Skip to main content

May 26, 2023 - Content Release

This release changes Crowdstrike mapper record types from 'Endpoint' to 'Audit' logs to align with Crowdstrike documentation, fixes to Fortinet severity scoring, SentinelOne IP mappings, additional values for Windows mappers for Snare, Snare parser updates for Windows Event 4947, updates to TrendMicro Deep Security CEF parser to allow for additional timestamp formats, and a minor rule update.


  • [Updated] AGGREGATION-S00005 Suspicious System Enumeration Occurring in Quick Succession, Rule no longer in prototype

Log Mappers

  • [Updated] CrowdStrike Audit Logs
  • [Updated] CrowdStrike Falcon Host API DetectionSummaryEvent
  • [Updated] CrowdStrike Falcon Host API IdpDetectionSummaryEvent (CNC)
  • [Updated] CrowdStrike Falcon Identity Protection (CNC)
  • [Updated] CrowdStrike Remote Response Session (CNC)
  • [Updated] CrowdStrike UserActivity Logs
  • [Updated] Fortinet DLP Logs
  • [Updated] Fortinet IPS Logs
  • [Updated] SentinelOne Logs - C2C agents
  • [Updated] SentinelOne Logs - C2C threats
  • [Updated] Windows - Security - 4947
  • [Updated] Windows - Security - 4948


  • [Updated] /Parsers/System/Trend Micro/Trend Micro Deep Security - CEF
  • [Updated] /Parsers/System/Microsoft/Shared/Windows Text Transforms - Security
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.