Skip to main content

April 13, 2023 - Content Release

Summary​

  • Updated GuardDuty mappers to use detail.type instead of overly verbose detail.description.
  • Added parsing and mapping support for Citrix Cloud C2C.
  • Secondary update corrections around Matchlist fix for column specifc filters.
  • New Sophos C2C mapper expansion around Event and Alert normalization.
  • Net-new OOBB content for Zoom; eight-Match rules, six Mappers, one Parser.

Rules​

  • [New] MATCH-S00856 Zoom - Account Created
  • [New] MATCH-S00857 Zoom - Account Deleted
  • [New] MATCH-S00858 Zoom - Group Admin Added
  • [New] MATCH-S00859 Zoom - Group Admin Deleted
  • [New] MATCH-S00860 Zoom - Group Changes
  • [New] MATCH-S00861 Zoom - Information Barrier Policy Changes
  • [New] MATCH-S00862 Zoom - Meeting Risk Alert
  • [New] MATCH-S00863 Zoom - Recording Modification
  • [Updated] THRESHOLD-S00096 Brute Force Attempt
  • [Updated] MATCH-S00565 Direct Outbound DNS Traffic
  • [Updated] THRESHOLD-S00103 Domain Brute Force Attempt
  • [Updated] THRESHOLD-S00102 Domain Password Attack
  • [Updated] THRESHOLD-S00095 Password Attack
  • [Updated] CHAIN-S00008 Successful Brute Force

Log Mappers​

  • [New] Citrix Cloud Client Created or Deleted
  • [New] Sophos - C2C Alerts
  • [New] Sophos - C2C Event Threat Detections
  • [New] Zoom - Account Creations or Deletions
  • [New] Zoom - Catch All
  • [New] Zoom - Group Modifications
  • [New] Zoom - Information Barrier Policy Modifications
  • [New] Zoom - Meeting Risk Alert
  • [New] Zoom - Recording Deleted or Trashed
  • [Updated] AWSGuardDuty_PenTest
  • [Updated] AWSGuardDuty_Stealth
  • [Updated] Recon_EC2_PortProbeUnprotectedPort
  • [Updated] Recon_IAMUser

Parsers​

  • [New] /Parsers/System/Citrix/Citrix Cloud C2C
  • [New] /Parsers/System/Zoom/Zoom
Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.