Rules
- [Updated] MATCH-S00640 Kubernetes Pod Created in Kube Namespace
- [Updated] MATCH-S00642 Kubernetes Service Account Created in Kube Namespace
Log Mappers
- [New] Juniper SSC Series Firewall - Audit Messaging
- [New] Juniper SSC Series Firewall - Traffic Messaging
- [New] Linux-Sysmon/Operational - 1
- [New] Linux-Sysmon/Operational - 10
- [New] Linux-Sysmon/Operational - 11
- [New] Linux-Sysmon/Operational - 15
- [New] Linux-Sysmon/Operational - 16
- [New] Linux-Sysmon/Operational - 17
- [New] Linux-Sysmon/Operational - 18
- [New] Linux-Sysmon/Operational - 2
- [New] Linux-Sysmon/Operational - 23
- [New] Linux-Sysmon/Operational - 3
- [New] Linux-Sysmon/Operational - 4
- [New] Linux-Sysmon/Operational - 5
- [New] Linux-Sysmon/Operational - 6
- [New] Linux-Sysmon/Operational - 7
- [New] Linux-Sysmon/Operational - 8
- [New] Linux-Sysmon/Operational - 9
- [New] Microsoft Graph Security API C2C - Dynamic Vendor/Product - Azure Advanced Threat Protection
- [New] Microsoft Graph Security API C2C - Dynamic Vendor/Product - Microsoft Defender for Cloud Apps
- [Updated] Kubernetes
- [Updated] Microsoft Office 365 Threat Intelligence Events
Parsers
- [New] /Parsers/System/Juniper/Juniper SSC Series Firewall Syslog
- [New] /Parsers/System/Linux/Linux Sysmon XML
Schema
- [New] device_k8s_deployment
- [New] device_k8s_namespace
- [New] device_k8s_normalizedPodName
- [New] device_k8s_pod
- [New] device_k8s_replicaSet
- [New] dstDevice_k8s_deployment
- [New] dstDevice_k8s_namespace
- [New] dstDevice_k8s_normalizedPodName
- [New] dstDevice_k8s_pod
- [New] dstDevice_k8s_replicaSet
- [New] srcDevice_k8s_deployment
- [New] srcDevice_k8s_namespace
- [New] srcDevice_k8s_normalizedPodName
- [New] srcDevice_k8s_pod
- [New] srcDevice_k8s_replicaSet
- [Updated] device_container_runtime
