The latest iteration of our content release include Office 365 changes that address Mapping, Parsing and Rule changes that better take into account fields that were previously encapsulated within the Parameters field. Additionally, we performed improvements to the Zscaler Nanolog mapping and parsing to more accurately present port data even when extracted from URLs.
Rules
- [Updated] MATCH-S00830 Office 365 Forwarding Rule Created
- [Updated] MATCH-S00831 Office 365 Unified Audit Logging Disabled
Log Mappers
- [Updated] Microsoft Office 365 Exchange Mailbox Audit Events: Keys updated: 'targetUser_username'
- [Updated] Office 365 - Exchange Admin Events: Keys updated: 'user_username', 'targetUser_username'
- [Updated] Zscaler - Nanolog Streaming Service - JSON: Keys updated: 'dstPort'
Parsers
- [Updated] /Parsers/System/Cisco/Cisco Firepower Syslog: REGEX modifications to parse the Firepower Event ID
- [Updated] /Parsers/System/Microsoft/Office 365
- [Updated] /Parsers/System/Zscaler/Zscaler Nanolog Streaming Service/Zscaler Nanolog Streaming Service-CEF
- [Updated] /Parsers/System/Zscaler/Zscaler Nanolog Streaming Service/Zscaler Nanolog Streaming Service-JSON
- [Updated] /Parsers/System/Zscaler/Zscaler Nanolog Streaming Service/Zscaler Nanolog Streaming Service-LEEF