Skip to content

Commit 8b37b87

Browse files
jpipkin1jpipkin1
committed
Updates from review
1 parent 06f1bea commit 8b37b87

File tree

1 file changed

+23
-23
lines changed

1 file changed

+23
-23
lines changed

blog-cse/2025-04-14-content.md

Lines changed: 23 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -11,18 +11,18 @@ hide_table_of_contents: true
1111
import useBaseUrl from '@docusaurus/useBaseUrl';
1212

1313
This content release includes:
14-
- Additional data requirements for GitHub rules added to rule descriptions
15-
- Spelling corrections for AWS Lambda rules
16-
- New Slack Anomaly Event log mapper and supporting parsing changes
17-
- Enables passthrough detection of Slack Anomaly Events using Normalized Security Signal (MATCH-S00402)
18-
- Requires parser be defined for passthrough detection
19-
- Updates to Sysdig parsing and mapping to support additional events
20-
- Support for Microsoft Windows Sysmon-29 event
21-
- Additional normalized field mappings for Microsoft Windows Sysmon events
22-
- New user_phoneNumber and targetUser_phoneNumber schema fields
14+
- Additional data requirements for GitHub rules added to rule descriptions.
15+
- Spelling corrections for AWS Lambda rules.
16+
- New Slack Anomaly Event log mapper and supporting parsing changes:
17+
- Enables passthrough detection of Slack Anomaly Events using Normalized Security Signal (MATCH-S00402).
18+
- Requires parser be defined for passthrough detection.
19+
- Updates to Sysdig parsing and mapping to support additional events.
20+
- Support for Microsoft Windows Sysmon-29 event.
21+
- Additional normalized field mappings for Microsoft Windows Sysmon events.
22+
- New `user_phoneNumber` and `targetUser_phoneNumber` schema fields.
2323

2424

25-
## Rules
25+
### Rules
2626
- [Updated] MATCH-S00874 AWS Lambda Function Recon
2727
- [Updated] MATCH-S00952 GitHub - Administrator Added or Invited
2828
- [Updated] MATCH-S00953 GitHub - Audit Logging Modification
@@ -46,36 +46,36 @@ This content release includes:
4646
- [Updated] MATCH-S00965 GitHub - Secret Scanning Potentially Disabled
4747
- [Updated] MATCH-S00966 GitHub - Two-Factor Authentication Disabled for Organization
4848

49-
## Log Mappers
49+
### Log Mappers
5050
- [New] Slack Anomaly Event
5151
- [New] Windows - Microsoft-Windows-Sysmon/Operational - 16
5252
- [New] Windows - Microsoft-Windows-Sysmon/Operational - 19|20
5353
- [New] Windows - Microsoft-Windows-Sysmon/Operational-29
5454
- [Updated] Sysdig Secure Packages
5555
- [Updated] Sysdig Secure Vulnerability
5656
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 1
57+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 2
58+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 3
59+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 4
60+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 5
61+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 6
62+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 7
63+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 8
64+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 9
5765
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 10
5866
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 11
5967
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 15
6068
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 17
6169
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 18
62-
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 2
6370
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 23
6471
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 24
6572
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 26
6673
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 27
67-
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 3
68-
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 4
69-
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 5
70-
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 6
71-
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 7
72-
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 8
73-
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 9
7474

75-
## Parsers
75+
### Parsers
7676
- [New] /Parsers/System/Slack/Slack Enterprise Audit
7777
- [Updated] /Parsers/System/Sysdig/Sysdig Secure
7878

79-
## Schema
80-
- [New] targetUser_phoneNumber
81-
- [New] user_phoneNumber
79+
### Schema
80+
- [New] `targetUser_phoneNumber`
81+
- [New] `user_phoneNumber`

0 commit comments

Comments
 (0)