Skip to main content

August 4, 2023 - Content Release

This release includes minor updates and a new log mapper for Microsoft Defender.


  • [Updated] MATCH-S00231 Azure - Member Added to Company Administrator Role
    • Updated expression to account for parser and vendor schema changes
  • [Updated] THRESHOLD-S00097 Impossible Travel - Successful
    • Removed vendor/product grouping
  • [Updated] THRESHOLD-S00098 Impossible Travel - Unsuccessful
    • Removed vendor/product grouping
  • [Updated] MATCH-S00167 Recon Using Common Windows Commands
    • Bug fix for Qualys path exclusion not working

Log Mappers

  • [New] Microsoft Defender for Cloud - Security Alerts
    • Support for new log schema


  • [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
    • Added additional time format
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.