Skip to main content

June 22, 2023 - Content Release

This release includes additional parser and mappers for Aruba ClearPass Syslog events, minor bug fixes to several First Seen type rules, and other specifically enumerated changes below.

Rules

  • [Updated] MATCH-S00814 Abnormal Child Process - sdiagnhost.exe - CVE-2022-30190
    • Adds requirement that commandLine is present for a match
  • [Updated] FIRST-S00016 First Seen Non-Network Logon from User
  • [Updated] FIRST-S00008 First Seen whoami command From User
  • [Updated] MATCH-S00815 Threat Intel - Successful Authentication from Threat IP
    • Adds dstDevice_ip to entity selection

Log Mappers

  • [New] Aruba ClearPass Guest Access
  • [New] Aruba ClearPass WiFi Access Tracker
  • [New] Aruba ClearPass Wifi Failed Tracker
  • [Updated] Aruba ClearPass Syslog
  • [Updated] Tenable.io Authentication
    • Adds alternative key matches for vuln_cve and description fields

Parsers

  • [Updated] /Parsers/System/HP/Aruba ClearPass - Syslog
Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.