Application Update
Cloud SIEM Enterprise App is now available
The CSE app gives you visibility into what’s going on in Cloud SIEM Enterprise. The app dashboards present high-level and detailed views into the Records that were created, the Signals that have fired, and the Insights generated by CSE. You can also get insight in CSE rules, including rule management activity, and which rules have fired.
This app is available to all licensed CSE customers in the Sumo Logic App Catalog. For more information, see CSE App.
Content Release
Rules
- [Updated] MATCH-S00632 Okta Administrator Access Granted
- [Updated] MATCH-S00683 Overly Permissive Chmod Command
Log Mappers
- [New] Check Point Avanan
- [New] Cisco ISE Authentication Failure
- [New] Cisco ISE Authentication Success
- [New] Cisco ISE Catch All
- [New] FireEye Web MPS Event
- [Updated] Microsoft Office 365 Threat Intelligence Events
- [Updated] Windows Microsoft-Windows-Sysmon/Operational 3
- [Updated] Windows Security 4688
Parsers
- [New] /Parsers/System/Check Point/Check Point Avanan JSON
- [New] /Parsers/System/Cisco/Cisco ISE
- [New] /Parsers/System/FireEye/FireEye Web MPS JSON