New-Scale Security Operations PlatformNew-Scale Content Package Release Notes

Updated JSON extractor fields for tenable-t-json-endpoint-scan-scaninformation parser.

Updated the parser microsoft-defenderep-sk4-dll-load-deviceimageloadevents to improve file field parsing.

Added new parsers proofpoint-tap-json-app-notification-success-phishingquarantine

Updated pan-prisma-sk4-alert-trigger-success-prismacloud conditions to parse broader category of Prisma Cloud logs.

Added new parser for product Azure virtual network

Created new event builders for the parser microsoft-mcas-cef-file-write-success-appidonedrive

Added new parsers for Extrahop logs: extrahop-revealx-leef-alert-trigger-success-extrahopdetection

Updated the parser salesforce-sf-json-app-login-success-loginurl to match the new logs. Also, added the new field extractions as per the new logs.

Added new parser checkpoint-hs-kv-alert-trigger-success-compromizedaccount

Added new activity-type - group-member-add and group-member-remove event builders for parser: azure-azuread-json-app-activity-useractivitydisplayname.

Added new parser nasuni-n-kv-app-activity

Added New parsers and event builders for check point logs.

Added 'dest_email_address' and 'group_name' for parser microsoft-mcas-cef-file-write-success-appidonedrive Created new event builders for the parser microsoft-mcas-cef-file-write-success-appidonedrive

Added parsers and event builders for Cisco Firepower FMC logs

Added New Enrichers: Invalid Domain-2 and Invalid Domain-3

Added new parsers for Darktrace logs: darktrace-darktrace-json-alert-trigger-success-alertname, darktrace-darktrace-json-alert-trigger-success-suspiciousproperties

Updated src_ip, dest_ip, browser, connection_id, mime, domain, src_country, host_ip, origin_ip, rule_reason, rule, region, method, http_response_code, severity and user field extractions for parser - menlo-ms-json-http-session-security.

Added new parsers and event builders for Check Point Security Gateway logs.

Added New parsers and event builders for check point logs.

In the 'aws-cloudtrail-json' template, reduced three requestparameter parsing entries to two and updated the exa_regex to handle all patterns.

Added Zero Networks parser to support new product .Parser Name - zeronetworks-zeronetworks-json-app-activity-success-auditlogevent .

Created new EventBuilders for the parser microsoft-azure-json-file-success-1 Modified EventBuilder conditions for the parser microsoft-azure-json-file-success-1 Updated the regexes in the parsers unix-unix-kv-endpoint-login-userlogin, unix-unix-kv-endpoint-login-userstart In the 'aws-cloudtrail-json' template, reduced three requestparameter parsing entries to two and updated the exa_regex to handle all patterns.

Updated group_name, task_id, item_name, event_name, dest_user, activity_details and additional_info field extractions for parser: servicenow-s-json-http-session-success-transcation

Developed new enricher service_type_text to enrich service_type_text value based on service_type value

Updated group_name field extractions for parser microsoft-evsecurity-xml-group-create-4754

Updated src_ip & user field extractions for parser unix-unix-str-endpoint-activity-fail-sshd

Added new parser for Microsoft - Active Directory Federation Services logs for event id - 364.

Updated precedence of zscaler-ia-cef-http-session-spriv parser.

Updated src_ip regex for unix-unix-kv-endpoint-login-sshdauth parser.

Updated src_ip, additional_info field extractions and event builder conditions for parser: fortinet-fortigate-kv-app-activity-system

Fixed src_ip/dest_ip field to parser from LocalAddressIP4/RemoteAddressIP4 with respectively into crowdstrike-falcon-sk4-endpoint-login-userloginfail & crowdstrike-falcon-mix-endpoint-login-success-userlogon

Updated group_name field extractions for parser: microsoft-evsecurity-kv-group-member-add-success-4756-2

Added src_network_zone field for s-okta-app-login template.

Updated imperva-securesphere-cef-alert-trigger-success-servergroup conditions to parse broader category of Imperva SecureSphere logs

Fixed json regex for parsers google-cloudplatform-mix-app-activity-success-prototpayload, google-cloudplatform-json-endpoint-modify-success-computeprojectssetcommoninstancemetadata, google-cloudplatform-json-endpoint-modify-success-computeinstancessetmetadata, google-cloudplatform-json-disk-create-success-computedisksinsert, google-cloudplatform-json-disk-attach-success-computeinstancesattachdisk, google-cloudplatform-json-endpoint-create-success-betacomputeinstancesinsert

Renamed field name action to result for microsoft-azurefw-json-network-session-azfwnetworkrule parser .

Updated the parser abnormalsecurity-as-json-alert-trigger-success-attacktype-1 for extracting src_ip field.

Updated src_mac, src_ip field extractions for parser: microsoft-nps-xml-radius-traffic-fail-6273, microsoft-evnps-xml-radius-traffic-success-6272

Updated object, profile and host_type field extractions for parser - pan-tesm-csv-alert-trigger-hipmatch.

Added uac_status,old_value,new_value fields for 4742 event_code parsers.

Fixed regex of dest_ip and dest_port for parser amazon-awsguardduty-cef-alert-trigger-success-catsecurity

Updated process_command_line field extraction for parser - microsoft-evsecurity-kv-process-create-success-mswineventlog4688.

update parser 'amazon-awsguardduty-json-alert-trigger-success-sshbruteforce' with src_ip field mapping.

Fixed host regex of parsers 1. cisco-asa-str-app-notification-success-sys 2. cisco-asa-str-app-notification-success-ssh 3. cisco-ios-str-endpoint-authentication-fail-authenticationfailed 4. cisco-asa-str-ssh-traffic-success-sshuserauth 5. cisco-asa-str-ssh-close-ssh 6. cisco-asa-str-ssh-start-session 7. cisco-ios-str-endpoint-authentication-success-authpassed

Updated condition for parser apache-a-str-http-session-apacheaccess to parse unparsed logs.

Changed parser precedence to correctly recognize Azure logs.

Updated target and group_name fields for parser: microsoft-o365-cef-app-file-success-removememberfromgroup

Updated target and group_name fields for parser: microsoft-o365-cef-app-file-success-addtogroup