This release includes the changes and enhancement enumerated below:
Rules​
- [New] MATCH-S00894 HAR file creation observed on host
- HAR files contain session telemetry and network traffic. These file types are typically generated using the "developer tools" options on modern browsers like Chrome, Edge, or Firefox. These files may contain various sensitive data such as session keys, tokens, or cookies which may be extracted by a threat actor in order to access systems which the keys, tokens, or cookies in the HAR files have access to. Ensure that this operation is expected and ensure to sanitize the HAR file of any sensitive credential material.
Log Mappers​
- [Updated] Microsoft Office 365 Exchange Mailbox Audit Events
- Maps client field to resource.
Parsers​
- [Updated] /Parsers/System/Microsoft/Office 365
- Enhanced user agent parsing.
- [Updated] /Parsers/System/Microsoft/Windows-JSON-Open Telemetry
- Adds support for forthcoming format change and fixes event ID formulation breaking mapping.