New-Scale Security Operations PlatformNew-Scale Content Package Release Notes

Added support for Claroty new format logs.

Updated conditions of a few OOTB parsers to parse broader category of Microsoft Defender logs

Fixed the field parsing issues with microsoft-evadfs-xml-ds-object-delete-success-4929 parser.

Updated netskope-webtx-json-network-traffic-ipsecnetworksecurity parser conditions to accommodate new format Netskope logs.

Updated the field extraction for below parsers. List of parsers and field extraction mentioned below microsoft-evsecurity-json-endpoint-4624 time, event_id, result microsoft-evsecurity-json-endpoint-login-4776 time, host, result_code, event_id, result microsoft-evsecurity-mix-user-privilege-assign-success-4673 time, dest_host, host microsoft-evsecurity-mix-user-privilege-use-success-4674-1 src_ip, src_mac, host

Added new parser for Monday.com logs

Created the parser for OpenAI audit logs.

Added support for Qualys new format logs.

Developed new parser content for Github logs

Added default content support for new vendor - Zyxel.

Added url field parsing support for fortinet-fortigate-kv-network-traffic-logid and several other Fortinet parsers.

Fixed parsing for fields user , dest_user , and src_user in the pan-ngfw-mix-alert-trigger-success-threadvulnerability parser.

Updated categories, web_domain field extractions for the parser: pan-ngfw-csv-http-session-9999.

Fixed the result field parsing and appropriate event building issue with Azure parser.

Updated severity field extractions for parser okta-amfa-mix-app-login-success-securitycontext

Categorized result = LogonAttempt events to endpoint-notification:success instead of endpoint-login:fail .

Updated regexes of following fields - correlation_id,object,resource,resource_id,tenant_id in parser microsoft-azuremon-sk4-app-activity-policy.

Filter exact 19-digit strings from mapping to aws_user for amazon-awscloudtrail-json-app-activity-awsapicall parser

Updated parser 'microsoft-o365-cef-app-file-success-displayname' to lower priority so that it does not interfere with the logs of other parsers.

Fix the event builder syntax issue of CrowdStrike and Zscaler .

Created new parser to support wiz unparsed logs .Parser Name : wiz-w-json-app-activity-success-fail-wiz.

Update the parser 'microsoft-o365-sk4-file-app-userkey' with new field extraction and EB with 'usb-write'

Updated src_user and target field extractions for parser - okta-amfa-mix-app-login-success-securitycontext

Updated regex of process_name in parser - sentinelone-singularityp-json-alert-trigger-success-datasourcecategorysecurity by eliminating the .+? at the beginning.

Updated the below parsers to extract event_code, event_name,host 'microsoft-evsecurity-json-ds-object-modify-success-5136' 'microsoft-evsecurity-mix-user-lock-success-4740' 'microsoft-evsecurity-kv-endpoint-login-4768-2' 'microsoft-evsecurity-kv-endpoint-login-4769-2' 'microsoft-evapp-json-endpoint-activity-success-catchall'

Added support for Veeam new format logs

Updated user field extractions for parsers: exabeam-aa-kv-rule-trigger-success-anomaly, exabeam-aa-kv-rule-trigger-success-anomaly-1.