Skip to main content

Responses are generated using AI and may contain mistakes.

New-Scale Security Operations PlatformNew-Scale Content Package Release Notes

Content Package 2025.17.1

These release notes contain information about content package 2025.17.1, released on 13 Aug 2025.

Enhancements

  • Fixed user regex to exclude - and na from parsers - microsoft-defenderep-cef-endpoint-login-interactive , microsoft-defenderep-cef-endpoint-login-service , microsoft-evsecurity-xml-endpoint-login-4768 , microsoft-evsecurity-xml-endpoint-login-4776 and pan-gp-csv-vpn-login-fail-loginfailure

  • Added catchall parser for vendor ServiceNow.

  • Created parser for Sentinel SecurityAlert logs

  • Added a new parser for azure event hub logs - microsoft-azureeh-json-alert-trigger-success-threat

  • Added new parser for SentinelOne logs - sentinelone-singularityp-json-user-switch-success-usersubstitution.

  • Created new parser - microsoft-azuremon-json-endpoint-activity-success-catchall to support unparsed logs.

  • Added support for Tenable new-event logs.

  • Created new_format parser for F5 Distributed Cloud: f5-dc-json-alert-trigger-success-secevent-violations

  • Added catchall parser for vendor secureauth of product SecureAuth Login

  • Recategorised the parser catonetworks-network-http-session-success-1

  • Added new parsers for LogRhythm Netmon Logs

  • Initial support for Libraesva email security log source, multi-event tracker.

  • Deprecated unused parsers for vendor Symantec

Addressed Issues

  • Added parser - salesforce-sf-json-app-login-success-loginurl in the salesforce-app-login-fail event builder block to generate events as per the status value.

  • Added host regex in parser cisco-asa-str-app-activity-authmgr5

  • Added result_code field and added eventbuilder block to create success and fail event for pan-gp-csv-vpn-login-useridlogin parser.

  • Updated email_address regex for microsoft-evsecurity-xml-endpoint-login-fail-4625 parser.

  • Updated 'user' regex to parse values correctly in parser - questsoftware-casql-cef-database-login-fail-loginfail and questsoftware-casql-cef-database-query-success-sqlaudit

  • Updated app regex and added alert_severity field in parser - microsoft-m365auditlogs-json-app-activity-operationname

  • Replaced field result with result_code for multiple PaloAlto parsers

  • Added device_name field for okta-amfa-mix-app-login-success-securitycontext parser.

  • Fixed regex for dest_ip in parser vectra-cd-json-alert-trigger-success-detection-1

  • Updated user , domain field extractions for parser microsoft-defenderep-json-endpoint-notification-pnpdeviceconnected

  • Fixed process related fields parsing issue with microsoft-evpowershell-xml-process-create-success-4103 parser.

  • Updated alert_type,dns_query field for infoblox-bddi-cef-network-traffic-threat parser.

  • Update process_name field regex in parser microsoft-evsecurity-xml-user-switch-success-4648

  • Updated activity type from network-traffic:success to network-traffic fail for denied action for parser: cisco-netflow-str-network-traffic-success-ipaccesslog

  • Added regex for 'host' field extraction in parser - microsoft-o365-sk4-app-file-operationworkload.

  • Updated checkpoint-tp-cef-alert-trigger-success-checkpointsmartdefense parser

  • Added parsing for 'login_type' field to parser microsoft-o365-sk4-app-file-operationworkload

  • Fixed vendor product inconsistencies for Citrix ShareFile content. Added support for Progress ShareFile new event/new format logs. Also fixed time and app field parsing issues for the same.

  • Incorporated virtual_station_name field extractions for below palo alto parsers pan-ngfw-csv-network-traffic-fail-drop, pan-ngfw-csv-network-traffic-success-end, pan-ngfw-csv-network-traffic-fail-tcp, pan-ngfw-csv-network-traffic-success-webbrowsing, pan-gp-csv-endpoint-authentication-success-authsuccess, pan-ngfw-csv-app-notification-system, pan-ngfw-csv-configuration-modify-success-configsucceded, pan-gp-csv-endpoint-authentication-fail-authfail, pan-ngfw-csv-configuration-modify-success-configfailed

  • Fixed user field parsing issue with hp-arubacpm-mix-radius-traffic-clearpass parser.

  • Added regex of more_info field in okta parsers - okta-amfa-json-app-login-success-evaluatesignon-1, okta-amfa-cef-app-login-fail-coreuserauthloginfailed, okta-amfa-mix-app-login-success-securitycontext, okta-amfa-cef-app-login-success-coreuserauthloginsuccess.

  • Updated microsoft-evsecurity-kv-log-clear-success-logfileclear parser conditions to fix the mis-paring issue.

  • Updated microsoft-evsecurity-kv-log-clear-success-logfileclear parser conditions to fix the mis-paring issue.

  • Added time,alert_severity,log_name, region,project_id,category, service_name ,resource_name,operation for parsers - google-cloudplatform-json-app-database-success-database ,google-cloudplatform-json-scheduled-success-scheduler , google-cloudplatform-json-app-activity-success-catchall_dprocpubsub ,google-cloudplatform-mix-app-activity-success-prototpayload

  • Added new field tracking_id to parse trackingNumber for SailPoint parsers; sailpoint-identitynow-json-endpoint-authentication-auth, sailpoint-identitynow-json-app-authentication-login

  • Fixed the regex which were causing slow regex issue for Amazon parsers.

Click the following link for the complete package release notes: 2025.17.1 Content Package Release Notes