|
| 1 | +### January 14, 2025 - Content Release |
| 2 | + |
| 3 | +This content release includes: |
| 4 | +- Parsing and mapping support for Azure DevOps Auditing via EventHubs, and Pfsense Firewall. |
| 5 | +- Parsing and mapping additions and updates for Cisco ISE, Cloudflare, Check Point Firewall, and Linux OS Syslog. |
| 6 | + |
| 7 | +:::note |
| 8 | +In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted Location" will be deleted from the out-of-the-box Cloud SIEM rules due to unmanageable deny list logic and low adoption. To retain this rule, a duplicate must be made prior to the deletion. |
| 9 | +::: |
| 10 | + |
| 11 | +## Log Mappers |
| 12 | +- [New] Azure DevOps Auditing Catch All |
| 13 | +- [New] Check Point Application Control URL Filtering |
| 14 | +- [New] Cisco ISE Radius Diagnostics |
| 15 | +- [New] Linux OS Syslog - KRB5 Child - Authentication Failure |
| 16 | +- [New] Linux OS Syslog - Process systemd - Systemd Session |
| 17 | +- [New] Linux OS Syslog - Process systemd - Systemd Session Scope |
| 18 | +- [New] Linux OS Syslog - Process systemd - session logout |
| 19 | +- [New] Pfsense Firewall filterlog |
| 20 | +- [New] Pfsense Firewall nginx |
| 21 | +- [New] Pfsense Firewall openvpn Authentication |
| 22 | +- [New] Pfsense Firewall openvpn_peer_info|openvpn_error|php_log|sshguard|sshd_log |
| 23 | +- [New] Pfsense Firewall openvpn_server_connected|openvpn_server_disconnected|cron_log |
| 24 | +- [Updated] Cisco ISE Authentication Failure |
| 25 | + - Adds `normalizedSeverity` mapping |
| 26 | +- [Updated] Cisco ISE Authentication Success |
| 27 | + - Adds `normalizedSeverity` mapping |
| 28 | +- [Updated] Cloudflare - Logpush |
| 29 | + - Adds mapping for `dns_query`, `http_hostname`, `http_response_contentLength`, `http_response_contentType`, and an alternative value for `ipProtocol`. |
| 30 | +- [Updated] Linux OS Syslog - Process sshd - SSH Session Closed|disconnect |
| 31 | + - Adds mapping for `normalizedActio`n |
| 32 | +- [Updated] Linux OS Syslog - Process systemd - Systemd Session Start and Systemd File Configuration |
| 33 | + - Added support for additional events and mapping of `file_path` |
| 34 | + |
| 35 | +## Parsers |
| 36 | +- [New] /Parsers/System/Pfsense/Pfsense Firewall |
| 37 | +- [Updated] /Parsers/System/Check Point/Check Point Firewall JSON |
| 38 | +- [Updated] /Parsers/System/Cisco/Cisco ISE |
| 39 | +- [Updated] /Parsers/System/Cloudflare/Cloudflare Logpush |
| 40 | +- [Updated] /Parsers/System/Linux/Linux OS Syslog |
| 41 | +- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers |
| 42 | +- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers |
0 commit comments