Skip to main content

Responses are generated using AI and may contain mistakes.

New-Scale Security Operations PlatformNew-Scale Content Package Release Notes

Content Package 2025.16.1

These release notes contain information about content package 2025.16.1, released on 01 Aug 2025.

Enhancements

  • Updated windows and other vendors parsers to parse out all usernames, including system accounts.

  • Added a new parser, microsoft-evsecurity-str-certificate-request-success-4886, to support the newly formatted 4886 Microsoft Event Viewer Security logs

  • Added new parser for keeper logs - keepersecurity-keeper-json-app-activity-access-auditevent

  • Added support for Imperva DB new format logs.

  • Added new parsers thoughtspot-ts-json-app-activity-success-answer, for the ThoughtSpot Logs

  • Added new catchall parser for vendor Cimcor Product Cimtrak

  • Update Windows XML parsers to support both formats: With single quote ' and with double quotes '

  • Updated event builders for windows event id 5136, 5137 and 5141.

Addressed Issues

  • Replaced the http_response_code field with category_id in the parser fortinet-utm-kv-http-session-webfilter

  • Fixed the process related fields parsing issue with microsoft-evpowershell-xml-process-create-success-4103 parser.

  • Added time,alert_severity,log_name, region,project_id,category, service_name ,resource_name,operation for parsers - google-cloudplatform-json-app-database-success-database ,google-cloudplatform-json-scheduled-success-scheduler , google-cloudplatform-json-app-activity-success-catchall_dprocpubsub ,google-cloudplatform-mix-app-activity-success-prototpayload

  • Fix the field parsing logic for email_address, user, app, category, and time in the microsoft-m365auditlogs-json-app-activity-operationname parser.

  • Updated the region field extractions for parser, amazon-awscloudwatch-cef-network-traffic-success-cloudwatch amazon-awscloudwatch-sk4-app-activity-aws amazon-awscloudtrail-sk4-app-activity-aws

  • Updated the account_id and user_type parsing regexes in the AWS GuardDuty parsers, as a slightly different raw log format was observed in a few customer environments.

  • Updated condition of parser - microsoft-evsecurity-kv-user-delete-success-4743-1 to capture new format logs of windows event ID 4743.

  • Updated src_user, user, db_user field extractions for the Microsoft MsSql parsers.

  • cisco-duo-json-endpoint-authentication-result-1 parser has been updated to map the reason field to the result_reason field

  • Updated login_id regex for microsoft-evsecurity-xml-user-privilege-assign-success-4672 parser.

  • Fix removable_media_vendor and removable_media_serial_number field parsing for the microsoft-o365-sk4-file-app-userkey parser.

  • Updated product for barracuda-waf-str-app-notification-samltokenparsed parser.

Click the following link for the complete package release notes: 2025.16.1 Content Package Release Notes