Skip to main content

October 20, 2022 - Content Release

Rules

  • [Updated] MATCH-S00640 Kubernetes Pod Created in Kube Namespace
  • [Updated] MATCH-S00642 Kubernetes Service Account Created in Kube Namespace

Log Mappers

  • [New] Juniper SSC Series Firewall - Audit Messaging
  • [New] Juniper SSC Series Firewall - Traffic Messaging
  • [New] Linux-Sysmon/Operational - 1
  • [New] Linux-Sysmon/Operational - 10
  • [New] Linux-Sysmon/Operational - 11
  • [New] Linux-Sysmon/Operational - 15
  • [New] Linux-Sysmon/Operational - 16
  • [New] Linux-Sysmon/Operational - 17
  • [New] Linux-Sysmon/Operational - 18
  • [New] Linux-Sysmon/Operational - 2
  • [New] Linux-Sysmon/Operational - 23
  • [New] Linux-Sysmon/Operational - 3
  • [New] Linux-Sysmon/Operational - 4
  • [New] Linux-Sysmon/Operational - 5
  • [New] Linux-Sysmon/Operational - 6
  • [New] Linux-Sysmon/Operational - 7
  • [New] Linux-Sysmon/Operational - 8
  • [New] Linux-Sysmon/Operational - 9
  • [New] Microsoft Graph Security API C2C - Dynamic Vendor/Product - Azure Advanced Threat Protection
  • [New] Microsoft Graph Security API C2C - Dynamic Vendor/Product - Microsoft Defender for Cloud Apps
  • [Updated] Kubernetes
  • [Updated] Microsoft Office 365 Threat Intelligence Events

Parsers

  • [New] /Parsers/System/Juniper/Juniper SSC Series Firewall Syslog
  • [New] /Parsers/System/Linux/Linux Sysmon XML

Schema

  • [New] device_k8s_deployment
  • [New] device_k8s_namespace
  • [New] device_k8s_normalizedPodName
  • [New] device_k8s_pod
  • [New] device_k8s_replicaSet
  • [New] dstDevice_k8s_deployment
  • [New] dstDevice_k8s_namespace
  • [New] dstDevice_k8s_normalizedPodName
  • [New] dstDevice_k8s_pod
  • [New] dstDevice_k8s_replicaSet
  • [New] srcDevice_k8s_deployment
  • [New] srcDevice_k8s_namespace
  • [New] srcDevice_k8s_normalizedPodName
  • [New] srcDevice_k8s_pod
  • [New] srcDevice_k8s_replicaSet
  • [Updated] device_container_runtime
Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.