Rules
- [Updated] MATCH-S00582 Malicious Service Installs
- [Updated] THRESHOLD-S00087 Slack - Possible Session Hijacking
Log Mappers
- [New] BigQuery Gmail C2C - Catch All
- [New] BigQuery Gmail C2C - Error in Delivery
- [New] BigQuery Gmail C2C - Failed Delivery
- [New] BigQuery Gmail C2C - Message was dropped by Gmail
- [New] BigQuery Gmail C2C - Message was rejected by Google Groups
- [Updated] AWSGuardDuty_Catch_All
- [Updated] AWSGuardDuty_Discovery
- [Updated] Azure Access Logs
- [Updated] Azure Action Logs
- [Updated] Azure Administrative logs
- [Updated] Azure AuditEvent logs
- [Updated] Azure ManagedIdentitySignInLogs
- [Updated] Azure NonInteractiveUserSignInLogs
- [Updated] Azure ServicePrincipalSignInLogs
- [Updated] Azure Storage Analytics
- [Updated] Azure Write and Delete Logs
- [Updated] AzureActivityLog
- [Updated] AzureActivityLog 01
- [Updated] AzureActivityLog AuditLogs
- [Updated] AzureDevOpsAuditing
- [Updated] AzureDiagnosticLog
- [Updated] Cisco ASA 113039 JSON
- [Updated] Cisco Ironport MID - Custom Parser
- [Updated] Cisco Ironport SFIMS - Custom Parser
- [Updated] Cisco Ironport WSA - Custom Parser
- [Updated] GCP App Engine Logs
- [Updated] GCP Audit Logs
- [Updated] GCP Firewall
- [Updated] GCP Parser - Load Balancer
- [Updated] GCP VPC Flows
- [Updated] Kubernetes
- [Updated] Office 365 - Exchange Admin Events
- [Updated] Windows - Security - 4697
- [Updated] Windows - Security - 4820
Parsers
- [New] /Parsers/System/Google/GCP BigQuery Gmail
- [Updated] /Parsers/System/Citrix/Citrix NetScaler Syslog
- [Updated] /Parsers/System/Dell/Dell SonicWall
- [Updated] /Parsers/System/Infoblox/Infoblox
Schema
- [New] device_k8s_normalizedDeploymentName
- [New] device_k8s_normalizedReplicaSetName
- [New] dstDevice_k8s_normalizedDeploymentName
- [New] dstDevice_k8s_normalizedReplicaSetName
- [New] srcDevice_k8s_normalizedDeploymentName
- [New] srcDevice_k8s_normalizedReplicaSetName