AR-10804 | New Rule: Okta - Successful VPN login from TOR

AR-10744 | New Rule: Ivanti - Exploit Rules

AR-10732 | New Rule: SonicWall -Successful VPN login from TOR

AR-10731 | New Rule: Check Point - Successful VPN login from TOR

AR-10729 | New Rule: Fortinet - Successful VPN login from TOR

AR-10720 | New Rule: Cisco ASA - Successful VPN login from TOR

AR-10717 | New Rule: Palo Alto - Alarm on Threat ID Related to Critical Vulnerability CVE-2024-3400

AR-10712 | New Rule: CrowdStrike – Event Category Establish_Persistence

AR-10710 | New Rule: CrowdStrike – Event Category evade_detection

AR-10709 | New Rule: CrowdStrike – Create Rules to Match CrowdStrike Severity for Category Malicious_Document

AR-10708 | New Rule: CrowdStrike – Create Rules to Match CrowdStrike Severity for Category Privilege_Escalation

AR-10661 | New Rule: Windows - Office 365 Azure AD StrongAuthenticationMethod Downgraded to OneWaySMS

AR-10635 | New Plugin - SentinelOne – SentinelOne Application CVE

AR-10626 | New Rule: Cisco Firepower Threat Defense – Brute Force

AR-10584 | New Rule: Firewall/Proxy Rule - Downloading LDAP Dump Python Script

AR-10574 | New Rule: CrowdStrike - Create More Detection Rules to Match CrowdStrike Severity

AR-10564 | New Plugin: 1Password

AR-9634 | New Rule: Suspicious AddinUtil.EXE CommandLine Execution

AR-9480 | New Rule: SSPR Recon Activity

AR-10751 | Rule Improvement: AV Agent - AVAgentDetectionGatekeeperBypass

AR-10749 | Plugin Improvement: SentinelOne - Parse the Field Malicious Process Arguments to be a Field for SentinelOne Alarms

AR-10658 | Rule Improvement: SentinelOne - Add "AgentMachineType" to SentinelOne Ruleset

AR-10657 | Plugin Improvement: Windows O365 - Parse "Session ID" for O365 Ruleset to Better Track the Threat

AR-10611 | Rule Improvement: Microsoft Defender - Remove "Informational" Severity from MDATP Multiple Initial Access Attempts

AR-10555 | Rule Improvement: F5 – BIG-IP Brute Force Update

AR-10542 | Plugin improvement: Barracuda NextGen Firewall

AR-10510 | Rule Improvement: KerberosTicketWithSuspiciousOptions

AR-10364 | Rule Improvement: Microsoft Azure - AzureInsightSQLServerFirewallRuleUpdated

AR-10760 | Plugin Improvement: Parsing for Linux BIND

AR-10739 | Plugin Improvement: Cisco - Router 0.25 Updated to Parse Data Correctly

AR-10738 | Plugin Improvement: Fortinet - FortiClient EMS

AR-10722 | Rule Improvement: Remove Transport Protocol from OTXEnrichmentSuspiciousO365LoginTOR

AR-10721 | Rule Improvement: Check Point - Add Missing Event Names to CheckPointMultipleLoginFailure and CheckPointSuccessfulLoginAfterMultipleLoginFailure

AR-10719 | Rule Improvement: Fortinet - Exclude Domain_Parking Events from FortinetMultipleMaliciousCategory

AR-10682 | Plugin Improvement: Cisco IronPort

AR-10677 | Plugin Improvement: Kaspersky Security Center Cloud – Parsing Improvements

AR-10674 | Rule Improvement: Add Exclusion for "Voltage SecureMail Agent Module" for the Method "Windows Hacking Tool Detected"

AR-10666 | Rule Improvement: Kaspersky Security Center Cloud

AR-10665 | Plugin Improvement: Azure AD Identity Protection

AR-10627 | Rule Improvement: CrowdStrike

AR-10598 | Plugin Improvement: Office 365 Audit

AR-10516 | Plugin Improvement: Microsoft Azure - Graph Events Coming as Generic

AR-10261 | Rule Improvement: Check Point - Tuning Out Inbound Scanning Activity and Reducing Severity to Medium for Malware Detected Rules