The following changes are coming soon and may impact your orchestration rules, filter rules, or other rules.

AR-10748 | Rule Improvement: Ubiquiti Unifi - Parsing for Auth Related Events

AR-10844 | New Rule: UEBA - Anomalous RDP + Recon Activity

AR-10843 | New Rule: UEBA - Anomalous RDP + Registry Mod

AR-10836 | New Rule: Windows Nxlog - Multiple Service Installs Across Hosts

AR-10815 | New Rule: Potential lolbin Abuse Using SystemSettingsAdminFlows.exe

AR-10803 | New Rule: Cisco ASA - Vulnerability Detection

AR-10790 | New Plugin: Alibaba PolarDB

AR-10755 | New Rule: Microsoft Windows - APT28 JavaSCript Constrained File

AR-10754 | New Rule: Microsoft Windows - APT28 File Names, File Extensions in ProgramData

AR-10746 | New Rule: Ubiquiti Unifi - Successful VPN Login from TOR

AR-10668 | New Rule: Microsoft Windows - UEBA Windows RDP

AR-10845 | Plugin Improvement: Apache ECS Access

AR-10810 |Plugin Improvement: Proxmox

AR-10798 | Plugin Improvement: Cato Networks NGFW

AR-10792 | Plugin Improvement: McAfee Network Security - Malware Event Parsing Update

AR-10786 | Plugin Improvement: Fortinet FortiEDR

AR-10767 | Rule Improvement: Okta - UEBAHighScoreAnomaly with Okta Exclusion

AR-10765 | Rule Improvement: UEBAAnomalousOktaLoginAndUserCreation Fixes

AR-10764 | Rule Improvement: Extend Length for UEBAO365ComplianceCenterAlert Rule

AR-10761 | Rule Improvement: Loosen the Rule Conditions for UEBA RDP Rule

AR-10748 | Rule Improvement: Ubiquiti Unifi - Parsing for Auth Related Events

AR-10683 | Plugin Improvement: Check Point Harmony - Event Name is Only Showing 'office365_emails'

AR-10648 | Plugin Improvement: AWS - RDS PostgreSQL

AR-10862 | Rule Improvement: Remove the Status Field from Unnecessary Highlight Fields

AR-10850 | Plugin Improvement: Cisco Meraki Cloud

AR-10791 | Plugin Improvement: Ubiquiti Unifi - Some Events Are Being Parsed Incorrectly as Generic Event

AR-10609 | Plugin Improvement: Citrix XenServer - Events Are Parsing Without Event Names