Skip to main content

May 2, 2024 - Content Release

icon

This content release includes seventeen new rules and two updated rules. Details are enumerated below.

  • Rules
    • [NEW] MATCH-S00896 Azure Authentication Policy Change
    • [NEW] MATCH-S00895 NinjaCopy Usage Detected
    • [NEW] MATCH-S00906 Okta - Application Created
    • [NEW] MATCH-S00903 Okta - Device Added To User
    • [NEW] MATCH-S00904 Okta - Device Removed From User
    • [NEW] CHAIN-S00020 Okta - MFA Denied Followed by Successful Logon
    • [NEW] AGGREGATION-S00008 Okta - Session Anomaly (Multiple ASNs)
    • [NEW] AGGREGATION-S00007 Okta - Session Anomaly (Multiple Operating Systems)
    • [NEW] AGGREGATION-S00009 Okta - Session Anomaly (Multiple User Agents)
    • [NEW] MATCH-S00900 Overly-Permissive Active Directory Certificate Template Loaded
    • [NEW] CHAIN-S00019 Potential Active Directory Certificate Services Enrollment Agent Misconfiguration
    • [NEW] MATCH-S00898 Potentially Misconfigured Active Directory Certificate Template Loaded
    • [NEW] MATCH-S00901 Potentially Vulnerable Active Directory Certificate Services Template Loaded
    • [NEW] MATCH-S00706 Registry Modification - Time Providers
    • [NEW] MATCH-S00690 Rundll32.exe Load from TEMP Directory with By Ordinal Load
    • [NEW] MATCH-S00899 Suspicious Active Directory Certificate Modification
    • [NEW] MATCH-S00902 Suspicious Active Directory Certificate Modification - Enrollment Agent
    • [Updated] MATCH-S00706 Registry Modification - Time Providers
      • Improved logic expression
    • [Updated] MATCH-S00690 Rundll32.exe Load from TEMP Directory with By Ordinal Load
      • Clarified Summary
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.