Skip to content

Commit 1b35a34

Browse files
jc-sumojpipkin1kimsauce
authored
Create 2025-04-14-content.md (#5281)
* Create 2025-04-14-content.md * Update blog-cse/2025-04-14-content.md Co-authored-by: Kim (Sumo Logic) <[email protected]> * Updates from review --------- Co-authored-by: John Pipkin (Sumo Logic) <[email protected]> Co-authored-by: Kim (Sumo Logic) <[email protected]>
1 parent 0a9205e commit 1b35a34

File tree

1 file changed

+81
-0
lines changed

1 file changed

+81
-0
lines changed

blog-cse/2025-04-14-content.md

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
---
2+
title: April 14, 2025 - Content Release
3+
image: https://help.sumologic.com/img/sumo-square.png
4+
keywords:
5+
- log mappers
6+
- parsers
7+
- rules
8+
hide_table_of_contents: true
9+
---
10+
11+
import useBaseUrl from '@docusaurus/useBaseUrl';
12+
13+
This content release includes:
14+
- Additional data requirements for GitHub rules added to rule descriptions.
15+
- Spelling corrections for AWS Lambda rules.
16+
- New Slack Anomaly Event log mapper and supporting parsing changes:
17+
- Enables passthrough detection of Slack Anomaly Events using Normalized Security Signal (MATCH-S00402).
18+
- Requires parser be defined for passthrough detection.
19+
- Updates to Sysdig parsing and mapping to support additional events.
20+
- Support for Microsoft Windows Sysmon-29 event.
21+
- Additional normalized field mappings for Microsoft Windows Sysmon events.
22+
- New `user_phoneNumber` and `targetUser_phoneNumber` schema fields.
23+
24+
25+
### Rules
26+
- [Updated] MATCH-S00874 AWS Lambda Function Recon
27+
- [Updated] MATCH-S00952 GitHub - Administrator Added or Invited
28+
- [Updated] MATCH-S00953 GitHub - Audit Logging Modification
29+
- [Updated] MATCH-S00954 GitHub - Copilot Seat Cancelled by GitHub
30+
- [Updated] FIRST-S00091 GitHub - First Seen Activity From Country for User
31+
- [Updated] FIRST-S00090 GitHub - First Seen Application Interacting with API
32+
- [Updated] MATCH-S00950 GitHub - Member Invitation or Addition
33+
- [Updated] MATCH-S00955 GitHub - Member Permissions Modification
34+
- [Updated] MATCH-S00956 GitHub - OAuth Application Activity
35+
- [Updated] MATCH-S00957 GitHub - Organization Transfer
36+
- [Updated] OUTLIER-S00026 GitHub - Outlier in Distinct User Agent Strings by User
37+
- [Updated] OUTLIER-S00027 GitHub - Outlier in Repository Cloning or Downloads
38+
- [Updated] MATCH-S00958 GitHub - PR Review Requirement Removed
39+
- [Updated] MATCH-S00959 GitHub - Repository Public Key Deletion
40+
- [Updated] MATCH-S00960 GitHub - Repository Transfer
41+
- [Updated] MATCH-S00961 GitHub - Repository Visibility Changed to Public
42+
- [Updated] MATCH-S00962 GitHub - Repository Visibility Permissions Changed
43+
- [Updated] MATCH-S00963 GitHub - SSH Key Created for Private Repo
44+
- [Updated] MATCH-S00964 GitHub - SSO Recovery Codes Access Activity
45+
- [Updated] MATCH-S00951 GitHub - Secret Scanning Alert
46+
- [Updated] MATCH-S00965 GitHub - Secret Scanning Potentially Disabled
47+
- [Updated] MATCH-S00966 GitHub - Two-Factor Authentication Disabled for Organization
48+
49+
### Log Mappers
50+
- [New] Slack Anomaly Event
51+
- [New] Windows - Microsoft-Windows-Sysmon/Operational - 16
52+
- [New] Windows - Microsoft-Windows-Sysmon/Operational - 19|20
53+
- [New] Windows - Microsoft-Windows-Sysmon/Operational-29
54+
- [Updated] Sysdig Secure Packages
55+
- [Updated] Sysdig Secure Vulnerability
56+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 1
57+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 2
58+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 3
59+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 4
60+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 5
61+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 6
62+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 7
63+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 8
64+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 9
65+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 10
66+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 11
67+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 15
68+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 17
69+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 18
70+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 23
71+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 24
72+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 26
73+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 27
74+
75+
### Parsers
76+
- [New] /Parsers/System/Slack/Slack Enterprise Audit
77+
- [Updated] /Parsers/System/Sysdig/Sysdig Secure
78+
79+
### Schema
80+
- [New] `targetUser_phoneNumber`
81+
- [New] `user_phoneNumber`

0 commit comments

Comments
 (0)