From 3c06a56916d2305bfbdf5925ac78fe2f6acd3da2 Mon Sep 17 00:00:00 2001
From: Julian Crowley <jcrowley@sumologic.com>
Date: Fri, 10 Oct 2025 16:26:34 -0600
Subject: [PATCH 1/2] Create 2025-10-10-content.md

---
 blog-cse/2025-10-10-content.md | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 blog-cse/2025-10-10-content.md

diff --git a/blog-cse/2025-10-10-content.md b/blog-cse/2025-10-10-content.md
new file mode 100644
index 0000000000..dbc75e8e02
--- /dev/null
+++ b/blog-cse/2025-10-10-content.md
@@ -0,0 +1,34 @@
+---
+title: October 10, 2025 - Content Release
+image: https://assets-www.sumologic.com/company-logos/_800x418_crop_center-center_82_none/SumoLogic_Preview_600x600.jpg?mtime=1617040082
+keywords:
+  - log mappers
+hide_table_of_contents: true    
+---
+
+* This content release includes:
+    - New and updated rules
+    - Updated Threat Intelligence rules with match lists which can be populated with exclusions to prevent the generation of undesired signals
+    - Mapping Update
+    - Changes are enumerated below
+
+## Rules
+- [New] CHAIN-S00023 Administrative Remote Interactive Brute Force Login
+    - This rule correlates a high number of failed authentication attempts with  a successful remote interactive login (such as via RDP) coming from the same source IP address and user account. 
+- [New] CHAIN-S00024 RDP Brute Force Login Attempt
+    - This rule correlates a high number of failed authentication attempts with repeated inbound connections over port 3389 (the default RDP port).
+- [New] MATCH-S01056 Administrative Remote Interactive Login
+    - This rule triggers on a successful remote interactive login (such as via RDP) of a privileged user.
+- [Updated] MATCH-S00139 Abnormal Parent-Child Process Combination
+    - Updated to reduce false positive matches for certain parent-child process combinations.
+- [Updated] MATCH-S01024 Threat Intel - Destination IP Address (High Confidence)
+- [Updated] MATCH-S01026 Threat Intel - Destination IP Address (Low Confidence)
+- [Updated] MATCH-S01028 Threat Intel - Destination IP Address (Medium Confidence)
+- [Updated] MATCH-S01023 Threat Intel - Inbound Traffic from Threat Feed IP (High Confidence)
+- [Updated] MATCH-S01025 Threat Intel - Inbound Traffic from Threat Feed IP (Low Confidence)
+- [Updated] MATCH-S01027 Threat Intel - Inbound Traffic from Threat Feed IP (Medium Confidence)
+- [Updated] MATCH-S01018 Threat Intel - Successful Authentication from Threat Feed IP
+
+## Log Mappers
+- [Updated] Slack Anomaly Event
+    - Updated to include threat_name mapping for improved context in alerts.
\ No newline at end of file

From 791a3504067f9e7727c5ad0f81fa5ed491dcb28d Mon Sep 17 00:00:00 2001
From: John Pipkin <jpipkin@sumologic.com>
Date: Fri, 10 Oct 2025 17:35:44 -0500
Subject: [PATCH 2/2] Updates from review

---
 blog-cse/2025-10-10-content.md | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/blog-cse/2025-10-10-content.md b/blog-cse/2025-10-10-content.md
index dbc75e8e02..41c1f517d0 100644
--- a/blog-cse/2025-10-10-content.md
+++ b/blog-cse/2025-10-10-content.md
@@ -6,21 +6,22 @@ keywords:
 hide_table_of_contents: true    
 ---
 
-* This content release includes:
-    - New and updated rules
-    - Updated Threat Intelligence rules with match lists which can be populated with exclusions to prevent the generation of undesired signals
-    - Mapping Update
-    - Changes are enumerated below
+This content release includes:
+    - New and updated rules.
+    - Updated Threat Intelligence rules with match lists which can be populated with exclusions to prevent the generation of undesired signals.
+    - Mapping update.
+
+Changes are enumerated below.
 
 ## Rules
 - [New] CHAIN-S00023 Administrative Remote Interactive Brute Force Login
-    - This rule correlates a high number of failed authentication attempts with  a successful remote interactive login (such as via RDP) coming from the same source IP address and user account. 
+    <br/>This rule correlates a high number of failed authentication attempts with  a successful remote interactive login (such as via RDP) coming from the same source IP address and user account. 
 - [New] CHAIN-S00024 RDP Brute Force Login Attempt
-    - This rule correlates a high number of failed authentication attempts with repeated inbound connections over port 3389 (the default RDP port).
+    <br/>This rule correlates a high number of failed authentication attempts with repeated inbound connections over port 3389 (the default RDP port).
 - [New] MATCH-S01056 Administrative Remote Interactive Login
-    - This rule triggers on a successful remote interactive login (such as via RDP) of a privileged user.
+    <br/>This rule triggers on a successful remote interactive login (such as via RDP) of a privileged user.
 - [Updated] MATCH-S00139 Abnormal Parent-Child Process Combination
-    - Updated to reduce false positive matches for certain parent-child process combinations.
+    <br/>Updated to reduce false positive matches for certain parent-child process combinations.
 - [Updated] MATCH-S01024 Threat Intel - Destination IP Address (High Confidence)
 - [Updated] MATCH-S01026 Threat Intel - Destination IP Address (Low Confidence)
 - [Updated] MATCH-S01028 Threat Intel - Destination IP Address (Medium Confidence)
@@ -31,4 +32,4 @@ hide_table_of_contents: true
 
 ## Log Mappers
 - [Updated] Slack Anomaly Event
-    - Updated to include threat_name mapping for improved context in alerts.
\ No newline at end of file
+    <br/>Updated to include `threat_name` mapping for improved context in alerts.
\ No newline at end of file