May 23, 2025 - Content Release
This content release includes:
- Rule update
- New support for CommScope Ruckus SmartZone
- Additional mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell
- Updates for existing mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell
- Added normalizedAction and action fields to Windows PowerShell mappers
- Changes to Windows PowerShell JSON parsing to support additional log formats
Changes are enumerated below.
Rules
- [Updated] MATCH-S00068 O365 - Users Password Changed
- Updated to use targetUser_username
Log mappers
- [New] CommScope Ruckus SmartZone Default
- [New] CrowdStrike FDR - DNSRequest
- [New] Google G Suite - login - risky_sensitive_action_allowed
- [New] Google G Suite - login challange
- [New] Windows - Windows PowerShell
- [Updated] CrowdStrike Falcon Host API DetectionSummaryEvent (CNC)
- Added alternate field for threat_name
- [Updated] CrowdStrike Falcon Host API IdpDetectionSummaryEvent (CNC)
- Added alternate field for threat_name
- [Updated] Google G Suite - login - password_change/recovery_info_change
- Added additional mapped fields
- [Updated] Google G Suite - login.login
- Added additional mapped fields
- [Updated] Google G Suite - logout
- Added additional mapped fields
- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4103
- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4104
- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4105
- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4106
Parsers
- [New] /Parsers/System/CommScope/CommScope Ruckus SmartZone
- [Updated] /Parsers/System/Microsoft/Windows PowerShell-JSON