Skip to content

Commit d2a67f3

Browse files
jpipkin1jpipkin1
authored
Merge branch 'main' into docs-696-insight-list-page
2 parents 8235d78 + e745718 commit d2a67f3

File tree

1,358 files changed

+18753
-15098
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,358 files changed

+18753
-15098
lines changed

.clabot

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -181,7 +181,10 @@
181181
"ankitgoelcmu",
182182
"Deklin",
183183
"justrelax19",
184-
"dlindelof-sumologic"
184+
"dlindelof-sumologic",
185+
"snyk-bot",
186+
"stephenthedev",
187+
"Apoorvkudesia-sumologic"
185188
],
186189
"message": "Thank you for your contribution! As this is an open source project, we require contributors to sign our Contributor License Agreement and do not have yours on file. To proceed with your PR, please [sign your name here](https://forms.gle/YgLddrckeJaCdZYA6) and we will add you to our approved list of contributors.",
187190
"label": "cla-signed",

.github/workflows/build_and_deploy.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ on:
2828

2929
jobs:
3030
build-and-deploy:
31-
runs-on: ubuntu-22.04
31+
runs-on: ubuntu-latest
3232
environment:
3333
name: ${{ inputs.environment }}
3434
url: ${{ inputs.hostname }}${{ inputs.base_url }}

.github/workflows/delete-review.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ on: delete
44

55
jobs:
66
delete-branch-environment:
7-
runs-on: ubuntu-20.04
7+
runs-on: ubuntu-latest
88
environment:
99
name: review/${{ github.ref_name }}
1010
env:

.github/workflows/pr.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ on:
1010

1111
jobs:
1212
build-and-deploy:
13-
runs-on: ubuntu-22.04
13+
runs-on: ubuntu-latest
1414
env:
1515
CI: true
1616
NODE_ENV: production

blog-collector/2024/2025-02-18.md renamed to blog-collector/2025-02-18.md

File renamed without changes.

blog-collector/2025-05-14.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
---
2+
title: Version 19.525-42
3+
hide_table_of_contents: true
4+
image: https://help.sumologic.com/img/sumo-square.png
5+
---
6+
7+
import useBaseUrl from '@docusaurus/useBaseUrl';
8+
9+
In this release, we've enhanced the security and stability of the Collector with added support for security patches and a bug fix.
10+
11+
## Security Fix
12+
13+
- Upgraded `com.google.crypto.tink` to version 1.16.0 to address protobuf-java DOS vulnerability (CVE-2024-7254).
14+
15+
## Bug Fix
16+
17+
- Fixed the improper filtering of `AD` objects when `Exclude Distinguished Name Suffixes` filter is configured.

blog-cse/2025-04-03-content.md

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
---
2+
title: April 3, 2025 - Content Release
3+
image: https://help.sumologic.com/img/sumo-square.png
4+
keywords:
5+
- log mappers
6+
- parsers
7+
hide_table_of_contents: true
8+
---
9+
10+
import useBaseUrl from '@docusaurus/useBaseUrl';
11+
12+
This content release includes new and updated log mappers and parsers for Bitwarden, CommScope, Mimecast, and Sysdig Secure. Updates to Mimecast mappers are to support additional fields and events with new log parser.
13+
14+
## Log Mappers
15+
- [New] Bitwarden Authentication
16+
- [New] Bitwarden Catch All
17+
- [New] CommScope Authentication Event
18+
- [New] CommScope STP and DHCPC Event
19+
- [New] CommScope System|Security
20+
- [New] Sysdig Secure Packages
21+
- [New] Sysdig Secure Vulnerability
22+
- [Updated] Mimecast AV Event
23+
- [Updated] Mimecast Audit Authentication Logs
24+
- [Updated] Mimecast Audit Hold Messages
25+
- [Updated] Mimecast Audit Logs
26+
- [Updated] Mimecast DLP Logs
27+
- [Updated] Mimecast Email logs
28+
- [Updated] Mimecast Impersonation Event
29+
- [Updated] Mimecast Spam Event
30+
- [Updated] Mimecast Targeted Threat Protection Logs
31+
32+
## Parsers
33+
- [New] /Parsers/System/Bitwarden/Bitwarden
34+
- [New] /Parsers/System/CommScope/CommScope
35+
- [New] /Parsers/System/Mimecast/Mimecast
36+
- [New] /Parsers/System/Sysdig/Sysdig Secure

blog-cse/2025-04-08-application.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
---
2+
title: April 8, 2025 - Application Update
3+
image: https://help.sumologic.com/img/sumo-square.png
4+
keywords:
5+
- threat intel
6+
- security
7+
hide_table_of_contents: true
8+
---
9+
10+
import useBaseUrl from '@docusaurus/useBaseUrl';
11+
12+
### New Threat Intelligence Source
13+
14+
We’re excited to announce a new default source for Sumo Logic Threat Intelligence incorporating Indicators of Compromise (IoC) from Intel 471.
15+
16+
For more information, [see our release note](/release-notes-service/2025/04/08/security/) in the *Service* release notes section.

blog-cse/2025-04-14-content.md

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
---
2+
title: April 14, 2025 - Content Release
3+
image: https://help.sumologic.com/img/sumo-square.png
4+
keywords:
5+
- log mappers
6+
- parsers
7+
- rules
8+
hide_table_of_contents: true
9+
---
10+
11+
import useBaseUrl from '@docusaurus/useBaseUrl';
12+
13+
This content release includes:
14+
- Additional data requirements for GitHub rules added to rule descriptions.
15+
- Spelling corrections for AWS Lambda rules.
16+
- New Slack Anomaly Event log mapper and supporting parsing changes:
17+
- Enables passthrough detection of Slack Anomaly Events using Normalized Security Signal (MATCH-S00402).
18+
- Requires parser be defined for passthrough detection.
19+
- Updates to Sysdig parsing and mapping to support additional events.
20+
- Support for Microsoft Windows Sysmon-29 event.
21+
- Additional normalized field mappings for Microsoft Windows Sysmon events.
22+
- New `user_phoneNumber` and `targetUser_phoneNumber` schema fields.
23+
24+
25+
### Rules
26+
- [Updated] MATCH-S00874 AWS Lambda Function Recon
27+
- [Updated] MATCH-S00952 GitHub - Administrator Added or Invited
28+
- [Updated] MATCH-S00953 GitHub - Audit Logging Modification
29+
- [Updated] MATCH-S00954 GitHub - Copilot Seat Cancelled by GitHub
30+
- [Updated] FIRST-S00091 GitHub - First Seen Activity From Country for User
31+
- [Updated] FIRST-S00090 GitHub - First Seen Application Interacting with API
32+
- [Updated] MATCH-S00950 GitHub - Member Invitation or Addition
33+
- [Updated] MATCH-S00955 GitHub - Member Permissions Modification
34+
- [Updated] MATCH-S00956 GitHub - OAuth Application Activity
35+
- [Updated] MATCH-S00957 GitHub - Organization Transfer
36+
- [Updated] OUTLIER-S00026 GitHub - Outlier in Distinct User Agent Strings by User
37+
- [Updated] OUTLIER-S00027 GitHub - Outlier in Repository Cloning or Downloads
38+
- [Updated] MATCH-S00958 GitHub - PR Review Requirement Removed
39+
- [Updated] MATCH-S00959 GitHub - Repository Public Key Deletion
40+
- [Updated] MATCH-S00960 GitHub - Repository Transfer
41+
- [Updated] MATCH-S00961 GitHub - Repository Visibility Changed to Public
42+
- [Updated] MATCH-S00962 GitHub - Repository Visibility Permissions Changed
43+
- [Updated] MATCH-S00963 GitHub - SSH Key Created for Private Repo
44+
- [Updated] MATCH-S00964 GitHub - SSO Recovery Codes Access Activity
45+
- [Updated] MATCH-S00951 GitHub - Secret Scanning Alert
46+
- [Updated] MATCH-S00965 GitHub - Secret Scanning Potentially Disabled
47+
- [Updated] MATCH-S00966 GitHub - Two-Factor Authentication Disabled for Organization
48+
49+
### Log Mappers
50+
- [New] Slack Anomaly Event
51+
- [New] Windows - Microsoft-Windows-Sysmon/Operational - 16
52+
- [New] Windows - Microsoft-Windows-Sysmon/Operational - 19|20
53+
- [New] Windows - Microsoft-Windows-Sysmon/Operational-29
54+
- [Updated] Sysdig Secure Packages
55+
- [Updated] Sysdig Secure Vulnerability
56+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 1
57+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 2
58+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 3
59+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 4
60+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 5
61+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 6
62+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 7
63+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 8
64+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 9
65+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 10
66+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 11
67+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 15
68+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 17
69+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 18
70+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 23
71+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 24
72+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 26
73+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 27
74+
75+
### Parsers
76+
- [New] /Parsers/System/Slack/Slack Enterprise Audit
77+
- [Updated] /Parsers/System/Sysdig/Sysdig Secure
78+
79+
### Schema
80+
- [New] `targetUser_phoneNumber`
81+
- [New] `user_phoneNumber`

blog-cse/2025-04-25-content.md

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
---
2+
title: April 25, 2025 - Content Release
3+
image: https://help.sumologic.com/img/sumo-square.png
4+
keywords:
5+
- log mappers
6+
- parsers
7+
- rules
8+
hide_table_of_contents: true
9+
---
10+
11+
import useBaseUrl from '@docusaurus/useBaseUrl';
12+
13+
This content release includes:
14+
- Fixes for Threat Intelligence rules to correct match expression syntax for hash and HTTP referrer.
15+
- Parsing and mapping updates for Microsoft Office 365 to improve target user visibility.
16+
17+
## Rules
18+
- [Updated] MATCH-S01009 Threat Intel - HTTP Referrer
19+
- [Updated] MATCH-S01012 Threat Intel - HTTP Referrer Root Domain
20+
- [Updated] MATCH-S00999 Threat Intel - IMPHASH Match
21+
- [Updated] MATCH-S01000 Threat Intel - MD5 Match
22+
- [Updated] MATCH-S01001 Threat Intel - PEHASH Match
23+
- [Updated] MATCH-S01003 Threat Intel - SHA1 Match
24+
- [Updated] MATCH-S01004 Threat Intel - SHA256 Match
25+
- [Updated] MATCH-S01002 Threat Intel - SSDEEP Match
26+
27+
## Log Mappers
28+
- [Updated] Microsoft Office 365 Active Directory Authentication Events
29+
- [Updated] Microsoft Office 365 AzureActiveDirectory Events
30+
31+
## Parsers
32+
- [Updated] /Parsers/System/Microsoft/Office 365

0 commit comments

Comments
 (0)