Skip to main content

March 15, 2023 - Content Release


  • [New] CHAIN-S00013 GCP IDS Detection Followed by API Call; Detects a GCP IDS hit followed by an API call, indicating the source IP was able to gain access to GCP.
  • [Updated] THRESHOLD-S00087 Slack - Possible Session Hijacking; Adjusts "Slack - Possible Session Hijacking" to use 'sessionId' schema field.

Log Mappers

  • [New] GCP IDS; Mapper for GCP IDS events
  • [New] Netskope - Catch All; Added 'Catch All' Mapper to account for unavailability of event identifier in all messages.
  • [New] Slack Login; Added mapping specific to logon success/failure events
  • [Updated] Slack Catch All; Adjusts mapper use new sessionIdschema field in place of sourceUid


  • [Updated] /Parsers/System/Cisco/Cisco Firepower Syslog; Adjusts Cisco Firepower parser for some FTD events and corrected routing for Snort like and ASA messages which pass through the Firepower parser.
  • [Updated] /Parsers/System/Google/GCP; Adds additional time format handling


  • [New] sessionId; An ephemeral and at least semi-unique identifier of a connection between two systems (e.g., HTTP session, user logon session, TCP session identifiers)
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.