CONN-3282: remove SIEM forward from doc (#4189)

shivani-sumo · web-flow · commit 4669cf37e492 · 2024-06-10T11:41:40.000Z
diff --git a/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md b/docs/send-data/hosted-collectors/cloud-to-cloud-integration-framework/crowdstrike-fdr-source.md
@@ -48,7 +48,6 @@ To configure a CrowdStrike FDR Source:
 1. Search for and select **CrowdStrike FDR**.
 1. Enter a **Name** for the Source. The description is optional.
 1. (Optional) For **Source Category**, enter any string to tag the output collected from the Source. Category metadata is stored in a searchable field called `_sourceCategory`.
-1. **Forward to SIEM**. Check the checkbox to forward your data to Cloud SIEM. When configured with the **Forward to SIEM** option no fields are set.
 1. (Optional) **Fields.** Click the **+Add Field** link to define the fields you want to associate, each field needs a name (key) and value.
    * ![green check circle.png](/img/reuse/green-check-circle.png) A green circle with a check mark is shown when the field exists in the Fields table schema.
    * ![orange exclamation point.png](/img/reuse/orange-exclamation-point.png) An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, an option to automatically add the nonexistent fields to the Fields table schema is provided. If a field is sent to Sumo that does not exist in the Fields schema it is ignored, known as dropped.
@@ -84,7 +83,7 @@ Sources can be configured using UTF-8 encoded JSON files with the Collector Ma
 | name | String | Yes | `null` | Type a desired name of the source. The name must be unique per Collector. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_source`. | `"mySource"` |
 | description | String | No | `null` | Type a description of the source. | `"Testing source"`
 | category | String | No | `null` | Type a category of the source. This value is assigned to the [metadata](/docs/search/get-started-with-search/search-basics/built-in-metadata) field `_sourceCategory`. See [best practices](/docs/send-data/best-practices) for details. | `"mySource/test"`
-| fields | JSON Object | No | `null` | JSON map of key-value fields (metadata) to apply to the Collector or Source. Use the boolean field `_siemForward` to enable forwarding to SIEM.|`{"_siemForward": false, "fieldA": "valueA"}` |
+| fields | JSON Object | No | `null` | JSON map of key-value fields (metadata) to apply to the Collector or Source. |`{"fieldA": "valueA"}` |
 | secretAccessKey` | String | Yes |  | The AWS Secret Access Key you got from CrowdStrike. |  |
 | SqsQueueURL | String | Yes |  `null` | The SQS Queue URL you got from CrowdStrike. |  |
 | accessKeyId | String | Yes |  `null` | The AWS Access Key ID you got from CrowdStrike. |  |
diff --git a/static/files/c2c/crowdstrike-fdr/example.json b/static/files/c2c/crowdstrike-fdr/example.json
@@ -13,9 +13,6 @@
         "SqsQueueURL":"https://sqs.us-west-1.amazonaws.com/***/***",
         "multilineEnabled":false,
         "accessKeyId":"********",
-        "fields":{
-          "_siemForward":false
-        },
         "category":"Sumo/FDR",
         "timestampFormatAutoDetection":false,
         "s3Region":"us-west-1",
diff --git a/static/files/c2c/crowdstrike-fdr/example.tf b/static/files/c2c/crowdstrike-fdr/example.tf
@@ -12,9 +12,6 @@ resource "sumologic_cloud_to_cloud_source" "crowdstrike_FDR_source" {
       "SqsQueueURL":"https://sqs.us-west-1.amazonaws.com/***/***",
       "multilineEnabled":false,
       "accessKeyId":"********",
-      "fields":{
-        "_siemForward":false
-      },
       "category":"Sumo/FDR",
       "timestampFormatAutoDetection":false,
       "s3Region":"us-west-1",
