Skip to main content

February 8, 2023 - Content Release


  • [New] MATCH-S00838 Azure Active Directory Authentication Method Changed
  • [New] MATCH-S00836 Azure Conditional Access Policy Disabled
  • [New] MATCH-S00839 Azure Virtual Machine RunCommand Issued
  • [New] MATCH-S00837 Kubernetes Secrets Enumeration via Kubectl
  • [New] MATCH-S00835 Possible Dynamic URL Domain
  • [New] CHAIN-S00012 Potential Azure Persistence via Automation Accounts
  • [New] MATCH-S00841 Suspicious AWS CLI Keys Access on Linux Host
  • [New] MATCH-S00840 Suspicious Lambda Function - IAM Policy Attached
  • [Updated] THRESHOLD-S00074 Excessive Firewall Denies
  • [Updated] LEGACY-S00008 Possible Dynamic DNS Domain
  • [Updated] LEGACY-S00108 Threat Intel - Matched File Hash

Log Mappers

  • [New] Airtable Audit C2C
  • [New] Cisco Meraki Catch All - Custom Parser
  • [Updated] Linux OS Syslog - Process fw - iptables Events
  • [Updated] Proofpoint Targeted Attack Protection C2C - Message Blocked
  • [Updated] Proofpoint Targeted Attack Protection C2C - Message Delivered
  • [Updated] Proofpoint Targeted Attack Protection C2C - Message Permitted
  • [Updated] Windows - Security - 4624


  • [New] /Parsers/System/Airtable/Airtable Audit C2C
  • [Updated] /Parsers/System/Cisco/Cisco ASA
  • [Updated] /Parsers/System/Cisco/Cisco Meraki
  • [Updated] /Parsers/System/Google/G Suite Audit
  • [Updated] /Parsers/System/Linux/Linux OS Syslog
  • [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers
  • [Updated] /Parsers/System/Okta/Okta
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.