Varonis (apps) (#6018)

* Varonis (apps)

* Update varonis.md

Author: amee-sumo

blog-service/2025-11-12-apps.md

@@ -0,0 +1,12 @@
+---
+title: Varonis (Apps)
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - apps
+  - varonis
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+We're excited to introduce the new Sumo Logic app for Varonis. This app provides a unified view of threat intelligence and detection activity for faster and more informed analysis by collecting alerts from the Varonis platform. [Learn more](/docs/integrations/saas-cloud/varonis/).

cid-redirects.json

@@ -2959,6 +2959,7 @@
   "/cid/1113": "/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/databricks-audit-source/",
   "/cid/1117": "/docs/integrations/saas-cloud/chatgpt-compliance",
   "/cid/1118": "/docs/integrations/saas-cloud/databricks-audit",
+  "/cid/1121": "/docs/integrations/saas-cloud/varonis",
   "/cid/1120": "/docs/integrations/saas-cloud/github-copilot",
   "/Cloud_SIEM_Enterprise": "/docs/cse",
   "/Cloud_SIEM_Enterprise/Administration": "/docs/cse/administration",

docs/integrations/product-list/product-list-m-z.md

@@ -204,7 +204,7 @@ For descriptions of the different types of integrations Sumo Logic offers, see [
 | Logo | Vendors and Products | Integrations |
 | :-- | :-- | :-- |
 |  <img src={useBaseUrl('img/integrations/web-servers/varnish-cache.png')} alt="Thumbnail icon" width="75"/>   | [Varnish](https://www.varnish-software.com/)  | Apps: <br/>- [Varnish](/docs/integrations/web-servers/varnish/) <br/>- [Varnish - OpenTelemetry](/docs/integrations/web-servers/opentelemetry/varnish-opentelemetry/)	 |
-| <img src={useBaseUrl('img/integrations/misc/varonis-logo.png')} alt="Thumbnail icon" width="75"/> | [Varonis](https://www.varonis.com/) | Cloud SIEM integration: [Varonis](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/20270f89-127e-4055-96ec-56045e67e163.md) <br/>Collector: [Varonis Alerts](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/varonis-source) |
+| <img src={useBaseUrl('img/integrations/misc/varonis-logo.png')} alt="Thumbnail icon" width="75"/> | [Varonis](https://www.varonis.com/) | App: [Varonis](/docs/integrations/saas-cloud/varonis) <br/>Cloud SIEM integration: [Varonis](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/20270f89-127e-4055-96ec-56045e67e163.md) <br/>Collector: [Varonis Alerts](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/varonis-source) |
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/vectra.png')} alt="Thumbnail icon" width="75"/> | [Vectra](https://www.vectra.ai/) | App: [Vectra](/docs/integrations/saas-cloud/vectra) <br/> Automation integration: [Vectra](/docs/platform-services/automation-service/app-central/integrations/vectra/) <br/>Collector: [Vectra Source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/vectra-source) <br/>Cloud SIEM integration: [Vectra](https://github.com/SumoLogic/cloud-siem-content-catalog/blob/master/vendors/7a3d1a5c-ba67-4597-971f-7057e8f6c8bb.md) |
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/virustotal.png')} alt="Thumbnail icon" width="75"/> | [VirusTotal](https://www.virustotal.com/) | Automation integrations: <br/>- [VirusTotal](/docs/platform-services/automation-service/app-central/integrations/virustotal/) <br/>- [VirusTotal V3](/docs/platform-services/automation-service/app-central/integrations/virustotal-v3/) |
 | <img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/vmray.png')} alt="Thumbnail icon" width="75"/> | [VMRay](https://www.vmray.com/) | Automation integration: [VMRay](/docs/platform-services/automation-service/app-central/integrations/vmray/) |

docs/integrations/saas-cloud/index.md

@@ -453,6 +453,12 @@ Learn about the Sumo Logic apps for SaaS and Cloud applications.
   <p>Analyze authentication events, user activities, and potential security threats.</p>
   </div>
 </div>
+<div className="box smallbox card">
+  <div className="container">
+  <a href={useBaseUrl('docs/integrations/saas-cloud/varonis')}><img src={useBaseUrl('img/integrations/misc/varonis-logo.png')} alt="icon" width="100"/><h4>Varonis</h4></a>
+  <p>Identify and evaluate security threats and behaviors across your Varonis platform.</p>
+  </div>
+</div>
 <div className="box smallbox card">
   <div className="container">
   <a href={useBaseUrl('docs/integrations/saas-cloud/vectra')}><img src={useBaseUrl('img/platform-services/automation-service/app-central/logos/vectra.png')} alt="icon" width="100"/><h4>Vectra</h4></a>

docs/integrations/saas-cloud/varonis.md

@@ -0,0 +1,121 @@
+---
+id: varonis
+title: Varonis
+sidebar_label: Varonis
+description: The Sumo Logic app for Varonis provides insights into your organization's cybersecurity practices to strengthen security.
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+<img src={useBaseUrl('img/integrations/misc/varonis-logo.png')} alt="thumbnail icon" width="100"/>
+
+The Sumo Logic app for Varonis provides a centralized view of threat intelligence and detection activity across your Varonis environment. It helps you quickly evaluate threat volume, confidence levels, types, and associated detection sources and techniques.
+
+## Log types
+
+This app uses Sumo Logic’s [Varonis source](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/varonis-source/) to collect the alerts from the Varonis platform.
+
+## Sample log messages
+
+<details>
+<summary>Varonis Alert</summary>
+
+```json
+{
+  "escalationType": null,
+  "eventsCount": 1,
+  "hasSensitiveResource": false,
+  "hasTaggedResource": false,
+  "id": "EBB74744-5D3A-47B5-8CD3-81C4B70026A0",
+  "isAssignedToVaronis": false,
+  "status": "NEW",
+  "closedBy": {
+    "name": null
+  },
+  "closeReason": {
+    "id": "0",
+    "name": null
+  },
+  "dataSource": [
+    {
+      "id": "9",
+      "name": "psg49574-Proxy1",
+      "type": "PROXY"
+    }
+  ],
+  "generationTime": {
+    "dateTimeUtc": "2025-11-04T12:13:52.034Z"
+  },
+  "note": null,
+  "policy": {
+    "category": "EXFILTRATION",
+    "id": "89",
+    "name": "Abnormal behavior: an unusual amount of data was uploaded to email websites",
+    "severity": "HIGH"
+  }
+}
+```
+</details>
+
+## Sample queries
+
+```sql title="Total Alerts"
+_sourcecategory=*varonis*
+| json  "id", "dataSource", "policy.category", "policy.severity", "policy.name",  "generationTime.dateTimeUtc", "escalationType", "status" as threat.id, detection.source, detection.technique, detection.confidence, threat.name, event.time, event.type, finding.status  nodrop
+| where detection.confidence !=NULL
+
+| timeslice 1d
+| count as frequency by _timeslice, detection.confidence
+| fillmissing timeslice, values all in detection.confidence
+| transpose row _timeslice column detection.confidence
+```
+
+## Collection configuration and app installation
+
+import CollectionConfiguration from '../../reuse/apps/collection-configuration.md';
+
+<CollectionConfiguration/>
+
+:::important
+Use the [Cloud-to-Cloud Integration for Varonis](/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/varonis-source/) to create the source and use the same source category while installing the app. By following these steps, you can ensure that your Varonis app is properly integrated and configured to collect and analyze your Varonis data.
+:::
+
+### Create a new collector and install the app
+
+import AppCollectionOPtion1 from '../../reuse/apps/app-collection-option-1.md';
+
+<AppCollectionOPtion1/>
+
+### Use an existing collector and install the app
+
+import AppCollectionOPtion2 from '../../reuse/apps/app-collection-option-2.md';
+
+<AppCollectionOPtion2/>
+
+### Use an existing source and install the app
+
+import AppCollectionOPtion3 from '../../reuse/apps/app-collection-option-3.md';
+
+<AppCollectionOPtion3/>
+
+## Viewing the Varonis dashboards​​
+
+import ViewDashboards from '../../reuse/apps/view-dashboards.md';
+
+<ViewDashboards/>
+
+### Security Overview
+
+The **Varonis - Security Overview** dashboard provides a unified view of security threats detected across your environment. It surfaces key insights such as threat volume, confidence levels, detection techniques, and data sources including Active Directory, SharePoint, and Exchange Online. You can easily spot spikes in activity, monitor emerging or ongoing threats, and identify recurring issues such as abnormal data uploads or policy violations. The detailed threat summary table enables deeper investigation by presenting event-level data, detection methods, and associated confidence levels. Together, these capabilities help security teams assess risk exposure and prioritize incident response more effectively. <br/><img src={useBaseUrl('img/integrations/saas-cloud/Varonis-SecurityOverview.png')} alt="Varonis - Security Overview Dashboard" />
+
+## Upgrading the Varonis app (Optional)
+
+import AppUpdate from '../../reuse/apps/app-update.md';
+
+<AppUpdate/>
+
+## Uninstalling the Varonis app (Optional)
+
+import AppUninstall from '../../reuse/apps/app-uninstall.md';
+
+<AppUninstall/>

sidebars.ts

@@ -2623,6 +2623,7 @@ integrations: [
           'integrations/saas-cloud/trellix-mvision-epo',
           'integrations/saas-cloud/trend-micro-vision-one',
           'integrations/saas-cloud/trust-login',
+          'integrations/saas-cloud/varonis',
           'integrations/saas-cloud/vectra',
           'integrations/saas-cloud/vmware-workspace-one',
           'integrations/saas-cloud/webex',