July 16, 2024 - Content Release
This content release includes rule and parser bug fixes, and parsing and mapping support for new log sources. Changes are enumerated below.
Rules
- [Updated] MATCH-S00419 Multiple File Extensions
- Fixed bug in summary expression causing baseImage to appear as null
- [Updated] MATCH-S00755 Outlook Form Creation
- Fixed bug in rule expression where baseImage had incorrect case
Log mappers
- [New] CrowdStrike Spotlight - Vulnerability
- [New] JumpCloud IdP - Catch All
- [New] JumpCloud IdP Authentication
- [New] Kaspersky Endpoint Security Catch All
- [New] Linux OS Syslog - sshd - Command Execution
- [New] Linux OS Syslog - sshd - connection
Parsers
- [New] /Parsers/System/CrowdStrike/CrowdStrike Spotlight
- [New] /Parsers/System/JumpCloud/JumpCloud IdP
- [New] /Parsers/System/Kaspersky/Kaspersky Endpoint Security
- [Updated] /Parsers/System/Cisco/Cisco ISE
- Bug fix for variation in syslog headers
- [Updated] /Parsers/System/Linux/Linux OS Syslog
- Added support for additional variations in SSHD and CRON logs