March 11, 2024 - Content Release
This release includes new rule, mapping, parsing, and content updates. Changes are enumerated below.
Rules
- [Updated] MATCH-S00521 Windows - Critical Service Disabled via Command Line
- Updated rule expression to reduce false positivity.
- [Updated] FIRST-S00044 First Seen AppID Generating MailIItemsAccessed Event
- Updated Severity from 4 to 1.
- [Updated] FIRST-S00031 First Seen IP Address Associated with User for a Successful Azure AD Sign In Event
- Fixed description and summary transposition and lowered severity from 3 to 1.
Log Mappers
Added userAgent mapping to Okta.
- [New] Kaltura Audits
- [Updated] Okta Authentication - auth_via_mfa
- [Updated] Okta Authentication Events
- [Updated] Okta Catch All
Parsers
- [New] /Parsers/System/Kaltura/Kaltura