SumoLogic · jpipkin1 · Nov 6, 2025 · Nov 6, 2025 · Nov 6, 2025 · Nov 6, 2025
@@ -0,0 +1,37 @@
+---
+title: November 6, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+This content release includes:
+    - An updated parser and new log mappers for Netskope Cloud Security for improved handling of Netskope DLP logs.
+    - An updated mapper for Azure Audit Logs which repurposes the `changeTarget` field mapping for changed items such as groups.
+    - Updated Azure rules to accommodate the repurposed `changeTarget` field
+    - Updated Keeper Authentication mapper to include the `Success` field.
+
+:::note
+If you are ingesting Netskope Cloud Security Logs or Azure Audit Logs ensure that the log source is set to use the appropriate system parser:
+    - Netskope Cloud Security: /Parsers/System/Netskope/Netskope Security Cloud JSON
+    - Azure Audit Logs: /Parsers/System/Microsoft/Microsoft Azure JSON
+:::
+
+### Rules
+- [Updated] MATCH-S00226 Azure - Add Member to Group
+- [Updated] MATCH-S00220 Azure - Add Member to Role Outside of PIM
+- [Updated] MATCH-S00231 Azure - Member Added to Global Administrator Role
+- [Updated] MATCH-S00233 Azure - Member Added to Global Administrator Role Non-PIM
+- [Updated] MATCH-S00229 Azure - Member Added to Non-Global Administrator Role
+
+### Log Mappers
+- [New] Netskope - DLP Alerts
+- [New] Netskope - Incidents
+- [Updated] AzureActivityLog AuditLogs
+- [Updated] Keeper Authentication
+
+### Parsers
+- [Updated] /Parsers/System/Netskope/Netskope Security Cloud JSON