From 12ddb20c4998104011c8eb9b41860919cf2e888d Mon Sep 17 00:00:00 2001 From: Julian Crowley Date: Thu, 22 May 2025 16:42:46 -0600 Subject: [PATCH 1/2] Create 2025-05-22-content.md --- blog-cse/2025-05-22-content.md | 50 ++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 blog-cse/2025-05-22-content.md diff --git a/blog-cse/2025-05-22-content.md b/blog-cse/2025-05-22-content.md new file mode 100644 index 0000000000..6057713793 --- /dev/null +++ b/blog-cse/2025-05-22-content.md @@ -0,0 +1,50 @@ +--- +title: May 25, 2025 - Content Release +image: https://help.sumologic.com/img/sumo-square.png +keywords: + - log mappers + - parsers + - rules +hide_table_of_contents: true +--- + +import useBaseUrl from '@docusaurus/useBaseUrl'; + +This content release includes: +- Rule update +- New support for CommScope Ruckus SmartZone +- Additional mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell +- Updates for existing mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell + - Added normalizedAction and action fields to Windows PowerShell mappers +- Changes Windows PowerShell JSON parsing to support additional log formats +- Changes are ennumerated below + + +## Rules +- [Updated] MATCH-S00068 O365 - Users Password Changed + - Updated to use targetUser_username + +## Log Mappers +- [New] CommScope Ruckus SmartZone Default +- [New] CrowdStrike FDR - DNSRequest +- [New] Google G Suite - login - risky_sensitive_action_allowed +- [New] Google G Suite - login challange +- [New] Windows - Windows PowerShell +- [Updated] CrowdStrike Falcon Host API DetectionSummaryEvent (CNC) + - Added alternate field for threat_name +- [Updated] CrowdStrike Falcon Host API IdpDetectionSummaryEvent (CNC) + - Added alternate field for threat_name +- [Updated] Google G Suite - login - password_change/recovery_info_change + - Added additional mapped fields +- [Updated] Google G Suite - login.login + - Added additional mapped fields +- [Updated] Google G Suite - logout + - Added additional mapped fields +- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4103 +- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4104 +- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4105 +- [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4106 + +## Parsers +- [New] /Parsers/System/CommScope/CommScope Ruckus SmartZone +- [Updated] /Parsers/System/Microsoft/Windows PowerShell-JSON \ No newline at end of file From 89d363d2b00cf9ee180fad357081bf3d95a8f747 Mon Sep 17 00:00:00 2001 From: John Pipkin Date: Fri, 23 May 2025 09:04:33 -0500 Subject: [PATCH 2/2] Updates from review --- ...{2025-05-22-content.md => 2025-05-23-content.md} | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) rename blog-cse/{2025-05-22-content.md => 2025-05-23-content.md} (90%) diff --git a/blog-cse/2025-05-22-content.md b/blog-cse/2025-05-23-content.md similarity index 90% rename from blog-cse/2025-05-22-content.md rename to blog-cse/2025-05-23-content.md index 6057713793..2bf19a7efc 100644 --- a/blog-cse/2025-05-22-content.md +++ b/blog-cse/2025-05-23-content.md @@ -1,5 +1,5 @@ --- -title: May 25, 2025 - Content Release +title: May 23, 2025 - Content Release image: https://help.sumologic.com/img/sumo-square.png keywords: - log mappers @@ -16,15 +16,16 @@ This content release includes: - Additional mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell - Updates for existing mappers for CrowdStrike FDR, Google G Suite (Workspace), and Windows PowerShell - Added normalizedAction and action fields to Windows PowerShell mappers -- Changes Windows PowerShell JSON parsing to support additional log formats -- Changes are ennumerated below +- Changes to Windows PowerShell JSON parsing to support additional log formats +Changes are enumerated below. -## Rules + +### Rules - [Updated] MATCH-S00068 O365 - Users Password Changed - Updated to use targetUser_username -## Log Mappers +### Log mappers - [New] CommScope Ruckus SmartZone Default - [New] CrowdStrike FDR - DNSRequest - [New] Google G Suite - login - risky_sensitive_action_allowed @@ -45,6 +46,6 @@ This content release includes: - [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4105 - [Updated] Windows - Microsoft-Windows-PowerShell/Operational - 4106 -## Parsers +### Parsers - [New] /Parsers/System/CommScope/CommScope Ruckus SmartZone - [Updated] /Parsers/System/Microsoft/Windows PowerShell-JSON \ No newline at end of file