April 25, 2025 - Content Release
This content release includes:
- Fixes for Threat Intelligence rules to correct match expression syntax for hash and HTTP referrer.
- Parsing and mapping updates for Microsoft Office 365 to improve target user visibility.
Rules
- [Updated] MATCH-S01009 Threat Intel - HTTP Referrer
- [Updated] MATCH-S01012 Threat Intel - HTTP Referrer Root Domain
- [Updated] MATCH-S00999 Threat Intel - IMPHASH Match
- [Updated] MATCH-S01000 Threat Intel - MD5 Match
- [Updated] MATCH-S01001 Threat Intel - PEHASH Match
- [Updated] MATCH-S01003 Threat Intel - SHA1 Match
- [Updated] MATCH-S01004 Threat Intel - SHA256 Match
- [Updated] MATCH-S01002 Threat Intel - SSDEEP Match
Log Mappers
- [Updated] Microsoft Office 365 Active Directory Authentication Events
- [Updated] Microsoft Office 365 AzureActiveDirectory Events
Parsers
- [Updated] /Parsers/System/Microsoft/Office 365