Skip to content

Commit ee5cb37

Browse files
jc-sumojc-sumo
committed
Create 2025-04-14-content.md
1 parent 0a9205e commit ee5cb37

File tree

1 file changed

+81
-0
lines changed

1 file changed

+81
-0
lines changed

blog-cse/2025-04-14-content.md

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
---
2+
title: April 14, 2025 - Content Release
3+
image: https://help.sumologic.com/img/sumo-square.png
4+
keywords:
5+
- log mappers
6+
- parsers
7+
- rules
8+
hide_table_of_contents: true
9+
---
10+
11+
import useBaseUrl from '@docusaurus/useBaseUrl';
12+
13+
* This Content Release Includes:
14+
- Additional data requirements for GitHub rules added to rule descriptions
15+
- Spelling corrections for AWS Lambda rules
16+
- New Slack Anomaly Event log mapper and supporting parsing changes
17+
- Enables passthrough detection of Slack Anomaly Events using Normalized Security Signal (MATCH-S00402).
18+
- Requires parser be defined for passthrough detection
19+
- Updates to Sysdig parsing and mapping to support additional events
20+
- Support for Microsfot Windows Sysmon-29 event
21+
- Additional normalized field mappings for Microsoft Windows Sysmon events
22+
- New user_phoneNumber and targetUser_phoneNumber schema fields
23+
24+
25+
## Rules
26+
- [Updated] MATCH-S00874 AWS Lambda Function Recon
27+
- [Updated] MATCH-S00952 GitHub - Administrator Added or Invited
28+
- [Updated] MATCH-S00953 GitHub - Audit Logging Modification
29+
- [Updated] MATCH-S00954 GitHub - Copilot Seat Cancelled by GitHub
30+
- [Updated] FIRST-S00091 GitHub - First Seen Activity From Country for User
31+
- [Updated] FIRST-S00090 GitHub - First Seen Application Interacting with API
32+
- [Updated] MATCH-S00950 GitHub - Member Invitation or Addition
33+
- [Updated] MATCH-S00955 GitHub - Member Permissions Modification
34+
- [Updated] MATCH-S00956 GitHub - OAuth Application Activity
35+
- [Updated] MATCH-S00957 GitHub - Organization Transfer
36+
- [Updated] OUTLIER-S00026 GitHub - Outlier in Distinct User Agent Strings by User
37+
- [Updated] OUTLIER-S00027 GitHub - Outlier in Repository Cloning or Downloads
38+
- [Updated] MATCH-S00958 GitHub - PR Review Requirement Removed
39+
- [Updated] MATCH-S00959 GitHub - Repository Public Key Deletion
40+
- [Updated] MATCH-S00960 GitHub - Repository Transfer
41+
- [Updated] MATCH-S00961 GitHub - Repository Visibility Changed to Public
42+
- [Updated] MATCH-S00962 GitHub - Repository Visibility Permissions Changed
43+
- [Updated] MATCH-S00963 GitHub - SSH Key Created for Private Repo
44+
- [Updated] MATCH-S00964 GitHub - SSO Recovery Codes Access Activity
45+
- [Updated] MATCH-S00951 GitHub - Secret Scanning Alert
46+
- [Updated] MATCH-S00965 GitHub - Secret Scanning Potentially Disabled
47+
- [Updated] MATCH-S00966 GitHub - Two-Factor Authentication Disabled for Organization
48+
49+
## Log Mappers
50+
- [New] Slack Anomaly Event
51+
- [New] Windows - Microsoft-Windows-Sysmon/Operational - 16
52+
- [New] Windows - Microsoft-Windows-Sysmon/Operational - 19|20
53+
- [New] Windows - Microsoft-Windows-Sysmon/Operational-29
54+
- [Updated] Sysdig Secure Packages
55+
- [Updated] Sysdig Secure Vulnerability
56+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 1
57+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 10
58+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 11
59+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 15
60+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 17
61+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 18
62+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 2
63+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 23
64+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 24
65+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 26
66+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 27
67+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 3
68+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 4
69+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 5
70+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 6
71+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 7
72+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 8
73+
- [Updated] Windows - Microsoft-Windows-Sysmon/Operational - 9
74+
75+
## Parsers
76+
- [New] /Parsers/System/Slack/Slack Enterprise Audit
77+
- [Updated] /Parsers/System/Sysdig/Sysdig Secure
78+
79+
## Schema
80+
- [New] targetUser_phoneNumber
81+
- [New] user_phoneNumber

0 commit comments

Comments
 (0)