January 14, 2025 - Content Release​
This content release includes:
- Parsing and mapping support for Azure DevOps Auditing via EventHubs, and Pfsense Firewall.
- Parsing and mapping additions and updates for Cisco ISE, Cloudflare, Check Point Firewall, and Linux OS Syslog.
note
In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted Location" will be deleted from the out-of-the-box Cloud SIEM rules due to unmanageable deny list logic and low adoption. To retain this rule, a duplicate must be made prior to the deletion.
Log Mappers​
- [New] Azure DevOps Auditing Catch All
- [New] Check Point Application Control URL Filtering
- [New] Cisco ISE Radius Diagnostics
- [New] Linux OS Syslog - KRB5 Child - Authentication Failure
- [New] Linux OS Syslog - Process systemd - Systemd Session
- [New] Linux OS Syslog - Process systemd - Systemd Session Scope
- [New] Linux OS Syslog - Process systemd - session logout
- [New] Pfsense Firewall filterlog
- [New] Pfsense Firewall nginx
- [New] Pfsense Firewall openvpn Authentication
- [New] Pfsense Firewall openvpn_peer_info|openvpn_error|php_log|sshguard|sshd_log
- [New] Pfsense Firewall openvpn_server_connected|openvpn_server_disconnected|cron_log
- [Updated] Cisco ISE Authentication Failure
- Adds
normalizedSeveritymapping
- Adds
- [Updated] Cisco ISE Authentication Success
- Adds
normalizedSeveritymapping
- Adds
- [Updated] Cloudflare - Logpush
- Adds mapping for
dns_query,http_hostname,http_response_contentLength,http_response_contentType, and an alternative value foripProtocol.
- Adds mapping for
- [Updated] Linux OS Syslog - Process sshd - SSH Session Closed|disconnect
- Adds mapping for
normalizedAction
- Adds mapping for
- [Updated] Linux OS Syslog - Process systemd - Systemd Session Start and Systemd File Configuration
- Added support for additional events and mapping of
file_path
- Added support for additional events and mapping of
Parsers​
- [New] /Parsers/System/Pfsense/Pfsense Firewall
- [Updated] /Parsers/System/Check Point/Check Point Firewall JSON
- [Updated] /Parsers/System/Cisco/Cisco ISE
- [Updated] /Parsers/System/Cloudflare/Cloudflare Logpush
- [Updated] /Parsers/System/Linux/Linux OS Syslog
- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers
- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers