Rules
- [Updated] MATCH-S00570 WMIPRVSE Spawning Process
Log Mappers
- [Updated] Gigamon Threat Insight - Catch All
- [Updated] Gigamon Threat Insight - Suricata
- [Updated] Microsoft Office 365 Threat Intelligence Url Events
Parsers
- [New] /Parsers/System/Gigamon/GigamonTI
- [Updated] /Parsers/System/Lacework/Lacework JSON
- [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV
Schema
- [Updated] baseImage
- [Updated] commandLine
- [Updated] file_basename
- [Updated] file_hash_imphash
- [Updated] file_hash_md5
- [Updated] file_hash_pehash
- [Updated] file_hash_sha1
- [Updated] file_hash_sha256
- [Updated] file_hash_ssdeep
- [Updated] file_path
- [Updated] http_referer_fqdn
- [Updated] http_url
- [Updated] http_url_fqdn
- [Updated] http_userAgent
- [Updated] parentBaseImage
- [Updated] targetUser_email
- [Updated] user_email