March 21, 2024 - Content Release

This release includes new rule, mapping, parsing, and content updates. Changes are enumerated below.

Rules

• [Updated] MATCH-S00610 PSExec Named Pipe Created by Non-PsExec Process
  • Expression Key updated
• [Updated] MATCH-S00159 Windows - Permissions Group Discovery
  • Removed FirstSeen language in the match rule

Log Mappers

• [New] Cato Networks Security Events - Catch All
• [New] Windows - Security - 5156
• [Updated] 1Password Item Audit Actions
  • Updated event id pattern
• [Updated] 1Password Item Usage Actions
  • Updated event id pattern
• [Updated] Azure Application Service Console Logs
  • Azure Custom Parser Normalized Severity key update
• [Updated] Azure Event Hub - Windows Defender Logs - DeviceAlertEvents
  • Azure Custom Parser Normalized Severity key update
• [Updated] Azure Risky Users
  • Azure Custom Parser Normalized Severity key update
• [Updated] Azure User Risk Events
  • Azure Custom Parser Normalized Severity key update
• [Updated] Microsoft Defender for Cloud - Security Alerts
  • Azure Custom Parser Normalized Severity key update
• [Updated] Okta Authentication - sso
  • Application key updated