Skip to main content

August 22, 2023 - Content Release

This release contains updates to MITRE tags used in several rules that have been deprecated, removed, or were otherwise invalid. Other changes are enumerated below.


  • [New] MATCH-S00886 Suspicious chmod Execution
    • This alert looks for a "chmod" execution on a file that is found on the /tmp directory of a Linux or macOS host. Threat actors may download and copy files to this directory and add execution bits or change permissions on these files.
  • [Updated] MATCH-S00516 Antivirus Ransomware Detection
  • [Updated] MATCH-S00534 MacOS - Re-Opened Applications
  • [Updated] MATCH-S00149 PowerShell File Download
  • [Updated] MATCH-S00342 Suspicious use of Dev-Tools-Launcher

Log Mappers

  • [Updated] Microsoft Defender for Cloud - Security Alerts
    • Adds support for Security Alerts via Azure Activity Log
  • [Updated] Zscaler - Nanolog Streaming Service - JSON
    • Adds alternate values for NSS mappers to ensure proper normalization
  • [Updated] Zscaler Firewall
    • Adds alternate values for ZScaler Firewall mappers to ensure proper normalization
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.