diff --git a/blog-cse/2025/01-14.md b/blog-cse/2025/01-14.md new file mode 100644 index 0000000000..b4688a03fc --- /dev/null +++ b/blog-cse/2025/01-14.md @@ -0,0 +1,42 @@ +### January 14, 2025 - Content Release + +This content release includes: +- Parsing and mapping support for Azure DevOps Auditing via EventHubs, and Pfsense Firewall. +- Parsing and mapping additions and updates for Cisco ISE, Cloudflare, Check Point Firewall, and Linux OS Syslog. + +:::note +In two weeks, MATCH-S00604 "OneLogin - API Credentials - Key Used from Untrusted Location" will be deleted from the out-of-the-box Cloud SIEM rules due to unmanageable deny list logic and low adoption. To retain this rule, a duplicate must be made prior to the deletion. +::: + +## Log Mappers +- [New] Azure DevOps Auditing Catch All +- [New] Check Point Application Control URL Filtering +- [New] Cisco ISE Radius Diagnostics +- [New] Linux OS Syslog - KRB5 Child - Authentication Failure +- [New] Linux OS Syslog - Process systemd - Systemd Session +- [New] Linux OS Syslog - Process systemd - Systemd Session Scope +- [New] Linux OS Syslog - Process systemd - session logout +- [New] Pfsense Firewall filterlog +- [New] Pfsense Firewall nginx +- [New] Pfsense Firewall openvpn Authentication +- [New] Pfsense Firewall openvpn_peer_info|openvpn_error|php_log|sshguard|sshd_log +- [New] Pfsense Firewall openvpn_server_connected|openvpn_server_disconnected|cron_log +- [Updated] Cisco ISE Authentication Failure + - Adds `normalizedSeverity` mapping +- [Updated] Cisco ISE Authentication Success + - Adds `normalizedSeverity` mapping +- [Updated] Cloudflare - Logpush + - Adds mapping for `dns_query`, `http_hostname`, `http_response_contentLength`, `http_response_contentType`, and an alternative value for `ipProtocol`. +- [Updated] Linux OS Syslog - Process sshd - SSH Session Closed|disconnect + - Adds mapping for `normalizedActio`n +- [Updated] Linux OS Syslog - Process systemd - Systemd Session Start and Systemd File Configuration + - Added support for additional events and mapping of `file_path` + +## Parsers +- [New] /Parsers/System/Pfsense/Pfsense Firewall +- [Updated] /Parsers/System/Check Point/Check Point Firewall JSON +- [Updated] /Parsers/System/Cisco/Cisco ISE +- [Updated] /Parsers/System/Cloudflare/Cloudflare Logpush +- [Updated] /Parsers/System/Linux/Linux OS Syslog +- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers +- [Updated] /Parsers/System/Linux/Shared/Linux Shared Syslog Headers \ No newline at end of file