Skip to main content

March 11, 2024 - Content Release

icon

This release includes new rule, mapping, parsing, and content updates. Changes are enumerated below.

Rules

  • [Updated] MATCH-S00521 Windows - Critical Service Disabled via Command Line
    • Updated rule expression to reduce false positivity.
  • [Updated] FIRST-S00044 First Seen AppID Generating MailIItemsAccessed Event
    • Updated Severity from 4 to 1.
  • [Updated] FIRST-S00031 First Seen IP Address Associated with User for a Successful Azure AD Sign In Event
    • Fixed description and summary transposition and lowered severity from 3 to 1.

Log Mappers

Added userAgent mapping to Okta.

  • [New] Kaltura Audits
  • [Updated] Okta Authentication - auth_via_mfa
  • [Updated] Okta Authentication Events
  • [Updated] Okta Catch All

Parsers

  • [New] /Parsers/System/Kaltura/Kaltura
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.