New-Scale Security Operations PlatformNew-Scale Content Package Release Notes

Incorporated the parsing for the fields process_path,process_dir & process_name for parser microsoft-sysmon-xml-file-write-success-11

Added a new parser - cloudflare-insights-json-app-activity-email, which will parse all the expected fields for the latest format of Cloudflare logs.

Added support for Qualys new-format logs.

Remove top_domain filtering from the parsers

Fixed and added test case for validation of incorrect number of quotes in parser.

update the parser "microsoft-sysmon-xml-dll-load-7" with mapping "imageloaded" vendor field to file_path, file_dir, file_name, file_ext

Parsers added for vendor ZeroFox

New Discard EM Filter Added

Hash Parsing Improvements:Added length-based validation to accurately map hash values to the correct CIM fields (e.g., SHA256, SHA1, MD5).Process/File Parsing Fixes:Resolved issues where process names included directory paths and where file/process fields (path, dir, name, ext) were misparsed by refining regex patterns.

Removed duplicate regex of src_ip from parser pan-ngfw-json-network-traffic-success-allow

Updated the Unix parser conditions to accommodate unparsed logs and corrected the time regex in the Unix parsers.

Add parsing support for the newly formatted email_address field in a few SentinelOne parsers.

Added support for Veeam new format logs

Updated the microsoft-azuread-cef-app-login-clientappused parser to extract the raw log fields trustType and isManaged as device_type and device_description, respectively.

Added regex to more_info field in parsers - okta-amfa-mix-app-login-success-securitycontext,okta-amfa-mix-app-login-fail-suspiciousactivity

Added catchall parser cyberark-pam-cef-app-activity-failed-undefined for vendor cyberark

Added result, alert_id and technique field in multiple Microsoft Defender parsers.

Updated email_address regex for okta-amfa-mix-app-login-success-securitycontext parser.

Two deprecated parsers "pan-gp-leef-vpn-login-success-gatewayprelogin" and "pan-ngfw-json-network-traffic-fail-deny-4" added back to Production

Category updated for product Imperva Securesphere from WAF to Database Security.

Added regex to parse attribute,principal_id ,app_id field in parsers - microsoft-m365auditlogs-json-app-activity-operationname , microsoft-windows-sk4-app-login-fail-signin and microsoft-o365-cef-app-file-success-displayname

Updated event-builder conditions for windows event-id 4771

Added regex to parse action field in parsers - cisco-fp-kv-alert-trigger-success-acpolicy.

Updated the parser "proofpoint-pitm-json-alert-trigger-success" regex as per log schema.

Fixed ip regex which was causing field validation error in parser -microsoft-o365-sk4-app-file-send

Added support for Kaspersky and Cloudflare new-format logs.

New parsers added for Cisco IOS

Enhanced the Product values for the below parser to Microsoft Purview and updated the platform for the respective event builder microsoft-azureadip-json-alert-trigger-success-exfiltration , microsoft-defendercloud-cef-alert-trigger-success-datalossprevention , microsoft-m365auditlogs-json-alert-trigger-datalossprevention, microsoft-m365auditlogs-json-alert-trigger-datalossprevention-1