From a2ccfba869bb34ec6e052ba31937e702f9fdf5bb Mon Sep 17 00:00:00 2001
From: Julian Crowley <jcrowley@sumologic.com>
Date: Fri, 30 May 2025 13:52:10 -0600
Subject: [PATCH 1/2] Create 2025-05-30-content.md

---
 blog-cse/2025-05-30-content.md | 54 ++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 blog-cse/2025-05-30-content.md

diff --git a/blog-cse/2025-05-30-content.md b/blog-cse/2025-05-30-content.md
new file mode 100644
index 0000000000..4084349638
--- /dev/null
+++ b/blog-cse/2025-05-30-content.md
@@ -0,0 +1,54 @@
+---
+title: May 30, 2025 - Content Release
+image: https://help.sumologic.com/img/sumo-square.png
+keywords:
+  - log mappers
+  - parsers
+  - rules
+hide_table_of_contents: true    
+---
+
+import useBaseUrl from '@docusaurus/useBaseUrl';
+
+This content release includes:
+- Rule updates
+- New log parsers and mappers to support Akamai CPC, Contrast Security ADR
+- New and updated log mappers for Azure Event Hub - Windows Defender logs, Cisco ISE, Microsoft Office 365, and Snowflake
+- Modifications to existing parsers for Microsoft Azure JSON, Nginx Syslog, and Snowflake to support additional formats and events
+- Changes are enumerated below
+
+
+## Rules
+- [Updated] MATCH-S00068 O365 - Users Password Changed
+    - Updated entity selectors to include both `user_username` and `targetUser_username`
+- [Updated] MATCH-S00069 O365 - Users Password Reset
+    - Updated entity selectors to include both `user_username` and `targetUser_username`
+
+## Log Mappers
+- [New] Akamai CPC
+- [New] Azure Event Hub - Windows Defender Audit events
+- [New] Azure Event Hub - Windows Defender Audit file events
+- [New] Azure Event Hub - Windows Defender Authentication events
+- [New] Azure Event Hub - Windows Defender Email events
+- [New] Azure Event Hub - Windows Defender Endpoint Process events
+- [New] Azure Event Hub - Windows Defender Network events
+- [New] Contrast Security ADR Default Mapping
+- [New] Snowflake Query History
+- [New] Snowflake Session
+- [Updated] Azure Event Hub - Windows Defender Logs - DeviceAlertEvents
+- [Updated] Azure Event Hub - Windows Defender Logs and Azure Alert
+- [Updated] Cisco ISE Catch All
+- [Updated] Microsoft Office 365 Active Directory Authentication Events
+- [Updated] Snowflake Catch All
+- [Updated] Snowflake Login
+
+## Parsers
+- [New] /Parsers/System/Akamai/Akamai CPC
+- [New] /Parsers/System/Contrast Security/Contrast ADR
+- [Updated] /Parsers/System/Cisco/Cisco ISE
+- [Updated] /Parsers/System/Microsoft/Microsoft Azure JSON
+- [Updated] /Parsers/System/Nginx/Nginx Syslog
+- [Updated] /Parsers/System/Microsoft/Office 365
+- [Updated] /Parsers/System/Snowflake/Snowflake
+- [Updated] /Parsers/System/Microsoft/Windows PowerShell-JSON
+- [Updated] /Parsers/System/Microsoft/Windows-JSON-Open Telemetry
\ No newline at end of file

From 4b56b1d60a2d709552026a57afc288c32f9ceece Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Fri, 30 May 2025 15:42:28 -0500
Subject: [PATCH 2/2] Updates from review

---
 blog-cse/2025-05-30-content.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/blog-cse/2025-05-30-content.md b/blog-cse/2025-05-30-content.md
index 4084349638..cb705cfaff 100644
--- a/blog-cse/2025-05-30-content.md
+++ b/blog-cse/2025-05-30-content.md
@@ -11,20 +11,20 @@ hide_table_of_contents: true
 import useBaseUrl from '@docusaurus/useBaseUrl';
 
 This content release includes:
-- Rule updates
-- New log parsers and mappers to support Akamai CPC, Contrast Security ADR
-- New and updated log mappers for Azure Event Hub - Windows Defender logs, Cisco ISE, Microsoft Office 365, and Snowflake
-- Modifications to existing parsers for Microsoft Azure JSON, Nginx Syslog, and Snowflake to support additional formats and events
-- Changes are enumerated below
+- Rule updates.
+- New log parsers and mappers to support Akamai CPC and Contrast Security ADR.
+- New and updated log mappers for Azure Event Hub - Windows Defender logs, Cisco ISE, Microsoft Office 365, and Snowflake.
+- Modifications to existing parsers for Microsoft Azure JSON, Nginx Syslog, and Snowflake to support additional formats and events.
 
+Changes are enumerated below.
 
-## Rules
+### Rules
 - [Updated] MATCH-S00068 O365 - Users Password Changed
     - Updated entity selectors to include both `user_username` and `targetUser_username`
 - [Updated] MATCH-S00069 O365 - Users Password Reset
     - Updated entity selectors to include both `user_username` and `targetUser_username`
 
-## Log Mappers
+### Log Mappers
 - [New] Akamai CPC
 - [New] Azure Event Hub - Windows Defender Audit events
 - [New] Azure Event Hub - Windows Defender Audit file events
@@ -42,7 +42,7 @@ This content release includes:
 - [Updated] Snowflake Catch All
 - [Updated] Snowflake Login
 
-## Parsers
+### Parsers
 - [New] /Parsers/System/Akamai/Akamai CPC
 - [New] /Parsers/System/Contrast Security/Contrast ADR
 - [Updated] /Parsers/System/Cisco/Cisco ISE