Skip to content

Commit 11cca7c

Browse files
jpipkin1kimsauce
jpipkin1
and
kimsauce
authored
Cloud SIEM content release notes for March 24 2025 (#5201)
* Cloud SIEM content release notes for March 24 2025 * Update blog-cse/2025-03-24-content.md Co-authored-by: Kim (Sumo Logic) <[email protected]> * Update blog-cse/2025-03-24-content.md Co-authored-by: Kim (Sumo Logic) <[email protected]> --------- Co-authored-by: Kim (Sumo Logic) <[email protected]>
1 parent 9c8fff7 commit 11cca7c

File tree

1 file changed

+39
-0
lines changed

1 file changed

+39
-0
lines changed

blog-cse/2025-03-24-content.md

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,39 @@
1+
---
2+
title: March 24, 2025 - Content Release
3+
image: https://help.sumologic.com/img/sumo-square.png
4+
keywords:
5+
- rules
6+
hide_table_of_contents: true
7+
---
8+
9+
import useBaseUrl from '@docusaurus/useBaseUrl';
10+
11+
This content release includes Threat Intelligence match rules that use the new [`hasThreatMatch`](/docs/cse/rules/cse-rules-syntax/#hasthreatmatch) operator to support both global and custom threat intelligence feeds.
12+
13+
To reduce initial signal volume, basic inbound and outbound IP address threat match rules with a low or medium confidence level are disabled by default (see below). We highly recommend tuning these rules before enabling them to reduce signal volume, and therefore entity risk assignment, to manageable levels.
14+
15+
### Rules
16+
* MATCH-S00999 Threat Intel - IMPHASH Match
17+
* MATCH-S01000 Threat Intel - MD5 Match
18+
* MATCH-S01001 Threat Intel - PEHASH Match
19+
* MATCH-S01002 Threat Intel - SSDEEP Match
20+
* MATCH-S01003 Threat Intel - SHA1 Match
21+
* MATCH-S01004 Threat Intel - SHA256 Match
22+
* MATCH-S01005 Threat Intel - Source Hostname
23+
* MATCH-S01006 Threat Intel - Device Hostname
24+
* MATCH-S01007 Threat Intel - Destination Device Hostname
25+
* MATCH-S01008 Threat Intel - HTTP Hostname
26+
* MATCH-S01009 Threat Intel - HTTP Referrer Hostname
27+
* MATCH-S01010 Threat Intel - DNS Query Domain
28+
* MATCH-S01011 Threat Intel - DNS Reply Domain
29+
* MATCH-S01012 Threat Intel - HTTP Referrer Domain
30+
* MATCH-S01013 Threat Intel - HTTP URL Root Domain
31+
* MATCH-S01014 Threat Intel - HTTP URL FQDN
32+
* MATCH-S01015 Threat Intel - HTTP URL
33+
* MATCH-S01025 Threat Intel - Inbound Traffic from Threat Feed IP (Low Confidence) - Disabled By Default
34+
* MATCH-S01026 Threat Intel - Destination IP Address (Low Confidence) - Disabled By Default
35+
* MATCH-S01027 Threat Intel - Inbound Traffic from Threat Feed IP (Medium Confidence) - Disabled By Default
36+
* MATCH-S01028 Threat Intel - Destination IP Address (Medium Confidence) - Disabled By Default
37+
* MATCH-S01023 Threat Intel - Inbound Traffic from Threat Feed IP (High Confidence)
38+
* MATCH-S01024 Threat Intel - Destination IP Address (High Confidence)
39+
* MATCH-S01018 Threat Intel - Successful Authentication from Threat Feed IP

0 commit comments

Comments
 (0)