August 15, 2025 - Content Release
This content release includes:
- New product support for Vectra AI.
- Updated parsers and log mappers for Azure Event Hub, Barracuda CloudGen Firewall, Microsoft IIS, and Surepass.
- Updated Surepass to the correct vendor name.
Changes are enumerated below.
Log Mappers
- [New] Vectra AI Catch All
- [New] Vectra AI User Login
- [Updated] Azure Event Hub - Windows Defender Logs
- Updated field mappings to include new fields.
- [Updated] Barracuda CloudGen Firewall Activity
- Updated
event_idcriteria to handle abridged event types in some logs.
- Updated
- [Updated] Microsoft IIS Parser - Catch All
- Updated to support
http_urland downstream enrichment.
- Updated to support
- [Updated] Surepass Authentication
- [Updated] Surepass Catch All
- [Updated] Surepass Network Event
Parsers
- [New] /Parsers/System/Vectra/Vectra AI
- [Updated] /Parsers/System/Barracuda/Barracuda CloudGen
- Updated
event_idcriteria to handle abridged event types in some logs and to support additional log formats.
- Updated
- [Updated] /Parsers/System/Cylance/Cylance Syslog
- Updated timestamp parsing.
- [Updated] /Parsers/System/DocuSign/DocuSign Monitor
- Updated timestamp parsing.
- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
- Updated parser to parse additional nested fields.
- [Updated] /Parsers/System/Microsoft/Microsoft IIS
- Updated to form
http_urlfor downstream enrichment.
- Updated to form