Skip to main content

May 30, 2024 - Content Release

icon

This content release includes several new and multiple updated log mappers, plus several updated parsers. Details are enumerated below:

Log Mappers​

  • [New] Cisco Meraki Firewall - Custom Parser
    • Minor changes in cisco meraki mapper
  • [New] Jamf Parser - Alert
    • Removed wrong field
  • [New] Jamf Parser - Network
    • Removed wrong field
  • [Updated] AWS GuardDuty Alerts from Sumo CIP
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWS S3 Server Access Log - Custom Parser
    • Map bytesIn/bytesOut in AWS CloudTrail Data Events
    • Keys updated: bytesIn, bytesOut
  • [Updated] AWSGuardDuty_Backdoor
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_Behavior
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_Catch_All
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_CryptoCurrency
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_Discovery
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_Exfiltration
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_PenTest
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_Persistence
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_Policy
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_ResourceConsumption
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_Stealth
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] AWSGuardDuty_Trojan
    • Added region field in all the events
    • Keys updated: cloud_region
  • Updated] AwsServiceEvent-AWS API Call via CloudTrail
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] BlueCat DHCP Parser - Catch All
    • Changed mac address field in mapper
    • Keys updated: device_mac, timestamp
  • [Updated] Code42 Incydr FileEvents C2C
    • Mapper adjustments
    • Keys updated: event_id_pattern, user_username, file_path, severity, normalizedSeverity, threat_name
  • [Updated] Recon_EC2_PortProbeUnprotectedPort
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] Recon_EC2_Portscan
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] Recon_IAMUser
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] UnauthorizedAccess_EC2_SSHBruteForce
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] UnauthorizedAccess_EC2_TorClient
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] UnauthorizedAccess_EC2_TorIPCaller
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] UnauthorizedAccess_EC2_TorRelay
    • Added region field in all the events
    • Keys updated: cloud_region
  • [Updated] UnauthorizedAccess_IAMUser
    • Added region field in all the events
    • Keys updated: cloud_region

Parsers​

  • [Updated] /Parsers/System/BlueCat/BlueCat DHCP-DNS Syslog
  • [Updated] /Parsers/System/Cisco/Cisco Meraki
  • [Updated] /Parsers/System/Code42/Code42 Incydr
  • [Updated] /Parsers/System/Jamf/Jamf
  • [Updated] /Parsers/System/Microsoft/Shared/Syslog Headers Microsoft
  • [Updated] /Parsers/System/Microsoft/Shared/Windows Forwarding Headers
  • [Updated] /Parsers/System/Microsoft/Shared/Windows Text Transforms - Security
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.