SumoLogic · jpipkin1 · Sep 19, 2025 · Sep 19, 2025
@@ -0,0 +1,67 @@
+---
+title: September 19, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - rules
+  - parsers
+hide_table_of_contents: true    
+---
+
+This content release includes:
+- New rules for passing through OCSF Findings, such as those generated by AWS Security Hub.
+- Updates to rules for impossible travel to exclude local system accounts.
+- New log mappers for Cisco Meraki Traffic Events, OCI Authentication Events, and TippingPoint TPS Cloud.
+- Updates to existing log mappers to support new event IDs and enhance functionality.
+- New parser for TippingPoint TPS Cloud.
+- Updates to existing parsers for Cisco ASA, Cisco Meraki C2C, Kaspersky Endpoint Security, and Oracle Cloud Infrastructure to support new events.
+- Schema update to include `ocsf` as an enforced value for `threat_ruleType`.
+
+Changes are enumerated below.
+
+### Rules
+
+- [New] MATCH-S01053 OCSF Compliance Finding
+<br/>Passes through compliance findings from OCSF sources.
+- [New] MATCH-S01054 OCSF Detection Finding
+<br/>Passes through detection findings from OCSF sources.
+- [New] MATCH-S01055 OCSF Vulnerability Finding
+<br/>Passes through vulnerability findings from OCSF sources.
+- [Updated] THRESHOLD-S00097 Impossible Travel - Successful
+<br/>Exclude local system accounts from the rule.
+- [Updated] THRESHOLD-S00098 Impossible Travel - Unsuccessful
+<br/>Exclude local system accounts from the rule.
+
+### Log Mappers
+
+- [New] Cisco Meraki Traffic Events
+- [New] OCI Catch Authentication events
+- [New] TippingPoint TPS Cloud Catch All
+- [Updated] AWS GuardDuty - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Inspector - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Security Hub - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Security Hub Coverage - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] AWS Security Hub Exposure Detection - OCSF Finding Events
+<br/>Modified to support dedicated OCSF finding rules.
+- [Updated] Cisco ASA 109201|109207|113022
+- [Updated] Cisco ASA 722051|722022|722023|722028|722032|722033|722036|722037|722041|722011
+- [Updated] Kaspersky Endpoint Security Catch All
+- [Updated] Oracle Cloud Infrastructure Audit Catch All
+- [Updated] Windows - Security - 4624
+<br/>Added `user_role` field to identify admin users
+- [Updated] Windows - Security - 4648
+<br/>Added `user_role` field to identify admin users.
+
+### Parsers
+
+- [New] /Parsers/System/TippingPoint/TippingPoint TPS Cloud
+- [Updated] /Parsers/System/Cisco/Cisco ASA
+- [Updated] /Parsers/System/Cisco/Cisco Meraki C2C
+- [Updated] /Parsers/System/Kaspersky/Kaspersky Endpoint Security
+- [Updated] /Parsers/System/Oracle/Oracle Cloud Infrastructure Schema
+- [Updated] threat_ruleType
+<br/>Updated enforced values to include `ocsf` as an option for mappers representing Findings records as categorized in the Open Cybersecurity Schema Framework (OCSF).