Skip to main content

July 16, 2024 - Content Release

icon

This content release includes rule and parser bug fixes, and parsing and mapping support for new log sources. Changes are enumerated below.

Rules

  • [Updated] MATCH-S00419 Multiple File Extensions
    • Fixed bug in summary expression causing baseImage to appear as null
  • [Updated] MATCH-S00755 Outlook Form Creation
    • Fixed bug in rule expression where baseImage had incorrect case

Log mappers

  • [New] CrowdStrike Spotlight - Vulnerability
  • [New] JumpCloud IdP - Catch All
  • [New] JumpCloud IdP Authentication
  • [New] Kaspersky Endpoint Security Catch All
  • [New] Linux OS Syslog - sshd - Command Execution
  • [New] Linux OS Syslog - sshd - connection

Parsers

  • [New] /Parsers/System/CrowdStrike/CrowdStrike Spotlight
  • [New] /Parsers/System/JumpCloud/JumpCloud IdP
  • [New] /Parsers/System/Kaspersky/Kaspersky Endpoint Security
  • [Updated] /Parsers/System/Cisco/Cisco ISE
    • Bug fix for variation in syslog headers
  • [Updated] /Parsers/System/Linux/Linux OS Syslog
    • Added support for additional variations in SSHD and CRON logs
Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.