This release includes new rule, mapping, parsing, and content updates. Changes are enumerated below.
Rulesβ
- [Updated] MATCH-S00610 PSExec Named Pipe Created by Non-PsExec Process
- Expression Key updated
- [Updated] MATCH-S00159 Windows - Permissions Group Discovery
- Removed FirstSeen language in the match rule
Log Mappersβ
- [New] Cato Networks Security Events - Catch All
- [New] Windows - Security - 5156
- [Updated] 1Password Item Audit Actions
- Updated event id pattern
- [Updated] 1Password Item Usage Actions
- Updated event id pattern
- [Updated] Azure Application Service Console Logs
- Azure Custom Parser Normalized Severity key update
- [Updated] Azure Event Hub - Windows Defender Logs - DeviceAlertEvents
- Azure Custom Parser Normalized Severity key update
- [Updated] Azure Risky Users
- Azure Custom Parser Normalized Severity key update
- [Updated] Azure User Risk Events
- Azure Custom Parser Normalized Severity key update
- [Updated] Microsoft Defender for Cloud - Security Alerts
- Azure Custom Parser Normalized Severity key update
- [Updated] Okta Authentication - sso
- Application key updated