Skip to content

Commit ddf346a

Browse files
jc-sumojpipkin1
jc-sumo
and
jpipkin1
authored
CSIEM Content 2025-01-31 (#5027)
* CSIEM Content 2025-01-31 * Updates from review --------- Co-authored-by: John Pipkin <[email protected]>
1 parent 7e3911d commit ddf346a

File tree

1 file changed

+54
-0
lines changed

1 file changed

+54
-0
lines changed

blog-cse/2025-01-31-content.md

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
---
2+
title: January 31, 2025 - Content Release
3+
image: https://help.sumologic.com/img/sumo-square.png
4+
keywords:
5+
- log mappers
6+
- parsers
7+
hide_table_of_contents: true
8+
---
9+
10+
import useBaseUrl from '@docusaurus/useBaseUrl';
11+
12+
<a href="https://help.sumologic.com/release-notes-cse/rss.xml"><img src={useBaseUrl('img/release-notes/rss-orange2.png')} alt="icon" width="50"/></a>
13+
14+
This content release includes:
15+
- Removal and updates to Cloud SIEM rules.
16+
- Parsing and mapping support for new products.
17+
- Updates to existing parsing and mappers to support additional events and field mappings.
18+
19+
Changes are enumerated below.
20+
21+
### Rules
22+
- [Deleted] MATCH-S00604 OneLogin - API Credentials - Key Used from Untrusted Location
23+
- [Updated] FIRST-S00044 First Seen AppID Generating MailItemsAccessed Event from User
24+
- Corrected typo in "MailItemsAccessed".
25+
- [Updated] FIRST-S00046 First Seen Client Generating MailItemsAccessed Event from User
26+
- Corrected typo in "MailItemsAccessed".
27+
28+
### Log Mappers
29+
- [New] Crowdstrike FileVantage Catch All
30+
- [New] Dragos Communication
31+
- [New] Dragos Indicator
32+
- [New] Dragos System|Asset
33+
- [New] Extrahop JSON Catch All
34+
- [New] F5 TMM Http Request|TMM Network|TMM Connection error
35+
- [New] F5 TMSH - Custom Parser
36+
- [New] Zendesk - Login events
37+
#### Updated Field Mappings
38+
- [Updated] Code42 Incydr Alerts C2C
39+
- [Updated] Cyber Ark EPM AggregateEvent
40+
- [Updated] Google G Suite - meet
41+
- [Updated] Palo Alto GlobalProtect - Custom Parser
42+
- [Updated] Palo Alto GlobalProtect Auth - Custom Parser
43+
- [Updated] Zendesk Catch All
44+
45+
### Parsers
46+
- [New] /Parsers/System/CrowdStrike/CrowdStrike Filevantage
47+
- [New] /Parsers/System/Extrahop/Extrahop JSON
48+
#### Updated parsers to handle additional events and field parsing
49+
- [Updated] /Parsers/System/Code42/Code42 Incydr
50+
- [Updated] /Parsers/System/Dragos/Dragos
51+
- [Updated] /Parsers/System/F5/F5 Syslog
52+
- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
53+
- [Updated] /Parsers/System/Microsoft/Office 365
54+
- [Updated] /Parsers/System/Palo Alto/PAN Firewall CSV

0 commit comments

Comments
 (0)