|
| 1 | +### January 14, 2025 - Content Release |
| 2 | + |
| 3 | +This content release includes: |
| 4 | +- Parsing and mapping support for Azure DevOps Auditing via EventHubs, and Pfsense Firewall, |
| 5 | +- Parsing and mapping additions and updates for Cisco ISE, Cloudflare, Check Point Firewall, and Linux OS Syslog |
| 6 | + |
| 7 | +* Note: In ~2 weeks MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted Location" will be deleted from OOTB Cloud SIEM Rules due to unmanageable deny list logic and low adoption. To retain this rule, a duplicate must be made prior to the deletion. |
| 8 | + |
| 9 | +## Log Mappers |
| 10 | +- [New] Azure DevOps Auditing Catch All |
| 11 | +- [New] Check Point Application Control URL Filtering |
| 12 | +- [New] Cisco ISE Radius Diagnostics |
| 13 | +- [New] Linux OS Syslog - KRB5 Child - Authentication Failure |
| 14 | +- [New] Linux OS Syslog - Process systemd - Systemd Session |
| 15 | +- [New] Linux OS Syslog - Process systemd - Systemd Session Scope |
| 16 | +- [New] Linux OS Syslog - Process systemd - session logout |
| 17 | +- [New] Pfsense Firewall filterlog |
| 18 | +- [New] Pfsense Firewall nginx |
| 19 | +- [New] Pfsense Firewall openvpn Authentication |
| 20 | +- [New] Pfsense Firewall openvpn_peer_info|openvpn_error|php_log|sshguard|sshd_log |
| 21 | +- [New] Pfsense Firewall openvpn_server_connected|openvpn_server_disconnected|cron_log |
| 22 | +- [Updated] Cisco ISE Authentication Failure |
| 23 | + - Adds normalizedSeverity mapping |
| 24 | +- [Updated] Cisco ISE Authentication Success |
| 25 | + - Adds normalizedSeverity mapping |
| 26 | +- [Updated] Cloudflare - Logpush |
| 27 | + - Adds mapping for dns_query, http_hostname,http_response_contentLength, http_response_contentType, and an alternative value for ipProtocol. |
| 28 | +- [Updated] Linux OS Syslog - Process sshd - SSH Session Closed|disconnect |
| 29 | + - Adds mapping for normalizedAction |
| 30 | +- [Updated] Linux OS Syslog - Process systemd - Systemd Session Start and Systemd File Configuration |
| 31 | + - Added support for additional events and mapping of file_path |
| 32 | + |
| 33 | +## Parsers |
| 34 | +- [New] /Parsers/System/Pfsense/Pfsense Firewall |
| 35 | +- [Updated] /Parsers/System/Check Point/Check Point Firewall JSON |
| 36 | +- [Updated] /Parsers/System/Cisco/Cisco ISE |
| 37 | +- [Updated] /Parsers/System/Cloudflare/Cloudflare Logpush |
| 38 | +- [Updated] /Parsers/System/Linux/Linux OS Syslog |
| 39 | +- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers |
| 40 | + |
| 41 | +- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers |
0 commit comments