|
| 1 | +--- |
| 2 | +title: September 19, 2025 - Content Release |
| 3 | +image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082 |
| 4 | +keywords: |
| 5 | + - log mappers |
| 6 | + - rules |
| 7 | + - parsers |
| 8 | +hide_table_of_contents: true |
| 9 | +--- |
| 10 | + |
| 11 | +This content release includes: |
| 12 | +- New rules for passing through OCSF Findings, such as those generated by AWS Security Hub. |
| 13 | +- Updates to rules for impossible travel to exclude local system accounts. |
| 14 | +- New log mappers for Cisco Meraki Traffic Events, OCI Authentication Events, and TippingPoint TPS Cloud. |
| 15 | +- Updates to existing log mappers to support new event IDs and enhance functionality. |
| 16 | +- New parser for TippingPoint TPS Cloud. |
| 17 | +- Updates to existing parsers for Cisco ASA, Cisco Meraki C2C, Kaspersky Endpoint Security, and Oracle Cloud Infrastructure to support new events. |
| 18 | +- Schema update to include `ocsf` as an enforced value for `threat_ruleType`. |
| 19 | + |
| 20 | +Changes are enumerated below. |
| 21 | + |
| 22 | +### Rules |
| 23 | + |
| 24 | +- [New] MATCH-S01053 OCSF Compliance Finding |
| 25 | +<br/>Passes through compliance findings from OCSF sources. |
| 26 | +- [New] MATCH-S01054 OCSF Detection Finding |
| 27 | +<br/>Passes through detection findings from OCSF sources. |
| 28 | +- [New] MATCH-S01055 OCSF Vulnerability Finding |
| 29 | +<br/>Passes through vulnerability findings from OCSF sources. |
| 30 | +- [Updated] THRESHOLD-S00097 Impossible Travel - Successful |
| 31 | +<br/>Exclude local system accounts from the rule. |
| 32 | +- [Updated] THRESHOLD-S00098 Impossible Travel - Unsuccessful |
| 33 | +<br/>Exclude local system accounts from the rule. |
| 34 | + |
| 35 | +### Log Mappers |
| 36 | + |
| 37 | +- [New] Cisco Meraki Traffic Events |
| 38 | +- [New] OCI Catch Authentication events |
| 39 | +- [New] TippingPoint TPS Cloud Catch All |
| 40 | +- [Updated] AWS GuardDuty - OCSF Finding Events |
| 41 | +<br/>Modified to support dedicated OCSF finding rules. |
| 42 | +- [Updated] AWS Inspector - OCSF Finding Events |
| 43 | +<br/>Modified to support dedicated OCSF finding rules. |
| 44 | +- [Updated] AWS Security Hub - OCSF Finding Events |
| 45 | +<br/>Modified to support dedicated OCSF finding rules. |
| 46 | +- [Updated] AWS Security Hub Coverage - OCSF Finding Events |
| 47 | +<br/>Modified to support dedicated OCSF finding rules. |
| 48 | +- [Updated] AWS Security Hub Exposure Detection - OCSF Finding Events |
| 49 | +<br/>Modified to support dedicated OCSF finding rules. |
| 50 | +- [Updated] Cisco ASA 109201|109207|113022 |
| 51 | +- [Updated] Cisco ASA 722051|722022|722023|722028|722032|722033|722036|722037|722041|722011 |
| 52 | +- [Updated] Kaspersky Endpoint Security Catch All |
| 53 | +- [Updated] Oracle Cloud Infrastructure Audit Catch All |
| 54 | +- [Updated] Windows - Security - 4624 |
| 55 | +<br/>Added `user_role` field to identify admin users |
| 56 | +- [Updated] Windows - Security - 4648 |
| 57 | +<br/>Added `user_role` field to identify admin users. |
| 58 | + |
| 59 | +### Parsers |
| 60 | + |
| 61 | +- [New] /Parsers/System/TippingPoint/TippingPoint TPS Cloud |
| 62 | +- [Updated] /Parsers/System/Cisco/Cisco ASA |
| 63 | +- [Updated] /Parsers/System/Cisco/Cisco Meraki C2C |
| 64 | +- [Updated] /Parsers/System/Kaspersky/Kaspersky Endpoint Security |
| 65 | +- [Updated] /Parsers/System/Oracle/Oracle Cloud Infrastructure Schema |
| 66 | +- [Updated] threat_ruleType |
| 67 | +<br/>Updated enforced values to include `ocsf` as an option for mappers representing Findings records as categorized in the Open Cybersecurity Schema Framework (OCSF). |
0 commit comments