Skip to main content

October 27, 2022 - Content Release

Rules

  • [New] CHAIN-S00011 Potential InstallUtil Allow List Bypass
  • [Updated] MATCH-S00818 Azure PRT Token Issued via Non Interactive Login
  • [Updated] MATCH-S00464 Suspicious Non-Standard InstallUtil Execution

Log Mappers

  • [Updated] AWS - Application Load Balancer - ALB
  • [Updated] AWS - Application Load Balancer - JSON
  • [Updated] AWS API Gateway
  • [Updated] AWS CloudFront
  • [Updated] AWS EKS - Custom Parser
  • [Updated] AWS Elastic Load Balancer - Custom Parser
  • [Updated] AWS GuardDuty Alerts from Sumo CIP
  • [Updated] AWS Inspector - Custom Parser
  • [Updated] AWS Network Firewall Alerts
  • [Updated] AWS Network Firewall Flow
  • [Updated] AWS Network Firewall Netflow
  • [Updated] AWS Route 53 Logs
  • [Updated] AWS S3 Server Access Log - Custom Parser
  • [Updated] AWS Security Hub
  • [Updated] AWS Trusted Advisor
  • [Updated] AWS VPC Flow Logs - Default Format
  • [Updated] AWS VPC Flow Logs - JSON Format
  • [Updated] AWS WAF Allow Logs
  • [Updated] AWS WAF Block Logs
  • [Updated] AWSGuardDuty_Backdoor
  • [Updated] AWSGuardDuty_Behavior
  • [Updated] AWSGuardDuty_Catch_All
  • [Updated] AWSGuardDuty_CryptoCurrency
  • [Updated] AWSGuardDuty_Discovery
  • [Updated] AWSGuardDuty_Exfiltration
  • [Updated] AWSGuardDuty_PenTest
  • [Updated] AWSGuardDuty_Persistence
  • [Updated] AWSGuardDuty_Policy
  • [Updated] AWSGuardDuty_ResourceConsumption
  • [Updated] AWSGuardDuty_Stealth
  • [Updated] AWSGuardDuty_Trojan
  • [Updated] AwsServiceEvent-AWS API Call via CloudTrail
  • [Updated] CloudTrail - application-insights.amazonaws.com - ListApplications
  • [Updated] CloudTrail - cloudtrail.amazonaws.com - CreateTrail
  • [Updated] CloudTrail - cloudtrail.amazonaws.com - DeleteTrail
  • [Updated] CloudTrail - cloudtrail.amazonaws.com - StartLogging
  • [Updated] CloudTrail - cloudtrail.amazonaws.com - StopLogging
  • [Updated] CloudTrail - cloudtrail.amazonaws.com - UpdateTrail
  • [Updated] CloudTrail - cognito-idp.amazonaws.com - CreateUserPoolClient
  • [Updated] CloudTrail - controltower.amazonaws.com - CreateManagedAccount
  • [Updated] CloudTrail - ec2.amazonaws.com - AttachInternetGateway
  • [Updated] CloudTrail - ec2.amazonaws.com - AuthorizeSecurityGroupIngress
  • [Updated] CloudTrail - ec2.amazonaws.com - BidEvictedEvent
  • [Updated] CloudTrail - ec2.amazonaws.com - CreateCustomerGateway
  • [Updated] CloudTrail - ec2.amazonaws.com - CreateInternetGateway
  • [Updated] CloudTrail - ec2.amazonaws.com - CreateKeyPair
  • [Updated] CloudTrail - ec2.amazonaws.com - CreateNetworkAcl
  • [Updated] CloudTrail - ec2.amazonaws.com - CreateNetworkAclEntry
  • [Updated] CloudTrail - ec2.amazonaws.com - DeleteCustomerGateway
  • [Updated] CloudTrail - ec2.amazonaws.com - DeleteInternetGateway
  • [Updated] CloudTrail - ec2.amazonaws.com - DeleteKeyPair
  • [Updated] CloudTrail - ec2.amazonaws.com - DeleteNetworkAcl
  • [Updated] CloudTrail - ec2.amazonaws.com - DeleteNetworkAclEntry
  • [Updated] CloudTrail - ec2.amazonaws.com - DetachInternetGateway
  • [Updated] CloudTrail - ec2.amazonaws.com - ImportKeyPair
  • [Updated] CloudTrail - ec2.amazonaws.com - ReplaceNetworkAclAssociation
  • [Updated] CloudTrail - ec2.amazonaws.com - ReplaceNetworkAclEntry
  • [Updated] CloudTrail - ecr.amazonaws.com - PolicyExecutionEvent
  • [Updated] CloudTrail - elasticfilesystem.amazonaws.com - NewClientConnection
  • [Updated] CloudTrail - iam.amazonaws.com - AttachGroupPolicy
  • [Updated] CloudTrail - iam.amazonaws.com - AttachRolePolicy
  • [Updated] CloudTrail - iam.amazonaws.com - AttachUserPolicy
  • [Updated] CloudTrail - iam.amazonaws.com - CreateAccessKey
  • [Updated] CloudTrail - iam.amazonaws.com - CreatePolicy
  • [Updated] CloudTrail - iam.amazonaws.com - CreatePolicyVersion
  • [Updated] CloudTrail - iam.amazonaws.com - CreateUser
  • [Updated] CloudTrail - iam.amazonaws.com - DeleteGroupPolicy
  • [Updated] CloudTrail - iam.amazonaws.com - DeletePolicy
  • [Updated] CloudTrail - iam.amazonaws.com - DeleteRolePermissionsBoundary
  • [Updated] CloudTrail - iam.amazonaws.com - DeleteRolePolicy
  • [Updated] CloudTrail - iam.amazonaws.com - DeleteUser
  • [Updated] CloudTrail - iam.amazonaws.com - DeleteUserPermissionsBoundary
  • [Updated] CloudTrail - iam.amazonaws.com - DeleteUserPolicy
  • [Updated] CloudTrail - iam.amazonaws.com - DetachGroupPolicy
  • [Updated] CloudTrail - iam.amazonaws.com - DetachRolePolicy
  • [Updated] CloudTrail - iam.amazonaws.com - DetachUserPolicy
  • [Updated] CloudTrail - iam.amazonaws.com - PutGroupPolicy
  • [Updated] CloudTrail - iam.amazonaws.com - PutRolePolicy
  • [Updated] CloudTrail - iam.amazonaws.com - PutUserPolicy
  • [Updated] CloudTrail - iam.amazonaws.com - UpdateAssumeRolePolicy
  • [Updated] CloudTrail - kms.amazonaws.com - DisableKey
  • [Updated] CloudTrail - kms.amazonaws.com - RotateKey
  • [Updated] CloudTrail - kms.amazonaws.com - ScheduleKeyDeletion
  • [Updated] CloudTrail - logs.amazonaws.com - DeleteDestination
  • [Updated] CloudTrail - logs.amazonaws.com - DeleteLogGroup
  • [Updated] CloudTrail - logs.amazonaws.com - DeleteLogStream
  • [Updated] CloudTrail - organizations.amazonaws.com - CreateAccountResult
  • [Updated] CloudTrail - s3.amazonaws.com - CreateBucket
  • [Updated] CloudTrail - s3.amazonaws.com - DeleteBucketCors
  • [Updated] CloudTrail - s3.amazonaws.com - DeleteBucketLifecycle
  • [Updated] CloudTrail - s3.amazonaws.com - DeleteBucketPolicy
  • [Updated] CloudTrail - s3.amazonaws.com - PutBucketAcl
  • [Updated] CloudTrail - s3.amazonaws.com - PutBucketCors
  • [Updated] CloudTrail - s3.amazonaws.com - PutBucketLifecycle
  • [Updated] CloudTrail - s3.amazonaws.com - PutBucketPolicy
  • [Updated] CloudTrail - s3.amazonaws.com - PutBucketReplication
  • [Updated] CloudTrail - secretsmanager.amazonaws.com - RotationStarted
  • [Updated] CloudTrail - secretsmanager.amazonaws.com - RotationSucceeded
  • [Updated] CloudTrail - secretsmanager.amazonaws.com - SecretVersionDeletion
  • [Updated] CloudTrail - signin.amazonaws.com - CheckMfa
  • [Updated] CloudTrail - signin.amazonaws.com - ConsoleLogin
  • [Updated] CloudTrail - signin.amazonaws.com - ExitRole
  • [Updated] CloudTrail - signin.amazonaws.com - RenewRole
  • [Updated] CloudTrail - signin.amazonaws.com - SwitchRole
  • [Updated] CloudTrail - sso.amazonaws.com - Federate
  • [Updated] CloudTrail - sso.amazonaws.com - ListProfilesForApplication
  • [Updated] CloudTrail Default Mapping
  • [Updated] Falco Detection JSON
  • [Updated] Juniper SSG Series Firewall - Audit Messaging
  • [Updated] Juniper SSG Series Firewall - Traffic Messaging
  • [Updated] Microsoft IIS Parser - Catch All
  • [Updated] Recon_EC2_PortProbeUnprotectedPort
  • [Updated] Recon_EC2_Portscan
  • [Updated] Recon_IAMUser
  • [Updated] UnauthorizedAccess_EC2_SSHBruteForce
  • [Updated] UnauthorizedAccess_EC2_TorClient
  • [Updated] UnauthorizedAccess_EC2_TorIPCaller
  • [Updated] UnauthorizedAccess_EC2_TorRelay
  • [Updated] UnauthorizedAccess_IAMUser

Parsers

  • [Renamed] /Parsers/System/Juniper/Juniper SSC Series Firewall Syslog -> /Parsers/System/Juniper/Juniper SSG Series Firewall Syslog
  • [New] /Parsers/System/Netskope/Netskope Security Cloud JSON
  • [Updated] /Parsers/System/Falco/Falco JSON
  • [Updated] /Parsers/System/Microsoft/Microsoft IIS
Legal
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.