From f66961f49cab61c0e3e9d2a66314f83d2dd439fe Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 19 Feb 2026 10:17:07 +0530 Subject: [PATCH 1/5] Update okta-source.md --- .../okta-source.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md index bada632cc2..35b5686665 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md @@ -105,3 +105,15 @@ Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ## Limitation During a polling interval, an Okta Source will make a request for every 1,000 logs available. The Okta API uses paging and only 1,000 logs are returned at a time. + +## Install Okta app + +Once you understand how and where Okta data is collected, you can visualize and analyze that data by [installing the Sumo Logic Okta app](/docs/integrations/saml/okta). + +Installing the Sumo Logic Okta app helps you quickly gain visibility into identity and access activity through built-in dashboards. It enables you to: +- Monitor administrative actions performed in Okta +- Track failed and successful login attempts +- Analyze user activity across applications accessed through Okta +- Gain visibility into application usage and access patterns +- Review user events and authentication behavior +- Monitor Multi-Factor Authentication (MFA) activity through preconfigured dashboards \ No newline at end of file From a0c6658ea232a0e38972f9607cef5a87cc5f3332 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 26 Feb 2026 03:03:39 +0530 Subject: [PATCH 2/5] added new files --- .../1password-source.md | 13 +++++++++++++ .../cisco-meraki-source.md | 12 ++++++++++++ .../crowdstrike-source.md | 11 +++++++++++ .../duo-source.md | 12 ++++++++++++ .../google-workspace-alertcenter.md | 11 +++++++++++ .../microsoft-azure-ad-inventory-source.md | 11 +++++++++++ .../okta-source.md | 18 +++++++++--------- .../sentinelone-mgmt-api-source.md | 11 +++++++++++ .../slack-source.md | 11 +++++++++++ 9 files changed, 101 insertions(+), 9 deletions(-) diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md index a473647079..a725b45b8e 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/1password-source.md @@ -118,3 +118,16 @@ To resolve these errors: :::info Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ::: + +## App installation + +Once you understand how and where 1Password data is collected, you can visualize and analyze that data by installing the Sumo Logic app for [1Password](/docs/integrations/saas-cloud/1password/). + +Installing the 1Password app enables you to: +- Centralize visibility into 1Password sign-in and item usage activity. +- Monitor authentication success and failures to spot suspicious access. +- Analyze events by user, app, type, and geo-location for faster investigation. +- Detect outliers and sign-in threats indicating risky behavior. +- Track critical security and audit changes (accounts, emails, groups, roles). +- Highlight high-risk locations through geographic activity insights. +- Secure shared vaults with actionable access and threat intelligence. \ No newline at end of file diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md index 66a03beb1e..83cd9ccff1 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/cisco-meraki-source.md @@ -149,3 +149,15 @@ Sources can be configured using UTF-8 encoded JSON files with the Collector Ma :::info Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ::: + +## App installation + +Once you understand how and where Cisco Meraki data is collected, you can visualize and analyze that data by installing the Sumo Logic app for [Cisco Meraki](/docs/integrations/saas-cloud/cisco-meraki-c2c/). + +Installing the Cisco Meraki app enables you to: +- Gain real-time visibility into network events and admin activities from Cisco Meraki. +- Detect potential network issues and security events early for faster investigation. +- Monitor and optimize network performance with actionable insights. +- Enhance security posture by identifying suspicious or risky activities. +- Respond proactively to threats and reduce operational downtime. +- Support efficient network administration and maintain a reliable, secure infrastructure. \ No newline at end of file diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md index 76cab2586a..703b942791 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-source.md @@ -115,3 +115,14 @@ https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/ :::info Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ::: + +## App installation + +Once you understand how and where CrowdStrike data is collected, you can visualize and analyze that data by installing the Sumo Logic app for [CrowdStrike Falcon Endpoint Protection](/docs/integrations/security-threat-detection/crowdstrike-falcon-endpoint-protection/). + +Installing the CrowdStrike Falcon Endpoint Protection app enables you to: +- Provides visibility into your endpoint security posture using data from the CrowdStrike Falcon Endpoint Protection platform. +- Helps analyze indicators of compromise (IOCs) by affected users, tactics, techniques, and objectives. +- Identifies hosts across your network with the highest malware detections. +- Includes prebuilt dashboards to detect threats and security incidents. +- Enables drill-down investigations for faster threat analysis and response. \ No newline at end of file diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md index e8b320f056..05bcbfc405 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/duo-source.md @@ -108,3 +108,15 @@ https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/ :::info Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ::: + +## App installation + +Once you understand how and where Duo data is collected, you can visualize and analyze that data by installing the Sumo Logic app for [Duo Security](/docs/integrations/security-threat-detection/duo-security/). + +Installing the Duo Security app enables you to: +- Gain centralized visibility into authentication, admin, and telephony logs from Duo Security. +- Monitor successful and failed authentications to quickly spot suspicious access attempts. +- Analyze events by application, user, authentication factor, and geo-location for faster investigations. +- Track administrator activities to maintain security and compliance. +- Detect outliers and potential authentication threats through built-in threat analysis. +- Strengthen overall identity and access security posture with actionable insights. \ No newline at end of file diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md index 1eb95f280e..6cc19eabf8 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/google-workspace-alertcenter.md @@ -110,3 +110,14 @@ https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/ :::info Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ::: + +## App installation + +Once you understand how and where Google Workspace AlertCenter data is collected, you can visualize and analyze that data by installing the Sumo Logic app for [Google Workspace](/docs/integrations/google/workspace/install-app-dashboards/). + +Installing the Google Workspace app enables you to: +- Monitor admin and user activities across all Google Workspace applications from one place. +- Analyze Google Drive usage and login activity for better usage and access visibility. +- Gain full visibility into Alert Center alerts to investigate and correlate security events. +- Detect and monitor potential threats across Workspace apps with unified dashboards. +- Simplify security monitoring and compliance with prebuilt, comprehensive dashboards. \ No newline at end of file diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md index baab8471bc..9922133380 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-azure-ad-inventory-source.md @@ -139,3 +139,14 @@ https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/ :::info Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ::: + +## App installation + +Once you understand how and where Microsoft Azure AD Inventory data is collected, you can visualize and analyze that data by installing the Sumo Logic app for [Microsoft Azure AD Inventory](/docs/integrations/saas-cloud/microsoft-azure-ad-inventory/). + +Installing the Microsoft Azure AD Inventory app enables you to: +- Monitor user sign-in activity to detect unauthorized or risky access. +- Track user demographics and behavior for better identity governance. +- Gain visibility into device inventory and device management. +- Identify non-compliant or unmanaged devices proactively. +- Support threat detection, compliance, and continuous security oversight across your Azure AD environment. \ No newline at end of file diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md index 35b5686665..0c19ecb89e 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/okta-source.md @@ -106,14 +106,14 @@ Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. During a polling interval, an Okta Source will make a request for every 1,000 logs available. The Okta API uses paging and only 1,000 logs are returned at a time. -## Install Okta app +## App installation -Once you understand how and where Okta data is collected, you can visualize and analyze that data by [installing the Sumo Logic Okta app](/docs/integrations/saml/okta). +Once you understand how and where Okta data is collected, you can visualize and analyze that data by installing the Sumo Logic app for [Okta](/docs/integrations/saml/okta). -Installing the Sumo Logic Okta app helps you quickly gain visibility into identity and access activity through built-in dashboards. It enables you to: -- Monitor administrative actions performed in Okta -- Track failed and successful login attempts -- Analyze user activity across applications accessed through Okta -- Gain visibility into application usage and access patterns -- Review user events and authentication behavior -- Monitor Multi-Factor Authentication (MFA) activity through preconfigured dashboards \ No newline at end of file +Installing the Okta app enables you to: +- Monitor administrative actions performed in Okta. +- Track failed and successful login attempts. +- Analyze user activity across applications accessed through Okta. +- Gain visibility into application usage and access patterns. +- Review user events and authentication behavior. +- Monitor Multi-Factor Authentication (MFA) activity through preconfigured dashboards. \ No newline at end of file diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md index d59fb8c761..c5e57b54bf 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/sentinelone-mgmt-api-source.md @@ -118,3 +118,14 @@ https://github.com/SumoLogic/sumologic-documentation/blob/main/static/files/c2c/ :::info Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ::: + +## App installation + +Once you understand how and where SentinelOne Mgmt API data is collected, you can visualize and analyze that data by installing the Sumo Logic app for [SentinelOne](/docs/integrations/saas-cloud/sentinelone/). + +Installing the SentinelOne app enables you to: +- Ingest SentinelOne endpoint data in real time from agents into Sumo Logic for centralized analysis. +- Gain clear visibility into endpoint security posture, including threats, endpoint activity, and system health from SentinelOne. +- Detect and investigate suspicious behavior faster to respond quickly to security incidents. +- Use prebuilt, customizable dashboards to visualize threats and key security metrics at a glance. +- Monitor and prioritize what matters most by tailoring dashboards to your organization’s security needs. \ No newline at end of file diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md index f387f1adcd..26505e4364 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/slack-source.md @@ -159,3 +159,14 @@ Each page adds to the overall number of API calls needed and adds time due to th :::info Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ::: + +## App installation + +Once you understand how and where Slack data is collected, you can visualize and analyze that data by installing the Sumo Logic app for [Slack](/docs/integrations/saas-cloud/slack/). + +Installing the Slack app enables you to: +- Monitor Slack user, channel, and access activity across supported workspace plans. +- Analyze public channel activity to understand collaboration trends and usage. +- Track workspace access logs for security and auditing purposes. +- Gain centralized visibility into Slack operations through prebuilt analytics. +- Support security monitoring and compliance for team collaboration environments. \ No newline at end of file From 16f7c361a499edc87a031c95d4fe24c828fba61b Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 26 Feb 2026 03:04:21 +0530 Subject: [PATCH 3/5] commit --- blog-service/2026-02-27-apps.md | 41 +++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 blog-service/2026-02-27-apps.md diff --git a/blog-service/2026-02-27-apps.md b/blog-service/2026-02-27-apps.md new file mode 100644 index 0000000000..69d07e85d0 --- /dev/null +++ b/blog-service/2026-02-27-apps.md @@ -0,0 +1,41 @@ +--- +title: Apps, Solutions, and Collection Integrations - February Release +image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082 +keywords: + - release-note + - february +hide_table_of_contents: true +--- + +#### Enhancements + +We’re excited to announce new enhancements to the following Sumo Logic apps, designed to improve visibility, usability, and troubleshooting capabilities while helping you gain deeper insights and operate more efficiently. + +- **Enterprise Search Audit**. Added the **Enterprise Search Audit – Failures KPIs and Breakdowns** dashboard and monitor alerts to the app. + - The dashboard helps you understand search reliability at a glance by visualizing failure trends, slow-running queries, high-cost searches, and problematic content across users and query types, enabling faster troubleshooting and better prioritization of fixes. [Learn more](/docs/integrations/sumo-apps/enterprise-search-audit/#enterprise-search-audit---failures-kpis-and-breakdowns). + - The associated monitors alert you when search failures, query runtimes, or data usage exceed defined thresholds, allowing you to detect reliability, performance, or cost issues early and take corrective action before they impact users or budgets. [Learn more](/docs/integrations/sumo-apps/enterprise-search-audit/#enterprise-search-audit-app-alerts). +- **Enterprise Audit apps**. Updated the following Enterprise Audit apps to add monitor alerts. + - **Enterprise Audit - Collector & Data Forwarding Management**. The monitor alerts help you detect and respond to critical collector and data-forwarding issues, ensuring reliable data ingestion, secure configurations, and uninterrupted operations. [Learn more](/docs/integrations/sumo-apps/enterprise-audit/#enterprise-audit---collector-and-data-forwarding-management-app). + - **Enterprise Audit - Content Management**. The monitor alerts help you maintain security and compliance by alerting when content is made public or accessed publicly, enabling quick detection of unintended exposure and potential data risks. [Learn more](/docs/integrations/sumo-apps/enterprise-audit/#enterprise-audit---content-management-alerts). + - **Enterprise Audit – Cloud SIEM**. The monitor alerts help you detect and respond to high-risk security threats and SLA breaches by automatically alerting on critical Cloud SIEM activities like brute-force attacks, malware, anomalous access, and delayed detection or remediation. [Learn more](/docs/integrations/sumo-apps/cse/#enterprise-audit---cloud-siem-alerts). + - **Enterprise Audit - Security Management**. The monitor alerts help you ensure regulatory compliance and reduce risk by detecting and alerting on security events originating from embargoed or sanctioned geographic locations. [Learn more](/docs/integrations/sumo-apps/enterprise-audit/#enterprise-audit---security-management-alerts). + - **Enterprise Audit - User & Role Management**. The monitor alerts help you enhance security and compliance by alerting on user or role management activities originating from embargoed or high-risk geographic locations, enabling faster detection of suspicious access. [Learn more](/docs/integrations/sumo-apps/enterprise-audit/#enterprise-audit---user-and-role-management-alerts) +- **Data Volume**. Added Data Volume monitor alerts that help you track log ingestion, detect usage spikes or data gaps, and prevent unexpected credit overages by alerting you to abnormal volume patterns and plan-limit risks in real time. [Learn more](/docs/integrations/sumo-apps/data-volume/#data-volume-app-alerts). +- **Flex**. Added Flex monitor alerts that help you detect ingestion spikes, prevent budget overruns, and control expensive queries by automatically flagging abnormal data usage and credit consumption before they impact costs or system stability. [Learn more](/docs/integrations/sumo-apps/flex/#flex-app-alerts). +- **Infrequent Data Tier**. Added Infrequent Data Tier monitor alerts that help you control costs and usage by detecting consumption spikes, expensive or failed queries, and abnormal user or module-level scan activity before they waste credits. [Learn more](/docs/integrations/sumo-apps/infrequent-data-tier/#infrequent-data-tier-app-alerts). +- **SentinelOne**. Added SentinelOne monitor alerts that help you detect high-risk threats, suspicious activity, and compliance violations in real time, enabling faster response and stronger endpoint security. +- **Azure Security apps**. Updated the following Microsoft Azure Security apps to refresh sample queries, localize dashboard images, and add monitor alerts. + - **Azure Security - Microsoft Defender for Endpoint**. The monitor alerts help you identify and respond to critical endpoint threats by alerting on high-severity incidents, suspicious devices, and activity from embargoed or high-risk locations. [Learn more](/docs/integrations/microsoft-azure/microsoft-defender-for-endpoint/#azure-security---microsoft-defender-for-endpoint-alerts). + - **Azure Security - Microsoft Defender for Identity**. The monitor alerts help you detect and prioritize identity-based threats by alerting on high-severity incidents, embargoed locations, and suspicious devices to enable faster investigation and response. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-identity/#azure-security---microsoft-defender-for-identity-alerts). + - **Azure Security - Microsoft Defender for Office 365**. The monitor alerts help you detect and respond to high-risk email and collaboration threats by alerting on embargoed locations, high-severity incidents, and suspicious device activity in Microsoft Defender for Office 365. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365/#azure-security---microsoft-defender-for-office-365-alerts). + - **Microsoft Graph Security**. The monitor alerts help you detect and prioritize critical security threats by alerting on high-severity incidents, risky devices, and suspicious activity from embargoed or high-risk locations using Microsoft Graph Security signals. [Learn more](/docs/integrations/saas-cloud/microsoft-graph-security-v2/#microsoft-graph-security-alerts). + From 06b8d43f97278ea588d11598381bfda283575af3 Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 26 Feb 2026 03:06:04 +0530 Subject: [PATCH 4/5] Delete blog-service/2026-02-27-apps.md --- blog-service/2026-02-27-apps.md | 41 --------------------------------- 1 file changed, 41 deletions(-) delete mode 100644 blog-service/2026-02-27-apps.md diff --git a/blog-service/2026-02-27-apps.md b/blog-service/2026-02-27-apps.md deleted file mode 100644 index 69d07e85d0..0000000000 --- a/blog-service/2026-02-27-apps.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: Apps, Solutions, and Collection Integrations - February Release -image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082 -keywords: - - release-note - - february -hide_table_of_contents: true ---- - -#### Enhancements - -We’re excited to announce new enhancements to the following Sumo Logic apps, designed to improve visibility, usability, and troubleshooting capabilities while helping you gain deeper insights and operate more efficiently. - -- **Enterprise Search Audit**. Added the **Enterprise Search Audit – Failures KPIs and Breakdowns** dashboard and monitor alerts to the app. - - The dashboard helps you understand search reliability at a glance by visualizing failure trends, slow-running queries, high-cost searches, and problematic content across users and query types, enabling faster troubleshooting and better prioritization of fixes. [Learn more](/docs/integrations/sumo-apps/enterprise-search-audit/#enterprise-search-audit---failures-kpis-and-breakdowns). - - The associated monitors alert you when search failures, query runtimes, or data usage exceed defined thresholds, allowing you to detect reliability, performance, or cost issues early and take corrective action before they impact users or budgets. [Learn more](/docs/integrations/sumo-apps/enterprise-search-audit/#enterprise-search-audit-app-alerts). -- **Enterprise Audit apps**. Updated the following Enterprise Audit apps to add monitor alerts. - - **Enterprise Audit - Collector & Data Forwarding Management**. The monitor alerts help you detect and respond to critical collector and data-forwarding issues, ensuring reliable data ingestion, secure configurations, and uninterrupted operations. [Learn more](/docs/integrations/sumo-apps/enterprise-audit/#enterprise-audit---collector-and-data-forwarding-management-app). - - **Enterprise Audit - Content Management**. The monitor alerts help you maintain security and compliance by alerting when content is made public or accessed publicly, enabling quick detection of unintended exposure and potential data risks. [Learn more](/docs/integrations/sumo-apps/enterprise-audit/#enterprise-audit---content-management-alerts). - - **Enterprise Audit – Cloud SIEM**. The monitor alerts help you detect and respond to high-risk security threats and SLA breaches by automatically alerting on critical Cloud SIEM activities like brute-force attacks, malware, anomalous access, and delayed detection or remediation. [Learn more](/docs/integrations/sumo-apps/cse/#enterprise-audit---cloud-siem-alerts). - - **Enterprise Audit - Security Management**. The monitor alerts help you ensure regulatory compliance and reduce risk by detecting and alerting on security events originating from embargoed or sanctioned geographic locations. [Learn more](/docs/integrations/sumo-apps/enterprise-audit/#enterprise-audit---security-management-alerts). - - **Enterprise Audit - User & Role Management**. The monitor alerts help you enhance security and compliance by alerting on user or role management activities originating from embargoed or high-risk geographic locations, enabling faster detection of suspicious access. [Learn more](/docs/integrations/sumo-apps/enterprise-audit/#enterprise-audit---user-and-role-management-alerts) -- **Data Volume**. Added Data Volume monitor alerts that help you track log ingestion, detect usage spikes or data gaps, and prevent unexpected credit overages by alerting you to abnormal volume patterns and plan-limit risks in real time. [Learn more](/docs/integrations/sumo-apps/data-volume/#data-volume-app-alerts). -- **Flex**. Added Flex monitor alerts that help you detect ingestion spikes, prevent budget overruns, and control expensive queries by automatically flagging abnormal data usage and credit consumption before they impact costs or system stability. [Learn more](/docs/integrations/sumo-apps/flex/#flex-app-alerts). -- **Infrequent Data Tier**. Added Infrequent Data Tier monitor alerts that help you control costs and usage by detecting consumption spikes, expensive or failed queries, and abnormal user or module-level scan activity before they waste credits. [Learn more](/docs/integrations/sumo-apps/infrequent-data-tier/#infrequent-data-tier-app-alerts). -- **SentinelOne**. Added SentinelOne monitor alerts that help you detect high-risk threats, suspicious activity, and compliance violations in real time, enabling faster response and stronger endpoint security. -- **Azure Security apps**. Updated the following Microsoft Azure Security apps to refresh sample queries, localize dashboard images, and add monitor alerts. - - **Azure Security - Microsoft Defender for Endpoint**. The monitor alerts help you identify and respond to critical endpoint threats by alerting on high-severity incidents, suspicious devices, and activity from embargoed or high-risk locations. [Learn more](/docs/integrations/microsoft-azure/microsoft-defender-for-endpoint/#azure-security---microsoft-defender-for-endpoint-alerts). - - **Azure Security - Microsoft Defender for Identity**. The monitor alerts help you detect and prioritize identity-based threats by alerting on high-severity incidents, embargoed locations, and suspicious devices to enable faster investigation and response. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-identity/#azure-security---microsoft-defender-for-identity-alerts). - - **Azure Security - Microsoft Defender for Office 365**. The monitor alerts help you detect and respond to high-risk email and collaboration threats by alerting on embargoed locations, high-severity incidents, and suspicious device activity in Microsoft Defender for Office 365. [Learn more](/docs/integrations/microsoft-azure/azure-security-microsoft-defender-for-office-365/#azure-security---microsoft-defender-for-office-365-alerts). - - **Microsoft Graph Security**. The monitor alerts help you detect and prioritize critical security threats by alerting on high-severity incidents, risky devices, and suspicious activity from embargoed or high-risk locations using Microsoft Graph Security signals. [Learn more](/docs/integrations/saas-cloud/microsoft-graph-security-v2/#microsoft-graph-security-alerts). - From 3574de9f7de86f2ee9b0dd2169c0fd12eb96a10b Mon Sep 17 00:00:00 2001 From: Amee Lepcha Date: Thu, 26 Feb 2026 03:13:52 +0530 Subject: [PATCH 5/5] Update microsoft-graph-security-api-source.md --- .../microsoft-graph-security-api-source.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md index ddf02a9166..a1b0df13d3 100644 --- a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md +++ b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/microsoft-graph-security-api-source.md @@ -146,3 +146,8 @@ The "**Unauthorized request - Account is not provisioned**" error occurs when Mi :::info Click [here](/docs/c2c/info) for more information about Cloud-to-Cloud sources. ::: + +## App installation + +The Microsoft Graph Security API source in Sumo Logic serves as a single, unified entry point for ingesting Microsoft security signals and installing multiple security apps, helping you understand each app based on their security monitoring needs. +