May 23, 2025 - Content Release

This content release includes:

• Rule update
• New support for CommScope Ruckus SmartZone
• Additional mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell
• Updates for existing mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell
  • Added normalizedAction and action fields to Windows PowerShell mappers
• Changes to Windows PowerShell JSON parsing to support additional log formats

Changes are enumerated below.

Rules

• [Updated] MATCH-S00068 O365 - Users Password Changed
  • Updated to use targetUser_username

Log mappers

• [New] CommScope Ruckus SmartZone Default
• [New] CrowdStrike FDR - DNSRequest
• [New] Google G Suite - login - risky_sensitive_action_allowed
• [New] Google G Suite - login challange
• [New] Windows - Windows PowerShell
• [Updated] CrowdStrike Falcon Host API DetectionSummaryEvent (CNC)
  • Added alternate field for threat_name
• [Updated] CrowdStrike Falcon Host API IdpDetectionSummaryEvent (CNC)
  • Added alternate field for threat_name
• [Updated] Google G Suite - login - password_change/recovery_info_change
  • Added additional mapped fields
• [Updated] Google G Suite - login.login
  • Added additional mapped fields
• [Updated] Google G Suite - logout
  • Added additional mapped fields
• [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4103
• [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4104
• [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4105
• [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4106

Parsers

• [New] /Parsers/System/CommScope/CommScope Ruckus SmartZone
• [Updated] /Parsers/System/Microsoft/Windows PowerShell-JSON