|
| 1 | +--- |
| 2 | +title: January 14, 2025 - Content Release |
| 3 | +image: https://help.sumologic.com/img/sumo-square.png |
| 4 | +keywords: |
| 5 | + - rules |
| 6 | + - log mappers |
| 7 | + - parsers |
| 8 | +hide_table_of_contents: true |
| 9 | +--- |
| 10 | + |
| 11 | +import useBaseUrl from '@docusaurus/useBaseUrl'; |
| 12 | + |
| 13 | +<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a> |
| 14 | + |
| 15 | +This content release includes: |
| 16 | +- Parsing and mapping support for Azure DevOps Auditing via EventHubs, and Pfsense Firewall. |
| 17 | +- Parsing and mapping additions and updates for Cisco ISE, Cloudflare, Check Point Firewall, and Linux OS Syslog. |
| 18 | + |
| 19 | +:::note |
| 20 | +In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted Location" will be deleted from the out-of-the-box Cloud SIEM rules due to unmanageable deny list logic and low adoption. To retain this rule, a duplicate must be made prior to the deletion. |
| 21 | +::: |
| 22 | + |
| 23 | +### Log Mappers |
| 24 | +- [New] Azure DevOps Auditing Catch All |
| 25 | +- [New] Check Point Application Control URL Filtering |
| 26 | +- [New] Cisco ISE Radius Diagnostics |
| 27 | +- [New] Linux OS Syslog - KRB5 Child - Authentication Failure |
| 28 | +- [New] Linux OS Syslog - Process systemd - Systemd Session |
| 29 | +- [New] Linux OS Syslog - Process systemd - Systemd Session Scope |
| 30 | +- [New] Linux OS Syslog - Process systemd - session logout |
| 31 | +- [New] Pfsense Firewall filterlog |
| 32 | +- [New] Pfsense Firewall nginx |
| 33 | +- [New] Pfsense Firewall openvpn Authentication |
| 34 | +- [New] Pfsense Firewall openvpn_peer_info|openvpn_error|php_log|sshguard|sshd_log |
| 35 | +- [New] Pfsense Firewall openvpn_server_connected|openvpn_server_disconnected|cron_log |
| 36 | +- [Updated] Cisco ISE Authentication Failure |
| 37 | + - Adds `normalizedSeverity` mapping |
| 38 | +- [Updated] Cisco ISE Authentication Success |
| 39 | + - Adds `normalizedSeverity` mapping |
| 40 | +- [Updated] Cloudflare - Logpush |
| 41 | + - Adds mapping for `dns_query`, `http_hostname`, `http_response_contentLength`, `http_response_contentType`, and an alternative value for `ipProtocol`. |
| 42 | +- [Updated] Linux OS Syslog - Process sshd - SSH Session Closed|disconnect |
| 43 | + - Adds mapping for `normalizedAction` |
| 44 | +- [Updated] Linux OS Syslog - Process systemd - Systemd Session Start and Systemd File Configuration |
| 45 | + - Added support for additional events and mapping of `file_path` |
| 46 | + |
| 47 | +### Parsers |
| 48 | +- [New] /Parsers/System/Pfsense/Pfsense Firewall |
| 49 | +- [Updated] /Parsers/System/Check Point/Check Point Firewall JSON |
| 50 | +- [Updated] /Parsers/System/Cisco/Cisco ISE |
| 51 | +- [Updated] /Parsers/System/Cloudflare/Cloudflare Logpush |
| 52 | +- [Updated] /Parsers/System/Linux/Linux OS Syslog |
| 53 | +- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers |
| 54 | +- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers |
0 commit comments