Tools.yaml
│ │ ├── README.md
│ │ ├── actions
│ │ │ ├── Add Prefix Suffix.yaml
│ │ │ ├── Buffer.yaml
│ │ │ ├── Build JSON Object.yaml
│ │ │ ├── Build Signal Output Break Lines.yaml
│ │ │ ├── Build Signal Output Raw Break Lines (email) .yaml
│ │ │ ├── Build Signal Output Raw Break Lines Format Options.yaml
│ │ │ ├── Build Signal Output.yaml
│ │ │ ├── Check Internal IP.yaml
│ │ │ ├── Check Time Boundaries.yaml
│ │ │ ├── Chunk Unix Timestamps.yaml
│ │ │ ├── Convert SLA To Decimal Format.yaml
│ │ │ ├── Data Transform.yaml
│ │ │ ├── Decode Base64.yaml
│ │ │ ├── Deduplicate_List.yaml
│ │ │ ├── Extract Domain from URL.yaml
│ │ │ ├── Filter IP Addresses.yaml
│ │ │ ├── Filter JSON Array.yaml
│ │ │ ├── Generate Password.yaml
│ │ │ ├── Get Time.yaml
│ │ │ ├── Offset Unix Timestamp.yaml
│ │ │ ├── Render JSON Data.yaml
│ │ │ ├── Render PNG Image.yaml
│ │ │ ├── Render TextArea Field.yaml
│ │ │ ├── Signal-Filter-Fields.yaml
│ │ │ ├── Sleep.yaml
│ │ │ ├── String Regex.yaml
│ │ │ ├── Validate JSON.yaml
│ │ │ ├── escape-string.yaml
│ │ │ ├── generic_map.yaml
│ │ │ └── translate-table.yaml
│ │ └── automation-tools.tar.gz
│ ├── Azure_ActiveDirectory
│ │ ├── Azure AD.yml
│ │ ├── README.md
│ │ └── actions
│ │ │ ├── Disable User.yml
│ │ │ └── Revoke Sign In Sessions.yml
│ ├── Incident_Tools
│ │ ├── Add Entity Metadata.yaml
│ │ ├── Add Entity Threat Indicator.yaml
│ │ ├── Add External Alert to Incident.yaml
│ │ ├── Generic HTTP POST.yaml
│ │ ├── Get Entity Details.yaml
│ │ ├── Get External Alert.yaml
│ │ ├── Get Incident.yaml
│ │ ├── Get War Room Timeline.yaml
│ │ └── README.md
│ ├── Proofpoint_End_User_Management_PPS
│ │ ├── Action_Change_Password.yaml
│ │ ├── Integration_Proofpoint_End_User_Management_PPS.yaml
│ │ └── README.md
│ ├── README.md
│ ├── Screenshot Machine
│ │ ├── README.md
│ │ ├── Screenshot Machine.yaml
│ │ ├── actions
│ │ │ └── Screenshot Webpage.yaml
│ │ ├── reference_01.png
│ │ └── reference_02.png
│ ├── ServiceNow
│ │ ├── Action_Close_Ticket.yaml
│ │ ├── Action_Create_Ticket.yaml
│ │ ├── Action_Get_Ticket_Details.yaml
│ │ ├── Action_Search_Tickets.yaml
│ │ ├── Action_ServiceNow_Incidents_Daemon.yaml
│ │ ├── Action_ServiceNow_Table_Daemon.yaml
│ │ ├── Action_Update_Ticket.yaml
│ │ ├── Integration_ServiceNow_Custom.yml
│ │ └── README.md
│ ├── SumoLogic_Cloud_SIEM
│ │ ├── README.md
│ │ └── actions
│ │ │ ├── Add Indicator to Threat Intel Source.yaml
│ │ │ ├── Create Threat Intel Source.yaml
│ │ │ ├── Get Threat Intel Indicator.yaml
│ │ │ ├── List Threat Intel Indicators.yaml
│ │ │ ├── List Threat Intel Sources.yaml
│ │ │ ├── Remove Indicator from Threat Intel Source.yaml
│ │ │ └── Update Indicator to Threat Intel Source.yaml
│ ├── SumoLogic_Log_Analytics_Platform
│ │ ├── README.md
│ │ └── actions
│ │ │ └── Threat IP Search.yaml
│ └── indago
│ │ ├── 541112c6.Indago.integration.yaml
│ │ ├── 541112c6.Post_collection.action.yaml
│ │ └── README.md
├── Playbooks
│ ├── Playbook - Cloud SIEM Insight Auto-Close
│ │ ├── README.md
│ │ ├── playbook_CSE - Insight Status Handling_Scheduled_8_25_2023.json
│ │ ├── playbook_CSE - Insight Status Handling_Scheduled_8_25_2023.zip
│ │ └── reference.png
│ ├── Playbook - Phishing Report - Compromised User
│ │ ├── README.md
│ │ ├── playbook_PhishReports_CompromisedUser_8_31_2023.json
│ │ ├── playbook_PhishReports_CompromisedUser_8_31_2023.zip
│ │ └── reference.png
│ ├── README.md
│ └── docs
│ │ ├── doc_01.png
│ │ ├── doc_02.png
│ │ ├── doc_export.png
│ │ └── doc_import.png
└── README.md
├── Cloudflare
├── Cloudflare.json
├── Comments
│ ├── Comments.json
│ └── README.md
├── README.md
└── Screenshots
│ ├── Cloudflare_DNS.png
│ └── Cloudflare_Zero_Trust.png
├── Custom_Application_Logs
├── Comments
│ ├── Comments.json
│ └── README.md
├── Custom_App_Explorer.json
├── IP_Explorer_Dashboard.png
├── Keywords_Explorer.png
└── README.md
├── ExtraHop Reveal(x) 360
├── Comments
│ ├── Comments.json
│ └── README.md
├── ExtraHop-Detection-Sync.py
├── ExtraHop-Rx360-Detections-Dashboard.json
├── ExtraHop-Sumo-Connector.py
├── ExtraHop-SumoIntegration.yml
├── README.md
└── Screenshots
│ ├── aws-cft-params.png
│ ├── aws-cwlogs-eh-detection-sync.png
│ ├── aws-cwlogs-eh-sumo-connector.png
│ ├── aws-cwlogs.png
│ ├── sumo-dashboard.jpeg
│ ├── sumo-query1.png
│ └── sumo-query2.png
├── F5
├── Comments
│ ├── Comments.json
│ └── README.md
├── F5_XC_Requests_Overview.json
├── F5_XC_Security_Events_Overview.json
├── README.md
└── Screenshots
│ ├── F5_XC_Requests_Overview.png
│ └── F5_XC_Security_Events_Overview.png
├── Fortinet
├── Fortigate_Firewall
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Fortigate_Firewall.json
│ ├── README.md
│ └── Screenshots
│ │ ├── events.png
│ │ ├── overview.png
│ │ ├── sys_performance.png
│ │ ├── threats.png
│ │ └── traffic.png
├── Fortigate_UTM
│ ├── Applications_and_Dashboards
│ │ ├── Fortinet_FortigateUTM_Logs.json
│ │ ├── Fortinet_Fortigate_Event_Parser_Search.txt
│ │ ├── Fortinet_Fortigate_Traffic_Parser_Search.txt
│ │ └── Fortinet_Fortigate_UTM_Parser_Search.txt
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshots
│ │ ├── Fortinet_FortigateUTM_ALL.png
│ │ ├── Fortinet_FortigateUTM_AWS.png
│ │ └── Fortinet_Fortigate_Traffic_Parser.png
└── README.md
├── GCP
├── Cloud_Run
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── GCP_Cloud_Run.json
│ ├── README.md
│ └── Screenshots
│ │ └── GCP-CR.png
├── Load_Balancer_Metrics
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshots
│ │ ├── latency.png
│ │ └── requests.png
└── README.md
├── GitHub
├── GitHub_Actions
│ ├── Applications_and_Dashboards
│ │ ├── SDO_Github_Actions_Jobs.json
│ │ └── SDO_Github_Actions_Steps.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshots
│ │ ├── SDO-GithubActions-Jobs.png
│ │ └── SDO-GithubActions-Steps.png
├── Github_Reusable_Workflows
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Github_Reusable_Workflows.json
│ ├── README.md
│ └── Screenshots
│ │ └── github_actions_screenshot.png
├── Gitleaks
│ ├── Applications_and_Dashboards
│ │ └── Gitleaks_Dashboard.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshots
│ │ └── Gitleaks_Dashboard.png
└── README.md
├── Heroku
├── Comments
│ ├── Comments.json
│ └── README.md
├── Heroku.json
├── README.md
└── Screenshots
│ ├── Heroku-Overview.png
│ ├── Heroku-Performance-CPU-Load.png
│ ├── Heroku-Performance-Memory.png
│ └── Heroku-Router.png
├── Infoblox
├── Infoblox DNS_DHCP
│ ├── Application_Dashboard Content
│ │ ├── Dashboards
│ │ │ └── Infoblox_DNS_Monitoring_Dashboard.json
│ │ ├── InfoBlox_CompleteFolder.json
│ │ └── Saved Searches
│ │ │ ├── DNS_Latency_Search.json
│ │ │ ├── Infoblox_DHCPACK_Events_Parsing.json
│ │ │ ├── Infoblox_DHCP_Lookup.json
│ │ │ ├── Infoblox_DHCP_Requests_Parsing.json
│ │ │ ├── Infoblox_DNS_Queries_Parsing.json
│ │ │ ├── Infoblox_Event_Classification.json
│ │ │ └── Infoblox_Zone_Replication_Queue_Parsing.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshots
│ │ └── infoblox_dashboard_screenshot.png
└── README.md
├── JAMF
├── Comments
│ ├── Comments.json
│ └── README.md
├── README.md
└── jamf.json
├── JumpCloud
├── Comments
│ ├── Comments.json
│ └── README.md
├── JumpCloud_Authentications.json
├── README.md
└── Screenshots
│ └── JumpCloud.jpeg
├── Juniper
├── Juniper_Firewall_1
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Juniper-Firewall.json
│ ├── README.md
│ ├── Screenshots
│ │ ├── Screenshot-Juniper-Accepted-Traffic.png
│ │ ├── Screenshot-Juniper-Denied-Traffic.png
│ │ ├── Screenshot-Juniper-Overview.png
│ │ └── Screenshot-Juniper-Threat-Intelligence.png
│ └── juniper-field-extraction-rules.txt
├── Juniper_Firewall_2
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Juniper_Firewalls.json
│ └── README.md
└── README.md
├── Kandji
├── main.py
└── readme.md
├── LICENSE
├── Lacework
├── Applications_and_Dashboards
│ └── Lacework_Alerts_Overview.json
├── Comments
│ ├── Comments.json
│ └── README.md
├── Screenshot
│ └── LaceWorkAlertsOverview.png
└── readme.md
├── MISP
├── Comments
│ ├── Comments.json
│ └── README.md
├── README.md
├── misp_to_CSE_TI
│ ├── misp_to_cse_ti.py
│ └── readme.md
└── misp_to_webhook
│ ├── misp_to_webhook.py
│ └── readme.md
├── McAfee_Web_Gateway
├── Comments
│ ├── Comments.json
│ └── README.md
├── McAfee_Web_Gateway.json
├── README.md
└── Screenshots
│ └── McAfeeWebGateway.png
├── Microsoft
├── Defender_4_EndPoint
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Dashboards & FERS
│ │ ├── README.md
│ │ ├── Screenshots
│ │ │ └── Defender_Endpoint_Email_Events.png
│ │ ├── defender4endpoint_FERS.txt
│ │ ├── defender4endpoint_dashboard.json
│ │ └── defender4endpoint_dashboard_FERs.json
│ └── README.md
├── README.md
└── SQL_Server
│ ├── Comments
│ ├── Comments.json
│ └── README.md
│ ├── README.md
│ └── sql_agent_dashboard.json
├── Palo_Alto_Networks
├── Cortex_XDR
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Cortex_XDR.json
│ ├── README.md
│ └── Screenshots
│ │ └── Screenshot 2023-02-02 at 1.20.56 PM.png
├── GlobalProtect
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── PAN_GlobalProtect.json
│ └── README.md
└── README.md
├── Privacy_Insights_GDPR
├── Comments
│ ├── Comments.json
│ └── README.md
├── Privacy Insights Documentation.pdf
├── Privacy_Insights_GDPR.json
├── README.md
└── Screenshots
│ ├── Privacy_GenderMentions.png
│ ├── Privacy_MainInsights.png
│ ├── Privacy_PoliticalMentions.png
│ ├── Privacy_PotentialBelgianIDs.png
│ ├── Privacy_PotentialEmails.png
│ ├── Privacy_PotentialGermanIDCards.png
│ ├── Privacy_PotentialGermanPassports.png
│ ├── Privacy_PotentialSSNs.png
│ └── Privacy_ReligiousMentions.png
├── Proofpoint
├── Proofpoint_TAP
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Proofpoint_TAP.json
│ ├── README.md
│ └── Screenshots
│ │ └── Proofpoint_TAP_Threat_Breakdown.png
└── README.md
├── Qualys
├── Comments
│ ├── Comments.json
│ └── README.md
├── Qualys_VMDR_and_Inventory.json
├── README.md
└── Screenshots
│ ├── detect.png
│ ├── inventory.png
│ ├── vuln.png
│ └── vuln_details.png
├── README.md
├── Retired Content
├── AWS
│ ├── API_Gateway
│ │ ├── Applications_and_Dashboards
│ │ │ └── API_Gateway_App.json
│ │ ├── README.md
│ │ └── Screenshots
│ │ │ ├── API-Gateway-Events.png
│ │ │ ├── Latency-CacheHit-CacheMiss.png
│ │ │ └── Total-Traffic-400s-500s.png
│ ├── AWS_Billing
│ │ ├── AWS_Billing_Dash.png
│ │ ├── Comments
│ │ │ ├── Comments.json
│ │ │ └── README.md
│ │ ├── Dashboard.json
│ │ └── README.md
│ ├── AWS_Elastic_Beanstalk
│ │ ├── Beanstalk_Sample_config.rtf
│ │ ├── Comments
│ │ │ ├── Comments.json
│ │ │ └── README.md
│ │ └── README.md
│ ├── ELB-ALB
│ │ └── ALB Field Extraction
│ ├── Kinesis
│ │ └── Applications_and_Dashboards
│ │ │ ├── AWS_Kinesis_Logs_Metrics.json
│ │ │ └── Screenshots
│ │ │ └── AWS_Kinesis_Logs_Metrics.png
│ ├── Lambda
│ │ └── Applications_and_Dashboards
│ │ │ ├── AWS_Lambda_Metrics.json
│ │ │ └── AWS_Lambda_Metrics.png
│ ├── RDS
│ │ └── Log-Collection
│ │ │ ├── AWS_RDS_Logs_Metrics.json
│ │ │ ├── README.md
│ │ │ ├── Screenshots
│ │ │ └── AWS_RDS_Logs_Metrics.png
│ │ │ ├── permissions.json
│ │ │ └── rds.py
│ ├── Redshift
│ │ ├── Applications_and_Dashboards
│ │ │ └── Redshift_App.json
│ │ └── Screenshots
│ │ │ ├── Redshift CPU, DB Connections, HealthStatus_1.png
│ │ │ ├── Redshift CPU, DB Connections, HealthStatus_2.png
│ │ │ ├── Redshift Network, Disk, and IOPS_1.png
│ │ │ ├── Redshift Network, Disk, and IOPS_2.png
│ │ │ └── Redshift_Events.png
│ ├── Route53
│ │ └── FER_Definitions
│ ├── S3
│ │ ├── AWS-CloudTrail-S3-API-Calls.json
│ │ ├── README.md
│ │ └── Screenshots
│ │ │ └── AWS-CloudTrail-S3-API-Calls.png
│ ├── SNS
│ │ ├── Applications_and_Dashboards
│ │ │ └── AWS_SNS_Metrics.json
│ │ └── Screenshots
│ │ │ └── AWS_SNS_Metrics.png
│ ├── SQS
│ │ ├── Applications_and_Dashboards
│ │ │ └── AWS_SQS_Logs_Metrics.json
│ │ └── Screenshots
│ │ │ └── AWS_SQS_Logs_Metrics.png
│ ├── Threat-Intel-for-AWS-Optimized
│ │ ├── README.md
│ │ ├── Screenshots
│ │ │ └── Screenshot-Threat-Intel-for-AWS-Overview-Optimized.png
│ │ ├── Threat-Intel-for-AWS-Optimized.json
│ │ └── scheduled-views-threat-intel-aws-optimized.txt
│ ├── VPC_Flow
│ │ ├── FER_Extractions
│ │ └── VPC_Flow_Logs
│ └── WAF
│ │ └── Applications_and_Dashboards
│ │ ├── AWS_WAF_ULM_App.json
│ │ └── Screenshots
│ │ ├── WAF_Metrics_Details_Dashboard.png
│ │ └── WAF_Overview_Dashboard.png
├── Aqua_Security
│ ├── AquaSecurity-Dashboard.json
│ ├── AquaSecurity-Dashboard.png
│ └── README.md
├── Barracuda_Networks
│ ├── Barracuda_WAF
│ │ ├── BarracudaNetworks-WAF.json
│ │ ├── README.md
│ │ └── Screenshots
│ │ │ ├── BarracudaNetworks-WAF-Locations.png
│ │ │ ├── BarracudaNetworks-WAF-Overview.png
│ │ │ ├── BarracudaNetworks-WAF-Visitors.png
│ │ │ └── BarracudaNetworks-WAF-WebServer_Ops.png
│ └── README.md
├── CSE_Network_Sensor
│ ├── CloudSIEM_Network_Sensor.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── screenshots
│ │ ├── connections.png
│ │ └── ip-investigation.png
├── Cisco
│ ├── ASA
│ │ ├── AnyConnect_ASA.json
│ │ ├── README.md
│ │ └── cisco_asa.log
│ ├── Meraki
│ │ ├── Cisco_Meraki.json
│ │ ├── README.md
│ │ └── Screenshots
│ │ │ └── Cisco_Meraki.png
│ └── Umbrella
│ │ ├── Cisco_Umbrella.json
│ │ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ │ └── README.md
├── CloudFlare
│ ├── Applications_and_Dashboards
│ │ └── CloudFlare_Logs.json
│ ├── README.md
│ └── Screenshots
│ │ ├── CloudFlare - Overview.png
│ │ ├── CloudFlare - Visitor Access Types.png
│ │ ├── CloudFlare - Visitor Locations.png
│ │ ├── CloudFlare - Visitor Traffic Insights.png
│ │ └── CloudFlare - Web Server Operations.png
├── Fastly
│ ├── CDN
│ │ └── Field_Extraction_Rules
│ │ │ └── Fastly_CDN_FERs.txt
│ └── README.md
├── Github
│ ├── README.md
│ └── Security
│ │ ├── Advanced_Security_Overview.json
│ │ ├── Code_Scanning_Alert.json
│ │ └── README.md
├── HA_Proxy
│ ├── Applications_and_Dashboards
│ │ └── HA_Proxy_400s_and_500s.json
│ ├── README.md
│ └── Screenshots
│ │ └── HA_Proxy_400s_and_500s.png
├── Kubernetes
│ ├── Applications_and_Dashboards
│ │ └── Google_Kubernetes_Management_Logs.json
│ ├── README.md
│ └── Screenshots
│ │ ├── Google_Kubernetes_Kube_ApiServer.png
│ │ ├── Google_Kubernetes_Kube_Controller_Manager.png
│ │ ├── Google_Kubernetes_Kube_Scheduler.png
│ │ └── Google_Kubernetes_Kube_System.png
├── Microsoft
│ ├── MicrosoftTeams
│ │ ├── Applications_and_Dashboards
│ │ │ └── Microsoft_Teams_Dashboard.json
│ │ ├── Screenshot
│ │ │ ├── screenshot-1.png
│ │ │ └── screenshot-2.png
│ │ └── readme.md
│ ├── Microsoft_Teams
│ ├── PCI_Compliance_for_Windows_JSON
│ │ ├── PCI_Compliance_for_Windows_JSON.json
│ │ ├── README.md
│ │ ├── Screenshot_PCI_Compliance_for_Windows_JSON_AccountUserSystem.png
│ │ ├── Screenshot_PCI_Compliance_for_Windows_JSON_LoginActivity.png
│ │ ├── Screenshot_PCI_Compliance_for_Windows_JSON_OtherUserActivity.png
│ │ └── Screenshot_PCI_Compliance_for_Windows_JSON_WindowsUpdateActivity.png
│ └── microsoft-sysmon
│ │ ├── README.md
│ │ ├── microsoft-sysmon.json
│ │ └── screenshots
│ │ ├── sysmon_dns_event_dashboard.png
│ │ ├── sysmon_events_overview_dashboard.png
│ │ ├── sysmon_network_connection_dashboard.png
│ │ ├── sysmon_network_connection_parameters_query.png
│ │ ├── sysmon_threat_intel_dashboard.png
│ │ └── sysmon_threat_overview_dashboard.png
├── MimeCast
│ ├── MimeCast-Application.json
│ ├── READMe.md
│ ├── Screenshots
│ │ ├── Screenshot-MimeCast-Audit.png
│ │ ├── Screenshot-MimeCast-MTA1.png
│ │ ├── Screenshot-MimeCast-MTA2.png
│ │ └── Screenshot-MimeCast-MTA3.png
│ ├── SumoLogic-Data-Collection-for-MimeCast.pdf
│ └── SumoLogic-Mimecast-Data-Collection
│ │ ├── audit_collection.py
│ │ ├── authentication_setup.py
│ │ ├── requests
│ │ ├── __init__.py
│ │ ├── __init__.pyc
│ │ ├── _internal_utils.py
│ │ ├── _internal_utils.pyc
│ │ ├── adapters.py
│ │ ├── adapters.pyc
│ │ ├── api.py
│ │ ├── api.pyc
│ │ ├── auth.py
│ │ ├── auth.pyc
│ │ ├── cacert.pem
│ │ ├── certs.py
│ │ ├── certs.pyc
│ │ ├── compat.py
│ │ ├── compat.pyc
│ │ ├── cookies.py
│ │ ├── cookies.pyc
│ │ ├── exceptions.py
│ │ ├── exceptions.pyc
│ │ ├── hooks.py
│ │ ├── hooks.pyc
│ │ ├── models.py
│ │ ├── models.pyc
│ │ ├── packages
│ │ │ ├── __init__.py
│ │ │ ├── __init__.pyc
│ │ │ ├── chardet
│ │ │ │ ├── __init__.py
│ │ │ │ ├── __init__.pyc
│ │ │ │ ├── big5freq.py
│ │ │ │ ├── big5freq.pyc
│ │ │ │ ├── big5prober.py
│ │ │ │ ├── big5prober.pyc
│ │ │ │ ├── chardetect.py
│ │ │ │ ├── chardistribution.py
│ │ │ │ ├── chardistribution.pyc
│ │ │ │ ├── charsetgroupprober.py
│ │ │ │ ├── charsetgroupprober.pyc
│ │ │ │ ├── charsetprober.py
│ │ │ │ ├── charsetprober.pyc
│ │ │ │ ├── codingstatemachine.py
│ │ │ │ ├── codingstatemachine.pyc
│ │ │ │ ├── compat.py
│ │ │ │ ├── compat.pyc
│ │ │ │ ├── constants.py
│ │ │ │ ├── constants.pyc
│ │ │ │ ├── cp949prober.py
│ │ │ │ ├── cp949prober.pyc
│ │ │ │ ├── escprober.py
│ │ │ │ ├── escprober.pyc
│ │ │ │ ├── escsm.py
│ │ │ │ ├── escsm.pyc
│ │ │ │ ├── eucjpprober.py
│ │ │ │ ├── eucjpprober.pyc
│ │ │ │ ├── euckrfreq.py
│ │ │ │ ├── euckrfreq.pyc
│ │ │ │ ├── euckrprober.py
│ │ │ │ ├── euckrprober.pyc
│ │ │ │ ├── euctwfreq.py
│ │ │ │ ├── euctwfreq.pyc
│ │ │ │ ├── euctwprober.py
│ │ │ │ ├── euctwprober.pyc
│ │ │ │ ├── gb2312freq.py
│ │ │ │ ├── gb2312freq.pyc
│ │ │ │ ├── gb2312prober.py
│ │ │ │ ├── gb2312prober.pyc
│ │ │ │ ├── hebrewprober.py
│ │ │ │ ├── hebrewprober.pyc
│ │ │ │ ├── jisfreq.py
│ │ │ │ ├── jisfreq.pyc
│ │ │ │ ├── jpcntx.py
│ │ │ │ ├── jpcntx.pyc
│ │ │ │ ├── langbulgarianmodel.py
│ │ │ │ ├── langbulgarianmodel.pyc
│ │ │ │ ├── langcyrillicmodel.py
│ │ │ │ ├── langcyrillicmodel.pyc
│ │ │ │ ├── langgreekmodel.py
│ │ │ │ ├── langgreekmodel.pyc
│ │ │ │ ├── langhebrewmodel.py
│ │ │ │ ├── langhebrewmodel.pyc
│ │ │ │ ├── langhungarianmodel.py
│ │ │ │ ├── langhungarianmodel.pyc
│ │ │ │ ├── langthaimodel.py
│ │ │ │ ├── langthaimodel.pyc
│ │ │ │ ├── latin1prober.py
│ │ │ │ ├── latin1prober.pyc
│ │ │ │ ├── mbcharsetprober.py
│ │ │ │ ├── mbcharsetprober.pyc
│ │ │ │ ├── mbcsgroupprober.py
│ │ │ │ ├── mbcsgroupprober.pyc
│ │ │ │ ├── mbcssm.py
│ │ │ │ ├── mbcssm.pyc
│ │ │ │ ├── sbcharsetprober.py
│ │ │ │ ├── sbcharsetprober.pyc
│ │ │ │ ├── sbcsgroupprober.py
│ │ │ │ ├── sbcsgroupprober.pyc
│ │ │ │ ├── sjisprober.py
│ │ │ │ ├── sjisprober.pyc
│ │ │ │ ├── universaldetector.py
│ │ │ │ ├── universaldetector.pyc
│ │ │ │ ├── utf8prober.py
│ │ │ │ └── utf8prober.pyc
│ │ │ ├── idna
│ │ │ │ ├── __init__.py
│ │ │ │ ├── codec.py
│ │ │ │ ├── compat.py
│ │ │ │ ├── core.py
│ │ │ │ ├── idnadata.py
│ │ │ │ ├── intranges.py
│ │ │ │ └── uts46data.py
│ │ │ └── urllib3
│ │ │ │ ├── __init__.py
│ │ │ │ ├── __init__.pyc
│ │ │ │ ├── _collections.py
│ │ │ │ ├── _collections.pyc
│ │ │ │ ├── connection.py
│ │ │ │ ├── connection.pyc
│ │ │ │ ├── connectionpool.py
│ │ │ │ ├── connectionpool.pyc
│ │ │ │ ├── contrib
│ │ │ │ ├── __init__.py
│ │ │ │ ├── __init__.pyc
│ │ │ │ ├── appengine.py
│ │ │ │ ├── ntlmpool.py
│ │ │ │ ├── pyopenssl.py
│ │ │ │ ├── pyopenssl.pyc
│ │ │ │ ├── socks.py
│ │ │ │ └── socks.pyc
│ │ │ │ ├── exceptions.py
│ │ │ │ ├── exceptions.pyc
│ │ │ │ ├── fields.py
│ │ │ │ ├── fields.pyc
│ │ │ │ ├── filepost.py
│ │ │ │ ├── filepost.pyc
│ │ │ │ ├── packages
│ │ │ │ ├── __init__.py
│ │ │ │ ├── __init__.pyc
│ │ │ │ ├── backports
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ └── makefile.py
│ │ │ │ ├── ordered_dict.py
│ │ │ │ ├── ordered_dict.pyc
│ │ │ │ ├── six.py
│ │ │ │ ├── six.pyc
│ │ │ │ └── ssl_match_hostname
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── __init__.pyc
│ │ │ │ │ ├── _implementation.py
│ │ │ │ │ └── _implementation.pyc
│ │ │ │ ├── poolmanager.py
│ │ │ │ ├── poolmanager.pyc
│ │ │ │ ├── request.py
│ │ │ │ ├── request.pyc
│ │ │ │ ├── response.py
│ │ │ │ ├── response.pyc
│ │ │ │ └── util
│ │ │ │ ├── __init__.py
│ │ │ │ ├── __init__.pyc
│ │ │ │ ├── connection.py
│ │ │ │ ├── connection.pyc
│ │ │ │ ├── request.py
│ │ │ │ ├── request.pyc
│ │ │ │ ├── response.py
│ │ │ │ ├── response.pyc
│ │ │ │ ├── retry.py
│ │ │ │ ├── retry.pyc
│ │ │ │ ├── selectors.py
│ │ │ │ ├── selectors.pyc
│ │ │ │ ├── ssl_.py
│ │ │ │ ├── ssl_.pyc
│ │ │ │ ├── timeout.py
│ │ │ │ ├── timeout.pyc
│ │ │ │ ├── url.py
│ │ │ │ ├── url.pyc
│ │ │ │ ├── wait.py
│ │ │ │ └── wait.pyc
│ │ ├── sessions.py
│ │ ├── sessions.pyc
│ │ ├── status_codes.py
│ │ ├── status_codes.pyc
│ │ ├── structures.py
│ │ ├── structures.pyc
│ │ ├── utils.py
│ │ └── utils.pyc
│ │ └── siem_collection.py
├── Netflow
│ ├── Meraki-Netflow-dashboard.png
│ ├── Meraki-Netflow.json
│ └── README.md
├── Okta
│ ├── .gitignore
│ ├── README.md
│ └── okta-logs-to-sumo.py
├── Palo_Alto_Networks
│ └── PAN7x
│ │ ├── Palo_Alto_Networks_7.x.json
│ │ ├── README.md
│ │ └── Screenshots
│ │ ├── PAN7_Overview.png
│ │ ├── PAN7_Threats.png
│ │ └── PAN7_Traffic.png
├── ProofPoint
│ ├── ProofPoint.json
│ ├── README.md
│ └── Screenshots
│ │ └── ProofPoint_Overview.png
├── Qualys
│ ├── Collection
│ │ ├── Qualys.py
│ │ ├── Qualys_Config.cfg
│ │ └── README.md
│ └── README.md
├── Retired Sumo Tools
│ ├── Data_Volume
│ │ ├── Data_Volume_Analysis.json
│ │ ├── Investigate_Volume_by_sourcecategory_gb.txt
│ │ ├── Investigate_Volume_by_view_gb.txt
│ │ ├── README.md
│ │ └── Screenshots
│ │ │ └── data_volume_analysis.png
│ ├── Event_Based_S3_Automation
│ │ ├── README.md
│ │ ├── requirements.txt
│ │ └── script.py
│ ├── Multiline_or_Boundary_Regex
│ │ ├── Multiple_Start_Patterns
│ │ │ ├── IP_or_Timestamp
│ │ │ ├── IP_or_Timestamp.png
│ │ │ ├── IP_or_dash_-
│ │ │ └── README.md
│ │ └── README.md
│ └── Processing_Rules
│ │ ├── Blacklist_or_Whitelist
│ │ ├── Block_All_Including_Multiline
│ │ ├── Block_All_Including_Multiline.png
│ │ ├── Block_or_Inlcude_by_Keyword
│ │ └── README.md
│ │ ├── Hashing
│ │ └── README.md
│ │ ├── Masking
│ │ ├── Mask_Credit_Card_Nums_JSON
│ │ ├── Mask_Credit_Card_Nums_JSON.png
│ │ ├── Mask_SSN
│ │ ├── Mask_SSN.png
│ │ └── README.md
│ │ └── README.md
├── Salesforce
│ ├── README.md
│ └── sfdc_upload_lambda.py
└── Software_Development_Optimization
│ ├── Azure
│ └── AzureDevOpsFers.txt
│ ├── CircleCI
│ └── CircleCIFer.txt
│ ├── Gitlab
│ └── GitlabFer.txt
│ ├── Octopus
│ └── OctopusDeployFer.txt
│ └── README.md
├── SentinelOne
├── Prototype
│ ├── Applications_and_Dashboards
│ │ └── SentinelOne_NoSpecProduct_Logs.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── Screenshots
│ │ └── SentinelOne_NoSpecProduct_Logs.png
├── Prototype_2
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── app.json
└── README.md
├── Slurm
├── README.md
└── slurm_metrics_dashboard.json
├── SonicWall
├── Applications_and_Dashboards
│ ├── SonicWall_parser.txt
│ └── Sonicwall_Overview.json
├── Comments
│ ├── Comments.json
│ └── README.md
├── README.md
└── Screenshots
│ └── sonicwall_overview.png
├── Sophos
├── README.md
├── Sophos-Central
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ ├── Screenshot
│ │ └── Screenshot-Sophos-Central-Overview.png
│ └── Sophos_Overview.json
└── UTM
│ ├── Comments
│ ├── Comments.json
│ └── README.md
│ ├── README.md
│ ├── Screenshots
│ ├── Screenshot-Sophos-UTM-Blocked-Traffic.png
│ ├── Screenshot-Sophos-UTM-Dropped-Packets.png
│ ├── Screenshot-Sophos-UTM-Overview.png
│ ├── Screenshot-Sophos-UTM-Threat-Intelligence.png
│ └── Screenshot-Sophos-UTM-Traffic.png
│ ├── Sophos-UTM.json
│ └── sophos-utm-field-extraction-rules.txt
├── Sumo-Logic-Customer-Success
├── alerts
│ ├── dashboards
│ │ └── Alert Tuning - Monitor and Scheduled Searches.json
│ └── ingest.monitoring
│ │ ├── credits_inf_scan_alert.txt
│ │ ├── credits_spike_by_category.txt
│ │ ├── low_or_stopped_collection_using_data_volume.txt
│ │ └── unHealthy.health.events.txt
├── parsing
│ └── nignx.ingress.access.txt
└── readme.md
├── Sumo-Logic-Tools
├── AWSCloudwatchExistingLogsSender
│ ├── README.md
│ └── downloadexistingcwlogs.py
├── Automatic-Source-Shutoff
│ ├── README.md
│ ├── data-volume-scheduled-view.txt
│ ├── example-shutoff-query.txt
│ └── sourceShutoff.py
├── Collection_Scripts
│ ├── Installed_Collector_Scripts
│ │ ├── README.md
│ │ ├── linux_example_source.sh
│ │ ├── linux_no_sources.sh
│ │ └── windows_powershell.ps1
│ ├── OpenTelemetry_Scripts
│ │ ├── README.md
│ │ ├── otel_http_endpoint.yaml
│ │ └── otel_install_token.yaml
│ └── README.md
├── Collector_Management
│ ├── Alert_Collector_not_sending_data_within_X_hours.txt
│ ├── README.md
│ └── delete_ghost_collectors
│ │ ├── README.md
│ │ └── delete_ghost_collectors.py
├── Data Volume
│ ├── 30d_time_compare_top_20_sourcecategories.json
│ ├── README.md
│ ├── method_to_find_sourcecategories_that_crossover_partitions.json
│ └── top_twenty_sourcecategories_over_time.json
├── Data_Hygiene
│ ├── Data_Hygiene.json
│ └── README.md
├── Generic_Syslog
│ └── Syslog_Severity_Parser.txt
├── Misc
│ └── emoji.csv
├── README.md
├── SumoAlerts-To-AWS-SNS
│ ├── README.md
│ ├── payload.json
│ └── sumo-to-sns.yaml
├── Threat_Intelligence_Optimized
│ ├── README.md
│ ├── Screenshot-Threat-Intelligence-IP-Optimized.png
│ ├── Screenshot-Threat-Intelligence-Overview-Optimized.png
│ ├── Screenshot-Threat-Intelligence-Threat-Lookup-Optimized.png
│ ├── Threat-Intel-Quick-Analysis-Optimized.json
│ └── scheduled-views.txt
├── Timestamp_Resolutions
│ └── Investigate_Timestamp_Parsing_Delays.txt
├── Webhooks
│ ├── Custom
│ │ └── Example1_with_Dashboard_Link
│ ├── JIRA
│ │ ├── JIRA_Webhook.png
│ │ ├── JIRA_Webhook_Payload
│ │ └── README.md
│ ├── OpsGenie
│ │ ├── OpsGenie_Webhook
│ │ ├── OpsGenie_Webhook.png
│ │ └── README.md
│ └── Zendesk
│ │ ├── Create_Zendesk_Webhook.png
│ │ ├── Example_Zendesk_Ticket.png
│ │ ├── README.md
│ │ └── Zendesk_Payload_json
└── sumologic_python_client
│ ├── README.md
│ ├── sample_scripts
│ ├── README.md
│ ├── api_client.py
│ ├── export.py
│ ├── find_content_id.py
│ ├── permission.py
│ ├── sync.py
│ └── util.py
│ └── sumologic
│ ├── README.md
│ ├── __init__.py
│ ├── _async_job.py
│ ├── api
│ ├── __init__.py
│ ├── content.py
│ ├── folder.py
│ └── permission.py
│ └── client.py
├── Sumo_Logic_Log_Searching
├── All_Searchable_Metadata
│ ├── All_Searchable_Data.json
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── screenshots
│ │ ├── all_continuous.png
│ │ ├── all_searchable_logs.png
│ │ └── all_searchable_metrics.png
├── Ingest_Limits_Tracking
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── README.md
│ └── screenshots
│ │ └── ingest_limits.png
├── README.md
├── Search_Performance
│ ├── Comments
│ │ ├── Comments.json
│ │ └── README.md
│ ├── Enterprise_Search_Audit_Search_Performance_consolidated.json
│ └── README.md
└── Universal_Cloud_Collector
│ └── README.md
├── Sumo_Logic_Tracing
├── Comments
│ ├── Comments.json
│ └── README.md
└── README.md
├── Sumotoolbox
└── README.md
├── Symantec
├── README.md
└── WSS
│ ├── Comments
│ ├── Comments.json
│ └── README.md
│ ├── README.md
│ ├── Screenshots
│ ├── category_details.png
│ ├── overview.png
│ └── tls_versions.png
│ └── Symantec_WSS.json
└── Tenable
├── README.md
└── Tenable_IO
├── Comments
├── Comments.json
└── README.md
├── README.md
├── Screenshots
├── Tenable.png
└── Tenable2.png
└── Tenable.io.json
/.gitignore:
--------------------------------------------------------------------------------
1 | /.buildpath
2 | /build/
3 | */archive/
4 |
5 | __MACOSX
6 | .DS_Store
7 |
8 | .project
9 | .settings
10 | .classpath
11 | .sass-cache/
12 |
13 | # OS generated files #
14 | ######################
15 | */.DS_Store
16 | .DS_Store
17 | .DS_Store?
18 | ._*
19 | .Spotlight-V100
20 | .Trashes
21 | Icon?
22 | ehthumbs.db
23 | Thumbs.db
24 |
25 | # Packages #
26 | ############
27 | # it's better to unpack these files and commit the raw source
28 | # git has its own built in compression methods
29 | *.7z
30 | *.dmg
31 | *.gz
32 | *.iso
33 | *.jar
34 | *.rar
35 | *.tar
36 | *.zip
--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "sumologictoolbox"]
2 | path = sumologictoolbox
3 | url = https://github.com/voltaire321/sumologictoolbox.git
4 |
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_CloudSearch/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_CloudSearch/Screenshot-Amazon-CloudSearch-ULM.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_CloudSearch/Screenshot-Amazon-CloudSearch-ULM.png
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_CloudTrail/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[wjakelee/Jake L]",
3 | "ratings":{
4 | "overall":4.5,
5 | "use-case":4.5,
6 | "design":5,
7 | "technical":4
8 | },
9 | "review":"This is a great high level dashboard that allows me to understand user action trends and outliers in my AWS environment. This is a nice add on to the OOTB dashboards that come for CloudTrail from Sumo"
10 | }
11 |
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_CloudTrail/Dashboard & FERs/README.md:
--------------------------------------------------------------------------------
1 | # Content Details
2 |
3 | The dashboard below can be set up quickly and easily by importing the 'cloudtrail_user_activity_dashboard.json' file into your Sumo account. Please see the README.md file in the CloudTrail directory for more details on this process. This dashboard does not use Field Extraction Rules (FERs), so dashboard load times may be delayed.
4 |
5 | It is recommended that you also install the FERs in the file. Once installed, you can use the dashboard in the 'cloudtrail_user_activity_dashboard_FERs.json' file.
6 |
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_CloudTrail/Screenshots/AWSUserActivity.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_CloudTrail/Screenshots/AWSUserActivity.png
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_EC2/Host_Metrics_OTEL/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[wjakelee/Jake]",
3 | "ratings":{
4 | "overall":4,
5 | "use-case":5,
6 | "design":5,
7 | "technical":4
8 | },
9 | "review":"This App is very nice to have to replace the current AWS EC2 Host Metrics Dashboards when OTEL collectors are used instead of Sumo's traditional Installed Collectors. That being said, some of the search panels require adjustment depending on the type/version of the OS used."
10 | }
11 |
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_Health/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-CPU-Utilization.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-CPU-Utilization.png
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Disk.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Disk.png
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-File-System.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-File-System.png
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Memory.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Memory.png
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Network.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Network.png
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Overview.png
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Processes.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Processes.png
--------------------------------------------------------------------------------
/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Tasks.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Amazon_Web_Services/AWS_RDS/Enhanced-Monitoring/Screenshots/RDS-Enhanced-Monitoring-Tasks.png
--------------------------------------------------------------------------------
/Aruba_Wireless/ArubaWireless_Controller/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Aruba_Wireless/ArubaWireless_Controller/Screenshots/ArubaWireless-Controller-AuthMgr.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Aruba_Wireless/ArubaWireless_Controller/Screenshots/ArubaWireless-Controller-AuthMgr.png
--------------------------------------------------------------------------------
/Aruba_Wireless/ArubaWireless_Controller/Screenshots/ArubaWireless-Controller-WMSModule.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Aruba_Wireless/ArubaWireless_Controller/Screenshots/ArubaWireless-Controller-WMSModule.png
--------------------------------------------------------------------------------
/Aruba_Wireless/ArubaWireless_TACACS/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Aruba_Wireless/ArubaWireless_TACACS/Screenshots/ArubaWireless-TACACS.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Aruba_Wireless/ArubaWireless_TACACS/Screenshots/ArubaWireless-TACACS.png
--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | # Learn about CODEOWNERS file format:
2 | # https://help.github.com/en/articles/about-code-owners
3 |
4 | * @wjakelee @dbraab
5 |
--------------------------------------------------------------------------------
/CSPM/CloudQuery/AWS/screenshots/cloudquery_execute.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/AWS/screenshots/cloudquery_execute.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/AWS/screenshots/data_in_sumo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/AWS/screenshots/data_in_sumo.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/AWS/screenshots/example_CIS_Framework_Dashboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/AWS/screenshots/example_CIS_Framework_Dashboard.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/AWS/screenshots/local_file_source.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/AWS/screenshots/local_file_source.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/AWS/screenshots/query_parse_data.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/AWS/screenshots/query_parse_data.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/Azure/azure.yml:
--------------------------------------------------------------------------------
1 | kind: source
2 | spec:
3 | name: azure
4 | path: cloudquery/azure
5 | version: "v1.4.3" # latest version of azure plugin
6 | tables: ["*"]
7 | destinations: ["postgresql"]
--------------------------------------------------------------------------------
/CSPM/CloudQuery/Azure/screenshots/cloudquery_execute.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/Azure/screenshots/cloudquery_execute.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/Azure/screenshots/data_in_sumo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/Azure/screenshots/data_in_sumo.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/Azure/screenshots/example_HIPAA_Hi-trust.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/Azure/screenshots/example_HIPAA_Hi-trust.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/Azure/screenshots/local_file_source.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/Azure/screenshots/local_file_source.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/Azure/screenshots/query_parse_data.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CSPM/CloudQuery/Azure/screenshots/query_parse_data.png
--------------------------------------------------------------------------------
/CSPM/CloudQuery/GCP/readme.md:
--------------------------------------------------------------------------------
1 | # WIP
--------------------------------------------------------------------------------
/CSPM/CloudQuery/readme.md:
--------------------------------------------------------------------------------
1 | # Welcome please click one of the three cloud providers below
2 |
3 | [AWS](/CSPM/CloudQuery/AWS/)
4 |
5 | [Azure](/CSPM/CloudQuery/Azure/)
6 |
7 | [GCP](/CSPM/CloudQuery/GCP/)
8 |
--------------------------------------------------------------------------------
/Centrify/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Centrify/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/Centrify/Screenshots/Centrify_NoSpecProduct_Logs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Centrify/Screenshots/Centrify_NoSpecProduct_Logs.png
--------------------------------------------------------------------------------
/Checkpoint/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Checkpoint/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/Checkpoint/Screenshots/Checkpoint_Logs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Checkpoint/Screenshots/Checkpoint_Logs.png
--------------------------------------------------------------------------------
/Chef/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Chef/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/Cisco/Sourcefire/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Cisco/Sourcefire/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/Cisco/Sourcefire/Screenshots/Cisco-Sourcefire-Allowed-Traffic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Cisco/Sourcefire/Screenshots/Cisco-Sourcefire-Allowed-Traffic.png
--------------------------------------------------------------------------------
/Cisco/Sourcefire/Screenshots/Cisco-Sourcefire-Blocked-Traffic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Cisco/Sourcefire/Screenshots/Cisco-Sourcefire-Blocked-Traffic.png
--------------------------------------------------------------------------------
/Cisco/Sourcefire/Screenshots/Cisco-Sourcefire-Overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Cisco/Sourcefire/Screenshots/Cisco-Sourcefire-Overview.png
--------------------------------------------------------------------------------
/Citrix/VPN/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Citrix/VPN/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/Citrix/XenServer/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Citrix/XenServer/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/Citrix/XenServer/Screenshots/Citrix_XenServer_Logs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Citrix/XenServer/Screenshots/Citrix_XenServer_Logs.png
--------------------------------------------------------------------------------
/CloudSIEM/Alerts/README.md:
--------------------------------------------------------------------------------
1 | # Cloud SIEM Monitor for Created Insights
2 |
3 | Sumo Logic Community Content built for Cloud SIEM products that are not yet out of the box.
4 |
5 | ### To use the content:
6 | Download the JSON file(s).
7 | Replace the Cloud SIEM service URL in the JSON with your own. ("Go to the Insight here /{{ResultsJson.readableid}}", i.e. Sumo Logic service URL might be "https://play.sumologic.com/sec/insight/").
8 | Import the content to your desired folder location in Sumo Logic Monitors.
9 |
--------------------------------------------------------------------------------
/CloudSIEM/CSE_Vendor_Content/Cribl Generic JSON Parser Template:
--------------------------------------------------------------------------------
1 | ## This parser will work for Cribl data in JSON format that includes orginal fields in the '_raw' field. If '_raw'is not used, use the basic JSON template
2 |
3 | [parser]
4 | #pre-parser to grab '_raw' field that contains all original fields
5 | FORMAT = REGEX
6 | REGEX = (?.*\"_raw\":(?.*}),.*)
7 |
8 | TRANSFORM:nested_message= parse_raw_fields
9 | TRANSFORM:full_message= parse_cribl_fields
10 |
11 | DROP:nested_message = true
12 | DROP:full_message = true
13 |
14 | DROP:r|_raw.* = true
15 |
16 | [TRANSFORM:parse_raw_fields]
17 | FORMAT = JSON
18 |
19 | [TRANSFORM:parse_cribl_fields]
20 | FORMAT = JSON
21 |
22 | MAPPER:vendor= Vendor #Replace w/ Vendor Name Zscaler
23 | MAPPER:product= Product #Replace w/ Product Name
24 | MAPPER:event_id= {{event_id}} #Replace w/ Event ID Field
25 |
26 | START_TIME_FIELD = _messagetime
27 | TIME_PARSER = X1000
28 |
29 |
30 |
31 |
32 |
--------------------------------------------------------------------------------
/CloudSIEM/CSE_Vendor_Content/README.md:
--------------------------------------------------------------------------------
1 | # Sumo Logic for CSE Vendor Content
2 | Sumo Logic Community Content for CSE Vendor parsers, log mappings, and rules, that are not published to CSE.
3 |
4 | ### To use the content:
5 | - Download the JSON file(s).
6 | - Find/replace all Source Categories within the JSON with your own Source Category (Ex: sourceCategory=yourSourceCategory).
7 | - [Import](https://help.sumologic.com/docs/get-started/library/#import-content) the content to your desired folder location in Sumo Logic.
8 |
9 | ### Collection:
10 | For instructions on how to collect logs and metrics for use with content, please see [Sumo Logic Documentation](https://help.sumologic.com/docs/send-data/).
11 |
12 | ### To upload your own content:
13 | Please see [Sumo Logic Community Ecosystem Apps FAQs](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#faq).
--------------------------------------------------------------------------------
/CloudSOAR/Dashboards/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/CloudSOAR/Dashboards/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/CloudSOAR/Dashboards/Screenshots/playbook_monitoring_screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Dashboards/Screenshots/playbook_monitoring_screenshot.png
--------------------------------------------------------------------------------
/CloudSOAR/Integrations/Automation-Tools/automation-tools.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Integrations/Automation-Tools/automation-tools.tar.gz
--------------------------------------------------------------------------------
/CloudSOAR/Integrations/Screenshot Machine/reference_01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Integrations/Screenshot Machine/reference_01.png
--------------------------------------------------------------------------------
/CloudSOAR/Integrations/Screenshot Machine/reference_02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Integrations/Screenshot Machine/reference_02.png
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/Playbook - Cloud SIEM Insight Auto-Close/README.md:
--------------------------------------------------------------------------------
1 | # Playbook - Cloud SIEM Insight Auto-Close
2 | 
3 |
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/Playbook - Cloud SIEM Insight Auto-Close/playbook_CSE - Insight Status Handling_Scheduled_8_25_2023.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Playbooks/Playbook - Cloud SIEM Insight Auto-Close/playbook_CSE - Insight Status Handling_Scheduled_8_25_2023.zip
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/Playbook - Cloud SIEM Insight Auto-Close/reference.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Playbooks/Playbook - Cloud SIEM Insight Auto-Close/reference.png
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/Playbook - Phishing Report - Compromised User/README.md:
--------------------------------------------------------------------------------
1 | # Playbook - Phishing Report - Compromised User
2 | 
3 |
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/Playbook - Phishing Report - Compromised User/playbook_PhishReports_CompromisedUser_8_31_2023.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Playbooks/Playbook - Phishing Report - Compromised User/playbook_PhishReports_CompromisedUser_8_31_2023.zip
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/Playbook - Phishing Report - Compromised User/reference.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Playbooks/Playbook - Phishing Report - Compromised User/reference.png
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/docs/doc_01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Playbooks/docs/doc_01.png
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/docs/doc_02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Playbooks/docs/doc_02.png
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/docs/doc_export.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Playbooks/docs/doc_export.png
--------------------------------------------------------------------------------
/CloudSOAR/Playbooks/docs/doc_import.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/CloudSOAR/Playbooks/docs/doc_import.png
--------------------------------------------------------------------------------
/Cloudflare/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Cloudflare/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/Cloudflare/Screenshots/Cloudflare_DNS.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Cloudflare/Screenshots/Cloudflare_DNS.png
--------------------------------------------------------------------------------
/Cloudflare/Screenshots/Cloudflare_Zero_Trust.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Cloudflare/Screenshots/Cloudflare_Zero_Trust.png
--------------------------------------------------------------------------------
/Custom_Application_Logs/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall":"[ENTER NUMBER 0-5]",
5 | "use-case":"[ENTER NUMBER 0-5]",
6 | "design":"[ENTER NUMBER 0-5]",
7 | "technical":"[ENTER NUMBER 0-5]"
8 | },
9 | "review":"[EXAMPLE: This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard.]"
10 | }
--------------------------------------------------------------------------------
/Custom_Application_Logs/IP_Explorer_Dashboard.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Custom_Application_Logs/IP_Explorer_Dashboard.png
--------------------------------------------------------------------------------
/Custom_Application_Logs/Keywords_Explorer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Custom_Application_Logs/Keywords_Explorer.png
--------------------------------------------------------------------------------
/ExtraHop Reveal(x) 360/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[githubid/name]",
3 | "ratings":{
4 | "overall": [0-5],
5 | "use-case":[0-5],
6 | "design":[0-5],
7 | "technical":[0-5]
8 | },
9 | "review":"Example review: This a great app that provides some quick time to value for my logs using some prebuilt Sumo queries."
10 | }
11 |
--------------------------------------------------------------------------------
/ExtraHop Reveal(x) 360/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/ExtraHop Reveal(x) 360/Screenshots/aws-cft-params.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/ExtraHop Reveal(x) 360/Screenshots/aws-cft-params.png
--------------------------------------------------------------------------------
/ExtraHop Reveal(x) 360/Screenshots/aws-cwlogs-eh-detection-sync.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/ExtraHop Reveal(x) 360/Screenshots/aws-cwlogs-eh-detection-sync.png
--------------------------------------------------------------------------------
/ExtraHop Reveal(x) 360/Screenshots/aws-cwlogs-eh-sumo-connector.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/ExtraHop Reveal(x) 360/Screenshots/aws-cwlogs-eh-sumo-connector.png
--------------------------------------------------------------------------------
/ExtraHop Reveal(x) 360/Screenshots/aws-cwlogs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/ExtraHop Reveal(x) 360/Screenshots/aws-cwlogs.png
--------------------------------------------------------------------------------
/ExtraHop Reveal(x) 360/Screenshots/sumo-dashboard.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/ExtraHop Reveal(x) 360/Screenshots/sumo-dashboard.jpeg
--------------------------------------------------------------------------------
/ExtraHop Reveal(x) 360/Screenshots/sumo-query1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/ExtraHop Reveal(x) 360/Screenshots/sumo-query1.png
--------------------------------------------------------------------------------
/ExtraHop Reveal(x) 360/Screenshots/sumo-query2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/ExtraHop Reveal(x) 360/Screenshots/sumo-query2.png
--------------------------------------------------------------------------------
/F5/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[wjakelee/Jake L]",
3 | "ratings":{
4 | "overall":4,
5 | "use-case":4,
6 | "design":4,
7 | "technical":4
8 | },
9 | "review":"This a great app that provides some quick time to value for my F5 logs using some prebuilt Sumo queries. It would be nice if some more complex Sumo parse perators were used for deeper analysis, but the ones provided are an awesome starting point."
10 | }
11 |
--------------------------------------------------------------------------------
/F5/Comments/README.md:
--------------------------------------------------------------------------------
1 | # Comments
2 | Please provide a review/comment for this content by following the guidelines below:
3 |
4 | - Select the **Comments** folder.
5 | - Open the **Comments.json** file.
6 | - Select Edit (pen icon).
7 | - Add a new line below the current comments, and paste in your review/comment using the following schema:
8 |
9 | {
10 | "reviewer":"[githubid/name]",
11 | "ratings":{
12 | "overall":4,
13 | "use-case":5,
14 | "design":4,
15 | "technical":4
16 | },
17 | "review":"This app is very useful for knowing x, y, and z. It would be great if the dashboards were broken out by use case instead of being one big dashboard."
18 | }
19 |
20 |
21 | - Select **Propose New Changes**.
22 | - Submit **Pull Request**.
23 |
24 | Code owners will review and merge your comments on the content to the repo.
25 |
26 | Please see [How to add a review/comment to an app](https://help.sumologic.com/docs/integrations/community-ecosystem-apps/#how-do-i-add-a-reviewrating-to-an-app) for more information.
--------------------------------------------------------------------------------
/F5/Screenshots/F5_XC_Requests_Overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/F5/Screenshots/F5_XC_Requests_Overview.png
--------------------------------------------------------------------------------
/F5/Screenshots/F5_XC_Security_Events_Overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/F5/Screenshots/F5_XC_Security_Events_Overview.png
--------------------------------------------------------------------------------
/Fortinet/Fortigate_Firewall/Comments/Comments.json:
--------------------------------------------------------------------------------
1 | {
2 | "reviewer":"[wjakelee/Jake]",
3 | "ratings":{
4 | "overall":4.5,
5 | "use-case":5,
6 | "design":4,
7 | "technical":5
8 | },
9 | "review":"This App gives me all of this insights I would need into my fortigate firewall logs. Some of the panels don't work for me, but I think its because I need to enable more logging on the fortigate side. This App also comes with some scheduled alerts you can set up."
10 | }
11 |
--------------------------------------------------------------------------------
/Fortinet/Fortigate_Firewall/Screenshots/events.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Fortinet/Fortigate_Firewall/Screenshots/events.png
--------------------------------------------------------------------------------
/Fortinet/Fortigate_Firewall/Screenshots/overview.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Fortinet/Fortigate_Firewall/Screenshots/overview.png
--------------------------------------------------------------------------------
/Fortinet/Fortigate_Firewall/Screenshots/sys_performance.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Fortinet/Fortigate_Firewall/Screenshots/sys_performance.png
--------------------------------------------------------------------------------
/Fortinet/Fortigate_Firewall/Screenshots/threats.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Fortinet/Fortigate_Firewall/Screenshots/threats.png
--------------------------------------------------------------------------------
/Fortinet/Fortigate_Firewall/Screenshots/traffic.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/SumoLogic/sumologic-content/a1ff9bd958540f952e9537b308110270f42ccb8b/Fortinet/Fortigate_Firewall/Screenshots/traffic.png
--------------------------------------------------------------------------------
/Fortinet/Fortigate_UTM/Applications_and_Dashboards/Fortinet_Fortigate_Event_Parser_Search.txt:
--------------------------------------------------------------------------------
1 | _sourcecategory=fortigate !(%ASA) "type=event"
2 | | extract "date=(?.*?) time=(?