July 3, 2024

This content release includes new and updated rules, log mappers, and parsers. Details are enumerated below.

[Updated] MATCH-S00139 Abnormal Parent-Child Process Combination
- Removed leading backslash from like matches

[New] ApplicationGatewayAccessLog
[New] ApplicationGatewayFirewallLog
[New] Citrix NetScaler - TCP-CONN_TERMINATE
[New] Google G Suite - login - password_change/recovery_info_change
[New] Google G Suite - login-blocked_sender_change
[New] JFrog Artifactory - Access logs
[New] JFrog Artifactory - Login Access logs
[New] JFrog Artifactory - Request Logs
[New] Synergis Genetec - all
[Updated] AWS EKS - Custom Parser
- Keys updated: 'srcDevice_ip', 'http_response_statusCode', 'http_url', 'http_userAgent', 'user_username', 'user_userId', 'action', 'device_k8s_namespace'
[Updated] Abnormal Security Threats
- Keys updated: 'threat_referenceUrl', 'email_subject', 'resource', 'email_sender', 'user_email', 'user_username', 'targetUser_email', 'action', 'threat_identifier', 'user_authDomain', 'srcDevice_ip', 'email_messageId', 'srcDevice_hostname', 'threat_name', 'threat_category', 'timestamp'
[Updated] Cisco ASA 305011-12 JSON
- Keys updated: 'user_authDomain', 'user_username'
[Updated] GitHub JSON
- Keys updated: 'user_username', 'user_role', 'user_userId', 'description', 'http_url', 'device_hostname'
[Updated] SentinelOne Logs - Syslog Custom Parser
- Keys updated: 'srcDevice_osName'